By: Kristan Keelan
Most financial institutions are well underway in complying with the FTC’s ID Theft Red Flags Rule by:
1. Identifying covered accounts
2. Determining what red flags need to be monitored
3. Implementing a risk based approach
However, one of the areas that seems to be overlooked in complying with the rule is the area of commercial accounts. Did your institution include commercial accounts when identifying covered accounts? You’re not alone if you focused only on consumer accounts initially.
Keep in mind that commercial credit and deposit accounts also can be included as covered accounts when there is a “reasonably foreseeable risk” of identity theft to customers or to safety and soundness.
Start by determining if there is a reasonably foreseeable risk of identity theft in a business or commercial account, especially in small business accounts. Consider the risk of identity theft presented by the methods used to open business accounts, the methods provided to access business accounts, and previous experiences with identity theft on a business account.
I encourage you to revisit your institution’s compliance program and review whether commercial accounts have been examined closely enough.
