In

Red Flag enforcement to start 12/31

With the signing of legislation on 12/18 exempting certain health care  practitioners and other businesses from complying with the Red Flags Rules, it would seem to clear the way for enforcement to begin at the end of this month.  Financial institutions have had to comply with the guidelines since 1/1/2008, but regulatory enforcement has been delayed several times as organizations representing attorneys and physicians lobbied to exempt these professionals from complying.

A Red Flag is defined by the FTC as “…a pattern, practice, or specific activity that indicates the possible existence of identity theft.”  Financial institutions are expected to already have established a formal Identity Theft Prevention Program that contains reasonable policies and procedures to:

  • Identify
  • Detect, and
  • Respond…

…to any Red Flags that might indicate the presence of ID theft.  You must also have a process in place for administering the program, which includes involving the Board and senior management, training your staff, and the appropriate oversight of service providers.

Expect examiners to ask to review your ID Theft Program in your next examination, and request that your next audit include a review as well.

Print Friendly, PDF & Email

Article by Tom Hinkel

As author of the Compliance Guru website, Hinkel shares easy to digest information security tidbits with financial institutions across the country. With almost twenty years’ experience, Hinkel’s areas of expertise spans the entire spectrum of information technology. He is also the VP of Compliance Services at Safe Systems, a community banking tech company, where he ensures that their services incorporate the appropriate financial industry regulations and best practices.

Leave your comment