Patern Red

Red Flags Rule Compliance: Who Must Comply... And Why

Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} Red Flags Rule Disaster Scenario You’ve workedfor years trying to make your retail business a success, but the letter youjust opened from an attorney threatens to wipe out everything you’ve workedfor.   The attorney represents a victim ofidentity theft and is claiming you have violated something called The Red FlagsRule by selling a “covered” product to an individual who had stolen hisclient’s identity.   The words “civil” and “class action ” leap from the letter, in addition to “possible fines from the Federal TradeCommission ”.   After all,your business only arranged the financing for the alleged identity thiefthrough an outside lender, so surely a victim of identity theft can’t really suethe owner of a retail business – or can they? As identitytheft continues to spiral upward unchecked, the federal government’s Red FlagRules were framed for designated businesses and institutions to be at theforefront to protect United States citizens.   Consequently, the date of November 1, 2009, will change retail businessas we know it since that is the mandatory compliance date for the estimated 11million businesses and institutions which must comply with the FTC’s Red FlagsRule.   After November 1, identity theftvictims will indeed have the right to pursue civil actions against anon-compliant business or institution. The originalmandatory compliance date was November 1, 2008, but after investigating thecompliance progress of businesses affected by the law, the FTC realizedmillions of designated businesses were unaware of their required compliance.   In an unprecedented display of mercy, theybegrudgingly pushed the mandatory compliance date forward, first to May 1,2009, and now to November 1, 2009.   Thisin itself should signal how serious the FTC takes this law as they have issued“fair warning” of their intent to roll out thousands of agents for what theyterm “rolling enforcement” to ensure compliance. Fines fornon-compliance range from $3,500-$11,000 per occurrence and may be retroactive.   In other words, if your business conducts1,000 non-compliant transactions over the course of a year, the FTC could fineyou $3.5 million.   But believe it or not,the FTC may be the least of your worries. The Rule alsoincludes provisions for civil liability.   This means identity theft victims may be entitled to recover damages asa result of a non-compliant violation at your business – with class actionsurely to follow.   All of this is codefor, “Lawyers just love this law!”   Although the monetary losses can be measured, what is not known is thedamage to your reputation since you may also be required to contact every oneof your credit customers to alert them of a possible identity breach at yourplace of business (FTC Safeguards Rule). So, if youare now having trouble breathing and find yourself being pulled toward abright, celestial light, that’s good; that means you get it before it’s toolate.   Now’s the time to make your operationRed Flags Rule compliant and get it behind you.   What is A Red Flag ?        A “red flag”is a pattern, practice, or specific activity as spelled out within the Rulewhich indicates the possible existence of identity theft.   Who Has To Comply With The Red FlagRules - And Why .                                                                                                             First, theRules have nothing to do with whether or not your operation uses creditreports, and even if your only offering of credit is to send a customer’scredit report to a third party lender, you must comply. The litmustest applied by the federal government for designated compliance revolvesaround the Rule’s own definition of a “creditor”.   Without quoting the entire definition fromthe Final Rules, here’s the simple version:   If the product or service you sellor provide is not paid in full at the time of purchase, you must comply.                                                                                    This broadand encompassing definition designates many businesses traditionally notregarded as a “creditor” such as: ·          Retail Businesses – furniture, appliance, jewelry,electronics, cell phone, department, and “big box” stores. ·          Financial Institutions – banks, credit unions, savingsassociation, mortgage lenders/brokers, and finance companies. ·          Transportation Dealers – new and used vehicle, motorcycle,watercraft, RV, and ATV dealers. ·          Health Care Providers – hospitals, physicians, medicalclinics, chiropractors, and assisted living facilities. ·          Educational Institutions – universities, colleges, technologyinstitutes, junior colleges, and community colleges. ·          Utility Companies – cities, municipalities, power,heating oil, water, telephone, and cellular companies. Please Note :   If your business accepts credit cards as its only credit method, youneed not comply.   What Do I Have To Do To Become RedFlags Rule Compliant ?                                                                                                            If you possessa lot of time, patience, and a strong will to live, then Google, “Final RedFlags Rule”, where you will find all of your compliance requirements sprinkledabout its 59 pages of federal law.   Goodluck trying to figure it all out. For those ofus existing in the real world, here’s what you have to do: 1.   You must develop and implement a formal, written Red Flags Rule Policyspecifically for your type of business.   Your Policy mustinclude these four elements in addition to several other directives inprocedures:                                                                                ·          Identificationof Red Flags specific to your type of operation. ·          Detectionof Red Flags specific to your business. ·          Responseto detected Red Flags. ·          Provisionsfor updating your Red Flags Rule Policy.                                                                                                                                         Your Policymust also include a number of other required procedures such as complianthandling of Notice of Address Discrepencies, fraud alerts, rules for credit cardissuers, plus many more.   In other words,plan on your Policy to be anywhere from 6-8 typewritten pages. 2.   Provide formal Red Flags Rule Training for all relevant employees.   But more importantly, be able to prove it in case of an inadvertentviolation.   