SlideShare ist ein Scribd-Unternehmen logo

FACTA Red Flag Ruling - Frost Report

R
Robert Hutt

Access provides FACTA employer and employee training

BildungTechnologie
1 von 5
The FACTA Red Flag Rule: Understanding the Rule and Recommendations for Compliance “We Accelerate Growth”
Introduction At the end of 2007, the Federal Trade Commission (FTC) and five federal bank regulatory agencies (FDIC, OCC, Federal Reserve, OTS and NCUA) jointly issued the final rules and guidelines implementing sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACT Act). Under these regulations, the “Red Flag Rule” was adopted which requires the development, implementation, and maintenance of an Identity Theft Prevention Program by covered companies that hold any customer accounts. 1 These requirements were effective January 1, 2008 with a mandatory compliance date of November 1, 2008. In this research note we will discuss the regulation, implications, and our recommendations for compliance. General Scope of the Red Flag Rule The Red Flag Rule requires all financial institutions and creditors to implement an Identity Theft Prevention Program to detect, prevent and mitigate identify theft for covered accounts. 1 The Program must be documented and updated periodically. Updates must reflect changes in risks to customers or to the safety and soundness of the financial institution or creditor from identity theft. The Program must also have the approval of the Board of Directors or a designated Senior Management employee. The Board of Directors shall also have supervision of the implementation of the Program as well as training of the staff and oversight of service providers. The four general elements that the Program must contain are “reasonable policies and procedures” to: • Identify and incorporate Red Flags for covered accounts • Detect Red Flags that are included in the Program • Respond to those Red Flags appropriately • Update the Program periodically to reflect the risk to the customer or to the safety of the financial institution or creditor from identify theft Identifying Red Flags Each financial institution or creditor is responsible for creating the list of its own Red Flags. There is no qualification or mandate for certain Red Flags to be included in the list. The regulation does offer general guidelines and categories in identifying Red Flags but in essence, a financial institution or creditor must include every possible situation in which a Red Flag might occur. 1. Covered account is defined as (1) an account primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, or (2) any other account for which there is a reasonably foreseeable risk to customers or the safety and soundness of the financial institution or creditor from identity theft. © 2008 Frost & Sullivan Page 2
The regulation includes five broad Red Flag categories, included in the following table. Also included are examples of each category. Category Example 1. Alerts, notifications, or other warnings A credit freeze or fraud alert reported by a received from consumer reporting credit reporting agency agencies or services providers Documents that seem to be forged or 2. Presentation of suspicious documents manipulated Photo identification information that is 3. Presentation of suspicious personal inconsistent with accessible information on file identifying information with the financial institution or creditor (ie, different SSN or date of birth) 4. The unusual use of, or suspicious activity An inordinate amount of withdrawals and related to a covered account suspicious amounts from the covered account 5. Note from customers, victims of identify A call from a customer indicating an unusual theft, law enforcement authorities, or other persons regarding possible identify activity pattern in his account that is dissimilar theft in connection with covered accounts from recent history held by the financial institution or creditor Detecting Red Flags After creating the exhaustive list of possible Red Flags the more challenging aspect is determining processes and procedures of their detection. Financial institutions or creditors that are subject to new and changing regulations should view Red Flag detection as a means to an end of achieving overall enhanced information security and IT security governance. A holistic view of information security and Red Flag detection helps align IT investment with business objectives - securing customer data, transactions, and identities, thus improving customer confidence. There are several broad requirements for detecting Red Flags. The Red Flag requirements do not require a degree in which technology should be used but it is Frost & Sullivan’s recommendation that technology should be leveraged to optimize detection. • Obtaining and verifying information of a person opening a covered account. Using the policies and procedures of the Customer Information Program (CIP) under the USA Patriot Act can serve as general guidelines. Verifying a customer’s information before the account is open is key but can prove difficult for financial institutions and creditors. A system that is able to provide verification which is not cumbersome to the potential client and is real-time can greatly reduce operating costs and improve the customer experience. Software solutions that provide verification questions by scanning public databases and records, give financial institutions and creditors an unbiased approach to authentication which complies with the Red Flag guidelines not to rely on information “which generally would be available from a wallet or consumer report.” • Authenticating existing covered accounts. Authenticating a person’s identity by comparing a picture ID to the person is no longer completely trusted. With the advent of technology, more advanced verification is needed. The use of software that not only verifies user ID and password but also authenticates individuals based on their risk levels will give the financial institution or creditor and customer a more optimal solution in authentication. © 2008 Frost & Sullivan Page 3
• Monitoring transactions of existing covered accounts. The method used to monitor transactions must be sensitive to not just signal an alert of an issue. It must also be able to correlate the degree of the possible alert with other changes to the customer’s portfolio to deduce the actual risk factor that alert has to the customer. An invisible system that is dynamic and self-learning can greatly reduce the number of false alerts and also quickly stop real identity threats and related patterns. • Verifying the validity of change of address request for existing covered accounts A change of address is one of the first things that occur before fraudulent activity begins on an account. In fact, the Red Flag Rule specifically addresses a change of address in relation to debit or credit cards. The regulation requires reasonable policies and procedures to validate if a request for a replacement card is followed by a request for a change of address within 30 days. The card issuer may not issue the card until it has satisfied at least one of the following provisions: (1) notifying the cardholder by mail or by another means already agreed upon and providing means for the cardholder to respond (2) using another means of evaluating the validity of the change of address. Software that is able to validate customer’s information by another means, such as adaptive questioning, can alleviate the possible cycle time in issuing a new card. • Conducting regular information risk assessments throughout the infrastructure Risk assessment services along with discovery and classification services ensure that threats, vulnerabilities and risks are properly identified and classified within a financial institution or creditor’s infrastructure. Likewise, security policy review services ensure that policies and procedures implemented to detect Red Flags are adequate to support compliance objectives. Ultimately, financial institutions or creditors should align their information risk management strategies with industry best practices and technology solutions to implement effective identity theft and security governance frameworks. Preventing and Mitigating Identity Theft The regulation states that the Program established by the financial institution or creditor must be commensurate with the degree of the risk posed and also should consider aggravating factors that might elevate the identify theft risk. An example given in the regulation is when a financial institution or creditor becomes aware that a customer inadvertently provided account information to someone fraudulently claiming to represent that financial institution or creditor in the form of a fraudulent website. In such a scenario, appropriate responses can include: a. Monitoring a covered account for evidence of identity theft; b. Contacting the customer; c. Changing any passwords, security codes, or other security devices that permit access to a covered account; d. Reopening a covered account with a new account number; e. Not opening a new covered account; f. Closing an existing covered account; g. Not attempting to collect on a covered account or not selling a covered account to a debt collector; h. Notifying law enforcement; or i. Determining that no response is warranted under the particular circumstances. Conclusion While many financial institutions and creditors have put processes in place to deal with identify theft, the overwhelming majority have not. The Red Flag Rule is now mandating that such processes be formalized into an Identity Theft Prevention Program to detect, prevent and mitigate identify theft for covered accounts. © 2008 Frost & Sullivan Page 4
A holistic approach to information security can help to integrate compliance efforts with business objectives to efficiently focus resources on IT governance and threat management. To achieve this, financial institutions and creditors avoid creating internal silos to comply with new regulations one at a time, and instead protect information throughout the information lifecycle to ensure compliance with multiple common regulatory requirements. Ultimately, this provides focus on establishing effective governance procedures that can be centrally managed to ensure responsiveness to the changing regulatory environment. It is Frost & Sullivan’s recommendation that a combination of technology based solutions that are adaptive, real-time, and self-learning should be leveraged to optimize the detection and response of identify theft through the application of identity verification, authentication, monitoring, and anti-fraud capabilities. About Frost & Sullivan Frost & Sullivan, the Growth Consulting Company, partners with clients to accelerate their growth. The company's Growth Partnership Services, Growth Consulting and Career Best Practices empower clients to create a growth focused culture that generates, evaluates and implements effective growth strategies. Frost & Sullivan employs over 45 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from more than 30 offices on six continents. For more information about Frost & Sullivan’s Growth Partnerships, visit http://www.frost.com. C O N TA C T U S 877.GoFrost (877.463.7678) • myfrost@frost.com • www.frost.com © 2008 Frost & Sullivan Page 5

