1 / 16

FACTA ID Theft Programs

FACTA ID Theft Programs. Auditing for Compliance Steven Nyren, CRCM Sheshunoff Consulting & Solutions BCAC Program – September 2008. ID Theft. “Obviously crime pays, or there’d be no crime” - G. Gordon Libby. The Challenge:. Each institution must develop and implement a program to:

noel
Télécharger la présentation

FACTA ID Theft Programs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FACTA ID Theft Programs Auditing for Compliance Steven Nyren, CRCM Sheshunoff Consulting & Solutions BCAC Program – September 2008

  2. ID Theft “Obviously crime pays, or there’d be no crime” - G. Gordon Libby

  3. The Challenge: Each institution must develop and implement a program to: • detect • prevent, and • mitigate identity theft

  4. IDENTITY THEFT PROGRAMS THE $100,000 QUESTION: • How do we know we’ve accomplished our goal?

  5. IDENTITY THEFT PROGRAM Ways to validate your program: • Monitoring • Audit

  6. Monitoring Use of Periodic Reviews: • Monitoring Checklists, where applicable • Testing to confirm compliance • Performed by line unit and/or compliance professional • Object is to identify and resolve issues before an audit or exam

  7. Validating the Program Auditing • More detailed scope and less frequent than monitoring • Independent perspective • May be conducted by Internal auditor and/or outside auditor or other qualified third party

  8. Auditing for Compliance • Process Documentation • Risk Assessment • Controls • Response Program • Training • Administration

  9. RED FLAG CHECK UP Are you ready for the examiners? • Is the Program fully documented? • Does it make sense? • Does practice match policy? • Is it effective?

  10. Risk Assessment • Does it consider? • Methods of opening Covered Accounts • Methods of accessing Covered Accounts • The Bank’s history with identity theft • Current fraud controls • Inherent and residual risks • The Bank’s overall ID Theft risk

  11. Controls • Are controls adequately documented? • Are all applicable red flags addressed? • Are they working as intended?

  12. Response Program • Is the method of documenting response actions to red flag incidents adequate? • What is management’s oversight method – centralized; department level? • Are the responses adequate?

  13. Training • Was it comprehensive? • Has it been documented? • Has it been completed?

  14. Resources • Regulatory Guidance • Industry Websites (Bankersonline.com, ABA.com, etc.) • Seminars and webinars

  15. Can It All Be Done? “Energy and persistence conquer all things.” - Benjamin Franklin

  16. Conclusion • Questions?

More Related