Skip to main content
Learn more about the latest security and privacy threats
Back to Glossary

Red Flags Rule

The Red Flags Rule is a U.S. federal regulation developed by the Federal Trade Commission (FTC) that requires financial institutions and certain creditors to implement identity theft prevention programs. These programs must be designed to detect, prevent, and mitigate identity theft in covered accounts.

About Red Flags Rule

What is the purpose of the Red Flags Rule?

The Red Flags Rule is intended to protect consumers from identity theft by requiring organizations to proactively identify warning signs—or “red flags”—that indicate the potential for fraud. The rule aims to reduce the risk of financial harm by encouraging early detection and response.

What are the four elements of the Red Flags Rule?

1. Identification of relevant red flags that signal identity theft. 2. Detection methods for those red flags. 3. Response plans for when red flags are detected. 4. Periodic program updates to address new risks and changes in the threat landscape.

What does the Red Flags Rule require banks to establish?

Banks and other covered entities must develop a written Identity Theft Prevention Program. This program must be approved at the board level, involve regular employee training, include appropriate oversight of service providers, and be tailored to the institution’s size, complexity, and scope of operations.

Secure verifications for every industry

We provide templated identity verification workflows for common industries and can further design tailored workflows for your specific business.

Book a Demo