On June 1, 2010 the Red Flag Rules of the FTC (Federal Trade Commission) will affect business and organizations. These rules are designed to protect the identity of your clients or customers.

Businesses such as financial institutions, banks, mortgage companies, security companies will be required to develop and implement policies and procedures to identify possible identity theft or Red Flags. Other businesses and organizations that have customer accounts and account that have a revolving credit line, will also need to implement the policies and procedures to detect and prevent possible identity theft or Red Flag Rules.

What are Red Flag Rules? Red Flag Rules are policies and procedures that are recommended to be designed to protect or identify identity theft. There are also procedures developed and implemented that if you data is compromised as to how to notify the clients or customers that their identity could have been compromised and what steps you are going to do to protect the identity such as fee monitoring by a credit agency such as Equifax. This policy will also identify the area/person in charge of handling issues concerning this loss of information.

When developing the Red Flag Policy you should implement policies and procedures to identify the potential accounts at risk such as deposit accounts, on-line access accounts, revolving credit accounts, etc and the sources of information available to access these accounts.

Some of the warning signs for Red Flags are changes in a credit report discrepancy of known address; credit report indicates a pattern of activity that is not consistent with the history of that person.

Suspicious documents could be Red Flags such as forged identity, information differs from past information and application looks altered.

Suspicious personal information, such as inconsistencies from known information such as social security number that does not match the one on record and other information available has now been omitted.

Suspicious account activity such as change of address results in additional credit cards, cell phones and addition of user. The account is already associated with fraud such as inconsistent pattern in payment history, account inactive for a long time then used again, mail sent to client, customer has been returned, client , customer complains that they are not receiving account statements in mail, unauthorized charges to account and notice of fraudulent activity by client or customer.

Red Flag policy and procedure is recommended to include the following:

Shredding of personal information at your organization or business is recommended and implementation of restriction of the account access through firewalls and security levels. Encryption of financial information sent electronically and notification of data transferred to an authorized or unauthorized person.

An authorized person of the organization or company of senior level is recommend to administer this program and receive reports on a daily basis. This program will be updated as needed and reviewed quarterly. The Executive Committee or upper management should support this program and review annually

If data or personal information is compromised you should develop a procedure to notify your clients or customers. Such notification could be accomplished through the media, radio, television, internet or by mail. Once the customer or client has been notified you should also have contact information at you company or organization available so that any questions of concerns can be addressed along with some sort of monitoring of the lost information by a credit agency such as Equifax.

Red Flag are vital to the organization and recommended to be implemented to protect the company or organization to reduce the Risk and protect your customers or clients identity.

An article written by Glenn Gercken (CRM), Records Manager, Ungaretti & Harris LLP