Empfohlen

Guidance on verification 01092020
Guidance on verification 01092020Guidance on verification 01092020
Guidance on verification 01092020Ziaullah Mirza
 
Prevention of doctor shopping
Prevention of doctor shoppingPrevention of doctor shopping
Prevention of doctor shoppingDoug Brockway
 
Fraud prevention in dme claims
Fraud prevention in dme claimsFraud prevention in dme claims
Fraud prevention in dme claimsDoug Brockway
 
Fair and Accurate Credit Transactions Act of 2003
Fair and Accurate Credit Transactions Act of 2003Fair and Accurate Credit Transactions Act of 2003
Fair and Accurate Credit Transactions Act of 2003Credit Management Association
 
FACTA Red Flags 2010
FACTA Red Flags 2010FACTA Red Flags 2010
FACTA Red Flags 2010Credit Management Association
 
Fiserv FCRM Platform Brochure
Fiserv FCRM Platform BrochureFiserv FCRM Platform Brochure
Fiserv FCRM Platform BrochurePaul Stabile
 
Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]bashirnakib
 
CRMS_Project-JF-edits
CRMS_Project-JF-editsCRMS_Project-JF-edits
CRMS_Project-JF-editsHasan Fehmi Gencer, MBA, PMP, ITIL4
 

Empfohlen

Guidance on verification 01092020
Guidance on verification 01092020Guidance on verification 01092020
Guidance on verification 01092020Ziaullah Mirza
 
Prevention of doctor shopping
Prevention of doctor shoppingPrevention of doctor shopping
Prevention of doctor shoppingDoug Brockway
 
Fraud prevention in dme claims
Fraud prevention in dme claimsFraud prevention in dme claims
Fraud prevention in dme claimsDoug Brockway
 
Fair and Accurate Credit Transactions Act of 2003
Fair and Accurate Credit Transactions Act of 2003Fair and Accurate Credit Transactions Act of 2003
Fair and Accurate Credit Transactions Act of 2003Credit Management Association
 
FACTA Red Flags 2010
FACTA Red Flags 2010FACTA Red Flags 2010
FACTA Red Flags 2010Credit Management Association
 
Fiserv FCRM Platform Brochure
Fiserv FCRM Platform BrochureFiserv FCRM Platform Brochure
Fiserv FCRM Platform BrochurePaul Stabile
 
Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]
Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]bashirnakib
 
CRMS_Project-JF-edits
CRMS_Project-JF-editsCRMS_Project-JF-edits
CRMS_Project-JF-editsHasan Fehmi Gencer, MBA, PMP, ITIL4
 
Chapter 7 risk based approach
Chapter 7 risk based approachChapter 7 risk based approach
Chapter 7 risk based approachQuan Risk
 
Chapter 12 regulatory technology for aml compliance
Chapter 12 regulatory technology for aml complianceChapter 12 regulatory technology for aml compliance
Chapter 12 regulatory technology for aml complianceQuan Risk
 
DW brochure Web_Web Vers 08-07
DW brochure Web_Web Vers 08-07DW brochure Web_Web Vers 08-07
DW brochure Web_Web Vers 08-07Cherise Lloyd
 
Hacked Customer Accounts
Hacked Customer AccountsHacked Customer Accounts
Hacked Customer AccountsAbbie Olson
 
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...Louise Malady
 
goAML
goAMLgoAML
goAMLjwsong127
 
Risk based approach
Risk based approachRisk based approach
Risk based approachPierre Simon, CCEP-I
 
Credit Bureau Perspectives for Developing Markets
Credit Bureau Perspectives for Developing Markets Credit Bureau Perspectives for Developing Markets
Credit Bureau Perspectives for Developing Markets Frank Lenisa
 
Fraud Monitoring Solution
Fraud Monitoring SolutionFraud Monitoring Solution
Fraud Monitoring SolutionBen Omoakin Oguntala, developingafrica(dot)net
 
Compuscan
Compuscan Compuscan
Compuscan Frank Lenisa
 
Advancing credit services through the application of credit bureau technology
Advancing credit services through the application of credit bureau technologyAdvancing credit services through the application of credit bureau technology
Advancing credit services through the application of credit bureau technologyFrank Lenisa
 
KYC Blockchain in Insurance Industry
KYC Blockchain in Insurance IndustryKYC Blockchain in Insurance Industry
KYC Blockchain in Insurance IndustryNitin Patidar
 
Enterprise Fraud Risk Management
Enterprise Fraud Risk ManagementEnterprise Fraud Risk Management
Enterprise Fraud Risk ManagementTommy Seah
 
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities WNS Global Services
 
Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1anthonywong
 
EastNets Compliance Solutions
EastNets Compliance SolutionsEastNets Compliance Solutions
EastNets Compliance SolutionsEastNets
 
IBM Counter Financial Crimes Management
IBM Counter Financial Crimes ManagementIBM Counter Financial Crimes Management
IBM Counter Financial Crimes ManagementVirginia Fernandez
 
Role of blockchain in enterprise kyc
Role of blockchain in enterprise kycRole of blockchain in enterprise kyc
Role of blockchain in enterprise kycadityakumar2080
 
FACTA Red Flags Rule Compliance
FACTA Red Flags Rule ComplianceFACTA Red Flags Rule Compliance
FACTA Red Flags Rule ComplianceCredit Management Association
 
Red Storm Rising
Red Storm RisingRed Storm Rising
Red Storm RisingJohn Bonora
 
Credit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptxCredit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptxBoston Institute of Analytics
 
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance PresentationFTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance PresentationBrent Hillyer
 

Weitere ähnliche Inhalte

Was ist angesagt?

Chapter 7 risk based approach
Chapter 7 risk based approachChapter 7 risk based approach
Chapter 7 risk based approachQuan Risk
 
Chapter 12 regulatory technology for aml compliance
Chapter 12 regulatory technology for aml complianceChapter 12 regulatory technology for aml compliance
Chapter 12 regulatory technology for aml complianceQuan Risk
 
DW brochure Web_Web Vers 08-07
DW brochure Web_Web Vers 08-07DW brochure Web_Web Vers 08-07
DW brochure Web_Web Vers 08-07Cherise Lloyd
 
Hacked Customer Accounts
Hacked Customer AccountsHacked Customer Accounts
Hacked Customer AccountsAbbie Olson
 
