ID Theft / Red Flag Compliance

Like BSA/AML, vigilance is the key concept.

ID Theft/Red Flag compliance has a substantial technology component.

Many banks are not in full compliance with the Red Flag rules.

Usually, the deficiency comes from (1) a failure to distinguish the actual threats faced by the bank and (2) an actual system to detect and remediate risks to the bank (and bank customers) from Identity Theft. Usually, the threats require software assistance to effectively manage.

The Red Flags Rule requires banks to implement a written Identity Theft Prevention Program designed to detect the warning signs — or “red flags” — of identity theft in their day-to-day operations.

By identifying red flags in advance, banks will be better equipped to spot suspicious patterns that may arise — and take steps to prevent a red flag from escalating into a costly episode of identity theft. Again, software is part of this compliance requirement.

Here’s What the Regulators Are Looking For

Want to talk this over? Here’s the next steps:

  1. Call to discuss your needs and to obtain our Certificate of Non-Disclosure and Privacy Agreement.
  2. If we’re only spit-balling, than skip Step 3. We don’t charge for conferences or to share our experience.
  3. Review our Fee Proposal. If it is acceptable, go to next step. NOTE: depending upon the circumstances, not all information request may be necessary. The rule of thumb: if you’re paying us, we want as much information as possible. If we’re just talking, then less information may be forthcoming.
  4. Provide some information for our discussion session. Some, all or none of the below maybe appropriate.
    • Summarize examination comments (positive and negative) along with examiner recommendations and send those to us. Include in your summary both the written comments as well as any oral communication that took place. NOTE: we may not need to see copies of the actual comments; we can always review with a GoToMeeting session.
    • Gather up your current policy and procedures along with any documents you use to open accounts or perform the work. You can scan and email to our secure portal or fax them to us.
    • Gather your current reports you are using now to manage compliance.
    • Summarize your current monitoring efforts; provide copies of reports used.
  5. We’ll send you a checklist you can use to help us  understand the specifics of how you operate this part of the bank and how you are managing the compliance piece.
  6. We’ll send you the “prelim” policy and procedure in a MS WORD format to review and revise.
  7. We’ll schedule a follow-up phone conference to review your changes
  8. We’ll send the revised Policy and Procedure
  9. You provide credit card for our billing (Payment by ACH and/or check is also acceptable.)

We brought this firm to help us when our compliance program got out of control back in 1998. They’ve been a big help to us ever since… in fact, they are the longest-lived consultant our banker ever had.

BSA Customer