Go to Content

How to Comply with the Identity Theft Red Flags Rule

The Red Flags Rule outlines identity theft detection and prevention measures for financial organizations and some creditors. Learn the history and details of these regulations and how PROSHRED® Houston can help you stay in compliance.

Red Flags Rule black text on white background.

What is the Identity Theft Red Flags Rule?

The Red Flags Rule provides guidance on how to develop an identity theft prevention program. It comprises joint rules and guidelines enforced by the SEC and CFTC for the firms they regulate. Back in 2011, the Federal Trade Commission (FTC) started to enforce its Red Flags Rule under the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). This rule required financial institutions and creditors, as well as most securities firms, to have a written program designed to mitigate identity theft through proactive detection and prevention. Later that year, the Dodd-Frank Act transferred this oversight to the SEC and CFTC. In 2013, the two bodies produced their joint Identity Theft Red Flags Rule, which did not expand the oversight but did add new language around compliance. It's important for financial institutions to comply with the Red Flags Rule to avoid a penalty of several thousands of dollars (up to $3,500 for civil fines and $2,500 due to the FTC per violation).


Who Must Comply with the Red Flags Rule?

According to the FTC, financial institutions and some creditors are obligated to undertake identity theft assessments periodically.

  • Financial Institutions: State or national bank, a state or federal savings & loan association, a mutual savings bank, a state or federal credit union, or any other entity that holds a “transaction account” belonging to a customer.
  • Creditors: Any entity that regularly extends, renews, or continues credit, any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.

Under the Red Flags Rule, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs of identity theft. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. The Red Flags Rule provides all financial institutions and creditors the opportunity to design and implement a program that is appropriate to their size and complexity, as well as the nature of their operations. As federal and state legislation tightens and affects not only financial and credit businesses across America, it is imperative that all organizations, especially financial ones, conduct due diligence and take appropriate measures to ensure end-of-lifecycle documentation is properly destroyed and recycled.

PROSHRED advertisement for a Red Flags Rule brochure.
Shredding employee and business woman discussing a contract outside near a mobile shredding truck.

How PROSHRED® Houston Can Help with Red Flags Rule Compliance

Identity theft was among the top categories for fraud complaints in 2019. The risks of identity theft and sensitive data breaches are even greater in 2020 in light of COVID-19 and more employees working remotely. According to the law, when using an outsourced document destruction company, financial organizations must use due diligence in selecting, managing, and monitoring the service provider to ensure that consumers’ private information is protected. PROSHRED® Houston's financial record shredding service provides a secure, convenient, and environmentally friendly solution for one-time or ongoing document destruction and Red Flags Rule compliance.

Cookie Policy

We use cookies and other tracking technologies to ensure you get the best experience on our website, assist with navigation, analyze your use of our services, and assist with our promotional and marketing efforts. If you continue without changing your browser settings, you are providing consent to our Cookie Policy. Click here to learn more about our privacy policy.