The Initial Risk Assessment looks at what is required by the FACT Act and Red Flag Ruling and assesses where there are shortcomings in the financial institution’s current strategy. The risk assessment must be updated periodically based on changes used to open accounts, methods available to access accounts, and the institution’s experience with identity theft.
The law does state that the financial institution or creditor has the choice to decide whether they need to implement this program or not. If they feel they do not need a program, it must reassess periodically the decision based on the accounts open or maintained.
Next up: a look at the Policies and Procedures Manual
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment