How flexible are the Red Flags Rules?
The Red Flags Rules provide all financial institutions and creditors the opportunity to design and implement a program that is appropriate to their size and complexity, as well as the nature of their operations. Guidelines issued by the FTC, the federal banking agencies, and the NCUA (ftc.gov/opa/2007/10/redflag.shtm) should be helpful in assisting covered entities in designing their programs. A supplement to the Guidelines identifies 26 possible red flags. These red flags are not a checklist, but rather, are examples that financial institutions and creditors may want to use as a starting point. They fall into five categories: • alerts, notifications, or warnings from a consumer reporting agency; • suspicious documents; • suspicious personally identifying information, such as a suspicious address; • unusual use of or suspicious activity relating to a covered account; and • notices from customers, victims of identity theft, law enforcement authorities, or other businesses about possible