Identity Theft Red Flags Rule: Only Half of Institutions Will Beat DeadlineIdentity Theft Red Flags Rule: Only Half of Institutions Will Beat Deadline New Survey Says Large Institutions Will Struggle Most to Hit Nov. 1 Date
Only half of U.S. banking institutions say they will beat the Nov. 1 deadline for compliance with the Identity Theft Red Flags Rule.
This is the key finding of a new survey aimed at gauging the success of institutions' efforts to meet the terms of the new regulatory mandate. The survey, administered in June by Information Security Media Group, publisher of BankInfoSecurity.com and CUinfoSecurity.com, drew 300 responses from financial institutions of all sizes.
With roughly four months to go before the Identity Theft Red Flags deadline, an even 50% of institutions surveyed say they are close to compliance and will beat the Nov. 1 date. A combined 47% say they either will barely meet the deadline, won't make it or don't know. Only 3% of respondents say they are already completely compliant.
The numbers are more alarming for large institutions - those with $2 billion or more in assets under management - where only 36% say they will beat the deadline, and 61% project themselves as just barely meeting it.
When asked how effective their Red Flags programs will be when completed, only 20% of institutions say "very effective - it's a whole new level of defense." The majority - 69% -- say their programs will be only "moderately effective - [Red Flags] really only codifies what we already should have been doing."
Again, the message from large institutions is even more dramatic, with only 7% saying their new programs will be "very effective," and 86% describing them as "moderately effective."
The survey also tackles such topics as:
The results, when analyzed, make strong statements about how institutions will manage and measure their Identity Theft Red Flags Rule programs, the state of vendor management, and exactly where institutions feel responsibility for fighting Identity Theft should fall - with banks and businesses or consumers.
Full survey results will be previewed in the upcoming webinar, ID Theft Red Flags Roundtable - Tips from Regulators and Practitioners on How to Meet Nov. 1 Compliance, set to debut on July 9. Following that session, ISMG will release a report detailing these results and what they mean to financial institutions and their strategic vendors.
In addition to showcasing results of this new survey, the July 9 webinar will feature banking practitioners, as well as representatives of the Federal Deposit Insurance Corporation (FDIC) and Office of Thrift Supervision (OTS), discussing strategies and best-practices for dealing with the Identity Theft Red Flags Rule before Nov. 1 and beyond.
About the Identity Theft Red Flags Rule
Under this new rule, which was established by federal banking regulatory agencies and took effect Jan. 1, 2008, each financial institution's Identity Theft Prevention Program must include: reasonable policies and procedures for detecting, preventing and mitigating identity theft and enable the financial institution to identify relevant patterns, practices, and specific forms of activity that are 'red flags' signaling possible identity theft and incorporate those red flags into the institution's program. Compliance deadline: Nov. 1, 2008.
Based in Princeton, N.J., Information Security Media Group publishes BankInfoSecurity.com and CUInfoSecurity.com, which are your one-stop portals for the latest news, insights and education on the top information security issues facing U.S. financial institutions today. Through articles, webinars, podcasts, blogs, customized training, sponsored content and news alerts from federal regulatory agencies such as the FDIC, NCUA, OCC, FRB and OTS, our team is committed to providing up-to-date information on the security regulations, threats, solutions, training and career trends that most impact banks, credit unions and other related enterprises.