The imminent implementation of the so-called ‘red flag’ identity theft prevention regulation in the United States – which will take effect starting 1 November 2008– is set to have a spillover effect on Canadian legislation and, analysts say, even generate a similar regulation for Canadian financial institutions.

One security and privacy services expert told Canadian website itworldcanada.com that while the law in question is strictly directed at American banks and creditors, due to the fact that many Canadian banks are operating or are contemplating the expansion of their services southwards into US territory, something will have to be done regarding red flag regulation compliance. The two options available for banks are either to adopt a compatible set of internal regulations or to come up with a way of separating US customers form Canadian ones in order to comply with the laws which strictly apply to US citizens.

The ‘red flag’ regulations have been adopted under the US Fair and Accurate Credit Transactions Act (FACTA) and demand that all financial institutions adopt programs which track consumer behaviour patterns and get alerted when changes occur which might indicate foul play.