ROE vs ROA | Return on Equity (ROE) is generally net income divided by equity, while Return on Assets (ROA) is net income divided by average assets. 

We get the following question quite a bit: Would the regulators expect to see a log of detected activity and resulting mitigation? Short answer: The Red Flags Rule does not specifically require you to maintain a log, nor do the guidelines suggest that a log should be maintained. However, covered institutions are required to prepare regular reports around the effectiveness of their program.  Additionally, there exists the requirement to incorporate an institution’s own experiences with identity theft when reviewing and updating their program. Long answer: Think now about the value of incorporating robust (and, optimally, transaction level) reporting into your program for a few key reasons: 1. Reporting allows you to more easily and comprehensively create and disseminate board-level reports related to program effectiveness.  These aren’t a bad thing to show a regulator either. 2. Detailed reporting provides you an opportunity to more accurately monitor your program’s performance with respect to decisioning strategies, false positives, false negatives, fraud detection and prevention rates, resultant losses and legitimate costs. 3. The more historic detail you have compiled, the easier it will be to make educated, analytically based, and quantifiable updates to your program over time.  Without this, you may be living and dying with anecdotal decision making….never good. 4. Finally, maintaining program performance data will afford you the ability to work with other service providers in validating their capabilities against known transactional or account level outcomes.  We, at Experian, certainly find this useful in working with our clients to deliver optimal strategies. Thanks as always.

The Federal Trade Commission (FTC) suspended enforcement of the new Red Flag Rule until May 1, 2009.  According to the FTC’s Enforcement Policy, “…during the course of the Commission’s education and outreach efforts following publication of the rule, the Commission has learned that some industries and entities within the FTC’s jurisdiction have expressed confusion and uncertainty about their coverage under the rule.  These entities indicated that they were not aware that they were undertaking activities that would cause them to fall within FACTA Sections 114 and 315 definitions of ‘creditor’ or ’financial institution’.” So, depending upon which enforcement entity (or entities) will be knocking on your door in the coming months, you may (and I emphasize “may”) have some extra time to get your house in order.   While many of you are likely confident that you have a compliant written and operational Identity Theft Prevention Program, this break in the action can be a great time to take care of setting up some ongoing procedures for keeping your program up to date.  Here are some ideas to keep in mind along the way: 1. Make sure you have clear responsibilities and accountabilities identified and assigned to appropriate persons.  Lack thereof may lead to everyone thinking someone else is keeping tabs. 2. Start setting the stage for a process to update your program based on: a. Your new experiences with identity theft; b. Changes in methods of identity theft; c. Changes in methods to detect, prevent, and mitigate identity theft; d. Changes in the types of accounts you offer or maintain; and e. Changes in your business arrangements, including mergers, acquisitions, alliances, joint ventures and service provider arrangements. 3. Set up a process for program review at the board level.  Remember that your program does not have to be approved by your board of directors annually, but the board (or a committee of the board) or senior management must review reports regarding your program each year.  They must approve any material changes to your program should they occur. 4. Prepare now for follow up actions associated with your first Red Flag Rule examination(s).  There will surely be suggestions or mandates stemming from that exercise, and now is a good time to start securing appropriate resources and time. My key message here is that, while there may be lull in the world of Red Flags activity, this is a great time to keep momentum in your program development and upkeep by planning for the next wave of updates and your impending examinations.  Best of luck.