Phone: 630-495-2282 Fax: 630-495-2260 Map/Directions
 

New compliance issue: Red Flag Rule

November 3, 2010
 

Financial institutions and creditors—including dealerships—must develop and implement an identify theft program that includes policies and procedures for detecting, preventing and mitigating identity theft in connection with account openings and existing accounts.

The Red Flag Rules and Guidelines (the "Rule") took effect Jan. 1, but compliance is mandatory effective Nov. 1, 2008. Because of its complexity, dealers should start working on it now. While certain parts of the Rule lend themselves to technical solutions, other parts may require some good old fashioned subjective thinking.

The Rule, which is mandated by the Fair and Accurate Credit Transactions Act of 2003, requires dealers who engage in financing activities to establish an Identity Theft Prevention Program concerning all consumer accounts. Business accounts are covered by the Rule if there is a reasonably foreseeable risk to the business customer or to the dealership of ID theft.

All programs must have four distinct elements with reasonable policies and procedures to:

1. Identify relevant patterns, practices and specific forms of activity that are "red flags" signaling possible identify theft and incorporate those red flags into the program;

2. Detect red flags that have been incorporated into the program;

3. Respond appropriately to any red flags that are detected to prevent and mitigate identify theft; and

4. Ensure the program is updated periodically to reflect changes in risks from identity theft.

Full details about the Rule are on the Federal Trade Commission’s Web site, www.ftc.gov.

According to the President’s Identity Theft Task Force, identity theft results in billions of dollars in losses each year to individuals and businesses. Examiners have already been asking financial institutions about their Red Flag programs.

 

Back