After several false begins, the FTC has finally initiated enforcement of the Honest and Correct Credit Transactions Act’s, Crimson Red Flags Rule Compliance, and has placed the burden of policing identification theft activity squarely on the shoulders of both big and small businesses. However, the FTC could be the least of your issues if you happen to originate credit score for an identification thief as a result of attorneys across the country have been eagerly awaiting this dangerous and virtually inconceivable regulation. Your downside? Verifying the identification of your customer. If you don’t have required and accepted procedures in place to do so, it might cost you the whole lot you’ve got ever labored for. Your Required Crimson Flags Rule Policy & Program. First, your operation should develop and implement a Crimson Flags Rule Policy which should embody 4 required key elements in addition to other laws and points that must be addressed. To demonstrate the importance the FTC places on the Rule, your operation’s Board of Directors is required to approve your Crimson Flags Rule Policy and Program. For these operations with out a board, a committee of senior management should approve the preliminary Program and monitor it on an annual basis.
But don’t be misled! Simply downloading a “template” from the internet might presumably get you off the hook with the feds, nevertheless it in all probability will not suffice in litigation with an identification theft sufferer’s lawyer. Attorneys already view this regulation as a “cash cow”, and if one among your prospects points the finger at your organization as a result of somebody was using their identification unchallenged, relaxation assured the sufferer’s attorney will request your written Crimson Flags Rule Policy and documentation of required employees training. If you don’t have a Policy, or it is poorly written, the plaintiff will most likely allege a breach of responsibility to protect a shopper’s identification info, or in other phrases, “wilful non-compliance”, which is as bad as it sounds. Required Employees Compliance Training. The Rule additionally requires your operation to supply formal Crimson Flags Rule compliance training in your staff… and be capable to show it! If your thought of “training” is nothing more than permitting your employees to read your Policy, that faint odor of diesel gasoline you smell is from the bus about to run over you. Let’s be honest. The federal government is asking you to do the inconceivable to prevent identification theft. Your only protection, not if it occurs, but when it occurs, is that you have put forth a valid effort to prevent it from occurring.
Actually, virtually all compliance litigation, federal or civil, comes down to one basic question: “…did the business do the whole lot within cause to prevent this unlawful act from occurring, and if that’s the case, the place is the proof?” Any attorney price his pinstripes will tell you that there are two keys in a compliance litigation protection – periodic training and documentation. Your operation ought to prepare newly hired workers as part of their orientation, and all employees at the least every year, full with documentation, with a purpose to fend off the potential for huge fines, penalties and jury awards. The Identification Data Verification Process. The days of simply making a copy of a shopper’s driver’s license as a premise for identification verification are over. Throughout the Crimson Flags Rule, there are 26 listed potential pink flags dangers that designated institutions should contemplate when performing a lined transaction. In theory, if any of those flags exist within the identifying info introduced by an individual, what you are promoting should search outside third celebration sources to confirm the identification of the person. The problem is that virtually all of those potential pink flags are open to interpretation… in other phrases, a guess!
What one among your employees views as a pink flag, another employees member might not, and due to this fact your nicely-intentioned effort to grow to be compliant is undermined and may cost you. And if that is not enough to trigger you concern, there’s the potential for allegations of bias or discrimination if you happen to do not perform the same identification verification course of on every customer opening a new lined account. It isn’t exhausting to think about a plaintiff accusing what you are promoting of discrimination because you carried out an identification verification scan on them because of their ethnic heritage, and not on most Caucasians. Picture an identification theft sufferer’s attorney ripping through all your information within the discovery part of litigation like a kid attacking presents on Christmas morning. For what function, you ask? How about the fact that you carried out identification verification procedures on 80% of your minority candidates, but on 20% of the time for Caucasians. The smart thing is to take the guesswork out of trying to interpret pink flags in your customer’s identifying info by utilizing a compliant identification verification scan, and whereas we’re on this topic, it may not be wise to depend on the one included in your client’s credit score report.
The Rule requires identification verification from outside knowledge sources, or as the Rule states; “… cannot be from info contained in a shopper credit score report, or info typically contained in a wallet.” Authenticating Your Buyer’s Identification Through Challenge Questions. If you have not developed an involuntary twitch by now, this will put you over the edge. There’s a distinction between verifying the identifying info introduced by an individual, and really authenticating the identification of the individual presenting the information. For example, the person applying for a loan might in actual fact be an identification thief providing you with stolen information. The remedy is to concern “Challenge Questions” to authenticate that the individual is in actual fact whom they signify themselves to be. The questions ought to be framed in such a matter that only the individual whose identification is in question can answer, and in a well timed manner. And once more, in response to the Rule, these questions cannot be shaped from info contained in a shopper credit score report or info typically contained in a wallet, but from outside knowledge sources such as the SSN Verification Service, The SSN Demise Grasp File, state, federal, and international knowledge bases to verify DOB, all associated addresses, telephone number assignment, etc.
All of this might take a complete day for just one client, or maybe it is time to contemplate a compliant Identification Verification Service that additionally offers Challenge Questions. Both way, if you happen to concern Challenge Questions on one, it is best to do it on all to distance your self from allegations of bias and discrimination. Your Lender Relationship. The Crimson Flags Rule prices your lenders with the duty of ensuring your compliance with the Crimson Flags Rule, and beneath the Rule, they might do so by contract. This gives your lender the precise to inspect and audit your procedures at any time, and already Brokers across the country have been denied companies until they’re deemed by the lender to be compliant. Non-Compliance Fines And Penalties. The Federal Trade Commission has made it abundantly clear that compliance with the Crimson Flags Rule will not be merely a suggestion, and has indicated they may employ “rolling enforcement” to ensure this regulation will not be taken lightly. Assuming that “rolling enforcement” means unannounced investigations and audits, here is what you can sit up for in case you are discovered to be non-compliant:
- Federal fines for non-compliance are up to $3,5000 per occurrence. In other phrases, if what you are promoting performs 1,000 non-compliant transactions in a year, the high-quality will be $3.5 million.
- Your state attorney basic could possibly file class-motion fits beneath “unfair and deceptive acts and practices” theories which normally permit both actual and punitive damages.
- You might be held accountable for actual losses of a sufferer ($92,893 average) if you can’t produce a substantial written Crimson Flags Rule Policy and documented proof of required employees training.
In Summary. It’s no secret the FTC intends to come down exhausting on non-compliant businesses in their rounds of “rolling enforcement”, but more importantly, non-public attorneys eagerly await your wilful non-compliance. The same proliferation of hi-tech software program to make businesses more efficient, can also be out there to the identification theft prison element to phony up driver’s licenses, tax data, utility bills, credit cards, etc., for the purpose of providing you with false identification information. It’s an inconceivable activity to prevent identification theft – you realize it, I do know it, and the federal government is aware of it, and your only protection is to place forth your finest effort to grow to be compliant, and once more, be capable to show it with documentation. Don’t make the mistake of pondering this regulation is impotent or will simply fade away.
The drumbeat from shoppers concerning identification theft grows louder every day, and surely more laws will observe together with the horror stories of these institutions discovered to be non-compliant. Make sure that one of those horror stories is not about you; the perfect chance for you to get it right is from the beginning. NOTE: The content material on this article will not be providing authorized advice and is intended as an preliminary resource guide only. Moreover, the content material will not be intended to answer specific questions or counsel suitability of motion in a selected case or circumstance. The author recommends the reader seek the advice of authorized counsel for guidance concerning this compliance issue.