Examinations In Process
We are finally beginning to get some good information regarding how banks and credit unions are doing coming out of their initial FACT Act Red Flag audits. The great news is that our clients are being given a passing grade by the auditors for using our Safe2Change solution to meet the address change provisions of FACT Act. Great news, because they deloyed Safe2Change as a much more cost-effective solution to complying versus sending out letter confirmations. At a time when costs are more critical than ever, saving some dollars here is very important, and our customers are able to realize these savings.
More interestingly, we are seeing a couple of general trends emerging from these audits that are worth thinking about.
Looks like the auditors are being somewhat lenient in this first pass. Clearly there are the handful that completely ignored the regulation and are getting it with both barrels. However – in the first round we are hearing that they are generally not having many issues.
The one gap that we are hearing now repeatedly is that the examiners are beginning to scrutinize compliance strategies where financial institutions are mailing letters to the customer’s old and new address to achieve compliance. The issue is sufacing not because of the letter mailing strategy, but because FACTA requires that the institution not fulfill subsequent requests credit cards, debit cards, checks, etc. until the consumer has had enough time to receive and respond to the letter. This makes sense. If the institution sends out a letter and then sends the requested card to the new address (where the fraudster is waiting) – then this strategy will still still result in identity theft.
We are finding that most institutions have deployed the letter mailing strategy. However – we are also finding that these same institutions are not putting a “hold” on the account to block the request for cards and checks. This is not allowed per the FACT Act, which states that you can send letters, but not fulfill these additional requests until enough time has passed.
In these early examinations, we are hearing this issue being brought up repeatedly. While the examiners are being a bit lenient in round 1, we see this as being an issue that will be scrutinized much more and that financial institutions will need to plug this hole.