(A) Under the Red Flag Rule, every financial institution and creditor is required to establish an identity theft prevention program tailored to its size, complexity, and the nature of its operation.
(B) Each program must contain reasonable policies and procedures to:
(1) Identify relevant red flags for new and existing covered accounts, and incorporate those red flags into the program;
(2) Detect red flags that have been incorporated into the program;
(3) Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
(4) Ensure the program is updated periodically to reflect changes in risks to customers or to the safety and soundness of the creditor from identity theft.
(Ord. passed 10-20-2008)