RED FLAG RULES
         May 1, 2009
Every 12 seconds 3.4 identities are stolen

    in the United States
    Over 250 Million sensitive records have

    be...
People




      Oversight                       Process




           Technology            Policy




What we will disc...
Government Regulations

    ◦ GLB
                                             May 1
    ◦ FACT Act                      ...
Financial Privacy Rule
  • Privacy Notice Requirement

Safeguards Rule
  •Policy and procedures to secure customer
  data
...
Must establish written program to: 114
  • Detect
  • Prevent
  • Mitigate identity theft
Program will apply to: 114
  • E...
“Financial Institutions” include:
 Banks, S&L, Credit Unions or any other
  entity that directly or indirectly holds a
  ...
Requires Creditor (Loan Originator) to:
 Form a reasonable belief of “true identity”
  when it is observed an address mis...
Provide implementation

    ◦ Section 114 – RED FLAG Guidelines
    ◦ Section 315 – Address Discrepancies

    Regulation...
Creditor

    ◦ Any organization that regularly
      extends, renews, or continues credit

    ◦ Any organization that r...
Covered Account

    ◦ A consumer account designed to permit
      multiple payments or transactions

    ◦ Any other acc...
A RED FLAG is a pattern, practice, or

    activity that indicates the possible
    existence of identity theft.

    Ide...
Fight the battle against identity theft:

  • Implement data security practices making it
    harder to gain access to per...
Picks up where data security leaves off



    Seeks to prevent identity theft by:

     ◦ Ensuring your company is watc...
• Executive or                               • Risk
       Board                                        Management
       ...
Board of Directors/Senior Management to

    approve program
    Ensure oversight of the Program


    Select a “Red Fla...
Written Info Policy

    ◦ Outline the Red Flags of Identity Theft
    ◦ Detection of Red Flags
    ◦ Prevention and miti...
Red Flag Officer Duties

    ◦ Base identity theft detection on current
      business
    ◦ Closely examine all suspect ...
Banks/Credit Unions

    Debt Collection Agencies

    Retailers who extend credit

    Credit/finance companies

    ...
Penalties and fines

    ◦   GLB - $1,000,000 per Occurrence
    ◦   GLB - 10 Years in Jail – Executives of Company
    ◦...
Brand Damage

    ◦ Bad publicity – TV, Radio or Press

    Customer loss



    Loss of Key Business Partners



    L...
Docs/Data




           Process




                                 People




Suspicious Activities
Identify Risk Factors
  • Different accounts = different risks

Sources of Red Flags
  • Ask yourself “How can identity th...
Changes in a credit report or consumer‟s
 activity may signal identity theft:

    Fraud or active duty alert

    Notice...
Paperwork may signify identity theft:

  Identification looks altered or forged

 Person presenting ID doesn‟t look like...
Identity thieves use personally identifying
  information that doesn‟t make sense:

  SS# used by someone else opening an
...
How the account is being used may be an
 alert:

  Customer does not make first payment

 An account used in a way incon...
Extra layers of protection

  • Instant Identity Verification Services
  • Laptop Security and Data Encryption Products
  ...
Wholesale
                           Lender




        Creditor                Credit
                               Bure...
Vendors




                             Service
        Creditor
                             Bureaus
      (Loan Origina...
“…. Every business needs to adopt a written
 plan, but the FTC will not be talking to us
 „about particular technology‟ be...
New Red Flag Requirements for Financial
 Institutions and Creditors will Help Fight Identity
 Theft”
 ftc.gov/bcp/edu/pubs...
They
   told me
     the
  examiners
 are coming.

   I say
  we’re
  ready!
Q&A
BFO SOLUTIONS INCORPORATED headquartered in San Diego, California;
  offers five (5) primary services to the Mortgage Lend...
Theresa C. Ballard
BFO SOLUTIONS INCORPORATED
1460 South Creekside Drive
Chula Vista, CA 91915
Phone 619-397-2603
Cell    ...
Red Flag Rules
Upcoming SlideShare
Loading in...5
×

Red Flag Rules

1,277

Published on

A Power Point outlining the high level requirements of the FACT Act Red Flag Rules

Published in: Economy & Finance, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,277
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Red Flag Rules"

