Comply with Red Flags
Certain financial institutions and creditors must comply with Red Flags Rule and implement an identity theft prevention program to detect red flags and prevent identity theft. Although the broad definitions of financial institutions and creditors provided by the Rule may not be used by certain organizations to categorize themselves for Red Flag compliance purposes, many companies fall within the definition of the law and must comply with the Red Flags law. Typically and in simple language, if a company allows its customers to pay for services and products in multiple payments or transactions and uses credit reports to make credit decisions or furnishes account information to credit reporting agencies falls within the definition of the Red Flags law.
The list of the companies who must comply with Red Flags Rule is long and includes state or national banks, state or federal savings and loan associations, mutual savings banks, state or federal credit unions, and any other entity that directly or indirectly holds a “covered account” or "transaction account" belonging to a consumer. Basically, covered accounts include transaction accounts which allow consumers to make multiple payments or transfers to third parties. When in doubt whether an account is a covered account under the law, consider that a covered account is an account for which there is a foreseeable risk of identity theft such as accounts used for personal and small business or sole proprietorship accounts.
As you can see, the federal identity theft prevention law applies to many organizations and businesses who must comply with Red Flags. More specifically, companies which allow multiple payments for their goods or services include utility companies, health care providers, mortgage lenders, car dealers, credit card companies, finance companies, telecommunication companies and retailers to name a few. In addition, third parties who regularly participate in the credit decision making process such as debt collectors fall within the definition of “creditors” under the Red Flags Rules.
Compliance with the Red Flags law is enforced by various agencies including the Federal Trade Commission (FTC) which extends its jurisdiction to state chartered credit unions and all other institutions that hold covered accounts as well as the federal bank regulatory agencies and the National Credit Union Administration.
There are many strategies which can be considered when deciding how to comply with the Red Flags law. Such considerations include timing, scope, responsibility and training for designing and implementing the identity theft prevention program to identify, detect and mitigate identity theft red flags.
Identity Management Institute can help you comply with Red Flags Rule with its training and certification services.