Which elements must be included in an Identity Theft Prevention Program under FACTA?

The main concept being tested is what must be included in an Identity Theft Prevention Program under FACTA. Under the Red Flags Rule, banks and certain creditors must have a written program that is designed to detect, prevent, and mitigate identity theft in connection with open and existing accounts. The essential elements include a risk assessment to identify relevant identity theft risks, policies and procedures to address those risks, ongoing monitoring to catch new or evolving threats, training for staff so they can recognize red flags, and clear response protocols for when red flags are identified (including steps to mitigate damage and notify customers). The other options describe items like financial statements, contracts, or general security or event-related activities that aren’t part of the mandated red flags program and don’t address detection, prevention, and response to identity theft. Therefore, the option that lists risk assessment, policies and procedures, ongoing monitoring, training, and response protocols for red flags best meets FACTA’s requirements.