  1. 1. RED FLAG RULES May 1, 2009
  2. 2. Every 12 seconds 3.4 identities are stolen  in the United States Over 250 Million sensitive records have  been stolen since 2005 20% of Americans will have their  identities stolen this year 45 Billion Dollars has been lost due to  Identity Theft since 2007 Identity Theft Statistics
  3. 3. People Oversight Process Technology Policy What we will discuss
  4. 4. Government Regulations  ◦ GLB May 1 ◦ FACT Act 2009 11-1-2007 Final Regulations 11-22-2003 – FACT Act Passed Gramm Leach Bliley 1999 Background
  5. 5. Financial Privacy Rule • Privacy Notice Requirement Safeguards Rule •Policy and procedures to secure customer data Pretexting Protection •Set precautions to protect consumer non public information Gramm-Leach-Bliley Act (GLBa)
  6. 6. Must establish written program to: 114 • Detect • Prevent • Mitigate identity theft Program will apply to: 114 • Existing accounts • Opening new accounts Issuers of credit/debits cards to: 114b • Verify validity of change of address requests matched with requests for additional or replacement cards FACT Act – Section 114
  7. 7. “Financial Institutions” include:  Banks, S&L, Credit Unions or any other entity that directly or indirectly holds a transaction account belonging to a consumer. “Creditors” include:  Any person who extends, renews or continues credit. Specifically includes Mortgage Brokers and Realtors. SECTION 114
  8. 8. Requires Creditor (Loan Originator) to:  Form a reasonable belief of “true identity” when it is observed an address mismatch between application and what is on the credit report. “ADDRESS DISCREPANCY POLICY” FACT Act – Section 315
  9. 9. Provide implementation  ◦ Section 114 – RED FLAG Guidelines ◦ Section 315 – Address Discrepancies Regulation applies to financial institutions  or creditors that offer “covered accounts” Bottom Line – Creditors must develop  and implement an Identity Theft Program Final Rules of FACT Act
  10. 10. Creditor  ◦ Any organization that regularly extends, renews, or continues credit ◦ Any organization that regularly arranges for the extension, renewal or continuation of credit. ◦ Any assignee of an original creditor who participates in the decision to extend, renew, or continue credit. Red Flag Definitions
  11. 11. Covered Account  ◦ A consumer account designed to permit multiple payments or transactions ◦ Any other account for which there is a reasonably foreseeable risk from identity theft. Transaction Account  ◦ A deposit or other account from which the owner makes payments or transfers. Transaction accounts include checking accounts Red Flag Definitions (Continued)
  12. 12. A RED FLAG is a pattern, practice, or  activity that indicates the possible existence of identity theft. Identity Theft is a fraud committed or  attempted using the information of another person without authority. Red Flag Definitions (Continued)
  13. 13. Fight the battle against identity theft: • Implement data security practices making it harder to gain access to personal information necessary to necessary to open or access accounts. • Recognizing Red Flags that suggest fraud may be taking place RED FLAG RULES
  14. 14. Picks up where data security leaves off  Seeks to prevent identity theft by:  ◦ Ensuring your company is watching for signs that a crook is using your customer‟s information RED FLAG RULES
  15. 15. • Executive or • Risk Board Management Oversight Threat Red Flag Analysis Detection ID Theft Threat Mitigation Intelligence • Vendor • Employee Oversight and Partner Training Identity Theft Program
  16. 16. Board of Directors/Senior Management to  approve program Ensure oversight of the Program  Select a “Red Flag Officer” to maintain  program Train appropriate staff and vendors  Oversee service provider arrangements  ◦ Require a copy of their Red Flag Program Program Administration
  17. 17. Written Info Policy  ◦ Outline the Red Flags of Identity Theft ◦ Detection of Red Flags ◦ Prevention and mitigation of identity theft Data Handling Policy  Admin by Board of Directors/Sr. Mgr  Compliance report – Annual  Must be reviewed and updated  Must contain response plan  Vendor compliance  Compliance Requires
  18. 18. Red Flag Officer Duties  ◦ Base identity theft detection on current business ◦ Closely examine all suspect items ◦ Train staff and vendors on Red Flag Program ◦ Perform and execute a written examination ◦ Execute a report for each Red Flag detected ◦ Restrict document access ◦ Document disposal procedures Red Flag Officer
  19. 19. Banks/Credit Unions  Debt Collection Agencies  Retailers who extend credit  Credit/finance companies  Insurance companies  Colleges/Trade Schools  Real Estate Brokers  Mortgage Lenders  Mortgage Brokers  Who must comply?
