Records Management and the Red Flags Rule

big red flag with blue sky waving as a warning and attention signThe Red Flag

Throughout history, a physical red flag is a traditional way to communicate the presence of danger. If you see one at the beach, it usually indicates dangerous surf or currents. The term “red flag” is used as a metaphor also meaning possible danger. When the term “raises a red flag” is used, it’s meant to identify or draw attention to a problem or danger.

What Is the Red Flags Rule?

About 9 million Americans have their identities stolen every year, which can result in draining victims’ accounts, damaging their credit, and putting medical treatment at risk. In 2008, to counterattack this criminal activity, the Federal Trade Commission (FTC) developed a series of “red flags” to help organizations detect fraud attempts before criminals could make any progress. The Red Flags Rule was implemented to give organizations a program to detect “red flags” of identity theft in their day-to-day operations, take steps to prevent the crime and minimize its damage.

The 4 Basic Elements of the Red Flags Program

The Red Flags Rule requires financial institutions and creditors to implement a written identity theft prevention program that helps them identify suspicious patterns and take appropriate steps to prevent the attempted crime. The program needs to contain these four basic elements:

  1. Reasonable policies and procedures making it easy to identify red flags of identity fraud.
  2. Ability to detect red flags that stray from standard policies, and procedures that allow for identification of inconsistencies that indicate identity theft.
  3. Spells out actions that need to be taken when red flags are detected.
  4. Details ways of staying current of new and emerging threats.

The 5 Categories of Red Flags

The FTC outlines five categories of red flags for financial institutions and creditors to watch for.

  1. Warnings, alerts, alarms or notifications from a consumer reporting agency.
  2. Suspicious documents.
  3. Unusual use of, or suspicious activity related to, a covered account.
  4. Suspicious personally identifying information, such as a suspicious inconsistency with a last name or address.
  5. Notifications from customers, law enforcement authorities, other businesses and victims of identity theft regarding possible identity theft regarding specified accounts.

Records Management Responsibilities

To help your organization comply with the Red Flags Rule, you will still want to close any gaps of potential identity theft and fraud by making sure that businesses you hire or partner with that handle any of your clients’ personal information are compliant with all privacy laws.

Docusafe offers a secure and disaster-protected facility to carefully house and protect your sensitive documents off-site in New Jersey, New York, and Pennsylvania. Our records storage and management services will help your business stay compliant with the Red Flags Rule by protecting your sensitive documents. To place your records in our expert hands, call us at 888-264-7367 or complete the form on this page.

Request Your Quote

When You're Ready, Let's Talk!