Consider the November pronouncement by the Federal Trade Commission that banks (and car dealers, and lots of other formerly little-regulated entities) would have one year to come into compliance with the “Red Flags” provisions of the FACT Act. In case you missed them, the Reader’s Digest version of the rules is that institutions must identify and list any red flags, or indicators, of potential identity theft; describe how they’ll detect those red flags; provide appropriate responses to the indicators when they occur; and update this program periodically to keep up with changing fraud patterns.
Like the stages of grief, bank regulatory reaction begins with denial: if we ignore it, maybe it won’t happen. That was the stance most of the industry took from the time the FTC first proposed the Red Flags rules in July 2006 until the final rules were promulgated last October. Once the regulations became real, fear ruled. Gartner analyst Avivah Litan said, “It’s very comprehensive, and much more wide-ranging than earlier FFIEC rules…A major banking client of mine says it’s going to affect all channels, all accounts around the behavior of customers. Frankly, most banks haven’t woken up to this yet.”
Next came bargaining. Institutions convinced themselves it wasn’t such a big deal after all, and probably wouldn’t cost that much. “It’s currently not a very big technology process within the bank,” said Thomas Noyes, evp at anti-fraud vendor The 41st Parameter and a former Citigroup global Internet exec, in March. “This is not something that’s currently been budgeted for 2008.” The fourth stage is the one the industry currently finds itself in: vendor deluge. Sniffing revenue potential, vendors and consultants can’t issue press releases fast enough announcing their new Red Flags products. Among the players waving their own red flags: Wolters Kluwer, Compliance Coach, Zoot Enterprises, Conextrix, The 41st Parameter; AdmitOne Security; and Experian. Word to the wise: There are some companies touting old products merely dressed up for the Red Flags ball.
Looking ahead comes the final phase of bank regulatory rules reaction: spend. Whether or not it was in an institution’s budget for 2008, the November 1 compliance date is approaching. Compliance Coach, a training firm with deep industry ties through its VC funders, including Wells Fargo, Bank of America, Citigroup and Washington Mutual, says there’s no competitive advantage to be gained in compliance, only reduced headaches. Sai Huda, CEO of Compliance Coach, says, “If the industry does a good job with compliance then the regulators won’t have to look that closely at it.”
(c) 2008 Bank Technology News and SourceMedia, Inc. All Rights Reserved.
