The Red Flag Identity Theft rules are from the FACT Act that amended the Fair Credit Reporting Act in 2003.  Section 14 of the FACT Act requires financial institutions to establish reasonable procedures for recognizing signs of identity theft.

 

The final rules provide a fair amount of flexibility in establishing internal compliance programs, but there are a few mandatory provisions that must be included.

 

For example:

Financial institutions must create, and keep updated, a written identity theft prevention program; and

Each institution must review address discrepancies on applications that conflict with those on credit reports.

 

The final rule also lists 43 examples of identity theft red flags that financial institutions should consider incorporating into their ID Theft Prevention programs, but this is not mandatory nor inclusive.

 

These rules will improve industry practices in the area and should continue to drive identity theft statistics down.  The regulations became effective January 1, 2008 and full compliance is required by November 1, 2008.

 

Below is a link to the full Federal Register document.