(A) To establish an identity theft prevention program designed to detect, prevent and mitigate identity theft in connection with the opening of a covered account or an existing covered account and to provide for continued administration of the program in compliance with 16 C.F.R. part 681, implementing §§ 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003, being 15 U.S.C. §§ 1681 et seq. Every financial institution and creditor is required to establish an identity theft prevention program tailored to its size, complexity and the nature of its operation.
(B) The program must contain reasonable policies and procedures to:
(1) Identify relevant red flags for new and existing covered accounts and incorporate those red flags into the program;
(2) Detect red flags that have been incorporated into the program;
(3) Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
(4) Ensure the program is updated periodically, to reflect changes in risks to customers or to the safety and soundness of the creditor from identity theft.
(2012 Code, § 2-500)