Listen to: "What Is the FTC Red Flags Rule and Who Must Comply?"
Financial industry business leaders, along with consumers, continually try to stay as many steps ahead of identity thieves as possible. However, this particular brand of criminal is tireless and endlessly creative in the goal of creating havoc for everyday citizens and creditors.
Approximately nine million Americans become victims of identity theft each year, notes the Federal Trade Commission (FTC), which results in emptied bank accounts, damaged credit, and life-and-death risks related to the nefarious alteration of patient medical records. Identity theft also hurts creditors and related financial institutions, in terms of stacks of unpaid bills, thanks to identity scam artists.
The FTC developed a series of markers, or “red flags,” to help organizations detect fraud attempts before criminals can make any actual progress with the FTC Red Flags Rule.
Most businesses have worked diligently over the years to combat identity fraud risks; however, other organizations have not done everything possible to prevent identity fraud. The Red Flags Rule intends to help all businesses make improvements to protect their customers and their businesses.
What Is the FTC Red Flags Rule?
The FTC has come up with a strategy to create a solution called the FTC Red Flags Rule, which is a United States federal regulation that requires businesses to adopt and implement identity fraud programs to help prevent and detect instances of identity fraud.
The Red Flags Rule requires organizations to implement a written identity theft prevention program to help them identify any of the relevant “red flags” that indicate identity theft in daily operations. The Rule also offers steps to help prevent the crime and to mitigate its damage.
Basically, this program intends to help organizations see suspicious patterns, take appropriate steps and prevent the expensive consequences of identity fraud.
Once implemented, businesses must make updates, as needed. It is also important, in regard to the overall health of the program and for ongoing compliance, for creditor organizations or persons to engage a professional auditing team for risk assessments and control activities to avoid common compliance risks.
The Five Categories of Red Flags
The FTC makes it clear that the prescribed red flags is not a checklist. Instead, the five categories the FTC recommends are simply examples that creditors and financial institutions can use as a launch point.
Here are the five categories of red flags:
- Warnings, alerts, alarms or notifications from a consumer reporting agency
- Suspicious documents
- Unusual use of, or suspicious activity related to, a covered account
- Suspicious personally identifying information, such as a suspicious inconsistency with a last name or address
- Notifications from customers, law enforcement authorities, other businesses and victims of identity theft regarding possible identity theft regarding specified accounts.
Each FTC Red Flags Program Needs to Contain Four Basic Elements
The Red Flags Program helps organizations plan, develop, implement and administer an identity theft prevention program to ensure compliance.
Here are the four basic elements to help organizations create a framework to manage the threat of identity fraud and theft:
- The program needs to included reasonable policies and procedures to make it easier to identify red flags for identity fraud, which may occur in standard operations. Red Flags present as suspicious patterns or specific practices that provide clues that there may be identity fraud activity.
- The program needs to be tightly designed to detect any red flags that stray from standard policies and procedures, allowing for easy identification of inconsistencies that indicate identity theft.
- The program must clearly indicate the appropriate actions that need to be taken when red flags are detected.
- The program needs to clearly detail how the Red Flags Team will keep everything current to reflect new and emerging threats.
Who Must Comply with the Fair Credit Reporting Act’s Identity Theft Rules?
The FTC requires that financial institutions and some creditors conduct periodic risk assessments to determine whether the business has any covered accounts.
A financial institution, according to the Red Flags Rule, may be a state or national bank, a mutual savings bank, a federal or state savings and loan association, a federal credit union, or a person that holds a transaction account that belongs to a consumer.
The criteria for creditors are somewhat more complex.
Here are a few key questions to help determine if a business is a creditor, according to the Red Flags Rule:
Does the business or organization regularly:
- Defer payment for goods and services?
- Grant or arrange credit?
- Participate in the decision to renew, extend or set credit terms?
If the answer is “no” to all questions, the Rule does not apply. If the answer to one or more questions is “yes,” ask the following:
Does the business regularly:
- Request, get and use consumer reports regarding a credit transaction?
- Turn in information to credit reporting agencies regarding a credit transaction?
- Provide funds to someone who must repay them, whether with funds or pledged property as collateral?
If the answer is “no” to all, the Rule is not applicable. If the answer is “yes” to one or more, the business is considered a creditor under the Rule.
Beware the Penalties Involved with Non-Compliance with FTC Red Flags Rule Regulations
In conjunction with the federal bank regulatory agencies and the National Credit Union Administration (NCUA), the FTC is part of the Fair and Accurate Credit Transactions (FACT) Act of 2003. Together, these bodies have determined the penalties associated with non-compliance.
The penalty for non-compliance with the Red Flags Rule is $3,500 maximum in civil fines per violation and up to $2,500 per infraction due to the FTC, notes Identity Theft Awareness.
We Can Help You Work Out the Details for the FTC Red Flags Rule to Ensure Compliance, Protect Your Customers and Avoid Penalties
Are still concerned about protecting your customers from identity theft? Have you determined whether your business is technically a creditor? Do you need more information on achieving and maintaining FTC Red Flags Rule compliance to protect your organization’s reputation and profits?
For those questions and more, our team here at I.S. Partners, LLC. has plenty of information to help get you up to speed.