Red Flag Rule

What are your thoughts on the third extension to the Identity Theft Red Flags Rule deadline?

Was your institution ready to meet Red Flag guidelines? 

Below are a few risk management strategies that your financial institution can implement through the utilization of automated portfolio monitoring:

Special accounts strategies
Focus your internal resources on accounts with a high probability of recovery. Minimize "distractions" of resources and determine the probability of rehabilitation. By utilizing these strategies, your financial institution may be able to handle more accounts with same staff levels and have quicker and more accurate responses.

Focus your internal resources
Focus your risk management resources on the accounts that are showing signs of deterioration, those that have fallen below minimum thresholds and show a significant decline from prior year performance. By doing this you can avoid credit review by identifying continuing high performers and negligible declines in credit quality.
 

• Investigate how your sales organization manages and provides oversight on referrals and new opportunities
  • Are you aware of what is going on in these critical areas? 
• Document how your process ensures that pre- and post-funding conditions on credit facilities are fulfilled
  • Are critical requirements falling through the cracks?
• Ask how your financial institution makes sure that your credit facility and its related collateral remain in good standing
  • Are your processes (that ensure you stay on top of financial information, UCC filings, borrowing bases, insurance, etc.) effective?

• Take a look at how your perception of small business loans has kept you from preventing problem situations.
   
• Consider migrating to a more proactive approach in your loan renewal/review process; it can have an impact on your profitability.
   
• Consider freeing up more time for your lenders and relationship managers and investigate what could be done with that time to better benefit your financial institution.

• Price your transactions during the pre-sales process for differential risk (for all risk types).
• Sell services to your clients through relationship management based on risk-adjusted profit.
• Consider looking at risk-based lender performance metrics in your financial institution.
• Benchmark your entity performance over time.
• Benchmark your entity performance and compare that to your peers.

Currently, financial institutions focus on the existing customer base and prioritize collections to recover more cash, and do it faster. There is also a need to invest in strategic projects with limited budgets in order to generate benefits in a very short term, to rationalize existing strategies and processes while ensuring that optimal decisions are made at each client contact point.
To meet the present challenging conditions, financial institutions increasingly are performing business reviews with the goal of evaluating needs and opportunities to maximize the value created in their portfolios.  Business reviews assess an organization’s capacity to leverage on existing opportunities as well as identifying any additional capability that might be necessary to realize the increased benefits.

An effective business review covers the following four phases:

• Problem definition: Establish and qualify what the key objectives of the organization are, the most relevant issues to address, the constraints of the solution, the criteria for success and to summarize how value management fits into the company’s corporate and business unit strategies.
• Benchmark against leading practice: Strategies, processes, tools, knowledge, and people have to be measured using a review toolset tailored to the organization’s strategic objectives.
• Define the opportunities and create the roadmap: The elements required to implement the opportunities and migrating to the best practice should be scheduled in a phased strategic roadmap that includes the implementation plan of the proposed actions.
• Achieve the benefits: An ROI-focused approach, founded on experience in peer organizations, will allow analysis of the cost-benefits of the recommended investments and quantify the potential savings and additional revenue generated. A continuous fine-tuning (i.e. impact of market changes, looking for the next competitive edge and proactively challenge solution boundaries) will ensure the benefits are fully achieved.

Today’s blog is an extract of an article written by Burak Kilicoglu, an Experian Global Consultant

To read the entire article in the April edition of Experian Decision Analytics’ global newsletter e-news, please follow the link below:

http://www.experian-da.com/news/enews_0903/Story2.html
 

The Federal Trade Commission announced on April 30, one day before the intended May 1 Red Flags Rule enforcement deadline, a third extension of that deadline to August 1, 2009.  It's like showing up to class without your homework and the teacher is out sick that day….kind of.  The first extension from November 1, 2008 to May 1, 2009 seems to center on the general confusion among many market sectors around their level of coverage under the Identity Theft Red Flags Rule.  This latest delay seems to be a result of pushback from businesses with a lower risk of identity theft occurrences and a more "known" consumer base.

So, it looks like we have at least three more months of preparation time.  This can be a good thing for all institutions regardless of their current Red Flag guidelines readiness status.  Those who scrambled to get a program in place now have time to fine tune it.  Those that were hoping for another extension have it.  Those who still question what their program should look like or if they are even covered can look forward to some more clarifying information out soon.

Some key takeaways from the announcement:

• The FTC announcement does not impact other federal agency enforcement deadlines dating back to November 1, 2008.
• Specific to institutions that may have a perceived lower risk of identity theft, or businesses that generally know their customers personally, the Commission will be publishing more clarifying language and sample process (in the form of a template) to help those types of businesses comply with the Rule.

Finally, this quote from the announcement sums it up:  “Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further,” FTC Chairman Jon Leibowitz said.
 

1.       Portfolio Management – You should really focus on this topic in 2009.  With many institutions already streamlining the origination process, portfolio management is the logical next step.  While the foundation is based in credit quality, portfolio management is not just for the credit side. 

