July 1, 2009
Authored by: Robert Klingler
Although some questioned if the day would arrive, the Red Flag Rules issued by the FTC, the federal bank regulatory agencies and the National Credit Union Administration go into effect August 1, 2009. The Rules are drafted broadly and will apply to many different companies, including “financial institutions and creditors with covered accounts.” Essentially, if you offer any form of loan or maintain any form of money account, you will have to comply the Red Flag Rules.
Preparing for August 1
The biggest step you should take is to prepare a Red Flag Plan. Although the Rules stress that each program should be tailored to the individual entity, some central elements should be present:
- IDENTIFICATION – Make sure your plan identifies what constitutes a “red flag” (i.e. what could reasonably indicate identify theft).
- DETECTION – Make sure you have a written procedure for how you will detect, understand and process any red flags.
- RESPONSE – Make sure you adequately define how you will respond, making sure that you include enough flexibility to respond adequately to different levels of threat.
- MAINTENANCE – Make sure you have a set process for reviewing, updating and revising your Red Flag Plan.
- OVERSIGHT – Make sure the plan is properly approved by the Board of Directors, Managers or similar management positions, and include explicit designations of power as to who in management (either the Board or a senior officer) will oversee the Plan and its execution.