X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
A massive federal regulation requiring financial institutions and companies offering consumer credit to craft an identity theft program that detects suspicious account activity has lawyers scrambling to help clients comply. The rules, which are commonly called “Red Flag Regulations,” implement two sections of the Fair and Accurate Credit Transactions Act of 2003 concerning identity theft prevention programs and how companies should respond to address discrepancy notices from a consumer reporting agency. The rules require institutions to detect unusual activity or “red flags” that could signal identity theft and take preventive measures to stop identity theft. They were issued last October and effective on Jan. 1, with full compliance required by Nov. 1. Six agencies jointly created the rules: the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corp., the Federal Trade Commission, the National Credit Union Administration, the Office of the Comptroller of the Currency and the Office of Thrift Supervision. Christopher Wolf, a Washington lawyer who chairs the privacy and data security practice of New York’s Proskauer Rose, said the firm is providing extensive advice to financial institution clients about the regulations. A ‘massive’ regulation “It’s a massive regulation,” Wolf said. “We’re going through [client] processes and documenting them. A lot of it has to do with making the record of compliance.” Wolf also said the compliance programs must be adaptable to new technology to detect identity theft. The Red Flag Regulations are as sweeping as many of the requirements in the Gramm-Leach-Bliley Act, a 1999 law that regulates how financial institutions collect, disclose and protect consumers’ personal financial information, said Alysa Zeltzer Hutnik, a senior associate in the Washington office of New York’s Kelley Drye & Warren. “You’ve got to have a written comprehensive program that guards against identity theft that’s fully implemented into the system,” Hutnik said. “To do that, and do that right, is going to be a big focus, if it’s not already, for a lot of businesses.” The rules were published with compliance guidance, and companies will also get additional clues when compliance guidance for examiners is issued in a few months, said Dean DeBuck, spokesman for the office of the comptroller. “That’s always a key factor,” DeBuck said. “They’ll see how our examiners are going to approach compliance.” Companies also need help briefing board members, who must be involved in and approve the compliance programs, Wolf said. “[The regulation] raises this issue to the board level and that may not have happened before,” Wolf said. Financial institution clients are likely to need lawyers’ help with educating new board members about the regulations, particularly those from other industries, agreed Timothy R. McTaggart, a partner in the financial services practice group in the Washington office of Philadelphia-based Pepper Hamilton. “[They] want to give board members and senior management opportunities to go up the learning curve,” McTaggart said. “If you’re from a manufacturing or academic background where you haven’t been in the thick of dealing with a regulated entity in this fashion, it’s a whole new experience.” McTaggart also expects that clients will need legal help interpreting ambiguous language in the rules, and also down the road if there’s litigation or if regulators threaten enforcement action. “We tend to get involved when there’s an issue or problem or dispute � or a violation being alleged by a regulatory authority,” McTaggart said. Companies that are vigilant about compliance are on track, but others may need to overhaul many internal processes, Hutnik said. “Those that check in once a year or once every couple of years are going to have some catch-up to do,” she said.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.