Laserfiche WebLink
<br />ii <br />C. Reporting(Internal audit conducted by Finance -reporting results to Risk <br />Mana eg ment <br />The Internal Auditor shall report to the Risk Manager at least annually on the <br />Department's compliance with 16 C.F.R. §681.2. The report should address <br />material matters related to the Program and evaluate issues such as: the effectiveness <br />of this Program in addressing the risk of identity theft in connection with the <br />opening of Covered Accounts and with respect to existing Covered Accounts; <br />service provider arrangements; significant incidents involving identity theft and the <br />Department's response; and recommendations for material changes to the Program. <br />D. Service Provider <br />Whenever the Department engages a service provider to perform an activity in <br />connection with one or more covered accounts, the Department will take steps to <br />ensure that the activity of the service provider is conducted in accordance with <br />reasonable~olicies and procedures designed to detect, prevent, and mitigate the risk <br />of identity theft (e.g. may contractually require the service provider to have policies <br />and procedures to detect relevant Red Flags that may arise in the performance of the <br />service provider's activities, and either report the Red Flags to the Department, or <br />take appropriate steps to prevent or mitigate identity theft). <br /> <br /> <br />C <br />C <br /> <br />~~ <br />f <br /> <br />RM 3/26/2009 7 <br />Attachment number 1 <br />F-12 Page 210 of 320 <br />