Grateful 7 speech thanking everyone that has helped.pdf
Red Flags Rule: Are You Really Exempt
1. Red Flags Rule: Are You Exempt?
Red Flags Rule: Think you are exempt? Think again!
Kroll offers up the top questions organizations should be asking themselves to determine
applicability and, if necessary, achieve compliance
On December 18th, President Obama signed the Red Flags Program Clarification Act of 2010 into
law. At first glance, the Act effectively narrows the scope of those organizations deemed “creditors”
and, thus, obligated to comply, but many do not realize that it also contains provisions potentially
drawing in organizations that maintain accounts “subject to a reasonably foreseeable risk of
identity theft.” Not surprisingly, the Act has caused no small amount of confusion among
many organizations.
The FTC is expected to release further guidance and update their website on the Act’s implications
for businesses, but, in the meantime, many companies are left wondering: Do we have to comply?
Below, Brian Lapidus, chief operating officer for Kroll’s Fraud Solutions division, outlines questions
that organizations need to be asking themselves now to head off potential liability issues later–by
defining known risk factors and identifying ways to better protect their customers, employees, and
bottom line from crimes like fraud and identity theft.
Question #1: Are we really exempt? Question #2: Do we foresee any business
With so much confusion as to who must changes that might cause the organization to
comply with the Red Flags Rule, this is one meet the requirements for compliance?
question that an organization can’t ignore. Have your organization’s products, market,
Until further guidance arrives from the FTC, it or business model changed? Is there an
is important to recognize that certain factors acquisition or merger on the horizon?
increase the likelihood that your organization You may not be subject to the Red Flags
is considered a covered entity. Are any of the Rule now, but things change. Ensure your
accounts in your care at a high risk for identity organization is always aware of how new
theft? Do you utilize consumer credit reports at business developments can impact your
all or, at any time, report delinquent accounts liability. According to the FTC’s posted business
to a collection agency? Any organization that guide, “business models and services change.
routinely submits information on non-paying That’s why you must conduct a periodic risk
consumers to collections agencies, which assessment of your operations to help you
in turn submit such information to a credit determine if you’ve acquired any covered
reporting agency, is not exempt from the Red accounts through changes to your business
Flags Rule. structure, processes, or organization.” And if
you do anticipate a future change in status, it’s
never too early to start considering what policy
and procedural changes might be necessary to
maintain compliance.