Your employees should betrained at least yearly, and of course, newly hired staff must be trainedimmediately.   And by the way, “formal RedFlags Rule Training” does not mean just letting your employees read a copy ofyour Policy. 3.   Your business must have in place procedures to both verify theidentifying information presented by an individual opening an account, and alsoto authenticate the actual identity of the individual presenting theidentifying information at your place of business.   The Required ID Verification AndAuthenticating Process .                                                                                                                       Here’s thecatch.   To verify the identifying informationpresented to you by an individual opening a new covered account, you cannot useinformation contained on a credit report or even information generallyavailable from a wallet.   Instead, youmust search national, state, and federal data bases to verify such items as theSocial Security Number issue date, does the individual’s DOB match the SSNdate, the name of the person assigned to the SSN, is SSN assigned to a deadperson… well, you get the picture. But itdoesn’t stop there.   Searching those samedata bases, you must also verify their address, the name assigned to theaddress, all previous addresses associated with the individual, DOB, telephonenumber, the address the telephone number is assigned to, and so on.   And whilewe’re at it, let’s go ahead and throw in another law many designated businessesignore, or have no knowledge of their required compliance – the FederalTreasury’s OFAC (U.S. Patriot Act) list of suspected terrorists, drug dealersand money launderers.   If you are sodesignated by the federal government to scan that list and don’t comply byreporting “hits” to Homeland Security, you could end up in federal prison witha new bunkmate named “Bubba”… plus afine in the millions!   In fact, the fedshave already dropped an $80 million fine on a bank for non-compliance with thislaw.   But I digress.   Let’s get back to your required Red Flags IDverification and authenticating process. Aftermuddling through the required data searches to verify the identifyinginformation presented by an individual, how can you possibly know that theindividual presenting the information is actually who they represent themselvesto be?   That’s right, now you need todeploy a process to authenticate the actual identity of that individualphysically inside your place of business.   Without this important identity authentication, you may doing nothingmore than verifying stolen information presented to you by an identity thief thatis actually standing in front of you! According tothe Red Flag Rules, you should create several “Challenge Questions” formulatedfrom all of the data searches you performed to verify the identityinformation.   These questions should beframed in such a manner that only the individual in question can answer, and ina timely manner.   A few of the questionsmight be: “What was your previous area code?” “Here are four addresses.   Which one is an address previously associatedwith you?” “What county issued your SocialSecurity Number?”                                                                              The Red FlagsRule establishes no standard for pass/fail, but your operation must not open acovered account for an individual until you have established a “reasonablebelief” that individuals are indeed who they represent themselves to be. So there youhave it.   Compliance requirementscourtesy of your federal government.   Your Alternatives .                                                                                                                                                                                                First, bewareof companies, usually credit reporting services, leading you to believe youwill be compliant by just subscribing to their Identity Scan service.   As discussed in the previous section, simplyverifying identity information is only a small piece of the compliance puzzleand still leaves your business exposed to civil and federal liability. Somedesignated businesses even choose to retain attorneys charging $5,000 - $20,000to research and develop their compliance Policy and Training solutions.   That source is always available, but whatabout the identity verification searches?   Very few attorneys have the answer for that requirement except toinstruct you to perform the searches required for compliance, and yes, figure aminimum of another 30 minutes added to the time of your sale if you search allthe sources yourself. You shouldalso be aware of compliance providers who wish to sell you a written Red FlagsRule Policy Template and passing it off as “one-size-fits-all”.   Your Policy, and Training for that matter,must be relative and appropriate to the compliance requirements specific toyour type of industry, i.e., retail, utility, financial, transportation,medical, etc. However, amidall of this compliance misery, there are a few compliance providers availablethat offer full compliance services at an affordable price, and this may beyour best bet.   Some may require you topurchase additional hardware or software, but there are a couple that aretotally web-based and provide turn-key compliance solutions. Regardless ofhow you become compliant, you cannot afford to ignore this law since you haveno way of knowing if you are selling a product to an identity thief.   Again, just one non-compliant transaction tothe wrong person has the potential to wipe out your business.   However, the government does give you a“get-out-of-jail-free” card.   If youinvest in making sure your operation is Red Flags Rule compliant, and can proveit, you invoke the most effective legal defense available should youunwittingly sell a product or service to an identity thief.   Think of compliance performance in terms of avampire confronted by a cross, because that’s the way attorneys react whenconfronted with proof of compliance performance.   They are well aware that such due diligenceon your part creates what is termed, “safe harbor” status, meaning probableimmunity from prosecution for non-compliance. So themessage here is to get your operation compliant, and quickly; that celestiallight you feel drawing you nearer is actually the fast approaching deadline ofNovember 1.                                                                                                                                                                                  

Find Patern Red On eBay Below:

Recently Purchased Patern Red: