Reg Flag Expectations
Like BSA, Red Flag is a reporting, monitoring and remediation regulation
Here are the expectations for Red Flag Compliance
Each financial institution is required to implement a Red Flag / Identity Theft program that considers the guidelines in Appendix J of the regulation (an easy to use copy is available for download here). Then, the bank must include in its Program those guidelines that are appropriate.
Why Many Banks Fail in Red Flag Compliance
Most bank Red Flag programs fail to figure out which guidelines to follow. They dump the entire Red Flag App J into their policy, not realizing that many of those flags do not apply to their bank. It should be remembered that the guidelines are intended to assist financial institutions in the formulation and maintenance of a Program that satisfies the regulatory requirements. They are not to be used as a “de facto” policy.
A second failing most Red Flag programs have is not creating a way to account for the overall effectiveness of its Program that is appropriate to its size and complexity and the nature and scope of its activities. In other words, a bank must be monitoring the Red Flag program in terms of its overall activity. NOTE: the Red Flag policy has become inextricably entwined with the EFT Rules of Regulation Rules and the most recent policies published by VISA for their member banks.
Want more information? Here’s how to get the ball rolling.
- Call to discuss your needs and to obtain our Certificate of Non-Disclosure and Privacy Agreement.
- If we’re only spit-balling, than skip Step 3. We don’t charge for conferences or to share our experience.
- Review our Fee Proposal. If it is acceptable, go to next step. NOTE: depending upon the circumstances, not all information request may be necessary. The rule of thumb: if you’re paying us, we want as much information as possible. If we’re just talking, then less information may be forthcoming.
- Provide some information for our discussion session. Some, all or none of the below maybe appropriate.
- Summarize examination comments (positive and negative) along with examiner recommendations and send those to us. Include in your summary both the written comments as well as any oral communication that took place. NOTE: we may not need to see copies of the actual comments; we can always review with a GoToMeeting session.
- Gather up your current policy and procedures along with any documents you use to open accounts or perform the work. You can scan and email to our secure portal or fax them to us.
- Gather your current reports you are using now to manage compliance.
- Summarize your current monitoring efforts; provide copies of reports used.
- We’ll send you a checklist you can use to help us understand the specifics of how you operate this part of the bank and how you are managing the compliance piece.
- We’ll send you the “prelim” policy and procedure in a MS WORD format to review and revise.
- We’ll schedule a follow-up phone conference to review your changes.
- We’ll send the revised Policy and Procedure.
- You provide credit card for our billing. (Payment by ACH and/or check is also acceptable.)
Need a strategy?
Need help to execute a strategy? Let’s get the conversation started. Call 800-521-0236 or