Automation in Red Flags Rules Program Delivers Stronger ROI

MBA (5/12/2008 ) Palaparty, Vijay
Folding automation into programs to meet Red Flags Rules requirements—which call for financial institutions and creditors to create and implement a plan for detecting and responding to identity theft—offers significant return on investment potential.
The Red Flags Rules are amendments of the Fair and Accurate Credit Transactions Act of 2003 and were jointly established by the Federal Trade Commission and federal banking agencies. They call for financial institutions to have a program in place to detect, prevent and mitigate identity theft in connection with opening of accounts and existing accounts, according to Jeff Taft, partner in the financial services regulatory and enforcement group at global law firm, Mayer Brown LLP.

Additionally, the rules require credit card and debit card vendors to validate change of address and institutions to employ certain procedures when receiving notice of address change from consumer reporting agencies.

“The role of automation in red flag compliance can provide huge savings for financial institutions,” said Tom Johnson, vice president of product development at Zoot Enterprises, Bozeman, Mont. “There can be huge costs especially in areas such as address mismatching. Any address that comes back as mismatched, requiring manual review, could cost up to $10 per application. It also results in the losses of ability to approve applications efficiently. Not having an automated review process causes a breakdown in process.”

Johnson reported that 20 percent of credit bureau files have mismatched addresses. “Of course it depends on the line of business and market, but such a high percentage means that so many applications drop on the floor or end up in a manual queue,” he said.

“The main function of automated process is to improve return on investment,” Johnson said. “With additional data sources and business rules, 98 percent of flagged applications can be cleared without having to go into manual processing. This means institutions can pick up additional transactions and reduce manual process. It also reduces losses in fraud."

Johnson also said financial institutions should implement a single red flag program that covers as much of the institution as possible. “The more programs you have, the more you have to integrate and manage,” he said. “Elements of a successful solution include automating the process. You want to get away from manual queues and incorporate certain business rules. Also, as you create new red flags, you want to automate the creation of checks for that type of behavior and be able to report.”

Johnson said financial institutions should incorporate flexibility in red flags programs to be able to evolve as changes in the laws and rule take place. “As auditors create best practices, you will need to be able to adjust what is required on your end,” he said. “There are lots of types of rules and data. If you have flexibility, you can adapt new data sources to what is out there.”

He said financial institutions should also implement logic for different lines of business and tie them together in one system where the different lines communicate with each other. He also pushed for real-time user control, the ability for institutions to adapt quickly and integration with third party vendors.

The regulations were effective as of January 1 but compliance is not mandatory until November 1.

“Do not wait until November to implement the program—no one will ever be ‘finished’ because it’s an ongoing program,” Taft said. “Start early, work through your board, senior management and policies.”

Taft said the program is a significant area especially for employees who deal with customers and accept documentation. “They are important because they are on the front lines and in the best position to detect suspicious or fraudulent documentation,” he said. “Also, for those working on customer hotlines, it’s important for them to be able to answer questions or flag accounts with potential for identity theft.”

“While there will be costs, long-term benefits for those doing a good job will be obvious,” Taft said. “Reduced fraud in identity theft will allow them to recoup initial costs that institutions sink into implementation costs.”