Identity Theft Prevention Program (Red Flags Rule)

Statutory Basis

This Identity Theft Prevention Program ("Program") is adopted under the Fair and Accurate Credit Transactions Act of 2003 ("FACT Act"), the FTC's Red Flags Rule, 16 C.F.R. Part 681, the Federal Reserve and OCC implementing rules, and the California Consumer Records Act and similar state laws. The Program is designed to detect, prevent, and mitigate identity theft in connection with covered accounts.

Covered Accounts

The Program covers accounts that involve or are designed to permit multiple payments or transactions, where there is a reasonably foreseeable risk of identity theft, including residential mortgage applications, refinances, home-equity products, and brokered consumer-credit transactions.

Identification of Red Flags

We monitor for the following categories of red flags:

• Alerts, notifications, or warnings from a consumer reporting agency, including a fraud alert, address discrepancy, or active-duty alert.
• Suspicious documents, including identification that appears altered, photographs that do not resemble the applicant, information inconsistent with information on file, or paystubs that appear forged.
• Suspicious personal identifying information, including a Social Security number out of issuance range, addresses associated with known fraud, mismatches between SSN and date of birth, and inconsistencies across the application.
• Unusual use of the account, including atypical patterns of inquiry or sudden large draw-down.
• Notice from customers, victims, regulators, or law enforcement regarding possible identity theft.

Detection

We detect red flags through customer-identification programs (CIP), Office of Foreign Assets Control screening, third-party fraud-detection vendors, anomaly monitoring, document-authentication tools (including remote identity verification with optional biometric matching), and review of consumer-credit reports.

Response

When a red flag is detected, we take one or more of the following actions appropriate to the level of risk:

• Verify the customer's identity through additional documentation or knowledge-based authentication.
• Decline to open or close the account or to fund the transaction.
• Notify the consumer.
• Notify law enforcement.
• Notify the Consumer Financial Protection Bureau and applicable state regulators where required.
• File a Suspicious Activity Report (SAR) where required under the Bank Secrecy Act.
• Report the incident under state breach-notification laws if Personal Information was compromised.

Service-Provider Oversight

We require service providers (including credit-pull vendors, employment verifiers, e-signature platforms, and document-collection portals) to maintain identity-theft prevention controls equivalent to or stronger than ours.

Consumer Resources

If you believe you have been a victim of identity theft, contact us immediately at contact@marcusnaulin.com or (805) 377-5626. We will, at no cost to you: (i) place a fraud alert with the credit bureaus on request; (ii) provide a copy of any record relating to your identity that we maintain; and (iii) cooperate with law-enforcement investigations. You may also visit identitytheft.gov.

Annual Review

The Program is reviewed annually and updated as necessary to address evolving risks, regulatory changes, and lessons learned from incidents.

Contact Us