Introduction

In November of 2007, the Federal Trade Commission (FTC) and five federal bank regulatory agencies (FDIC, OCC, Federal Reserve, OTS and NCUA) jointly issued the final rules and guidelines implementing sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACT Act). Under these regulations, the “Red Flag Rule” was adopted which requires the development, implementation, and maintenance of an Identity Theft Prevention Program by covered companies that hold any customer accounts. Effective January 1, 2008 FACTA mandates compliance by November 1, 2008.

"RED FLAG" Compliance

The Red Flag Rule requires all financial institutions and creditors with "covered accounts" to implement an Identity Theft Prevention Program to detect, prevent and mitigate identify theft for covered accounts.  The four general elements that the Program must contain are “reasonable policies and procedures” to:

• Identify and incorporate Red Flags for covered accounts
   

• Detect Red Flags that are included in the Program
   

• Respond to those Red Flags appropriately
   

• Update the Program periodically to reflect the risk to the customer or to the safety of the financial institution or creditor from identify theft.