Dec 23 2009 7 mins 1
It's been over one year now since banking regulators began examining institutions for compliance with the Identity Theft Red Flags Rule. What have been the common deficiencies, and what will examiners be expecting in year two? Jeff Kopchik, senior policy analyst with the Federal Deposit Insurance Corporation (FDIC), discusses:
The three key deficiencies of Red Flags compliance;
How examiners will approach Red Flags exams in 2010;
Ways institutions can improve their Red Flags compliance.
Kopchik was the Team Leader of the FDIC's 2004 study "Putting an End to Account-Hijacking Identity Theft." He was the FDIC's primary representative on the FFIEC staff working group that drafted the 2005 guidance on Authentication in an Internet Banking Environment. Kopchik was also involved in interagency rulemaking efforts to comply with the Fair and Accurate Credit Transactions (FACT) Act, and was involved in the creation and implementation of the Gramm-Leach-Bliley Act (GLBA) interagency information security guidelines, supervisory guidance on customer notice, FFIEC Business Continuity Planning Booklet, and FDIC guidance on wireless networks.
