New Identity Theft "Red Flags" Regulations
Take Effect November 1, 2008

 

            New federal Red Flags regulations designed to reduce identity theft will take effect on November 1, 2008.  According to these regulations, a "financial institution" or "creditor" that offers or maintains "covered accounts" must develop and implement a written Identity Theft Prevention Program. 

 

            Two types of accounts are "covered accounts" under the regulations.  The first type is an account offered or maintained "primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions."

 

            The second type is an account "for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks."  The Federal Register notice promulgating the final Red Flags regulations makes it clear that the intent of this arm of the definition is to extend the scope of the definition of "covered account" to cover, in particular, certain small business accounts and sole proprietorship accounts.

 

            A financial institution or creditor subject to the Red Flags regulations is required to develop and implement a written Identity Theft Prevention Program.  The program must include reasonable policies and procedures to:

 

·        Identify relevant Red Flags for the covered accounts that the financial institution or creditor offers or maintains, and incorporate those Red Flags into its Identity Theft Prevention Program;

 

·        Detect Red Flags that have been incorporated into the Identity Theft Prevention Program of the financial institution or creditor;

 

·        Respond appropriately to any Red Flags that are detected to prevent and mitigate identity theft; and

 

·        Ensure the Identity Theft Prevention Program (including the Red Flags determined to be relevant) is updated periodically, to reflect changes in risks to customers and to the safety and soundness of the financial institution or creditor.

 

            If you have questions about this article or the Red Flags regulations, please contact Tom Walsh or Brad Stohry.

 

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice.  The reader must consult with legal counsel to determine how laws or decisions discussed herein apply to the reader's specific circumstances.