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...Louise Malady
 
Credit Bureau Perspectives for Developing Markets
Credit Bureau Perspectives for Developing Markets Credit Bureau Perspectives for Developing Markets
Credit Bureau Perspectives for Developing Markets Frank Lenisa
 
Advancing credit services through the application of credit bureau technology
Advancing credit services through the application of credit bureau technologyAdvancing credit services through the application of credit bureau technology
Advancing credit services through the application of credit bureau technologyFrank Lenisa
 
KYC Blockchain in Insurance Industry
KYC Blockchain in Insurance IndustryKYC Blockchain in Insurance Industry
KYC Blockchain in Insurance IndustryNitin Patidar
 
Enterprise Fraud Risk Management
Enterprise Fraud Risk ManagementEnterprise Fraud Risk Management
Enterprise Fraud Risk ManagementTommy Seah
 
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities WNS Global Services
 
Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1anthonywong
 
EastNets Compliance Solutions
EastNets Compliance SolutionsEastNets Compliance Solutions
EastNets Compliance SolutionsEastNets
 
IBM Counter Financial Crimes Management
IBM Counter Financial Crimes ManagementIBM Counter Financial Crimes Management
IBM Counter Financial Crimes ManagementVirginia Fernandez
 
Role of blockchain in enterprise kyc
Role of blockchain in enterprise kycRole of blockchain in enterprise kyc
Role of blockchain in enterprise kycadityakumar2080
 

Was ist angesagt? (18)

Chapter 7 risk based approach
Chapter 7 risk based approachChapter 7 risk based approach
Chapter 7 risk based approach
 
Chapter 12 regulatory technology for aml compliance
Chapter 12 regulatory technology for aml complianceChapter 12 regulatory technology for aml compliance
Chapter 12 regulatory technology for aml compliance
 
DW brochure Web_Web Vers 08-07
DW brochure Web_Web Vers 08-07DW brochure Web_Web Vers 08-07
DW brochure Web_Web Vers 08-07
 
Hacked Customer Accounts
Hacked Customer AccountsHacked Customer Accounts
Hacked Customer Accounts
 
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...
FATF's June 2013 Guidance Note on a Risk Based Approach to Implementing AML/C...
 
goAML
goAMLgoAML
goAML
 
Risk based approach
Risk based approachRisk based approach
Risk based approach
 
Credit Bureau Perspectives for Developing Markets
Credit Bureau Perspectives for Developing Markets Credit Bureau Perspectives for Developing Markets
Credit Bureau Perspectives for Developing Markets
 
Fraud Monitoring Solution
Fraud Monitoring SolutionFraud Monitoring Solution
Fraud Monitoring Solution
 
Compuscan
Compuscan Compuscan
Compuscan
 
Advancing credit services through the application of credit bureau technology
Advancing credit services through the application of credit bureau technologyAdvancing credit services through the application of credit bureau technology
Advancing credit services through the application of credit bureau technology
 
KYC Blockchain in Insurance Industry
KYC Blockchain in Insurance IndustryKYC Blockchain in Insurance Industry
KYC Blockchain in Insurance Industry
 
Enterprise Fraud Risk Management
Enterprise Fraud Risk ManagementEnterprise Fraud Risk Management
Enterprise Fraud Risk Management
 
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities
How a Predictive Analytics-based Framework Helps Reduce Bad Debts in Utilities
 
Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1
 
EastNets Compliance Solutions
EastNets Compliance SolutionsEastNets Compliance Solutions
EastNets Compliance Solutions
 
IBM Counter Financial Crimes Management
IBM Counter Financial Crimes ManagementIBM Counter Financial Crimes Management
IBM Counter Financial Crimes Management
 
Role of blockchain in enterprise kyc
Role of blockchain in enterprise kycRole of blockchain in enterprise kyc
Role of blockchain in enterprise kyc
 

Ähnlich wie FACTA Red Flag Ruling - Frost Report

Red Storm Rising
Red Storm RisingRed Storm Rising
Red Storm RisingJohn Bonora
 
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance PresentationFTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance PresentationBrent Hillyer
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryHNI Risk Services
 
ZUU_AML_CFT Training Material V1.0_20211012.pdf
ZUU_AML_CFT Training Material V1.0_20211012.pdfZUU_AML_CFT Training Material V1.0_20211012.pdf
ZUU_AML_CFT Training Material V1.0_20211012.pdfMicCheng2
 
KYC - Know Your Costumer and the Importance of Suitability
KYC - Know Your Costumer and the Importance of SuitabilityKYC - Know Your Costumer and the Importance of Suitability
KYC - Know Your Costumer and the Importance of SuitabilityMichaelSabaJD
 
Privacy update 04.29.2010
Privacy update 04.29.2010Privacy update 04.29.2010
Privacy update 04.29.2010stevemeltzer
 
Is Security Team 2 Glba
Is Security Team 2 GlbaIs Security Team 2 Glba
Is Security Team 2 Glbaguestfd062
 
Credit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning AlgorithmCredit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning AlgorithmIRJET Journal
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...Security B-Sides
 
