What Are the Required Components of an Identity Theft Prevention Program?
After the creditor has identified the Red Flags that would indicate the possible existence of identity theft in its covered accounts, its identity theft prevention program must describe appropriate responses that would prevent and mitigate the crime. The program must be approved by the Board of Directors, managed by the Board of Directors or senior employees of the financial institution or creditor, include appropriate staff training, and provide for oversight of any service providers. The Red Flag Rule is flexible and provides all creditors the opportunity to design and implement a program that is appropriate to their size and complexity, as well as to the nature of their operations. An identity theft prevention program must include reasonable policies and procedures to: • Identify relevant Red Flags. In identifying the Red Flags, a creditor must consider the risk factors that it faces for identity theft, as well as the examples of specific Red Flags that are identified in the Red Fla
