TowerGroup expects that less than one-third of US financial services institutions (FSIs) will be fully compliant with the Red Flags Rules by the November 1 deadline. Regulators are expected to be reasonable with institutions that have made a good-faith effort to comply. Yet US banks should step up their efforts to develop and deploy programs to prevent identity theft, or they face the inevitable consequences of noncompliance.
TowerGroup estimates that the US financial services industry will spend more than $200 million (USD) in both internally developed and vendor-supplied technology to comply with the Red Flags Rules. Institutions will focus spending on automating detection of red flags for each of their core applications and across core applications, as well as on creating an enterprise program to prevent identity theft.
Despite criticisms that some of the requirements of the Red Flags Rules are ambiguous, the requirements will force financial services institutions to address the increasing threat of cross-channel fraud and ultimately necessitate that they implement appropriate technological and procedural frameworks to support ongoing efforts to detect and prevent fraud. TowerGroup believes FSIs will have the most success if they leverage IT applications provided by fraud prevention vendors that have developed unique capabilities in monitoring, assessing, and responding to fraud across an entire business enterprise.