Enacted last year, the red flags rules require entities that qualify as covered financial institutions or creditors maintaining covered accounts to implement an identity theft program. In its guidance, the
Firms that maintain any type of transaction account for their customers will often be subject to the red flags requirements, according to
"For advisors, I think it's helpful to keep in mind that you can have an indirect transaction account, so if you have authority to direct payment from the investor's account to a third party, you can potentially be implicated," Porter said during a panel discussion at the
ONGOING REVIEWS & UPDATES
After a firm has made the determination that it is subject to the red flags rules, it must establish a program geared toward identifying, detecting and responding to identity theft warnings, and then periodically updating the program and maintaining a formal structure for administering it.
Speakers at the IAA conference emphasized the dynamic nature of the risks of identity theft, arguing that firms' programs must be able to adapt and respond accordingly. The
That means that a crucial part of the implementation of an identity theft program involves an ongoing review and periodic updates.
"We look at this as a minimum on an annual basis, because if you don't kind of get it into a regular cycle it's not going to be effective," said
Those reviews, Nash-Goetz suggested, must not be abstract exercises, but instead should draw on any recent experiences the firm has had in dealing with fraudsters, and would do well to incorporate lessons learned from the high-profile data breaches that are so often in the headlines.
"Part of your periodic updates should be a review of what's happened," she said. "I think in reviewing your program it's important to look back on your actual experiences."
Likewise, firms should review their identity theft programs each time they open a new line of business or take on a new kind of client, Nash-Goetz said.
The staff training that the
"Authenticate very carefully people who call up or people who email. These days with all the hacking that goes on, like,
Nash-Goetz recommended that advisors align their red flags program with the anti-money laundering and customer identification programs they should already have in place. But she also emphasized the essential human element in any identity theft program, where advisors' intuition will be informed by the relationships they have developed with their clients.
"This is really the paying attention," she said. "What are normal patterns for your clients and how do you normally deal with them, and what's unusual?"
|Copyright:||(c) 2014 Financial Planning. All rights Reserved.|
|Source:||Source Media, Inc.|