A_Complete_Approach_to_KYC_With_Business_Customer_Intelligence (1)
A_Complete_Approach_to_KYC_With_Business_Customer_Intelligence (1)A_Complete_Approach_to_KYC_With_Business_Customer_Intelligence (1)
A_Complete_Approach_to_KYC_With_Business_Customer_Intelligence (1)Dan Frechtling
 
10 Stages in the Loan Origination Process.pdf
10 Stages in the Loan Origination Process.pdf10 Stages in the Loan Origination Process.pdf
10 Stages in the Loan Origination Process.pdfHabile Technologies
 
Blockchain for Trade Finance: Payment Instrument Tokenization (Part 4)
Blockchain for Trade Finance: Payment Instrument Tokenization (Part 4)Blockchain for Trade Finance: Payment Instrument Tokenization (Part 4)
Blockchain for Trade Finance: Payment Instrument Tokenization (Part 4)Cognizant
 
Employer 0409
Employer 0409Employer 0409
Employer 0409dgade
 
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...Jitske de Bruijne
 
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...The Hazards of Vendor Management - presented to NC Bankers Association by Ric...
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...Poyner Spruill LLP, Attorneys
 
New York - Virtual Currencies Compliance Conference
New York - Virtual Currencies Compliance ConferenceNew York - Virtual Currencies Compliance Conference
New York - Virtual Currencies Compliance ConferenceJuan Llanos
 

Ähnlich wie FACTA Red Flag Ruling - Frost Report (20)

FACTA Red Flags Rule Compliance
FACTA Red Flags Rule ComplianceFACTA Red Flags Rule Compliance
FACTA Red Flags Rule Compliance
 
Red Storm Rising
Red Storm RisingRed Storm Rising
Red Storm Rising
 
Credit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptxCredit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptx
 
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance PresentationFTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
 
AML Manual AltosEscondidos
AML Manual AltosEscondidosAML Manual AltosEscondidos
AML Manual AltosEscondidos
 
ZUU_AML_CFT Training Material V1.0_20211012.pdf
ZUU_AML_CFT Training Material V1.0_20211012.pdfZUU_AML_CFT Training Material V1.0_20211012.pdf
ZUU_AML_CFT Training Material V1.0_20211012.pdf
 
KYC - Know Your Costumer and the Importance of Suitability
KYC - Know Your Costumer and the Importance of SuitabilityKYC - Know Your Costumer and the Importance of Suitability
KYC - Know Your Costumer and the Importance of Suitability
 
Privacy update 04.29.2010
Privacy update 04.29.2010Privacy update 04.29.2010
Privacy update 04.29.2010
 
Is Security Team 2 Glba
Is Security Team 2 GlbaIs Security Team 2 Glba
Is Security Team 2 Glba
 
Credit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning AlgorithmCredit Card Fraud Detection System Using Machine Learning Algorithm
Credit Card Fraud Detection System Using Machine Learning Algorithm
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
 
A_Complete_Approach_to_KYC_With_Business_Customer_Intelligence (1)
A_Complete_Approach_to_KYC_With_Business_Customer_Intelligence (1)A_Complete_Approach_to_KYC_With_Business_Customer_Intelligence (1)
A_Complete_Approach_to_KYC_With_Business_Customer_Intelligence (1)
 
10 Stages in the Loan Origination Process.pdf
10 Stages in the Loan Origination Process.pdf10 Stages in the Loan Origination Process.pdf
10 Stages in the Loan Origination Process.pdf
 
Blockchain for Trade Finance: Payment Instrument Tokenization (Part 4)
Blockchain for Trade Finance: Payment Instrument Tokenization (Part 4)Blockchain for Trade Finance: Payment Instrument Tokenization (Part 4)
Blockchain for Trade Finance: Payment Instrument Tokenization (Part 4)
 
Employer 0409
Employer 0409Employer 0409
Employer 0409
 
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
 
Client Alert: CFPB
Client Alert: CFPBClient Alert: CFPB
Client Alert: CFPB
 
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...The Hazards of Vendor Management - presented to NC Bankers Association by Ric...
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...
 
New York - Virtual Currencies Compliance Conference
New York - Virtual Currencies Compliance ConferenceNew York - Virtual Currencies Compliance Conference
New York - Virtual Currencies Compliance Conference
 

Mehr von Robert Hutt

Guide to All States Gov\'t and Private Health Insurance Plans
Guide to All States Gov\'t and Private Health Insurance PlansGuide to All States Gov\'t and Private Health Insurance Plans
Guide to All States Gov\'t and Private Health Insurance PlansRobert Hutt
 
10 Top HR Practices For 2012
10 Top HR Practices For 201210 Top HR Practices For 2012
10 Top HR Practices For 2012Robert Hutt
 
Essential.Health.Benefits.Individual.Coverage
Essential.Health.Benefits.Individual.CoverageEssential.Health.Benefits.Individual.Coverage
Essential.Health.Benefits.Individual.CoverageRobert Hutt
 
