Red Flags Rules

FTC requires identity theft prevention programs

Beginning June 1, 2010, the Federal Trade Commission (FTC) intends to enforce its Red Flags Rules to combat identity theft. The Rules require financial institutions and creditors to develop and implement written identity theft prevention programs.

Part of the Fair and Accurate Credit Transactions (FACT) Act of 2003, these new Rules apply to a broad range of institutions in the financial services industry, including most securities firms. The written programs must “detect, prevent and mitigate instances of identity theft” in connection with the opening or maintenance of “covered accounts.” These covered accounts include consumer accounts that permit multiple payments or transactions, such as retail brokerage accounts, credit card accounts, margin accounts, mortgage loans, auto loans, cell phone and utility accounts, checking and savings accounts or any other accounts with a reasonably foreseeable risk of identity theft affecting consumers or your firm.

The Rules are designed to identify and detect warning signs (i.e., red flags) of identity theft. This includes unusual account activity, fraud alerts on a consumer credit account and attempted use of suspicious account application documents. Financial institutions and creditors have the flexibility of designing a program that works well for the size and complexity of their businesses as well as the nature of their operations.

For questions and specific Red Flags Rules guidelines issued by the FTC, visit www.ftc.gov or email RedFlags@ftc.gov. FINRA has also developed a template to help financial services firms develop their Red Flags Rules programs.