Red Flag Rules

Are you ready for FACTA?

The "Red Flags" rules implements FACTA by requiring each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft.

QMS offers compliance with the new FACTA “Red Flags” Identity Theft Prevention as required by the FTC.

Recent updates to the Fair and Accurate Credit Transactions Act (FACTA) of 2003 mandate that U.S. financial institutions and creditors must comply with the Identity Theft Red Flag provisions by November 1, 2008.

The ruling issued by the Federal Trade Commission (FTC) and 5 Federal bank regulatory agencies applies specifically to Section 114 of the FACTA Identity Theft Red Flags and addresses an array of accounts, organizations, and consumers, including:

·  Mortgage Broker, Mortgage Bankers, and Lenders                                   ·   Retail and business customers                                                              ·   Car Dealerships                                                                                   ·  Existing and new accounts                                                                    ·   Financial institutions and creditors

The FACTA final rules and guidelines implemented in Section 114 of FACTA call out categories of Red Flags which illustrate the types of activities that need to be identified.

QMS assists its clients with a compliance plan, programs, and annual audits that addresses the requirements for FACTA Red Flag policies and sets in place the  program implementing information, physical, data, personnel security best practices policies.

Contact Quality Mortgage Services

One such FACT Act provision is the requirement that credit card and debit card issuers must follow reasonable policies and procedures if a request for an additional or replacement card is received within a short time after the issuer has received notification of a change of address for an account. You must apply the new requirement to at least those requests received during a 30-day period from the change of address date; however, you may decide that a longer period is appropriate. Your procedures can be to notify the cardholder at a former address and provide a means of promptly reporting incorrect address changes—and you may want to include additional procedures.

While commercial and residential real estate lending and related investments as well as other risks are on the front burner as priorities, information security issues and particularly identity theft continues to be a very important compliance priority for financial institutions and other businesses. This is an appropriate time to revisit your efforts and to put your resources to work to be fully prepared to meet regulatory requirements prior to November 1, 2008. When the additional FACT Act requirements are finalized and other guidances issued, your groundwork will be soundly in place to address those requirements and keep your Identity Theft Program up to date and effective.

Another FACT Act provision has an implementing rule requiring mandatory compliance by October 1, 2008, that is, the rule providing opt-out requirements where eligibility information is provided to affiliates to be used for marketing purposes. This provision relates to other privacy notices and information security and such sharing of information can heighten the risk level for identity theft.

 

QMS will perform Red Flag Rules audit for your organization, write the QC Plan for addressing Red Flag Rules, provide corporate or company policies, and provide a an assessment of risks and mitigations procedures.

Current Status of FACT Act Rules

The Red Flags Rule is just one of several regulations issued by the regulatory agencies to implement the provisions of the FACT Act and not all of those regulations have been issued in final form with firm effective dates. However, regulations for four provisions of the FACT Act have mandatory compliance dates scheduled for fall 2008. Of course, the Red Flags Rule has a mandatory compliance date of November 1, 2008. Two other FACT Act provisions addressed in rules with mandatory effective dates of November 1, 2008, are related to and may also be incorporated into implementation of the Red Flags Rule.

The other FACT Act provision with a rule requiring mandatory compliance by November 1, 2008, applies to “users” of “consumer reports” which requires each user to form a reasonable belief that it knows the identity of a person when a “notice of discrepancy” for the address is received from a consumer reporting agency. This rule also requires reconciling the address with the current address if the user regularly furnishes information to a consumer reporting agency. This is one of the areas where your Customer Identification Program for Bank Secrecy Act compliance should be incorporated into your Identity Theft Program.

Other proposed regulations which may be finalized yet this summer or fall are addressed for planning purposes in the Fair Credit Reporting Act and FACT Act and Identity Theft Program topic in the PRINGLE Compliance Program. These regulations when finalized will complete this long round of regulatory issuances to implement the FACT Act. Also, additional guidance can be expected to be issued by the regulators to assist in ongoing compliance efforts.


Copyright © 2003-2006 Quality Mortgage Services, LLC CONTACT US EMPLOYMENT