 |
|
Home Are you ready for FACTA? The "Red Flags" rules implements FACTA by requiring each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft.
|
Red Flag RulesAre you ready for FACTA? The "Red Flags" rules implements FACTA by requiring each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft. Recent updates to the Fair and Accurate Credit Transactions Act (FACTA) of 2003 mandate that financial institutions and creditors must comply with the The ruling issued by the Federal Trade Commission (FTC) and 5 Federal bank regulatory agencies applies specifically to Section 114 of the FACTA Identity Theft Red Flags and addresses an array of accounts, organizations, and consumers, including:
The FACTA final rules and guidelines implemented in Section 114 of FACTA call out categories of Red Flags which illustrate the types of activities that need to be identified. QMS assists its clients with a compliance plan, programs,
and annual audits that addresses the requirements for FACTA
Red Flag policies and sets in place the program implementing information, physical, data,
personnel security best practices policies.
One such FACT Act provision is the requirement that credit card and debit card issuers must follow reasonable policies and procedures if a request for an additional or replacement card is received within a short time after the issuer has received notification of a change of address for an account. You must apply the new requirement to at least those requests received during a 30-day period from the change of address date; however, you may decide that a longer period is appropriate. Your procedures can be to notify the cardholder at a former address and provide a means of promptly reporting incorrect address changes -- and you may want to include additional procedures. While commercial and residential real estate lending and related investments as well as other risks are on the front burner as priorities, information security issues and particularly identity theft continues to be a very important compliance priority for financial institutions and other businesses. This is an appropriate time to revisit your efforts and to put your resources to work to be fully prepared to meet regulatory requirements prior to November 1, 2008. When the additional FACT Act requirements are finalized and other guidances issued, your groundwork will be soundly in place to address those requirements and keep your Identity Theft Program up to date and effective. Another FACT Act provision has an implementing rule requiring mandatory compliance by October 1, 2008, that is, the rule providing opt-out requirements where eligibility information is provided to affiliates to be used for marketing purposes. This provision relates to other privacy notices and information security and such sharing of information can heighten the risk level for identity theft. QMS will perform Red Flag Rules audit for your organization, write the QC Plan for addressing Red Flag Rules, provide corporate or company policies, and provide a an assessment of risks and mitigations procedures. FTC further delays enforcement of Red Flags RuleThe Federal Trade Commission (FTC) will delay enforcement of the new "Red Flags Rule" until Aug. 1, 2009 to give creditors and financial institutions more time to develop and implement written identitiy theft prevention programs. For entities that have a low risk of identity theft, such as businesses that know their customers personally, the Commission will soon release a template to help them comply with the law. The announcement does not affect other federal agencies' enforcement of the original Nov. 1, 2008 compliance deadline for institutions subject to their oversight. "Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further," said FTC Chairman Jon Leibowitz. The fair and Accurate Credit Transactions Act of 2003 (FACTA) directed financial regulatory agencies, including the FTC, to promulgate rules requiring creditors and financial institutions with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. FACTA's definition of "creditor" applies to any entity that regularly extends or renews credit -- or arranges for others to do so -- and includes all entities that regularly permit deferred payment for goods or services. Accepting credit cards as a form of payment does not by itself make an entity a creditor. Some examples of creditors are finance companies, automobiles dealers that provide or arrange financing, mortgage brokers, utility companies, telecommunications companies, non-profit and government entities that defere payment for goods and services, and businesses that provide services and bill later, including many lawyers, doctors, and other professionals. "Financial institutions" include entities that offer accounts that enable consumers to write checks or make payments to thrid parties through other means, such as other negotiable instruments or telephone transfers.
|
About QMS
|
|
Home |
About QMS |
Mortgage Compliance Solutions |
FAQS |
MARS |
HUD |
Mortgage Servicing |
Published Articles |
Contact QMS |
Employment |
Products |
Resources |