Noncash Contributions for Non Profits Form 990
Noncash Contributions for Non Profits Form 990Noncash Contributions for Non Profits Form 990
Noncash Contributions for Non Profits Form 990Robert Hutt
 
2012 Small Employer Health Insurance Survey Ehealthinsurance
2012 Small Employer Health Insurance Survey Ehealthinsurance2012 Small Employer Health Insurance Survey Ehealthinsurance
2012 Small Employer Health Insurance Survey EhealthinsuranceRobert Hutt
 
Health Care Reform in Indiana 10/11/2011 Symposium
Health Care Reform in Indiana 10/11/2011 SymposiumHealth Care Reform in Indiana 10/11/2011 Symposium
Health Care Reform in Indiana 10/11/2011 SymposiumRobert Hutt
 
Roles.Agents.Navigators.Play.In.Exchanges.Eba.Article.4.1.11
Roles.Agents.Navigators.Play.In.Exchanges.Eba.Article.4.1.11Roles.Agents.Navigators.Play.In.Exchanges.Eba.Article.4.1.11
Roles.Agents.Navigators.Play.In.Exchanges.Eba.Article.4.1.11Robert Hutt
 
PPACA IRS Brochure
PPACA IRS BrochurePPACA IRS Brochure
PPACA IRS BrochureRobert Hutt
 
Advance Healthcare Directives for Indiana
Advance Healthcare Directives for IndianaAdvance Healthcare Directives for Indiana
Advance Healthcare Directives for IndianaRobert Hutt
 
IRC 8941 Small Business Healthcare Credit
IRC 8941 Small Business Healthcare CreditIRC 8941 Small Business Healthcare Credit
IRC 8941 Small Business Healthcare CreditRobert Hutt
 
Small Business Survey of PPACA
Small Business Survey of PPACASmall Business Survey of PPACA
Small Business Survey of PPACARobert Hutt
 
Healthcare Reform Flow Chart
Healthcare Reform Flow ChartHealthcare Reform Flow Chart
Healthcare Reform Flow ChartRobert Hutt
 
PPACA HR3590 Summary
PPACA HR3590 SummaryPPACA HR3590 Summary
PPACA HR3590 SummaryRobert Hutt
 
2009 Kaiser Employer Health Study
2009 Kaiser Employer Health Study2009 Kaiser Employer Health Study
2009 Kaiser Employer Health StudyRobert Hutt
 
FSA Enrollment Made Easy
FSA Enrollment Made EasyFSA Enrollment Made Easy
FSA Enrollment Made EasyRobert Hutt
 
Tax Treatment of Corp Paid Health Insurance Premiums
Tax Treatment of Corp Paid Health Insurance PremiumsTax Treatment of Corp Paid Health Insurance Premiums
Tax Treatment of Corp Paid Health Insurance PremiumsRobert Hutt
 
Why Pre-Paid Legal
Why Pre-Paid LegalWhy Pre-Paid Legal
Why Pre-Paid LegalRobert Hutt
 

Mehr von Robert Hutt (18)

Guide to All States Gov\'t and Private Health Insurance Plans
Guide to All States Gov\'t and Private Health Insurance PlansGuide to All States Gov\'t and Private Health Insurance Plans
Guide to All States Gov\'t and Private Health Insurance Plans
 
10 Top HR Practices For 2012
10 Top HR Practices For 201210 Top HR Practices For 2012
10 Top HR Practices For 2012
 
Essential.Health.Benefits.Individual.Coverage
Essential.Health.Benefits.Individual.CoverageEssential.Health.Benefits.Individual.Coverage
Essential.Health.Benefits.Individual.Coverage
 
Noncash Contributions for Non Profits Form 990
Noncash Contributions for Non Profits Form 990Noncash Contributions for Non Profits Form 990
Noncash Contributions for Non Profits Form 990
 
2012 Small Employer Health Insurance Survey Ehealthinsurance
2012 Small Employer Health Insurance Survey Ehealthinsurance2012 Small Employer Health Insurance Survey Ehealthinsurance
2012 Small Employer Health Insurance Survey Ehealthinsurance
 
Health Care Reform in Indiana 10/11/2011 Symposium
Health Care Reform in Indiana 10/11/2011 SymposiumHealth Care Reform in Indiana 10/11/2011 Symposium
Health Care Reform in Indiana 10/11/2011 Symposium
 
PPACA FAQs
PPACA FAQsPPACA FAQs
PPACA FAQs
 
Roles.Agents.Navigators.Play.In.Exchanges.Eba.Article.4.1.11
Roles.Agents.Navigators.Play.In.Exchanges.Eba.Article.4.1.11Roles.Agents.Navigators.Play.In.Exchanges.Eba.Article.4.1.11
Roles.Agents.Navigators.Play.In.Exchanges.Eba.Article.4.1.11
 
