If an entity meets the definition of creditor or financial institution and has covered accounts, the entity must develop and implement a written program to detect and respond to the red flags of identity theft and update this program periodically.  If an entity does not have any covered accounts, a written program is not required; however, the entity needs to conduct periodic assessments to determine if it has acquired any covered accounts.

Developing the written program
Written procedures need to cover the following five areas:

1. Identifying relevant red flags
2. Detecting red flags
3. Responding to red flags
4. Administering your program
5. Periodically updating your program

The Federal Trade Commission (FTC) has created a form to help businesses at low risk for identity theft design a program.  See the Helpful link section below for further information.  In addition, many trade associations have developed guidance to help industry members comply with the Red Flags Rule.

Helpful link
For further information regarding the Red Flags Rule, including a link to the Rule, resources including templates, and frequently asked questions, visit the FTC’s Red Flag Rules website: http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml.

< Back to Accounting Services

Accounting Services // Administrative Services // About Our Firm // Meet Our Partners
Choosing a CPA // Additional Resources // Contact Us // Home Page

Copyright 2003 // Conway, Deuth and Schmiesing.