Using Promontory s RADAR to Develop and Maintain an Identity Theft Prevention Program and Risk Assessment



Similar documents
Identity Theft Prevention Program (FACTA Identity Theft Red Flags Rule)

IDENTITY THEFT DETECTION POLICY

Risk Management Examiners

Red Flag Rules and Aging Services: What You Need to Know

CITY OF MARQUETTE, MICHIGAN CITY COMMISSION POLICY

IDENTITY THEFT RED FLAGS, ADDRESS DISCREPANCIES, AND CHANGE OF ADDRESS REGULATIONS Examination Procedures

An Overview of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 Final Rules

University of St. Thomas. Identity Theft Prevention Program. (Red Flags Regulation Response)

1. Entities and Accounts Covered by the New Rules Covered Entities

Pacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009

IDENTITY THEFT PREVENTION PROGRAM TRAINING MODULE February 2009

FACTA Identity Theft Red Flags Program.

White paper. Implications of digital certificates on trusted e-business.

Developing a Proactive Compliance Monitoring Program

Wake Forest University. Identity Theft Prevention Program. Effective May 1, 2009

Lincoln Financial Group. FTC/SEC Red Flags Identity Theft Prevention Program

Travis County Water Control & Improvement District No. 17. Identity Theft Prevention Program. Effective beginning November 20, 2008

University Identity Theft and Detection Program (NEW) All Campuses and All Service Providers Subject to the Red Flags Rule

DMACC IDENTITY THEFT- RED FLAGS PROCEDURES

VCU Identity Theft Prevention Policy

Securities and Futures & Derivatives Alert

You Can t Afford the Risks

Section 10: Fair Credit Reporting Act (FCRA) Policy

Identity Theft Policy Created: June 10, 2009 Author: Financial Services and Information Technology Services Version: 1.0

University Policy: Identity Theft Prevention Policy

FAIR CREDIT REPORTING ACT

Business Solution Suite

City of Hercules Hercules Municipal Utility Identity Theft Prevention Program

Electronic Prescriptions, Dashboards and University Hospital Birmingham

BDO CONSULTING FORENSIC TECHNOLOGY SERVICES

Document Management Server - Overview

Client Requirement. Why SharePoint

RANDOLPH COUNTY PUBLIC WORKS. Identity Theft Prevention Program. Adopted September 1, 2009 Effective beginning September 1, 2009

SOOKASA WHITEPAPER SECURITY SOOKASA.COM


WORKERS COMPENSATION

INTRODUCTION PRODUCT PRIORITIES INTEGRATION

OLIVIA123 FOR ADMINISTRATORS. User Guide

RazorSafe Mail Archiving Appliances

SAMAY - Attendance, Access control and Payroll Software

Symantec Control Compliance Suite Standards Manager

City of Wyoming, Michigan Administrative Policy

Transcription:

Using Promontory s RADAR to Develop and Maintain an Identity Theft Prevention Program and Risk Assessment 2009 1

Contents Steps to Develop a Robust Program Dashboards Reports Program Maintenance Technical Information Integration with Other Compliance Risk Assessments Contact information 2

Steps to Develop a Robust Program 1. Identify covered accounts 2. Identify red flags that are relevant to covered accounts 3. Determine controls to identify relevant red flags 4. Determine appropriate response when a red flag is identified 5. Assess control effectiveness 6. Identify and implement any enhancements as required 7. Document the program, including supporting policies and procedures 8. Approve the program 9. Keep the program current over time Even if you already have an Identity Theft Prevention Program in place, keeping it current over time without the right tools is challenging. Promontory s RADAR provides those tools. 3

Identify covered accounts Identify: account[s] that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account; and any other account[s] that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks. Reasonably foreseeable risk depends on factors such as: methods used to open accounts methods used to access accounts previous experience with identity theft RADAR helps financial institutions make risk-based determinations of covered accounts and track them over time. 4

Select the obligation from the inventory. Select products with common methods of opening, access, and common identity theft loss histories. 5

Conduct risk assessment, include high risk accounts as covered accounts. 6

Identify relevant red flags RADAR helps financial institutions Map relevant red flags to covered accounts; Document controls to detect red flags; Document the response to red flags; Document an assessment of control effectiveness; and Record any remedial action necessary to enhance controls. 7

Map relevant red flags to... Covered accounts with common controls for the relevant red flags. 8

Document quality of risk management, including controls, response, and effectiveness. Specify remedial actions. 9

See the results in inter-active dashboards. 10

Generate user-friendly reports 11

Keep program current over time Robust security, user permissioning, and audit trails help you keep the program current over time. Avoids problems that arise when institutions try to maintain their Identity Theft Prevention Program in excel files or word documents. 12

Integrates with other risk assessments Although institutions can purchase RADAR for use only with their Identity Theft Prevention Program, the system is modular and can be used for other compliance risk assessments, including AML risk assessments. 13

RADAR - technological overview RADAR combines a web-based front end developed using ASP.NET (and C#) with the power of a SQL Server 2005 database on the backend. The application is an enterprise system that is highly scalable to accommodate users in the world s largest financial institutions. The web interface leverages Ajax to provide a friendly, responsive user experience. The system keeps user credentials secure by storing them in an encrypted format. Most financial institutions can readily install RADAR on their own servers. Some institutions, however, choose to host the application on Promontory s servers during initial implementation. 14

Contact information Michael Dawson Chief Executive Officer Promontory Financial Group (UK) Ltd. Chief Operating Officer and President, Promontory Compliance Solutions, LLC mdawson@promontory.com 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information