Spot Warning Signs and Meet Requirements
Red Flags rules require your institution to prevent identity theft. These rules impose significant burdens on your bank risk management activities. You have to conduct a risk assessment to identify covered accounts; identify possibly dozens of issues that indicate a possible identity theft; develop a detection and response procedure for each; create a written program and train employees; and review its effectiveness at least once annually.
Scout makes it easy to spot the warning signs of identity theft and meet federal compliance regulations for tracking and reporting. Use the intuitive features of Scout’s web-based risk management dashboard to:
- Record and track ID theft events
- Spot trends and identify risk areas
- Produce four major required annual reports
Reduce ID Theft and Meet Regulatory Requirements
The Identity Theft Red Flags Regulations are part of the Fair and Accurate Credit Transactions Act (FACTA), an amendment to the Fair Credit Reporting Act. These rules are jointly issued by the Federal Trade Commission and other regulatory agencies and became active in 2008.
Red Flags rules require creditors to take action to prevent identity theft. The rules are clearly applicable to all financial institutions and require you to do the following:
- Conduct a risk assessment to identify covered accounts.
- Identify issues that indicate a possible identity theft (the rules provide 26 red flags as a starting point).
- Develop a detection and response procedure for each.
- Create a written program that’s been approved by the board of directors.
- Train employees in implementation.
- Update the program as necessary.
- Review effectiveness at least once annually.
Take Red Flags Seriously
One important area in which some institutions are falling short is identifying and tracking identify theft instances experienced by their customers, regardless of whether the institution was directly involved. If any identity theft instance is reported to your institution, you are required to track and analyze it. Many institutions are familiar with these requirements but have yet to develop processes for tracking this information. FACTA is a complex piece of legislation and this important requirement sometimes gets overlooked.
Report the Right Way
FACTA requires annual board reporting on your identity theft activities. As with other risk management activities, little guidance is available to compliance officers when it comes to the right way to do this. But a basic rule of thumb applies: Shorter is better. Don’t burden boards with eye-glazing spreadsheets and page after page of lists. Instead, provide them with a short summary of how you’ve been maintaining you identity theft program. Show them:
- You have a process in place.
- How you tracked accounts.
- A summary of your analysis of all ID theft events reported by customers.
- How you plan to reduce these events.
Read our board reporting advice for more guidelines.