FTC Red Flags Rule
The Federal Trade Commission’s (FTC) Red Flags Rule requires broker-dealers, investment advisers, and investment companies to establish and maintain identity theft programs. The programs should detect the warning signs—or red flags—of identity theft in their day-to-day operations. Identity theft is the fraudulent acquisition and use of a person’s private identifying information, usually for financial gain. An identity theft program can help businesses spot suspicious patterns and prevent the costly consequences of identity theft. The FTC Red Flags Rule tells businesses how to develop, implement, and administer an identity theft prevention program. Such a program must include four basic elements:
- • Reasonable policies and procedures to identify the red flags of identity theft that may occur during day-to-day operations. Red flags are suspicious patterns or practices or specific activities that indicate the possibility of identity theft. For example, if a customer has to provide some form of ID to open an account, an ID that doesn’t look genuine is a “red flag.”