PPACA IRS Brochure
PPACA IRS BrochurePPACA IRS Brochure
PPACA IRS Brochure
 
Advance Healthcare Directives for Indiana
Advance Healthcare Directives for IndianaAdvance Healthcare Directives for Indiana
Advance Healthcare Directives for Indiana
 
IRC 8941 Small Business Healthcare Credit
IRC 8941 Small Business Healthcare CreditIRC 8941 Small Business Healthcare Credit
IRC 8941 Small Business Healthcare Credit
 
Small Business Survey of PPACA
Small Business Survey of PPACASmall Business Survey of PPACA
Small Business Survey of PPACA
 
Healthcare Reform Flow Chart
Healthcare Reform Flow ChartHealthcare Reform Flow Chart
Healthcare Reform Flow Chart
 
PPACA HR3590 Summary
PPACA HR3590 SummaryPPACA HR3590 Summary
PPACA HR3590 Summary
 
2009 Kaiser Employer Health Study
2009 Kaiser Employer Health Study2009 Kaiser Employer Health Study
2009 Kaiser Employer Health Study
 
FSA Enrollment Made Easy
FSA Enrollment Made EasyFSA Enrollment Made Easy
FSA Enrollment Made Easy
 
Tax Treatment of Corp Paid Health Insurance Premiums
Tax Treatment of Corp Paid Health Insurance PremiumsTax Treatment of Corp Paid Health Insurance Premiums
Tax Treatment of Corp Paid Health Insurance Premiums
 
Why Pre-Paid Legal
Why Pre-Paid LegalWhy Pre-Paid Legal
Why Pre-Paid Legal
 

Kürzlich hochgeladen

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 

Kürzlich hochgeladen (20)

