Identity management training is a necessary component of any effective identity risk management program which encompasses access management, identity verification and validation, privacy, fraud prevention and detection, and compliance. Companies typically develop identity risk management training programs for their employees, customers and business partners who access their information to ensure that not only they comply with the various regulatory requirements, but also to educate the target audience about identity risks, their responsibilities for managing the risks, company policies and procedures, and consequences of not following the established policies and guidelines. Training programs often serve specific goals such as awareness regarding policies and procedures; however, identity management training may also be developed to reduce fraud costs.
Although, the majority of a company’s identity risk management components also address the regulatory requirements, it is wise to keep compliance in perspective as we develop risk management programs and identity risk management training materials. There are a few good reasons for this mindset but the overall goal should be to reduce risks and comply with the laws at lowest cost possible. Too often, companies perform compliance, risk management and training activities in piecemeal which introduce duplication of efforts, reduced productivity, and increased costs. It is best to manage these activities centrally as much as possible to ensure comprehensiveness, effectiveness and efficiency, although, some of the tasks can be delegated to internal or external staff while they are monitored. In case you are wondering about some of the identity management laws, they include Customer Identification Program (CIP), Know Your Customer (KYC), Anti-Money Laundering (AML), Red Flags Rule, GLBA, HIPAA, HITECH, FFIEC Internet Banking Authentication, etc. Visit the regulation section for details.
For compliance with regulations including detection and reporting of money-laundering and terrorism financing activities, companies must have policies and procedures for proper identification of customers and account activity monitoring to detect suspicious and fraudulent activities. Other identity risk management activities may address identity security and privacy.
Identity Management education and training programs can be developed in a variety of formats such as PowerPoint, audio or video recordings and delivered to the target audience through many available options such as in person, online, self training with study guides, CDs and DVDs, or by phone. Training program decisions are made as we consider training goals, target audience, and the best methods for presenting the information to meet budgets and time objectives.