2.       Review of Data (aka “Getting Behind the Numbers”) – We are not talking about scorecard validation; that’s another subject.  This is more general.  Traditional commercial lending rarely maintains a sophisticated database on its clients.  Even when it does, traditional commercial lending rarely analyzes the data. 

3.       Lowering Costs of Origination – Always a shoe-in for a goal in any year!  But how does an institution make meaningful and marked improvements in reducing its costs of origination? 

4.       Scorecard Validation – Getting more specific with the review of data.  Discuss the basic components of the validation process and what your institution can do to best prepare itself for analyzing the results of a validation.  Whether it be an interim validation or a full-sized one, put together the right steps to ensure your institution derives the maximum benefit from its scorecard.

5.       Turnaround Times (Response to Client) –Rebuild it.  Make the origination process better, stronger and faster.  No; we aren’t talking about bionics here -- nor how you can manipulate the metrics to report a faster turnaround time.  We are talking about what you can do from a loan applicant perspective to improve turnaround time.

6.       Training – Where are all the training programs?  Send in all the training programs!  Worry, because they are not here.  (Replace training programs with clowns and we might have an oldies song.)  Can’t find the right people with the right talent in the marketplace? 

7.       Application Volume/Marketing/Relationship Management – You can design and execute the most efficient origination and portfolio management processes.   But, without addressing client and application volume, what good are they?

8.       Pricing/Yield on Portfolio – “We compete on service, not price.” We’ve heard this over and over again.  In reality, the sales side always resorts to price as the final differentiator.  Utilizing standardization and consistency can streamline your process and drive improved yields on your portfolio.

9.       Management Metrics – How do I know that I am going in the right direction?  Strategize, implement, execute, measure and repeat.  Learn how to set your targets to provide meaningful bottom line results.

10.    Operational Risk Management – Different from credit risk, operational risk and its management, operational risk management deals with what an institution should do to make sure it is not open to operational risk in the portfolio. Items totally in the control of the institution, if not executed properly, can cause significant loss.

What do you think? As the end of April approaches, are these still hot topics in your financial institution?

• Engage in relationship reviews
  • These are a way to proactively outreach key clients
  • This is NOT the "annual credit review"
  • They must be objective in order to map and identify future opportunities
  • Think in a longer-term perspective such as a 12- to 18-month duration

Due to the recent economic events, increased collections workloads are straining client infrastructures and resources. Most clients in North America operate their delinquent accounts on legacy collections systems that are inflexible and expensive to manage and maintain. A recent and abrupt spending shift has drifted toward collections tools, data, operational, efficient workflow and decisioning systems.

On the information technology front, the collections workflow software industry is on the brink of a technology shift from legacy systems to modern next generation offerings that are typically coded in Java. Very few collections software vendors have actually released and implemented their next generation products and are preparing to do so over the next six to 12 months. Clients are aware of this technology shift and the interest of many end users has been heightened and many are actively researching and shopping.

Reducing operational costs is an urgent priority for most financial institutions and utilities. Legacy systems do not allow management to change strategies or flows quickly or in a cost effective manner, which leaves most collections departments unable to keep up with rapidly changing environments and business objectives. Clients also have critical business needs to reduce losses, improve cash flow and promote customer satisfaction. 

Many clients maintain multiple systems and it is common that these disparate systems do not communicate with each other. Consolidating collections operations and databases into one central system is strongly desired and presents an opportunity for significant financial gain.

 

We’ve stopped taking phone applications and are using the out-of-wallet questions for Internet credit applications. Are we going overboard?

The Red Flags Rule does not preclude phone applications or otherwise limit the manner in which you m ay accept applications for covered accounts. However, different methods to open covered accounts present different identity theft risks, and you must consider those differing risks in identifying the relevant Red Flags for each type of covered account that you provide.

 

As we approach the FTC's May 1, 2009 Red Flags Rule enforcement deadline, we are still working with many of our existing and prospective clients to support their Red Flags Identity Theft Prevention Program.  In my opinion, the May 1, 2009 extension did much good on two fronts: 

1.  It brought to light the need for all institutions, particularly in markets outside of traditional financial services arenas, to re-evaluate the expectation of their being 'covered' under the Red Flag guidelines. 

2.  It allowed 'covered' institutions the opportunity to take additional steps to not only create and operationalize their programs, but to spend time making those programs efficient and in line with business and regulatory objectives.

In the spirit of information gathering and sharing, we at Experian are conducting a quick survey to gauge how 'helpful' the May 1, 2009 extension was to your organization.  We're also trying to informally keep our finger on the pulse of market readiness, as the enforcement deadline is upon us.

Via the link below, please take about 60 seconds to answer a few questions that will help us better understand the current state of the market's Red Flags Rule readiness.

Experian Red Flags Survey

We certainly appreciate your time.

