Report Suggests Additional Support for ID Theft Red Flags

A new report from Aite Group, LLC examines the procedural and technological efforts involved in banks’ compliance with the rules on ID Theft Red Flags. Based on an Aite Group survey of retail banking fraud managers at 22 of the top 100 US financial institutions conducted in Q4 2008, the report provides a look at how institutions are performing in initial reaction to the new regulatory mandate, and suggests areas of focus for financial institutions and technology providers going forward.

The 1 November 2008 deadline for compliance with the rules on ID theft red flags required that US banks draft an identity theft program addressing regulatory guidelines pertaining to pre-determined identity theft red flags as well as to the institution’s own identity theft experiences. For the most part, banks met the compliance deadline without incident, and have already expended significant effort in changing procedures and altering technology in order to comply with the rules. Significant changes are expected going forward, as regulators conduct examinations and refine their expectations via guidance. Smaller institutions, in particular, anticipate investing in additional technology to meet evolving demands.

“While most companies are compliant thus far, there will certainly be a need to refine systems that are already in place,” says Eva Weber, analyst with Aite Group and author of this report. “For larger institutions, the challenge will be in coordinating activities across business units and providing an enterprise capability that effectively uses enterprise-wide data. For smaller institutions, which have fewer accounts and fewer compliance resources, the challenge will be achieving consistency without incurring unreasonable costs.”


Related reading