The Red Flag rules: Looming deadline for businesses

by on
in Business Management



What should an identity thief mitigation program contain?

Each program must have four essential features:
  1. Identify applicable Red Flags — the Red Flag Rules list 26 Red Flags.
  2. Detect  red flags in customers’ transactions. 
  3. Respond appropriately when a Red Flag is detected. (See the Red Flag guidelines to learn how, who needs to know and in what order, and proactive measures to mitigate loss.) 
  4. Update the program periodically to respond to new risks, changes in program elements or if new products and services are offered.
Additionally, the program must:
  1. Be in writing.
  2. Be incorporated into the creditor’s existing risk management policies and procedures.
  3. Be approved by the Board of Directors or an appropriate committee of the board. 
  4. Involve the board of directors or a committee of the board management empowered to oversee the plan’s implementation, administration and updating.
  5. Train staff in order to effectively implement the program and provide necessary tech support.
  6. Be assessed at least annually and a report be made. Ensure effective oversight of activities of third-party and service providers to ensure their compliance with the law. (Using a third party vendor does not relieve the creditor from the obligation to comply with the regulations.)
The sophistication of the plan is related to the risk posed.  This means that businesses have the flexibility to tailor a plan to their size, complexity and nature of their activities. This also means that businesses cannot blindly adopt a canned format based on minimal standards. 

Leave a Comment