Red Flag, MFA Regulations - Starting to Sound Familiar?
ShareThis
The Red Flag regulations are 125-pages long, and identity thieves number in the tens-of-thousands, so credit unions are turning to technology to decipher the rules and deter the thieves. Sound familiar? Does Multifactor-Authentication come to mind? By Ron Daly.
It was eight days ago that the FTC extended the deadline on the Red Flag Compliance from November 2008 to May 1, 2009. For those who don't know/care, the Red Flag rules were created by a Joint Committee of financial regulation councils (FTC, CUNA, the Fed, etc.) as a means of deterring identity theft at banks, credit unions, auto dealers, lending houses and other agencies through which criminals could commit financial fraud.
It seems that few CUs are experts on Red Flag tools and rules. The Credit Union Journal found three CUs ready to talk about their various identity theft and fraud prevention solutions, which include automated customer identification programs; online behavior analysis; and risk-assessment and policy-development software. You can read about them in the CUJournal Technology Report Red Flag Round Up online or in print in the October 27, 1008 issue of the Credit Union Journal.
It was eight days ago that the FTC extended the deadline on the Red Flag Compliance from November 2008 to May 1, 2009. For those who don't know/care, the Red Flag rules were created by a Joint Committee of financial regulation councils (FTC, CUNA, the Fed, etc.) as a means of deterring identity theft at banks, credit unions, auto dealers, lending houses and other agencies through which criminals could commit financial fraud.
With this act, financial institutions are required to provide a written program for dealing with fraud or identity theft. When creditors/FIs are presented with one of these occurrences, they are meant to employ their system and stop the fraud immediately.
Sound simple? Sure it does. Which means it isn't.
First of all, now is a rough time all around for the agencies affected by the Red Flag rules. This extension will help, but will the rules themselves help to alleviate the troubles created by identity theft? Sure, more regulation is never a bad idea (Hi, Congress! Hi, Federal Reserve! Hi, Greenspan!), but mandatory regulations that levy lawsuits and negative publicity against creditors and banks that have inadequate Red Flag preparation. Which, in my opinion, is a bit harsh. It's like schools that didn't meet the No Child Left Behind act by a mere two points – is that a reason to board up the school and shut the doors? Should someone lose their job?
But more than that, which holes need plugged? How light is the trigger-pull on this contraption? If your spouse tries to make a transaction and doesn't have the right ID, should you put bail money together? And will there be allowances made for financial institutions that simply don't have the capital to support the system in following years?
I'm sure there are more stones to be unturned with this system. My prediction for the next few months is a lot of groaning about the painful nature of compliance during this economic downturn. Maybe there'll be another pushback?
Tell us what you're thinking in the comments section.
Great post. But it is important to note that the FTC deadline extension only applies to state-chartered credit unions. Federal credit unions must be in compliance already.
Posted by: Anthony Demangone | November 03, 2008 at 11:06 AM
FTC release guidelines for six month extension:
http://www.ftc.gov/opa/2008/10/redflags.shtm
This didn't say anything about State chartered CUs, but maybe I overlooked something.
Coincidentally, Anthony's blog is rich with explanation on this very topic, so give it a read whenever you can. Click on his name to go to his blog (http://www.nafcucomplianceblog.typepad.com/)
Thanks for the comment!
Posted by: Moderator | November 03, 2008 at 11:30 AM