Audit Templates (Standalone)

Procedure
Establishment of an identity theft prevention program (Program).
Verify that the financial institution developed and implemented a written Program designed to detect, prevent, and mitigate identity theft in connection with the opening of a “covered account” or any existing “covered account.” The Program must be appropriate for the financial institution’s size and complexity and the nature and scope of its operations and must contain “reasonable policies and procedures” to:
1. Identify red flags for the covered accounts the financial institution offers or maintains and incorporate those red flags into the Program;
2. Detect red flags that have been incorporated into the Program;
3. Respond appropriately to any red flags that are detected to prevent and mitigate identity theft;
4. Ensure the Program (including the red flags determined to be relevant) is updated periodically to reflect changes in risks to customers and to the safety and soundness of the financial institution from identity theft;
5. Require reporting to the board of directors or an appropriate committee of the board on the status and effectiveness of the Program at least on an annual basis and;
6. Provide for periodic independent review or audit of the Program