If the business is a creditor or a “financial institution” (defined as a depository institution) that offers covered accounts, you must develop a Program to detect possible identity theft in the accounts and respond appropriately. The federal banking agencies, the NCUA and the FTC have issued Guidelines to help covered entities identify, detect and respond to indicators of possible identity theft, as well as to administer the Program.
A copy of the Red Flag Guidelines can be found:
Federal Reserve Board – 12 C.F.R. pt 222, App. J
Federal Deposit Insurance Corporation – 12 C.F.R. pt 334, App. J
FTC – 16 C.F.R. pt 681, App. A
NCUA – 12 C.F.R. pt 717, App. J
Office of the Comptroller of the Currency – 12 C.F.R. pt 41, App. J
Office of Thrift Supervision – 12 C.F.R. pt 571, App. J