Compliance: "red flags rules" shown the red flag
In the buzzword-laden world that the USA's regulatory regime has become, regardless of whether the buzzwords actually make sense, the so-called "red flags rules" relating to so-called "identity theft" are amongst the most badly phrased. And now they have been red-flagged in the true sense of the phrase.
Look: a red flag means "danger" and its means "stop." And in the vast majority of compliance and risk management related fields, warnings are for "caution" and stopping is often not advisable. It is nonsense to talk about "red flags" when what is meant is "yellow flags."
And no one's identity is "stolen." To steal means to permanently deprive someone of something. It's not "identity theft" it's "identity replication" - and there's already a term for that : it's "personation." It's a common law offence - unusual for criminal law and it is enshrined in case law for at least a century.
But in the USA, dumbing-down and soundbites are more important than accuracy (a trend followed in the UK in recent years) and so in order to put the burden of managing the risk of identity fraud onto financial institutions, the The Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA) issued regulations ("the Red Flags Rules") requiring financial institutions and creditors to develop and implement written identity theft prevention programs, as part of the Fair and Accurate Credit Transactions ("FACT") Act, 2003.
In today's financial crisis, financial institutions are complaining about the cost of compliance.
And so the implementation of the "Red Flags Rules" due on 1 November was abruptly halted - i.e. red-flagged. The race will restart when conditions have improved, says the Federal Trade Commission. On a preliminary basis, that will be on the 1 May 2009.
So, at a time when, historically, financial crime increases in the form of many types of fraud, measures to detect and deter a specific type are suspended.
Download PDF version of this page