FACT Act and Identity Theft Red Flag Compliance
Bankers’ Bank and its subsidiaries (“BB”) will combine, as appropriate, any existing policy and procedures to help detect, prevent, or mitigate identity theft. The Bank has a policy in place entitled Identity Theft-Red Flags and a program to help control reasonably foreseeable client risks from identity theft.
Red Flag Identification
As part of its implementation, BB has considered relevant identity theft risk factors related to various departments and subsidiaries. Only certain BB business units and subsidiaries handle consumer information. Those business units and particular systems were evaluated for access to “identifiable information” and associated risks identified. Once identified, an assessment of risk mitigation and other actions was conducted in accordance with the program and any compliance issues reported. Additional sources of Red Flags will be considered on an ongoing basis and evaluated based on relevant risk factors to each business unit.
Detecting Red Flags
The program’s policies and procedures address the detection of red flags in connection with systems or personnel handling “identifiable information.” Once identified, that particular system or persons will be guided by the policies and procedures of the program or any other relevant BB Information Security policy.
Preventing and Mitigating Identity Theft
The program’s policies and procedures provide for appropriate responses to those Red Flags identified as having a high risk for affected business units. Where possible, prevention measures were developed and implemented as appropriate to help detect, prevent or mitigate possible risks to identity theft. Those actions taken to help detect, prevent or mitigate possible identity theft may include actions such as monitoring high risk systems for identity theft, contacting affected clients involved in possible security incidents, changing passwords and limiting access to systems involved in security incidents, notifying law enforcement, among others. In the event identity theft is confirmed, BB will notify affected clients as soon as feasible.
Monitoring the Program
On a regular basis, BB will review and update the program to reflect changes in risks to clients or to the safety and soundness of BB from identity theft. This may include changes in possible methods related to or in connection with detecting, preventing, or mitigating identity theft. BB will also update the program as appropriate if changes occur to the type of accounts it holds or if any business arrangements change the landscape of the compliance requirements.
The Administration of the program is conducted by the Chief Information Officer/Senior Officer of Information Technology. The administration involves continuation of current Information Security Program policies and procedures, reviewing and approving compliance reporting and any additional duties regarding the detection, prevention and mitigation of identity theft. Compliance with the Red Flag Program is reported annually to the Board of Directors of BB and any significant changes to the program will also be reported to that Board.