I encourage all of you to have a look at this newly launched Federal Trade Commission Web site dedicated to the Red Flags Rule guidelines.  It is a good resource to that organizes the requirements of the Rule in a user-friendly manner.  It also looks to be an ongoing resource for the posting of updates and related commentary.  I suggest you make this site one of your bookmarks today:
 

The Federal Trade Commission has launched a Web site to help entities covered by the Red Flags Rule design and implement identity theft prevention programs. The Rule requires “creditors” and “financial institutions” to develop written programs to identify the warning signs of ID theft, spot them when they occur, and take appropriate steps to respond to those warning “red flags.”
 

Of particular interest, is the "Read the Guide" tab, where you can view and download the new FTC guide to Red Flag Rules.  For those in the telecommunications and utilities spaces, check out the "Publish the Articles" tab where you will find two bulletins on Red Flags in these arenas.  Enjoy.

• Deliver consistent responses based on objective authentication results, while eliminating subjectivity often found in more manual review processes. 
• Save time and money associated with a manual review process currently attributed to Red Flag Rule referrals. 
• Provide examiners a detailed process flow including decision elements. 
• Create champion / challenger flows to test, compare and alter new strategies over time. 
• Revise, over time, the specific elements used in your decisioning to appropriately weight each from a fraud detection and/or compliance perspective.

If the business is a creditor or a “financial institution” (defined as a depository institution) that offers covered accounts, you must develop a Program to detect possible identity theft in the accounts and respond appropriately. The federal banking agencies, the NCUA and the FTC have issued Guidelines to help covered entities identify, detect and respond to indicators of possible identity theft, as well as to administer the Program.

A copy of the Red Flag Guidelines can be found:
Federal Reserve Board – 12 C.F.R. pt 222, App. J
Federal Deposit Insurance Corporation – 12 C.F.R. pt 334, App. J
FTC – 16 C.F.R. pt 681, App. A
NCUA – 12 C.F.R. pt 717, App. J
Office of the Comptroller of the Currency - 12 C.F.R. pt 41, App. J
Office of Thrift Supervision - 12 C.F.R. pt 571, App. J
 

Good day all. My last blog revolved around practical approaches to effective client relationship management. It time to get back to a “risk” type conversation.

I recently told my wife that if I hear the phrase “…in this economic environment …” uttered as a caveat one more time, I’m going to scream. I have truly come to anticipate the beginning or introduction to interviews and articles to lead in with this sentiment and it’s driving me nuts.

In these economic times (you can tell I’m from the sales side, I cleverly changed the phrase), it is clearly not business as usual within most financial institutions. Conversations with CEOs and bank presidents over the past two months have usually followed the same theme, “I’ve got money to lend, but I just can’t find a decent deal” or “I’ve got applications up the wazoo, but the quality just isn’t there.”

So, what is going on?
The obvious answer is that we are looking at applications more closely and the credit side (risk management guys) is deliriously happy because everytime they make a recommendation about “reviewing the opportunity further” they also don’t hesitate to mention, “in this economic environment.”

Really, what is the scoop and how do we adjust on the front line?
Clearly, we know that deeper reviews and management of risk is being undertaken. The problem is that the established standards are no longer valid. Yes, the basics ratios still need to be run, but let’s face it, in this economic environment a company’s historical performance is no longer an effective indicator as to their future performance. The playing field is no longer consistent. The past two to three years of financials are based on circumstances that no longer apply. This means that the analysts are having a difficult time establishing effective benchmarks from which to apply credit policy – and we know that those guys are the paragons of adaptability.

We are being asked to evaluate risk in an uncertain circumstance. We are looking at projected revenues and earnings and examining receivables. We are also comparing this business to others in the industry, determining which other market segments have a direct (and indirect) impact on the performance of this one, reviewing business plans and evaluating management depth and experience. And, at the end of the day, either saying no, saying yes but not so much or holding our breath and hoping that divine intervention shows us the way.

Does any of this should sound familiar to you?
It should. We see these type of deals all of the time and we call them the start-ups.

Ok, so what am I recommending? Quite simply, that we take a step back from our typical approach to the established business and engage with them the way we would a start-up.

When an opportunity or request presents itself, restrain the urge to go down the garden path. Slow down! No... stop! Take a deep breath, put on your “economic development hat ” and approach the deal the way you would if it were a start-up (and I don’t mean running away at top speed in the opposite direction screaming). You should: 

• look for or help them construct a short term (next four to six month) tactical action/priority plan;
• help them or review their 12-month business plan;
  o NOTE: If the business hasn’t realized that they need a short-term survival plan and a mid-term business plan… run! Run far and run fast!
• examine their market and have them explain why they will make it versus the competition;
• dig into their management expertise (think AIG);
• have them explain how their tactical and 12-month business plan will keep the doors open and the lights on (since its coming into summer we’ll cut them some slack on the heat); and finally
• review and revise their projections.

If at the end of this, you still feel that the deal has legs, it probably does, and you’ve done a pretty thorough job building the business case for the credit side.

Or, you could just lament that there really isn’t much out there in this economic environment.