Banks to Seek Technology to Comply with Identity-Theft Regulations

Article excerpt

Look for smaller lending institutions to invest in additional technology to support their compliance with federal anti-identity-theft regulations over the next two years, according to a report by The Aite Group, Boston.

Based on an Aite Group survey of retail banking fraud managers at 22 of the top 100 U.S. financial institutions conducted in the fourth quarter of 2008, the report--ID Theft Red Flags: Beyond the Compliance Deadline--details how institutions are performing in initial reaction to the Federal Trade Commission's (FTC's) new regulatory mandate. The report also suggests areas of focus for financial institutions and technology providers going forward.

"While most companies are compliant thus far, there will certainly be a need to refine systems that are already in place,'' said Eva Weber, Aite Group analyst and report author.

FTC's Red Flags Rules were developed pursuant to the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under the rules, financial institutions and creditors with covered accounts must have identity-theft-prevention programs to identify, detect and respond to patterns, practices or specific activities that could indicate identity theft.

The Nov. 1, 2008, deadline for compliance with the rules on identity theft required that U.S. banks draft an identity-theft program addressing regulatory guidelines pertaining to predetermined identity-theft red flags as well as to the institution's own identity-theft experiences.

For the most part, Weber said, banks met the compliance deadline without incident, and have already expended significant effort in changing procedures and altering technology in order to comply with the rules. …