  20. 20. Penalties and fines  ◦ GLB - $1,000,000 per Occurrence ◦ GLB - 10 Years in Jail – Executives of Company ◦ Red Flag - $1000 Civil Liability per Occurrence ◦ Red Flag - $2,500 Fine per Occurrence ◦ Class Action Lawsuit – No statute of limitations Actual Damages  ◦ Average of $92,893 Board or Sr. Mgr responsible for  admin, implementation Non Compliance
  21. 21. Brand Damage  ◦ Bad publicity – TV, Radio or Press Customer loss  Loss of Key Business Partners  Legal Costs  ◦ In excess of $100,000 per occurrence Non Compliance
  22. 22. Docs/Data Process People Suspicious Activities
  23. 23. Identify Risk Factors • Different accounts = different risks Sources of Red Flags • Ask yourself “How can identity theft affect my business?” • What are the experiences other members in your industry? Technology and criminal techniques • Always changing – keep up to date on new threats! RED FLAGS
  24. 24. Changes in a credit report or consumer‟s activity may signal identity theft: Fraud or active duty alert  Notice of credit freeze  Notice of address discrepancy  Pattern of activity inconsistent with past  HAVE A PLAN TO ADDRESS EACH Credit Reports
  25. 25. Paperwork may signify identity theft: Identification looks altered or forged   Person presenting ID doesn‟t look like photo or match physical description  Information on ID doesn‟t match other information provided. SUSPICIOUS DOCUMENTS
  26. 26. Identity thieves use personally identifying information that doesn‟t make sense: SS# used by someone else opening an  account  Person omits required information on an application and doesn‟t respond to requests for additional information  An address, phone # used on an account you know to be fraudulent Suspicious Personal ID
  27. 27. How the account is being used may be an alert: Customer does not make first payment   An account used in a way inconsistent with established patterns  Mail sent to customer that‟s returned repeatedly as undeliverable Suspicious Account Activity
  28. 28. Extra layers of protection • Instant Identity Verification Services • Laptop Security and Data Encryption Products (fingerprint scanning, encryption vaults) • Data Breach/Data Base Insurance • Breach Response Programs • File Cabinets with strong locks - GLB requirement • Paper Shredders or Service Tips that will help you!
  29. 29. Wholesale Lender Creditor Credit Bureaus (Loan Originator) Others Who will need your plan
  30. 30. Vendors Service Creditor Bureaus (Loan Originator) Others Who’s plan will you need?
  31. 31. “…. Every business needs to adopt a written plan, but the FTC will not be talking to us „about particular technology‟ because there is a consensus that technology moves too quickly for regulators to approve or disapprove of any particular technology or counter-measures.” Mark Groman - FTC Chief Privacy Officer As spoken to The Boston Bar Association January 14, 2009 Technology
  32. 32. New Red Flag Requirements for Financial Institutions and Creditors will Help Fight Identity Theft” ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm The “Red Flags” Rule: Are you complying with New Requirements for Fighting Identity Theft? ftc.gov/bcp/edu/pubs/articles/art10.shtm The Red Flags Rule ftc.gov/os/fedreg/2007/november/071109redflags.pdf Information Security Interactive Video Tutorial ftc.gov/bcp/edu/multimedia/interactive/infosecurity/index.html Resources
  33. 33. They told me the examiners are coming. I say we’re ready! Q&A
  34. 34. BFO SOLUTIONS INCORPORATED headquartered in San Diego, California; offers five (5) primary services to the Mortgage Lending Industry. All services are offered on a local, regional and national basis. BFO SOLUTIONS‟ philosophy and integrated approach ideally meet the real needs of clients using an outsourcing facility for efficiency and accountability. BFO offers tailored services to its individual clients. Each service is offered on a “per project” basis or as a “whole package”. The concept of offering these services to the mortgage lending industry is unique in the sense that they are offered on a “per loan or per doc basis”. BFO Solutions offers the Lender or Broker the opportunity of transferring a fixed cost into a variable cost. Services offered  Quality Control Program Development and Review  Due Diligence Review  Loan Guaranty (VA) and Loan Endorsement (FHA) Submissions  Post Closing and Delivery of Files to Investor  Final Document Tracking/Retrieval BFO Solutions, Inc.
  35. 35. Theresa C. Ballard BFO SOLUTIONS INCORPORATED 1460 South Creekside Drive Chula Vista, CA 91915 Phone 619-397-2603 Cell 619-977-1033 Fax 619-397-2604 Email tballard@bfosolutions.com www.bfosolutions.com BFO Solutions, Inc.

×