Red Flags Rule
The Red Flags Rule is an FTC rule that requires financial institutions to implement a written program designed to detect, prevent, and mitigate identity theft.
Frequently asked questions
What is the purpose of the Red Flags Rule?
The purpose of the Red Flags Rule is to identify potential “red flags” in financial transactions that could indicate identity theft, money laundering, or other fraudulent activities.
What are the four elements of the Red Flags Rule?
According to the FTC, the four elements of the Red Flags Rule are:
- Identifying relevant red flags by considering signals such as suspicious account activity, tips from other sources, alerts from credit reporting companies, and more
- Using identity verification and authentication methods to detect red flags
- Taking specific actions if red flags are detected, such as suspending accounts
- Updating the strategy to address evolving threats
What does the Red Flags Rule require banks to establish?
The Red Flags Rule requires financial institutions to establish written programs that detail how the organization identifies, detects, and mitigates the impact of identity theft and fraud.