Some of you already knew this, but many of you may not, and that is that I strive to go above and beyond normal customer service. One way I do that is to educate myself on everything that effects my clients, including Identity Theft. I am one of the few (and probably the first) mortgage professionals who obtained the Certified Identity Theft Risk Management Specialist designation. Basically, I studied Identity Theft, how to prevent it, and even how to educate businesses on what they are required by law to do.
The Identity Theft Red Flags Rule is a part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA). There was an issuance of a final rule pertaining to the Identity Theft Red Flags Rule that implements sections 114 and 315 of FACTA. The purpose of this ruling is to minimize incidents of Identity Theft and fraud related to the handling of accounts by financial institutions and creditors and users of consumer reports.
So, what does it mean to you?
Well, maybe nothing, maybe everything. If you are a mortgage broker, a financial institution, deal with credit reports, or anything else that applies under this law, you better have a program in place or failure to do so can put you out of business or even in jail.
The program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft for your customers. It also requires the program to enable the company to specifically:
- Identify relevant patterns, practices, and specific forms of activity that are "red flags" signaling possible identity theft and incorporating them into the program
- Detect red flags that have been incorporated into the program
- Respond appropriately to any red flags that are detected to prevent and litigate identity theft
- Ensure the program is updated periodically to reflect changes in risks from identity theft
The agencies issued guidelines to assist financial institutions and creditors in developing and implementing the program. They even included a supplement that provides examples of red flags.
The final rules even require users of consumer reports (ie credit reports) to develop reasonable policies and procedures to apply when they receive a notice of address discrepancy from a consumer reporting agency.
It is important to note that the rule does not automatically apply to every business. However, any company that maintains records, such as is required by mortgage brokers, is included. If you are unsure if your company is effected, ask yourself if your company maintains accounts that contain sensitive information that poses a risk for identity theft if compromised. If the answer is yes, whether or not the law actually requires it, you should have a program in place.
The final ruling takes effect January 1, 2008 with mandatory compliance by November 1, 2008.
Recent Comments