IMGCAP(1)]
Fewer than 50% of financial institutions and creditors that must comply with the government's Red Flag rules will meet the Nov. 1 deadline, according to Robert Shavell, director of identity compliance at Identity Force, a Framingham, Mass.-based provider of identity-theft protection services. Between 75% and 80% of affected institutions will comply by the end of 2009, he says. "A lot of people just don't know the first things about these regulations," says Shavell. "In conversation after conversation in this industry, it has become apparent that [the regulation] hasn't risen to the top of mind." The Federal Trade Commission, the federal bank regulatory agencies and the National Credit Union Administration passed the Red Flag rules as part of the Fair and Accurate Credit Transactions Act in 2003. The regulation went into effect Jan. 1, and full compliance is mandatory starting Nov. 1. Under the rules, financial institutions and creditors with covered accounts must monitor and act upon specific "red flags" spelled out in the regulation–when consumers provide suspicious identification, for example. All affected institutions must write programs to address the red flags, says Mark Steinhoff, the national financial services lead in security and privacy services for Deloitte & Touche LLP, a New York-based financial-services firm. "The impetus for the guidance is raising the bar for identity theft and resulting fraud," says Steinhoff. The government agencies are "looking for organizations to take a closer look at some of these detailed red flags." The FTC defines creditors as any entity that regularly extends, renews or continues credit, such as an automobile dealership.
