Less Than One-Third of US Banks Ready to Meet Identity Theft Prevention Compliance Deadline

11 September 2008

The US government is stepping up requirements for US banks to identify and prevent fraud related to consumer identity theft. In November 2007, Federal regulators issued a rule entitled “Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Transactions Act of 2003,” as directed by Sections 114 and 315 of the Fair and Accurate Credit Transactions (FACT) Act. With the November 1, 2008 compliance deadline looming, new research from TowerGroup finds that many US banks have mistakenly considered compliance with the “Red Flags Rules,” as they are known, merely an administrative exercise – and as a result, most will need to take rapid action to meet the more stringent regulatory demands.

TowerGroup expects that less than one-third of US financial services institutions (FSIs) will be fully compliant with the Red Flags Rules by the November 1 deadline. Regulators are expected to be reasonable with institutions that have made a good-faith effort to comply. Yet US banks should step up their efforts to develop and deploy programs to prevent identity theft, or they face the inevitable consequences of noncompliance.

TowerGroup estimates that the US financial services industry will spend more than $200 million (USD) in both internally developed and vendor-supplied technology to comply with the Red Flags Rules. Institutions will focus spending on automating detection of red flags for each of their core applications and across core applications, as well as on creating an enterprise program to prevent identity theft.
Despite criticisms that some of the requirements of the Red Flags Rules are ambiguous, the requirements will force financial services institutions to address the increasing threat of cross-channel fraud and ultimately necessitate that they implement appropriate technological and procedural frameworks to support ongoing efforts to detect and prevent fraud. TowerGroup believes FSIs will have the most success if they leverage IT applications provided by fraud prevention vendors that have developed unique capabilities in monitoring, assessing, and responding to fraud across an entire business enterprise.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development