Software tool helps companies meet requirements of new identity theft rule

Under a new Federal regulation, by November 1, 2008, banks, credit unions, mortgage lenders, auto dealers, credit card lenders, payday lenders, landlords, utility companies, phone companies, and any business that extends credit, must perform a risk assessment to identify "red flag" weaknesses in their systems and procedures that could lead to identity theft. The companies should then take steps to develop a written Identity Theft Prevention Program. Failure to comply can lead to civil penalties for each violation, cease and desist orders, private lawsuits, negative publicity, and loss of business.

The Federal Trade Commission (FTC) and the federal financial institution regulatory agencies have issued final rules on identity theft red flags and notices of address discrepancies in response to the growing problem of identity theft and to meet the requirements of the Fair and Accurate Transactions Act of 2003.

Two million businesses could be affected by the new rule, according to ComplianceCoach, a leading provider of automated regulatory compliance solutions to the financial services industry. ComplianceCoach has launched a wizard-based tool, CompliancePal, which is designed to help small and medium sized businesses comply with the new requirements.

The FTC's press release says that new rules require that the financial institution or creditors refer to the agencies' guidelines and "red flags" when developing their program. Specifically, the business should:

  • Identify relevant patterns, practices and specific forms of activity that are red flags signaling possible identity theft and incorporate those red flags into the program,

  • Detect red flags that have been incorporated into the program,

  • Respond appropriately to any red flags that are detected to prevent and mitigate identity theft, and

  • Ensure the program is updated periodically to reflect changes in risks from identity theft.

    CompliancePal, which costs $295 to $995, depending on the size of the business will produce:

  • Identity theft risk assessment

  • Mapping of reds flags to appropriate detection and response procedures

  • Written Identity Theft Prevention Program
    Training Program

  • Compliance Status Report

    You can view a demo of the product.

    Examples of 26 Red Flags listed in the Supplement to the Red Flags Rules and Guidelines published on the FTC's Web site include:

  • Alerts, Notifications or Warnings from a Consumer Reporting Agency such as a notice of a credit freeze, a notice of address discrepancy or a pattern of activity that is inconsistent with the history and unusual pattern of activity.

  • Suspicious Documents, which might include document that appear to have been forged or a photograph that is not consistent with the appearance of an applicant.

  • Suspicious Personal Identifying Information, which might include personal identifying information provided that is not consistent with other know identification such as date of birth or Social Security number.

  • Unusual Use of or Suspicious Activity Related to the Covered Account; for example, "shortly following the notice of a change of address for a covered account, the institution or creditor receives a request for new, additional, or replacement cards or a cell phone, or for the addition of authorized users on the account."

    You may like these other stories...

    Read more from Larry Perry here and in the Today's World of Audits archive.In my last article, I summarized major differences between principles in U.S. GAAP and the Financial Reporting Framework for Small and Medium-...
    OECD calls for coordinated fight against corporate tax avoidanceDavid Jolly of the New York Times reported that dozens of countries with the most advanced economies have agreed on principles for concrete action to prevent...
    AgFeed agrees to pay $18 million to settle SEC accounting fraud caseMichael Rapoport of the Wall Street Journal reported on Monday that AgFeed Industries Inc. has agreed to pay $18 million to settle US Securities and...

    Already a member? log in here.

    Upcoming CPE Webinars

    Sep 24
    In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
    Sep 30
    This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
    Oct 21
    Kristen Rampe will share how to speak and write more effectively by understanding your own and your audience's communication style.
    Oct 23
    Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.