T he Nov. 1, 2008, deadline to comply with the FACTA (Fair and Accurate Credit Transactions Act of 2003) Identity Theft Red Flags Rule is looming. In light of that deadline, the Office of Thrift Supervision (OTS) unveiled new examination procedures Aug. 11, 2008, to determine deficiencies in financial organizations' ability to comply with FACTA's 37 red flags.
Additionally, OTS issued two prescriptive guidelines regarding address changes and discrepancies. Many financial institutions, therefore, are realizing they need to expedite implementation of the necessary policies and procedures.
"The red flags apply to anyone that has a covered account," said Adam Elliott, President of ID Insight Inc. "This can be banks, issuers, insurance, retailers that offer credit or even 'bill me' pay options. In essence, anyone that grants credit. From a value chain perspective, this brings the processors into the fold."
Accounts covered under FACTA's Red Flag Rule are at possible risk of identity theft because they are credit card accounts, utility or cell phone bills, and medical insurance accounts that may contain Social Security numbers, driver's license numbers and other types of consumer data information.
"When something like this [Red Flag Rule compliance] comes up, the first thing the credit granters do is reach out to their processors to see what solutions they have that can help, since the processor is usually the one facilitating their fraud and risk services," Elliott added.
Red flags are relevant indicators of a possible risk of identity theft. Section 114 of FACTA specifically explains rules about how to develop and implement a written ID theft prevention program. Red flag guidelines include 15 assessments related to three principal elements of the rule - address discrepancies, card or check requests within 30 days following address changes, and ID theft and red flag conformity.
In addition to overseeing and enforcing the two prescriptive guidelines, OTS examiners will undertake six procedures to test compliance with the 37 red flag guidelines. These procedures include:
The OTS requires that boards of directors approve their financial institutions' FACTA compliance programs by Nov. 1. The OTS also mandates that financial institutions implement programs to identify, detect and respond to ID theft indicators.
Elliott said this means all system changes, policies, procedures and training programs must be in place by the Nov. 1, 2008, deadline.
"One thing that came out of this OTS thing that caught our ears is that financial organizations are not making this a high priority. They think they can have a tentative plan in place and are counting on some flexibility until they get their first audit in February 2009," Elliott said. "But based on the OTS exam procedures, they want everything in place by November first, period."
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
Prev Next
