CUNA Mutual Group HomeContact Us
Company InformationThink AgainNews RoomCareersCrop Insurance
News Room
News Releases
"Fast Facts"
Media Contacts

For more information: 
Phil Tschudy 608/231-7188  philip.tschudy@cunamutual.com
Rick Uhlmann 608/231-8940  rick.uhlmann@cunamutual.com


June 19, 2008

Deadline Looms for Implementing New ID Theft ‘Red Flag’ Rules
Risk Experts Tell Discovery Attendees a Tailored Program Will Protect CUs, Members

HOLLYWOOD, Fla. – Discovery Conference attendees were reminded Thursday to implement new identity theft “red flag” rules as required by the Federal Trade Commission and other federal financial institution regulatory agencies by Nov. 1, 2008, and to develop prevention measures based on their credit union’s own ID theft situation.

Ken Otsuka, risk manager for CUNA Mutual Group, and Jenny Champagne, vice president of regulatory development and education for the National Association of State Credit Union Supervisors, told a Discovery breakout session that proper implementation of sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act) will help protect credit unions and their members against identity theft.  Discovery Conference runs through Saturday at The Westin Diplomat.

Identity theft, defined as fraud attempted or committed using identifying information of another person without authority, results in billions of dollars in losses each year to individuals and businesses, according to a report of the President’s Identity Theft Task Force.

Champagne said implementing a successful ID theft prevention program will help credit unions mitigate reputation risk, which is a key aspect of examinations. “Regulators are also paying attention to due diligence, so a regular review of your ID theft program should include assessments of third party service providers.”
 
The FACT Act was signed into law in December of 2003, and includes a number of provisions that protect consumers against identity theft. “Among others, these include giving consumers the right to receive their credit report free of charge from the three major credit bureaus;  requiring truncation of credit and debit card numbers on receipts; and providing ID theft victims the ability to place a fraud alert on their credit report,” she said.

To meet Section 114, credit unions are required to develop a written Identity Theft Prevention Program to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account, Champagne said.

“Covered accounts include business and consumer accounts such as credit cards, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts, and savings accounts,” she said.

The prevention program must be approved by the credit union’s board of directors and include policies and procedures that detect red flags and help answer the questions, ‘Who will be responsible for detecting red flags?’ and ‘How will they detect the red flags?’”
 
Supplement A to Appendix J of the FACT Act contains five categories of red flags with a number of examples within each category. These include:

  • Alerts, notifications, or warnings from a consumer reporting agency
  • Suspicious documents
  • Suspicious personal identifying information
  • Unusual use of, or suspicious activity related to, the covered account
  • Notice from customers, victims of ID theft, law enforcement authorities, or other persons regarding possible ID theft in connection with covered accounts

Credit unions should be capable of responding appropriately to any red flags that are detected to prevent and mitigate identity theft and should update the procedures periodically to reflect changes in risks from identity theft,” Otsuka said.

He cautioned there is not a one-size-fits-all solution. “The program must be tailored to the size of the credit union and the complexity of its operation.  The credit union must also ensure oversight in the development, implementation and administration of the program, staff training and overseeing service provider arrangements.”

Otsuka suggested forming a risk assessment team to review all operational areas within a credit union to identify the types of red flags that could surface within each area such as new accounts, loans or call centers.  “A credit union should factor in its own experience with ID theft losses and consider credit union industry losses to the degree possible.”

Staff training is critical.  “It’s important for staff to first understand the various forms of identity theft, how they are perpetrated and the red flags that are raised within each type.  If they understand the nature of the losses themselves, it will be easier for them to spot red flags,” he said.

The final red flag rules can be obtained at http://www.ftc.gov/opa/2007/10/redflag.shtm.

Recognized as a premier hands-on professional development conference for credit union leaders, the Discovery Conference offers more than 55 work sessions that deliver relevant content and actionable takeaways.  Credit union leaders also benefit from the extraordinary networking and hands-on learning opportunities.

CUNA Mutual Group is a leading provider of financial services to cooperatives, credit unions, their members and valued customers worldwide. With more than 70 years of market commitment, CUNA Mutual’s vision is unwavering: to be a trusted business partner who delivers service excellence and customer-focused, best-in-class products and market-driven innovation. More information on the company is available on the company’s Web site at www.cunamutual.com.
 

 
 


|  About Us   |  Careers   |  Privacy   |  Security   |  Terms of Use   |
Copyright 2008 CUNA Mutual Group