Red Flag Rules Will Impact Most Businesses
Historians claim the earliest reference to the use of a red flag for an official purpose arose in the early 17th century when armies used a red flag to signal that they were prepared to do battle. Since that time, red flags have been utilized for many purposes, but generally have come to mean a warning. When you see a red flag, you are to take notice.
Most U.S. businesses need to take notice of the mandatory Nov. 1, 2008, deadline to comply with new regulations of the U.S. Fair and Accurate Credit Transactions Act of 2003 (FACTA), referred to as the Red Flag Rules. Enacted on Jan. 1, the regulations apply to a very broad list of businesses, including financial institutions and “creditors” with “covered accounts.” The U.S. Federal Trade Commission defines a creditor as “lenders such as banks, finance companies, automobile dealers, mortgage brokers, utility companies and telecommunications companies,” but the list is not all-inclusive.
As stated above, the regulations apply to all businesses that have “covered accounts,” which includes any account for which there is a foreseeable risk of identity theft. This significantly expands the definition to include all companies, regardless of size, that maintain or otherwise possess consumer information for a business purpose.
As a company that seeks to ensure regulatory compliance for data privacy, Redemtech is concerned that its customers understand the impact the Red Flag rules will have on business. Financial industry analysts say the Red Flag regulations currently are the top regulatory compliance issue for all institutions. As more regulations are enacted to protect confidential customer data, businesses must pay closer attention to related issues, such as compliance with data security and secure disposition of IT assets, experts contend
To meet the Nov. 1 compliance deadline, many institutions have sought help from service providers, security vendors, information security practitioners and risk assessment companies. A Gartner research report said new Red Flags regulations will enforce more-rigorous fraud screening in the banking industry by year-end 2009. This will spur the adoption of fraud-detection technologies in other sectors, especially e-commerce.
Compliance analysts say non-compliance with the Red Flag rules will lead to potential federal and civil penalties based on unfair deceptive acts and practices violations. The negative publicity generated by such penalties would come at a time when consumers already are wondering if their money and information are safe.
Upon meeting compliance, institutions still will need to periodically update their programs, analysts said, suggesting the following factors as triggers to an update:
• If there are any breaches or new identity theft risks to an institution
• If an institution offers new covered accounts or gets into new lines of business
• If an institution has new service providers or business partners
With so much on the line, businesses need to keep up with the changes that will come with the new Red Flag rules. Like the military forces of old, only companies that are prepared to do battle will be victorious.
Comments