Red Flags Rule
What does it mean?
- Helps consumers prevent or reduce the harm from identity theft
- Under the Rule, financial institutions and certain other creditors must adopt written identity theft prevention programs to identify, detect and respond to patterns, practices or specific activities that could indicate identity theft
Who is affected?
The Red Flags Rule applies to "financial institutions" and "creditors" that maintain one or more "covered accounts."
- A "financial institution" is a bank, savings and loan, credit union, or other entity that holds an account belonging to a consumer that allows the owner to make payments or transfers.
- A "creditor" is any entity that regularly extends, renews or continues credit, arranges for someone else to extend, renew or continue credit, or an assignee of a creditor who is involved in the decision to extend, renew or continue credit.
- A "covered account" is an account that is either (i) an account used primarily for personal, family or household purposes and that involves multiple payments or transactions or (ii) an account for which there is a foreseeable risk of identity theft (such as small business accounts).
What is the impact? (penalties and fines)
- Civil penalties of up to $3,500 per violation
- Injunctive relief is also available
How to reach compliance?
Develop and maintain a written identity theft prevention program that is appropriate for your business based on its size and potential risks of identity theft.
The four basic steps to designing a program to comply with the Rule are:
- Identify relevant red flags;
- Detect red flags;
- Prevent and mitigate identity theft; and
- Update your program periodically
Contact Us and a Cintas Document Management expert will do a no-obligation evaluation of your facility's information management needs.