The Red Flags rule sets out how certain financial institutions, including certain broker-dealers must develop, implement, and administer their identity theft program. Your program must include four basic elements:
- It must include reasonable policies and procedures to identify the "red flags" of identity theft you come across in your business' day to day operations.
- Your program must be designed to detect the red flags you've identified.
- Your program must spell out appropriate actions your firm will take when you detect red flags.
- You must identify how you will re-evaluate your program periodically to reflect new risks for this crime.
Additionally, the program must be approved by your firm's Board of Directors or senior-level employee and identify who is responsible for implementing and administering the program.
FINRA provides additional guidance to broker-dealers on their website at www.finra.org and in Regulatory Notice 08-69.
Posted on
Monday, September 7, 2009
by Rhonda Davis