The Red Flags Rule and benefits of using 3rd party vendors
The Red Flags Rule as set forth by the Federal Trade Commission (FTC) is due to go into effect May 1st, 2009. The FTC guide “Fighting Fraud with the Red Flags Rule – A How-To Guide for Business” indicates that it’s important to fight the battle against identify theft on two fronts: “First, by implementing data security practices that make it harder for crooks to get access to the personal information they use to open or access accounts, and second, by paying attention to the red flags that suggest that fraud may be afoot.”
As part of the implementation of your Identity Theft Prevention Program, you are asked to address how you’ll protect the personal and confidential information of your clients. You’ll want to spend time documenting how you will prevent unauthorized access to sensitive data during the loan process. You’ll also want to spend time documenting how you will prevent unauthorized access to sensitive data after the loan closes.
One excellent suggestion for how to accomplish the later is to use a data archiving service to preserve and protect your physical loan files after they are closed. Physical loan files are a goldmine of sensitive data and should be handled with great care for as long as they exist. The benefit to using a 3rd party vendor for archiving is that loan files (and the personal and confidential information contained therein) are no longer stored in your office and are no longer in reach of employees and staff. This reduces your security footprint, risk of identity theft, and provides secure online access to loan files only to those who have proper authorization.
In this partnership model, your role is to preserve and protect your customer loan file until the loan is closed. The data archiving vendors role is to preserve and protect your customer loan file after the loan is closed.
A data archiving service or vendor should provide the following:
- A trackable shipping mechanism to send loan files to them
- 24×7 secure online web access for authorized personnel only
- 24×7 secure physical storage
- Multiple levels of physical and electronic security measures
- Email notifications when a borrower or authorized person accesses a file
- Safe shredding of documents after mandatory storage requirements have been met
- Full background and security checks on every hire, inc. criminal, credit, and drug screens
- Substantial Criminal Theft and Errors & Omissions insurance policies
- Committment to aggressively cooperate with authorities to prosecute offenders
The security of your borrower’s data and private information should be everyones number one concern and the Red Flags Rule reinforces this by now requiring you to have documented plans and procedures in place. The benefits of integrating a 3rd party vendor into your business model to mitigate the risks of identity theft are very real and very compelling. It also allows you to focus on what you do best, which is closing loans, instead of trying to become a security expert.
At Top of Mind Networks, we consider the security of borrower data to be an absolutely critical and vital business function. If you’re not using a data archiving service like ours as part of your Red Flags Rule implementation, please make sure you have fully and completely understood what is now required of you to satisfy these new regulations.