After several false starts, the FTC has finally initiated enforcement of the Fair and Accurate Credit Transactions Act's, Red Flags Rule, and has placed the burden of policing identity theft activity squarely on the shoulders of both big and small businesses.
However, the FTC may be the least of your concerns if you originate credit for an identity thief because attorneys across the country have been eagerly awaiting this dangerous and virtually impossible regulation. Your problem? Verifying the identity of your customer.
If you don't have required and accepted procedures in place to do so, it could cost you everything you've ever worked for. Your Required Red Flags Rule Policy & Program. First, your operation must develop and implement a Red Flags Rule Policy which must include four required key elements in addition to other regulations and issues that must be addressed.
To demonstrate the importance the FTC places on the Rule, your operation's Board of Directors is required to approve your Red Flags Rule Policy and Program. For those operations without a board, a committee of senior management must approve the initial Program and monitor it on an annual basis.
But don't be misled!
Simply downloading a "template" from the internet might possibly get you off the hook with the feds, but it probably won't suffice in litigation with an identity theft victim's lawyer. Attorneys already view this regulation as a "cash cow", and if one of your customers points the finger at your company because someone was using their identity unchallenged, rest assured the victim's attorney will request your written Red Flags Rule Policy and documentation of required staff training.
If you don't have a Policy, or it is poorly written, the plaintiff will most likely allege a breach of duty to protect a consumer's identity information, or in other words, "wilful non-compliance", which is as bad as it sounds. Read more...