Identity Theft Red Flags Rule: Only Half of Institutions Will Beat Deadline

Identity Theft Red Flags Rule: Only Half of Institutions Will Beat Deadline
Only half of U.S. banking institutions say they will beat the Nov. 1 deadline for compliance with the Identity Theft Red Flags Rule.

This is the key finding of a new survey aimed at gauging the success of institutions' efforts to meet the terms of the new regulatory mandate. The survey, administered in June by Information Security Media Group, publisher of and, drew 300 responses from financial institutions of all sizes.

With roughly four months to go before the Identity Theft Red Flags deadline, an even 50% of institutions surveyed say they are close to compliance and will beat the Nov. 1 date. A combined 47% say they either will barely meet the deadline, won't make it or don't know. Only 3% of respondents say they are already completely compliant.

The numbers are more alarming for large institutions - those with $2 billion or more in assets under management - where only 36% say they will beat the deadline, and 61% project themselves as just barely meeting it.

When asked how effective their Red Flags programs will be when completed, only 20% of institutions say "very effective - it's a whole new level of defense." The majority - 69% -- say their programs will be only "moderately effective - [Red Flags] really only codifies what we already should have been doing."

Again, the message from large institutions is even more dramatic, with only 7% saying their new programs will be "very effective," and 86% describing them as "moderately effective."

The survey also tackles such topics as:

How institutions have approached Red Flags compliance (with in-house resources and/or third-party service providers);
Greatest successes and challenges;
How they will manage the programs going forward;
Metrics for success;
Red Flags compliance efforts of key banking vendors.

The results, when analyzed, make strong statements about how institutions will manage and measure their Identity Theft Red Flags Rule programs, the state of vendor management, and exactly where institutions feel responsibility for fighting Identity Theft should fall - with banks and businesses or consumers.

Full survey results will be previewed in the upcoming webinar, ID Theft Red Flags Roundtable - Tips from Regulators and Practitioners on How to Meet Nov. 1 Compliance, set to debut on July 9. Following that session, ISMG will release a report detailing these results and what they mean to financial institutions and their strategic vendors.

In addition to showcasing results of this new survey, the July 9 webinar will feature banking practitioners, as well as representatives of the Federal Deposit Insurance Corporation (FDIC) and Office of Thrift Supervision (OTS), discussing strategies and best-practices for dealing with the Identity Theft Red Flags Rule before Nov. 1 and beyond.

About the Identity Theft Red Flags Rule
Under this new rule, which was established by federal banking regulatory agencies and took effect Jan. 1, 2008, each financial institution's Identity Theft Prevention Program must include: reasonable policies and procedures for detecting, preventing and mitigating identity theft and enable the financial institution to identify relevant patterns, practices, and specific forms of activity that are 'red flags' signaling possible identity theft and incorporate those red flags into the institution's program. Compliance deadline: Nov. 1, 2008.

About ISMG
Based in Princeton, N.J., Information Security Media Group publishes and, which are your one-stop portals for the latest news, insights and education on the top information security issues facing U.S. financial institutions today. Through articles, webinars, podcasts, blogs, customized training, sponsored content and news alerts from federal regulatory agencies such as the FDIC, NCUA, OCC, FRB and OTS, our team is committed to providing up-to-date information on the security regulations, threats, solutions, training and career trends that most impact banks, credit unions and other related enterprises.

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.