Regulatory Reality

May 23 2009   6:53PM GMT

Red Flags and contractors

Marcia Savage Marcia Savage Profile: Marcia Savage

I attended an ISSA-Silicon Valley chapter meeting this week, where the featured speaker, Jim Anderson, gave an interesting presentation on the Red Flags Rule. For the uninitiated, the rule – issued by federal regulators in 2007 – requires financial institutions and creditors to have a program for spotting red flags that indicate possible identity theft. Anderson, who is president of consulting firm Professional Assurance in Pleasanton, Calif., and has 12 years of experience working in commercial banks, stressed that the Red Flags Rule requires organizations ensure their contractors are compliant. High up on organizations’ Red Flags to-do list is notifying relevant third parties of their obligation to comply with the rule, he said.

In a phone interview after the meeting, Anderson said the main types of service providers that are subject to the Red Flags rule are one that are involved in the process of evaluating credit worthiness or that process credit-based transactions. Those service providers need to demonstrate to their customers that they are compliant with the rule, ideally with a written identity-theft prevention program, as called for in the regulation, he said. If the third party can’t provide definitive evidence of compliance, they should be put on notice that their contract may be subject to modification or termination, Anderson said.

“The regulated entity, the one with the covered accounts, is responsible for compliance, but what Red Flags does is raise the visibility level of third parties and that they have to be considered in one’s compliance,” he said.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: