The Red Flags Rule and Why It’s Important
The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – red flags – of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate its damage.
The Red Flags Rule tells businesses how to develop, implement and administer an identity theft program with 4 basic elements:
- Program must include reasonable policies and procedures to identify the red flags of identity theft that may occur in the day-to-day operations. Red Flags are suspicious patterns or practices, or specific activities that indicate the possibility of identity theft.
- Program must be designed to detect the red flags identified.
- Program must spell out appropriate actions you’ll take when you detect red flags.
- Program must detail how it will be updated to reflect new threats.
Financial institutions are defined by the Red Flags Rule as a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or a person that, directly or indirectly, holds a transaction account belonging to a consumer.
Creditors are defined by the Red Flags Rule based on conduct. If the business defers payments for goods and services or bills customers, grant or arrange credit, or participates in the decision to extend, renew, or set the terms of credit while regularly using consumer reports in connection with a credit transaction, giving information to credit reporting companies in connection with a credit transaction, or advances funds to, or for, someone who must repay them with funds or pledged property, it is a creditor under the Red Flags Rule if it deals with covered accounts.
Financial institutions and creditors are required to conduct a periodic risk assessment to determine if they have “covered accounts.” Those with covered accounts must implement a written program. Covered Accounts can be split into 2 categories:
- A consumer account for customers for personal, family, or household purposes that involves or allows multiple payments or transactions. Examples: credit card accounts, mortgage loans, auto loans, and checking and savings accounts.
- Any other account that a financial institution or creditor offers or maintains for which there is reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft.
The bottom line is that a program can help businesses spot suspicious patterns and prevent the costly consequences of identity theft for consumers.