BSA and FACTA - Red Flag Rules

(BSA) Bank Secrecy Act and (FACTA) Fair and Accurate Credit Transactions Act: Red Flag Rules

Complying with the BSA Bank Secrecy Act via ID authentication is simply a matter of implementing a written Identity protection policy and backing that up with the technology to verify the identity of any person seeking, renewing or continuing credit.  The purpose of the BSA Red Flag Rules is to require anyone associated with the issuance of credit, or making a credit decision, to implement policies and procedures for the prevention of identity theft and to

report suspected activity.  Failure to comply with the Red Flag Rules could result in severe penalties.

Who must comply with the Bank Secrecy Act

Compliance with the Act is required by anyone or any organization involved in making a credit decision.  Although this list is not exhaustive, the types of businesses covered vary from banks and casinos to currency exchanges, car dealers and credit card providers.

The BSA expanded its definition of the types of businesses covered by defining a "covered transaction"  Covered transactions include creating or managing a credit account, opening a safety deposit box, offering trust and custodian services, facilitating money-order payments or money transfers, or opening a transaction or asset account.  That broad definition covers retail operations as well as financial institutions.  It is important to know whether our industry or business is covered to be certain you comply with the Red Flag Rules of the BSA Bank Security Act.

What Compliance with the BSA Means

Compliance with the BSA means adhering to three important requirements. These are:

1. Record keeping requirements regarding the sale of negotiable instruments and cash transactions
2. Reporting and filing of cash logs and records of large cash sales.
3. Reporting illegal activity or suspected illegal activity related to tax evasion, money laundering and other illegal activity.

It is the record keeping and reporting requirements that creates the need to secure the identity of a borrower or purchaser.  Keeping in compliance with the Bank Secrecy Act means setting up a Customer Identification Program or CIP that is appropriate for your type of business and the types of transactions your business handles.

Customer Identification Program

Setting up a customer identification program is essential to insure compliance with the BSA.  Your program must include detailed instructions detailing the process used for confirming a customer’s identity as well as verifying the documentary authenticity.  Determining how much information you need to gather and authenticate is determined by conducting a risk assessment of your product offerings and the types and demographic of your customer base.

Consider also, the methods used to open and/or access accounts.  Is there a reasonable and foreseeable risk of identity theft or fraudulent activity?  What are of risk is at stake?  Is there a financial, operational or compliance risk?  Does it affect the customer’s reputation or can the risk, if realized, lead to litigation?  These are all necessary considerations when putting in place a BSA compliance program.

Once a plan is put in place the BSA Bank Secrecy Act requires it be approved by the institutions board of directors and that all stake holders are informed of the process.

RED FLAGS and the BSA Bank Secrecy Act

The BSA presents a number of "red Flags" associated with fraudulent activity or identify theft. Below is a partial list.  A complete listing can be found at 16 C.F.R. 681 of the United States Code.

Alerts, Notifications or Warnings from a Consumer Reporting Agency

1. A fraud or active duty alert or notice of credit freeze or notice of address discrepancy is included with a consumer report.

2. A consumer report indicates a pattern of activity that is inconsistent with the history and usual pattern of activity of an applicant or customer

Suspicious Documents

3. Documents provided for identification appear to have been altered or forged.

4. The photograph or physical description on the identification is not consistent with the appearance of the applicant or customer presenting the identification.

5. Other information on the identification is not consistent with information provided by the person opening a new covered account or customer presenting the identification.

Suspicious Personal Identifying Information

6. Personal identifying information provided is inconsistent when compared against external information sources used by the financial institution or creditor

7.. Personal identifying information provided by the customer is not consistent with other personal identifying information provided by the customer.

8. Personal identifying information provided is of a type commonly associated with fraudulent activity as indicated by internal or third-party sources used by the financial institution or creditor.

9. The SSN, address or telephone numbers provided are the same as that submitted by other persons opening an account or other customers.

Unusual Use of, or Suspicious Activity Related to, the Covered Account

10. Shortly following the notice of a change of address for a covered account, the institution or creditor receives a request for a new, additional, or replacement card or a cell phone, or for the addition of authorized users on the account.

11. A new revolving credit account is used in a manner commonly associated with known patterns of fraud patterns.

12. A covered account is used in a manner that is not consistent with established patterns of activity on the account.

13. A covered account that has been inactive for a reasonably lengthy period of time is used (taking into consideration the type of account, the expected pattern of usage and other relevant factors).

14. Mail sent to the customer is returned repeatedly as undeliverable although transactions continue to be conducted in connection with the customer’s covered account.

ID Authentication

With document authentication one of the biggest parts of the BSA Bank Secrecy Act electronic ID authentication is an accurate, cost effective and practical way to insure compliance.

Depending on the types of transaction your business engages your approach to compliance will vary.  However, taking a multi-tiered approach to document authentication will insure compliance regardless of your industry.

For checking IDs:  There are literally 100s of U.S. and foreign government issued IDs.  Using an ID scanner with a third party updated data base will eliminate guess work and employee mistakes.

Image Capture:  Using image capture devices to copy authenticated documentation and IDs ill help preserve the record for later reporting.

Third Party Databases:  running the applicant information through a third party background, and credit check will reveal significant information that, if present in the data,  can raise red flags.

Maintaining compliance with the BSA Bank Secrecy Act is an ongoing process.  Partnering with a leader in counterfeit and fraud detection ensures continued up to date compliance with the BSA Bank Security Act.