Skip to content
 

Written Up - Red Flag Guidelines Not Finalized

Answered by: 
John Burnett

Question: 
I attended a tele-seminar on 9/11/06 with Jack Holzknecht about Red Flag Guidelines; We just had an audit and we received a write up for not having any formal procedures in place to ensure identity of a customer requesting credit if a fraud alert appears on the customer's credit report. The recommendation read, "To mitigate fraud risk and ensure the proper identity, formal procedures should be created and implemented. Procedures may include additional steps for identification, additional security questions, as well as additional documentation to evidence of proof." If the Red Flag Guidelines are not finalized yet, how can we still get written up for it? Should the recommended policies be in place already even though there has been no Final Rule released?
Answer: 

If the recommendation was indeed in an audit report, it is simply an alert to management that it should consider getting these concerns addressed. It's not the same as being cited for a violation of law or regulation, which could occur in an exam report (but not based on PROPOSED rules). Management should review the recommendation, determine whether it will take action before the final Red Flag Guidelines are issues, and respond to the audit report accordingly.

First published on BankersOnline.com 11/20/06

First published on 11/20/2006

Filed under: 
Compliance
Security
Filed under compliance as: 
Audit
Credit Report
Fraud
IT
Management
Policies
Security
Filed under security as: 
Audit
Credit Report
Fraud
IT
Management
Policies
Security

Report a problem with this page

Search Topics