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 

FACTA Red Flag Ruling - Frost Report

  • 1. The FACTA Red Flag Rule: Understanding the Rule and Recommendations for Compliance “We Accelerate Growth”
  • 2. Introduction At the end of 2007, the Federal Trade Commission (FTC) and five federal bank regulatory agencies (FDIC, OCC, Federal Reserve, OTS and NCUA) jointly issued the final rules and guidelines implementing sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACT Act). Under these regulations, the “Red Flag Rule” was adopted which requires the development, implementation, and maintenance of an Identity Theft Prevention Program by covered companies that hold any customer accounts. 1 These requirements were effective January 1, 2008 with a mandatory compliance date of November 1, 2008. In this research note we will discuss the regulation, implications, and our recommendations for compliance. General Scope of the Red Flag Rule The Red Flag Rule requires all financial institutions and creditors to implement an Identity Theft Prevention Program to detect, prevent and mitigate identify theft for covered accounts. 1 The Program must be documented and updated periodically. Updates must reflect changes in risks to customers or to the safety and soundness of the financial institution or creditor from identity theft. The Program must also have the approval of the Board of Directors or a designated Senior Management employee. The Board of Directors shall also have supervision of the implementation of the Program as well as training of the staff and oversight of service providers. The four general elements that the Program must contain are “reasonable policies and procedures” to: • Identify and incorporate Red Flags for covered accounts • Detect Red Flags that are included in the Program • Respond to those Red Flags appropriately • Update the Program periodically to reflect the risk to the customer or to the safety of the financial institution or creditor from identify theft Identifying Red Flags Each financial institution or creditor is responsible for creating the list of its own Red Flags. There is no qualification or mandate for certain Red Flags to be included in the list. The regulation does offer general guidelines and categories in identifying Red Flags but in essence, a financial institution or creditor must include every possible situation in which a Red Flag might occur. 1. Covered account is defined as (1) an account primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, or (2) any other account for which there is a reasonably foreseeable risk to customers or the safety and soundness of the financial institution or creditor from identity theft. © 2008 Frost & Sullivan Page 2
  • 3. The regulation includes five broad Red Flag categories, included in the following table. Also included are examples of each category. Category Example 1. Alerts, notifications, or other warnings A credit freeze or fraud alert reported by a received from consumer reporting credit reporting agency agencies or services providers Documents that seem to be forged or 2. Presentation of suspicious documents manipulated Photo identification information that is 3. Presentation of suspicious personal inconsistent with accessible information on file identifying information with the financial institution or creditor (ie, different SSN or date of birth) 4. The unusual use of, or suspicious activity An inordinate amount of withdrawals and related to a covered account suspicious amounts from the covered account 5. Note from customers, victims of identify A call from a customer indicating an unusual theft, law enforcement authorities, or other persons regarding possible identify activity pattern in his account that is dissimilar theft in connection with covered accounts from recent history held by the financial institution or creditor Detecting Red Flags After creating the exhaustive list of possible Red Flags the more challenging aspect is determining processes and procedures of their detection. Financial institutions or creditors that are subject to new and changing regulations should view Red Flag detection as a means to an end of achieving overall enhanced information security and IT security governance. A holistic view of information security and Red Flag detection helps align IT investment with business objectives - securing customer data, transactions, and identities, thus improving customer confidence. There are several broad requirements for detecting Red Flags. The Red Flag requirements do not require a degree in which technology should be used but it is Frost & Sullivan’s recommendation that technology should be leveraged to optimize detection. • Obtaining and verifying information of a person opening a covered account. Using the policies and procedures of the Customer Information Program (CIP) under the USA Patriot Act can serve as general guidelines. Verifying a customer’s information before the account is open is key but can prove difficult for financial institutions and creditors. A system that is able to provide verification which is not cumbersome to the potential client and is real-time can greatly reduce operating costs and improve the customer experience. Software solutions that provide verification questions by scanning public databases and records, give financial institutions and creditors an unbiased approach to authentication which complies with the Red Flag guidelines not to rely on information “which generally would be available from a wallet or consumer report.” • Authenticating existing covered accounts. Authenticating a person’s identity by comparing a picture ID to the person is no longer completely trusted. With the advent of technology, more advanced verification is needed. The use of software that not only verifies user ID and password but also authenticates individuals based on their risk levels will give the financial institution or creditor and customer a more optimal solution in authentication. © 2008 Frost & Sullivan Page 3
  • 4. • Monitoring transactions of existing covered accounts. The method used to monitor transactions must be sensitive to not just signal an alert of an issue. It must also be able to correlate the degree of the possible alert with other changes to the customer’s portfolio to deduce the actual risk factor that alert has to the customer. An invisible system that is dynamic and self-learning can greatly reduce the number of false alerts and also quickly stop real identity threats and related patterns. • Verifying the validity of change of address request for existing covered accounts A change of address is one of the first things that occur before fraudulent activity begins on an account. In fact, the Red Flag Rule specifically addresses a change of address in relation to debit or credit cards. The regulation requires reasonable policies and procedures to validate if a request for a replacement card is followed by a request for a change of address within 30 days. The card issuer may not issue the card until it has satisfied at least one of the following provisions: (1) notifying the cardholder by mail or by another means already agreed upon and providing means for the cardholder to respond (2) using another means of evaluating the validity of the change of address. Software that is able to validate customer’s information by another means, such as adaptive questioning, can alleviate the possible cycle time in issuing a new card. • Conducting regular information risk assessments throughout the infrastructure Risk assessment services along with discovery and classification services ensure that threats, vulnerabilities and risks are properly identified and classified within a financial institution or creditor’s infrastructure. Likewise, security policy review services ensure that policies and procedures implemented to detect Red Flags are adequate to support compliance objectives. Ultimately, financial institutions or creditors should align their information risk management strategies with industry best practices and technology solutions to implement effective identity theft and security governance frameworks. Preventing and Mitigating Identity Theft The regulation states that the Program established by the financial institution or creditor must be commensurate with the degree of the risk posed and also should consider aggravating factors that might elevate the identify theft risk. An example given in the regulation is when a financial institution or creditor becomes aware that a customer inadvertently provided account information to someone fraudulently claiming to represent that financial institution or creditor in the form of a fraudulent website. In such a scenario, appropriate responses can include: a. Monitoring a covered account for evidence of identity theft; b. Contacting the customer; c. Changing any passwords, security codes, or other security devices that permit access to a covered account; d. Reopening a covered account with a new account number; e. Not opening a new covered account; f. Closing an existing covered account; g. Not attempting to collect on a covered account or not selling a covered account to a debt collector; h. Notifying law enforcement; or i. Determining that no response is warranted under the particular circumstances. Conclusion While many financial institutions and creditors have put processes in place to deal with identify theft, the overwhelming majority have not. The Red Flag Rule is now mandating that such processes be formalized into an Identity Theft Prevention Program to detect, prevent and mitigate identify theft for covered accounts. © 2008 Frost & Sullivan Page 4
  • 5. A holistic approach to information security can help to integrate compliance efforts with business objectives to efficiently focus resources on IT governance and threat management. To achieve this, financial institutions and creditors avoid creating internal silos to comply with new regulations one at a time, and instead protect information throughout the information lifecycle to ensure compliance with multiple common regulatory requirements. Ultimately, this provides focus on establishing effective governance procedures that can be centrally managed to ensure responsiveness to the changing regulatory environment. It is Frost & Sullivan’s recommendation that a combination of technology based solutions that are adaptive, real-time, and self-learning should be leveraged to optimize the detection and response of identify theft through the application of identity verification, authentication, monitoring, and anti-fraud capabilities. About Frost & Sullivan Frost & Sullivan, the Growth Consulting Company, partners with clients to accelerate their growth. The company's Growth Partnership Services, Growth Consulting and Career Best Practices empower clients to create a growth focused culture that generates, evaluates and implements effective growth strategies. Frost & Sullivan employs over 45 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from more than 30 offices on six continents. For more information about Frost & Sullivan’s Growth Partnerships, visit http://www.frost.com. C O N TA C T U S 877.GoFrost (877.463.7678) • myfrost@frost.com • www.frost.com © 2008 Frost & Sullivan Page 5