IMGCAP(1)]
Nearly all, 95%, of respondents to an Aite Group LLC survey stated they were compliant with the Red Flag Rules by the Nov. 1 deadline, according to the Boston-based consultancy. Under the rules, financial institutions and creditors with covered accounts must monitor and act upon "red flags," which are suspicious patterns, practices or activities that may indicate the existence of identity theft. Regulators had not examined and confirmed Red Flag compliance among the surveyed institutions at the time of data collection, notes Aite. Fifty percent of survey respondents stated they expended "maximum effort" (five on a scale of one to five) to become compliant. Forty percent selected four on the scale, and 15% selected three. No respondents selected two, and only one selected one or "minimal effort," according to Aite. "These results clearly suggest that institutions felt a rather sizable effort was not only necessary but also employed to operationalize the new rules," states the report. The Federal Trade Commission, the federal bank regulatory agencies and the National Credit Union Administration passed the Red Flag rules as part of the Fair and Accurate Credit Transactions Act in 2003. The regulation went into effect Jan. 1, and full compliance was mandatory starting Nov. 1. The FTC extended the deadline until May 1, 2009, six months after the original Nov. 1 compliance deadline, but the agency's extension does not affect other agencies' enforcement of the Nov. 1 Red Flag rules compliance deadline (CardLine, 10/28). All affected institutions must write programs to address the red flags. Aite Group surveyed retail banking fraud managers at 22 of the top 100 U.S. financial institutions from October through November.
