News & Resources

Is My Business subject to Red Flags?

May 13, 2011 Brian Bradley

Identity thieves can cause absolute mayhem for consumers and businesses.  After a number of postponements, the Red Flag Rules went into effect on December 31st, 2010.   Financial institutions and creditors are now required to implement an identity theft prevention program to detect certain “red flags”  that indicate the person applying for credit may not be the individual says he/she is.

If your business extends credit, you may be required to comply with Fair and Accurate Credit Transactions Act (FACTA) Red Flag Rules. Under the Red Flag regulations, businesses that offer and maintain “covered” accounts must develop and implement a Red Flags Identity Theft prevention Program.


A “covered account” is an account primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions; (e.g. checking account, credit card, mortgage or auto loan, phone or utility bill etc.) or any other account where there is a reasonably foreseeable risk to customers or the safety and soundness of the business from identity theft.


Examples of businesses subject to Red Flags:


·         Banks

·         Suppliers

·         Credit Unions

·         Debt Collectors

·         Mortgage Brokers

·         Credit Card Issuers

·         Equipment Leasing Dealers

·         Utility Companies

·         Auto Dealers

·         Telecommunications Companies

·         Motorcycle Dealers

·         Recreational Vehicle Dealers


Under the Red Flags Rules, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs – or “red flags” – of identity theft. These may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. The program must be managed by the Board of Directors or senior employees of the financial institution or creditor, include appropriate staff training, and provide for oversight of any service providers.