Is your Red Flags Rule policy up-to-date?
You remember the Red Flags Rule, don’t you? For many people, it is best remembered because of multiple deadline extensions before it finally went into effect.
The Red Flags Rule originated with the Fair and Accurate Credit Transactions Act (FACTA) of 2003. It had an original effective date of November 1, 2008, and implementation was delayed five times, finally taking effect on January 1, 2011.
The Red Flags Rule is designed to help prevent identity theft. There are four elements to a Red Flags Rule policy:
- Identify relevant red flags
- Detect red flags
- Prevent and mitigate identity theft
- Update the program
Let’s examine each of these elements in more detail…
Identify relevant red flags
In this phase of your Red Flags Rule policy, you should determine what types of suspicious activity might be relevant to your particular utility. For example, do you require photo ID and proof of residency when establishing a new account? If so, relevant red flags could be what appears to be an altered ID or the name on a lease agreement not matching the name of the applicant for service.
Detect red flags
Detection of red flags requires your customer service representatives to be vigilant when taking an application for service from a new customer. In this phase, your staff should be actively reviewing the possible red flags identified in the previous section each time they interact with a customer.
Prevent and mitigate identity theft
This phase of your policy documents what action to take when a red flag is detected. Depending on the severity of the red flag that was detected, the mitigation could range from contacting law enforcement to denying service to taking no action.
Update the program
The final phase of a Red Flags Rule policy is the requirement to update the policy as needed. Changes in technology and new schemes from identity thieves are two reasons you would want to update your policy.
Approval and training
Your Red Flags Rule policy must be approved by your board or governing body, or a committee appointed by your board. Each new hire should receive training about your Red Flags Rule policy as part of their initial orientation. It’s also not a bad idea to conduct periodic refresher reviews of the policy with current staff members.
Does your Red Flags Rule policy need updating?
If your Red Flags Rule policy hasn’t been reviewed since it went into effect or if you don’t have one, please give me a call at 919-232-2320 or e-mail me at firstname.lastname@example.org to learn how a business review could help your utility.