Tag Archives: Red Flag Rules

FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule To December 31

By Thomas Ahearn, ESR Staff Writer

The Federal Trade Commission (FTC) has further delaying enforcement of the Red Flags Rule for identity theft scheduled to begin on June 1, 2010 to December 31, 2010.

According to a FTC news release, the delay of the Red Flags Rule for identity theft to the end of the year would give Congress time to consider legislation that would resolve any questions as to which entities are covered by the Red Flags Rule and remove the need for further enforcement delays. As currently written, the Red Flags Rule — which was developed under the Fair and Accurate Credit Transactions Act (FACTA) — requires “creditors” and “financial institutions” that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or activities — called “red flags” — that may indicate identity theft.

With identity theft on the rise — a recent survey found the number of identity theft and fraud victims in the U.S. increased 12 percent to affect over 11 million adults in 2009 — the FTC’s Red Flags Rule addresses the need for businesses extending credit to customers to develop and implement written identity theft prevention programs. In addition, according to a “Facts For Businesses” page on the FTC website, the Red Flags Rule may apply to groups that might not typically use the words “financial institutions” and “creditors” with “covered accounts” to describe themselves.

  • The Red Flags Rule defines a “financial institution” as banks, savings and loan associations, mutual savings banks, credit unions, or any person, directly or indirectly, holding a transaction account belonging to a consumer.
  • The Red Flags Rule definition of “creditor” is broad and includes businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later. Utility companies, health care providers, and telecommunications companies may fall within this definition. Creditors also include those who regularly grant loans, arrange for loans, or extend credit.
  • The Red Flags Rule defines that term “covered accounts” as 1.) A consumer account primarily designed to permit multiple payments or transactions such as credit card accounts, mortgage/auto loans, and cell phone, utility, and checking and savings accounts; and 2.) Any account for which there is a foreseeable risk to customers or to the financial institution or creditor from identity theft.

Beginning December 31, 2010, the Red Flags Rule would require the entities described above to develop, implement, and administer Identity Theft Prevention Programs that include four basic elements — Indentify, Detect, Prevent, and Update — to address the threat of identity theft:

  • An Identity Theft Prevention Program must include reasonable policies and procedures to identify the “red flags” of identity theft, the patterns, practices, or activities that may indicate the possibility of identity theft.
  • An Identity Theft Prevention Program must be designed to detect the red flags identified, and have procedures in place to help in the detection of red flags.
  • An Identity Theft Prevention Program must spell out the appropriate response to take when red flags are detected to prevent and mitigate identity theft.
  • An Identity Theft Prevention Program should go through a periodic update to reflect new risks from identity theft since this crime is an ever-changing threat.

For more information and the latest news about identity theft and the Red Flags Rule, please visit Employment Screening Resources (ESR) at http://www.esrcheck.com.

Sources:

http://ftc.gov/opa/2010/05/redflags.shtm

http://www.ftc.gov./bcp/edu/pubs/business/idtheft/bus23.shtm

FTC Requiring Businesses Extending Credit To Customers To Follow Red Flags Rule For Identity Theft Starting June 1

By Thomas Ahearn, ESR Staff Writer

With identity theft on the rise – a recent survey found the number of identity theft and fraud victims in the U.S. increased 12 percent to affect over 11 million adults in 2009 – the Federal Trade Commission (FTC) is requiring businesses that extend credit to customers to develop plans to detect and prevent identity theft beginning June 1, 2010.

The FTC delayed enforcement of this “Red Flags” Rule until June 1, 2010 at the request of Congress after the Rule was published under the Fair and Accurate Credit Transactions Act (FACTA) in which Congress directed the FTC to develop regulations for “financial institutions” and “creditors” that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – or “red flags” – that may indicate identity theft.

According to a “Facts For Businesses” page on the FTC website, the Red Flags Rule for implementing a written identity theft prevention program applies to “financial institutions” and “creditors” with “covered accounts,” and the FTC warns that these terms may apply to groups that might not typically use those words to describe themselves.

  • The Red Flags Rule defines a “financial institution” as banks, savings and loan associations, mutual savings banks, credit unions, or any person, directly or indirectly, holding a transaction account belonging to a consumer.
  • The Red Flags Rule definition of “creditor” is broad and includes businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later. Utility companies, health care providers, and telecommunications companies may fall within this definition. Creditors also include those who regularly grant loans, arrange for loans, or extend credit.
  • The Red Flags Rule defines that term “covered accounts” as 1.) A consumer account primarily designed to permit multiple payments or transactions such as credit card accounts, mortgage/auto loans, and cell phone, utility, and checking and savings accounts; and 2.) Any account for which there is a foreseeable risk to customers or to the financial institution or creditor from identity theft.

Beginning June 1, the Red Flags Rule requires “financial institutions” and “creditors” with “covered accounts” described above to develop, implement, and administer Identity Theft Prevention Programs that include four basic elements to address the threat of identity theft: Indentify, Detect, Prevent, and Update.

  • An Identity Theft Prevention Program must include reasonable policies and procedures to identify the “red flags” of identity theft, the suspicious patterns and practices, or specific activities, that may indicate the possibility of identity theft.
  • An Identity Theft Prevention Program must be designed to detect the red flags identified, and have procedures in place to help in the detection of red flags.
  • An Identity Theft Prevention Program must spell out the appropriate response to take when red flags are detected to prevent and mitigate identity theft.
  • An Identity Theft Prevention Program should go through a periodic update to reflect new risks from identity theft since this crime is an ever-changing threat.

In addition, the Red Flags Rule written Identity Theft Prevention Program designed to prevent, detect, and mitigate identity theft in connection with the opening of new accounts and the operation of existing ones must be appropriate to the size and complexity of the business or organization and the scope of its activities. A company with a higher risk of identity theft or a variety of covered accounts may need a more comprehensive Identity Theft Prevention Program.

For information about identity theft and the Red Flags Rule, visit http://www.ftc.gov/ or Employment Screening Resources (ESR) at http://www.esrcheck.com.

Sources:

http://www.ftc.gov./bcp/edu/pubs/business/idtheft/bus23.shtm

http://www.ftc.gov/opa/2009/10/redflags.shtm

http://www.ftc.gov/os/2009/10/091030redflagsrule.pdf

Background Check Expert Lester Rosen to Present at Seattle Conference on Social Networking sites

Employment Screening Resources  a leading international employment screening background checking firm headquartered in the San Francisco area, announced that its president, Lester Rosen, will be presenting before the prestigious Staffing Management Association (SMA) of Seattle on September 16, 2009. 

SMA’s mission is to present practical and relevant information by bringing in top-notch recruiting and retention experts.  See: http://www.emaseattle.org/events.shtml 

Mr. Rosen will be addressing, Landmines, Pitfalls and Potential Law Suits – Understanding the Risks of Using Search Engines and Social Networking Sites to Screen Candidates. 

“am very pleased to have opportunity to discus this cutting edge topic with to-notch staffing professionals in such a critical economic area as Seattle,” commented Rosen. “There is evidence that recruiters and hiring managers are utilizing social network sites to make hiring decisions without taking into account the potential liabilities that employers can face if done incorrectly or unfairly.  This talk is geared to starting a dialogue on the potential landmines that may be encountered if not done correctly.”

Mr. Rosen will review a major new survey that demonstrates what percentage  of employers use these sites, which sites they use,  how often they are used to NOT hire someone, as well as the most frequently seen issues that turn-off employers. 

Mr. Rosen, who is also an attorney, is a nationally recognized, expert, on employments screening background checks.  He is a writer and speaker on the Fair Credit Reporting Act (FCRA), pre-employment screening, and safe hiring issues. In addition, Mr. Rosen is the author of the first comprehensive book on employment screening, The Safe Hiring Manual Complete Guide to Keeping Criminals, Imposters and Terrorists Out of Your Workplace,a 500 pages plus guide that acts as the text book for the screening industry. He also wrote, “The Safe Hiring Audit.”

 Mr. Rosen’s speaking appearances have included numerous national and statewide conferences.  He has testified in the California, Florida  and Arkansas Superior Court as an expert witness on issues surrounding safe hiring and due diligence. Mr. Rosen was the chairperson of the steering committee that founded the National Association of Professional Background Screeners (NAPBS), the professional trade organization for the screening industry, and served as the first co-chairman in 2004.

More information about Employment Screening Resources can be found at www.ESRcheck.com

Employment Screening Resources Expert Quoted in national news magazine

Employment screening expert Lester Rosen was quoted recently in U.S, News and World Report on an article entitled:  Should Your Credit Report Cost You a Job?

http://www.usnews.com/articles/business/careers/2009/07/29/should-your-credit-report-cost-you-a-job.html

Mr. Rosen, who is President of Employment Screening Resources, commented upon best practices when it comes to obtaining employment credit reports.  Mr. Rosen has also been quoted on the same issue in other national publications, such as the Christian Science Monitor and USA Today.

To summarize briefly, Employment Screening Resources advises employers to approach credit reports with caution when it comes to background checking, and to articulate a clear rationale as to why a credit report is related to a particular job.  Employers should also be aware that there is the potential for errors in credit reports, and that negative entries may well not be a valid predictor of job performance.  For example if there is an illness in the family and credit cards are used to pay medical bills, or there has been a long period of unemployment, a consumer’s credit report may show a large outstanding debt that may not affect suitability for employment. In fact, an overly board use of credit reports could lead to claims of discrimination if there is a disparate impact on protected groups.

On the other hand, hiring a person that handles money or other people’s private data without running a credit reports could result in allegations of negligent hiring if a theft occurs and a credit report as part of a background check would have lead to relevant information. Embezzlement, internal theft and identity theft are significant problems in the U.S.

One thing to keep in mind — it is an urban myth that employers receive a credit score. Employment credit reports simply do not contain a credit score since there is no evidence of a connection between a credit score and employment.  On the other hand, employment credit reports do contain a credit history, which will tell an employer if an applicant pays on time, or has such a large monthly debt that it raises a red flag if a person is to be put in charge of cash or assets or placed in a fiduciary position.  In addition, there are limitations on using a bankruptcy for employment, since a person that goes through bankruptcy is entitled to a ‘fresh start’  Two states, Hawaii and Washington, have passed laws regulating the use of credit reports for employment and more states are apparently looking at similar rules.  For more information, see: http://www.esrcheck.com/articles/Credit-Reports-and-Job-Hunting.php .

Another aspect of the use of credit reports are the vastly increased regulations imposed by the credit bureaus on background screening firms and employers, in order to protect privacy and counter identity theft. Legitimate screening firms that are in compliance with the contractual obligations set forth by the credit bureaus are required to essentially do a background check on employers that want credit reports.  This can include on-site inspections by third party agencies of the employer’s premise, as well as checking bank and trade references and other steps to ensure the employer is legitimate, has a permissible purpose and meets the guidelines set out by the credit bureaus.  Certain businesses, such as home based operations, or businesses that share space with prohibited users cannot qualify for credit reports. In addition, the new ‘Red Flag’ rules require employers to have a written policy and procedure in place to deal with address discrepancies.  See: http://ftc.gov/os/fedreg/2007/november/071109redflags.pdf

Although ESR assists employers in navigating the process and supplies a sample Red Flag policy, small and medium businesses (SMB) often find that requesting a credit report adds a significant layer of complexity to the process.  Other searches typically done as part of a background check, such as criminal records, do not carry these added complications. Many SMB avoid these headaches by simply requesting that an applicant obtain their own credit report and present it to the employer.  This is easily done since every consumer by federal law is entitled to one free copy of their credit report from  each of the three major credit bureaus yearly from  https://www.annualcreditreport.com/  However, employer must still use caution to ensure that the use of credit reports is fair and non-discriminatory.

Credit Report Red Flag Rules Address Discrepancies Easy as 1,2,3

Questions have been sent in by employers who receive Credit Reports as to what to do with the RED FLAG ADDRESS MISMATCH alerts.  This all came about from new Federal regulations that took effect late last year to curb ID Theft.

The resolution for your company is as Easy as 1, 2, 3.

First, have a written policy in place at your office on how you will deal with this issue.  Specifically the issue is that the address the applicant listed differs from the address that the Credit Bureau has on record.

Second, contact the applicant and ask him/her to send you or show you some documents that indicate the new address.  Any official document will do driver’s license, apartment lease, utility bill, etc.  (The attached sample policy includes the full list of the items that will adequately prove the new address.) Once you review the evidence of the new address and you’re satisfied with it, that’s all you need to do.

Third, if the applicant is concerned that the Credit Bureau doesn’t have the new address, you can give him/her a document that ESR will provide that explains how to make the change with them.

TO RECAP: You will want to create a written policy for your company as soon as you can. You will want to watch your Background Reports to note whether the Credit Report is Red Flagged.  And you will want to take the easy address verification steps with your applicant if there is a different address on the Credit Report and the Background Report. As simple as 1, 2, 3.

A sample policy that ESR has written is available to ESR clients. ESR also provides a link to a page with information an employer can give an applicant if they are concerned about an address mismatch with useful information.

The Federal Trade Commission did announce that it was suspending the rules until August 1, 2009 to provide creditors and financial firms more time to comply.  However, since it is not clear whether the suspension applies to employers, and since this is a best practice to avoid identity theft, ESR suggests that employers begin to implement these rules as soon as possible.

New Delay in Red Flag Rules May Not Apply to Background Checks

According to a press release issued by the Federal Trade Commission (FTC) on 04/30/2009, the FTC, “will delay enforcement of the new “Red Flags Rule” until August 1, 2009, to give creditors and financial institutions more time to develop and implement written identity theft prevention programs.” 

Employers and background screening firms that belive this gives them more breathing room before compliance should proceed with caution.  The FTC noted that the issues dealt with certain firms that were uncertain of their status.  The duties of employers when it comes to screening are clear.  In addition, ESR has received legal advice suggesting it is not at all clear the delay would affect background screening  reports that contains an employment credit reports.

In order to fully protect employers and job applicants from the harms associated with identity theft, ESR has determined that the best practice is to continue to operate as though the Red Flag rules continue to apply. The effort needed for compliance is minimal compared to the risks of non-compliance. 

ESR will continue to “Red Flag” credit reports where there is a substantial address discrepancy and will continue client education on the mater.

For more on the Red Flag rules, see the ESR newsletter at: http://www.esrcheck.com/newsletter/archives/October_2008.php#T1

ESR provides training and sample Red Flag policies for its clients.