Red Flags Rule: Are You Compliant?

If you are anywhere near the lending or banking industry you have heard of the Red Flags Rule. If you are a landlord you may fall under this rule so if you have not heard of it let me explain. The Federal Trade Commission (FTC) is fighting back against identity theft. This is nothing new, there has already been security measures taken to protect personal information. The Red Flags Rules is in additional to everything else already in place. Some of the previous things in place include; no personal information can be left where any unauthorized person would have access, files must be destroyed, and personal data needs passwords when being sent through unsecure lines (like an email).

Red Flags Rule requires Financial Institutions and Creditor to have an identity Theft Prevention Program. Each program must have four pieces:

• 1. Must have reasonable policies to indentify identity theft “red flags”. These are specific activities that indicate possible identity theft.
• 2.Must have a process to detect these “red flags”. For example if in your business you verify IDs and list a fake ID as a possible “red flag” you must have a procedure that you do to detect fake IDs.
• 3.Must spell out actions you take when you detect a “red flag”.
• 4.Must reevaluate your program on a regular basis as this is an ever-changing issue we all face.

Did I mention your plan must be in writing and must state who in the company is responsible the plan is followed.

Who must comply?

All Financial Institutions and Creditors with covered accounts must comply. Let’s first define Financial Institution and Creditor and then explore covered accounts.

Financial Institution: A state or national bank, savings and loan, credit unions, or anyone directly or indirectly holds a transaction account for a consumer.

Creditor: This is not as clear. These include businesses or individuals who defer payments for goods or services or provide services and bill later. These are companies like phone companies, utility and health care providers.

Other creditors include anyone who grants loans, arranges for loans, or makes credit decisions. Both real estate agents and mortgage brokers are specifically called out and listed as a creditor in the rule. Others include anyone who participates in credit decisions for extensions, renews, or continuations. This would include debt collector or loan modification companies. I don’t see landlords in here and it is not clear since rent is normally paid in advance so you may be clear but if you ever take a deposit in payments you would surely qualify as a creditor. You may choose to comply to play it safe.

If you fall under one of those two, most likely a creditor than you need to look at if your business deals with covered accounts. There are two accounts that are covered:

• 1. Consumer accounts offered to clients that are primarily for personal, family, or household purposes. These accounts are designed to have multiple payments. Hello does this screen tenant to you?
• 2.Any other account where there is a reasonably risk to clients or to the safety and soundness of the financial institution or creditor from identity theft.

They both seem really broad to me. It is almost safest to just comply if you are a financial institution or creditor.

These rules went into effect January 2009 and were being enforced beginning May 1st 2009. More than 9 million people have their identity stolen each year. If you know anyone that has, you probably know the nightmare and years of effort it takes to resolve. Please do what you can to protect the identity of people you work with and please do what you can to stay compliant with the Red Flags Rule. For more information please visit the FTC website or follow this link: http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus23.shtm