Scotsman Guide > Residential > August 2009 > Article

 Enter your e-mail address and password below.


Forgot your password? New User? Register Now.
   ARTICLE   |   From Scotsman Guide Residential Edition   |   August 2009

Red Flags Rule: A 3-Hour Cure

To prepare for the new identity-theft rule, ensure your policy is in shape

After granting an extension for compliance, the Federal Trade Commission (FTC) begins enforcing the Fair and Accurate Credit Transactions Act's (FACTA) Red Flags Rule on Aug. 1. This rule requires creditors and financial institutions -- including many brokers -- to implement certain identity-theft-protection programs.

Red Flags Rule compliance requires a fairly comprehensive, custom response at the broker level. To best deliver this response, brokers first must address potential issues with compliance and understand what goes into proper policy.

Three problems can arise with potential Red Flags Rule compliance. These include:

1. Brokers can't fake their way through: This is not like a high school essay exam, in which you can read CliffsNotes for 15 minutes and still get a "B" for explaining what Moby Dick symbolizes. Brokers actually must read, assess, understand, document, use new tools, create an audit trail, gain consensus, train and get board approval to prevent identity theft.

2. No safe harbor exists from the FTC: Twice, the FTC extended its enforcement deadline, first to May 1 and then to Aug. 1. This means no safe harbor will exist for laggards. The entire industry must create and execute programs that protect customers and institutions from identity theft. The FTC means business -- and in this case, to the tune of $3,200 per noncomplying occurrence.

3. Brokers and their employers could be in denial: Brokers have already asked if the rule is for lenders only and if filling in blanks on a ready-to-go policy will complete the compliance task, among other questions.

Complying with the Red Flags Rule likely takes three hours of focused efforts to document a policy and procedures that detect, prevent and mitigate identity theft.

First, brokers should know that 11 of the 26 guidelines in the FACTA regulations apply to them, unless they service loans. This means that most identity-theft issues are at least potentially detected by existing fraud-alert forms, such as credit reports, or by fraudulent proof of identity.

Brokers also can verify a person's identity definitively through the Social Security Administration form No. 89.

Armed with those facts, brokers can document required identity-theft policies and procedures. Without excessive counseling, the recommended three-hour process goes something like this:

1. Read the regulation until you understand what applies to brokers and what doesn't. (20 minutes)

2. Reread it to ensure you can write cogent policies and procedures. (20 minutes)

3. Focus on understanding the suggested 11 guidelines in Appendix J of the regulation that directly pertain to a broker's work. (30 minutes)

4. Start documenting a policy that says which of these 11 guidelines you will address and why or why not. For nine of the 11, the answer will come from ordering and responding to the fraud alerts available on credit reports. The other two are related to blatant identification forgery. (40 minutes)

5. Document simple procedures for what a loan officer should do if an alert appears on the credit report or if the provided identity clearly is a forgery or fictional. Use Social Security Administration form No. 89 as the escalation product. (30 minutes)

6. Plan and document the remaining compliance steps. These include getting signoff at the highest level and how to complete training and updates. (40 minutes)

7. Share and publish the final result with all in the shop and follow up.

Armed with at least these efforts, you can help prevent many occurrences of identity theft and meet Red Flags Rule requirements.


Fins A Lender Post a Loan
Residential Find a Lender Commercial Find a Lender
Scotsman Guide Digital Magazine

Related Articles



© 2019 Scotsman Guide Media. All Rights Reserved.  Terms of Use  |  Privacy Policy