ࡱ> q` LbjbjqPqP .::+C{Cttt~4zzzzzz8z{h^|^|"|||}}}y{{{{{{$bh8tn}"}nn||KRRRn"R|t|yRnyRRBR"t9|R| \_zz:Ly0Iʁf99t}~R/l}}}0"}}}nnnn3R'R^z  Living with the FACTA Red Flag Rule Understanding the Rule Objective of the Rule. Each creditor that offers or maintains a covered account must implement a written Identity Theft Prevention Program that identifies red flags to <<< detect prevent mitigate >>> identity theft in connection with: the opening of a covered account, OR any existing covered account [16 CFR 681.2(d)(1), 72 Fed.Reg. 63718, 63772] Reason for the Rule. The Red Flag Rule has the purpose of curtailing identity theft. It stems from congressional legislation and is promulgated by the Federal Trade Commission (FTC) to comply with the Fair and Accurate Credit Transactions Act of 2003 (FACTA). Scope of the Rule. The Rule applies to any entity, including a public entity, that establishes covered accounts - involving multiple transactions - for which payment is deferred until after the service is rendered or any other account for which there is a reasonably foreseeable risk from identity theft. This includes inactive accounts and maintenance of inactive account information. Methodology of the Rule. Conduct a RISK ASSESSMENT to identify RED FLAGS. These are security gaps in protecting customer personal information or in detecting identity theft. Focus of the Rule the opening of a covered account, accessing any existing covered account [16 CFR 681.2(d)(1), 72 Fed.Reg. 63718, 63772] address discrepancies Terminology of the Rule. A. What is Identity Theft? It is a fraud committed or attempted using the identifying information of another person without authority. [See, 16 CFR 603.2(a)] The creation of a fictitious identity using any single piece of information belonging to a real person falls within the definition of identity theft because such a fraud involves using the identifying information of another person without authority. [72 Fed.Reg. 63723] Identifying Information: any name, number or biometric data that may be used, alone or in conjunction with any other information, to identify a specific person. B. What is a Red Flag? A pattern, practice, or specific activity that indicates the possible existence of identity theft C. Other Key terms: Account: a continuing relationship established by a person with a financial institution or creditor to obtain a product or service for personal, family, household or business purposes. Example: an extension of credit involving a deferred payment. Creditor: any person who regularly extends, renews, or continues credit. This includes collection agencies and other third party debt collectors that have authority to extend, renew or continue credit. If you use collection agencies, you will need to assure that they are complying with the Red Flag Rules. Credit: the right granted by a creditor to a debtor to defer payment. Covered Account: a consumer account designed to permit multiple payments or transactions; OR any other account for which there is a reasonably foreseeable risk from identity theft. Applying the Rule Timeline Timeline Before May 1 Complete a Risk Assessment Identify Red Flag events that could occur Revise or develop policies to establish an Identity Theft Prevention Program (ITPP) Write the ITPP Timeline By May 1 Governing body approves the ITPP Appoints Compliance Administrator Train Key Personnel Implement the Program Timeline After May 1 Operate the Program Conduct a mid-year review -- November 1 (optional) Conduct an end-of-year review May 1 Prepare and submit a written report to the Governing Body, Oversight Committee The Key to Implementing an ITPP: YOUR RISK ASSESSMENT This is your analysis of what you are doing now in order to identify gaps in verification and security of data. An Individualized Program: Your ITPP must be customized by you for your activity and must be risk-based. Your Program should be tailored to the size, complexity and nature of your operations. [16 CFR 681.2(d)(1); 72 Fed.Reg. 63718, 63772] BASIC ELEMENTS OF A PROGRAM Risk Assessment Identify relevant Red Flags for covered accounts and incorporate them into the Program Detect Red Flags that have been incorporated into the Program Customer Protection Respond appropriately to any Red Flags that are detected to prevent and mitigate identity theft Managing the ITPP Ensure the Program is reviewed regularly and revised periodically to reflect changes in risks to customers and/or your public entity. Provide for continuing administration of your Program. Note: The Rules contain Guidelines to assist creditors in formulating and maintaining an Identity Theft Prevention Program. Your Program is required to include the Guidelines that are appropriate to your operation. An OUTLINE for Your ITPP The Basic Elements for a Program as explained in the Guidelines Supplement A will serve as the outline for your Identity Theft Prevention Program.  Using the Guidelines Element 1: Identifying Red Flags How could a customers identity be stolen from our operations? Any previous experience(s) with identity theft? Lost custody of information? Someone intentionally take data? New Accounts: Verify Information How could stolen identity be used to open a new account? What identifying information do you accept? drivers license * I-9 sources * picture ID * passport additional personal information: pets name, maiden name Remote Applications: how to verify identity? Outside sources for verification assistance New Accounts: Application Environment How could identity be stolen while opening a new account? What is the physical setting where an applicant signs up for service? What can another customer see? What can another customer overhear? Existing Accounts: Access Controls How could a stolen identity be used to access an existing account? What process does your staff go through to access an existing account? What controls are in place to limit access by a customer? Password * key word/phrase verification * PIN Existing Accounts: Data Controls Existing Accounts: Verify Information How could identity be stolen from an existing account? What customer identifying information do you maintain? Paper records Computer records Who has access to customer identifying information? B. The Rules include a Supplement that lists 26 examples of Red Flags. These examples are guides but you must include in your list of red flags all other factors that constitute a risk for your operation. If you recognize a GAP in your current security procedures, identify that gap as a red flag and state in your Program what immediate steps you will take to deal with the gap as well as your deadline for doing so. Examples from the Supplement to the Rules are contained in the Guidelines. C. Red Flags from the Guidelines This includes taking into consideration: Risk Factors Sources of Red Flags Categories of Red Flags [16 CFR Part 681 Appendix A; 72 Fed.Reg. 63773] Element 2: Detect Red Flags Your Program must include your steps for doing the following: Verifying identity of a person opening an account Authenticating customers information Monitoring transactions for suspicious activity Verifying validity of address changes A. Detection Tasks Customer Information: Verify Access: Control Data: Protect Service Providers: Monitor Credit Reporting Agencies: Notify 1. Customer Information: Verify VERIFY New Customers: What forms of identity do you accept? Before you open an account, have procedures to know that a person is who he/she says they are. This requires extra precautions for online applications. VERIFY Existing Customer: Is the person accessing your account your customer? Flag requests for a change of address. Address changes are a primary tool of identity theft. Password protect accounts c. What identity verification for payments by telephone or internet or credit cards of third parties? Acceptable Forms of Payment? Cash * Check * Credit Card * Bank Draft * Online 2. Control Access Limit access: only those employees who work with the data Manage the environment: mirrors behind the computers? angles of the computers? privacy for talking to customers? Remote access: field personnel terminals? 3. Data Protection Steps Use a firewall Install an intrusion protection system Encrypt customer data Purge and shred old records 4. Monitoring Service Providers You are responsible for risks to your accounts even if you outsource an activity to a third-party. [Appendix A to Part 681, IV(c), 72 Fed.Reg. 63773] A service provider is a third party that you engage to perform an activity in connection with one or more of your covered accounts. [16 CFR 681.2(b)(10), 72 Fed.Reg. 63718, 63772] Service Provider Access: This includes any person or entity that is permitted access to customer information in connection with its service to You, the creditor. Computer network or maintenance - Software, Hardware, Programmers Collection agencies Records Storage 5. Credit Reporting Agencies IF you use consumer reports from a credit agency, your Program must include your steps to authenticate that the report relates to the person about whom you requested the report. [16 CFR 681.1; 72 Fed.Reg. 63771] Element 3: Respond to Red Flags: Prevent and/or Mitigate 1. Your response plan must be part of your adopted program. Your appropriate response will depend on your particular circumstances, including the risk associated with the Red Flag. This must be customized to your operations and activities. 2. The Response Purpose: TO CURB IDENTITY THEFT AS IT OCCURS. 3. Appropriate Responses to Red Flags are set out in the Guidelines. Element 4: Updating Your Program Your Program must be a living document. You must review and modify it periodically to reflect changes in risks and your experience with the workings of your Program. Element 5: Administering Your Program A. Required steps in administering the Program Obtain approval of the written Program by your Governing Body or an appropriate authority designated by it. Ensure oversight by the Governing Body, or a designated senior manager, of the development, implementation, and administration of the Program Train staff, as necessary, to effectively implement the Program Exercise appropriate and effective oversight of service provider arrangements 1. Oversight Includes Assigning specific responsibility Reviewing reports Approving material changes in the Program Report Requirements: At least annually Address material matters Service provider arrangements Effectiveness of the policies and procedures in addressing the risk of identity theft in connection with covered accounts Significant incidents involving identity theft and managements response Recommendations for material changes to the Program Training Staff The purpose of training is to implement your Program: to identify a red flag and to respond to red flags as they occur All employees who work with your covered accounts must be trained to Identify Red Flags Report and React appropriately to Red Flags Handle personal information in your accounts Note: You do not have to train all employees who might have access to your data HOWEVER all employees who have access to your data should understand your duties to prevent identity theft. 3. Service Provider: a person that provides a service directly to the creditor. [16 CFR 681.2(b)(10), 72 Fed.Reg. 63718, 63772] If you use a service provider for your accounts, you will need to insure that the provider is protecting against identity theft in connection with this activity. You are ultimately responsible for complying with the final rules and guidelines even if you outsource an activity to a third-party. This includes any person or entity that maintains, processes, or otherwise is permitted access to customer information in connection with its service to the creditor. Living with the Rules Practical Considerations Sunshine Laws Status of a covered account Municipal Court/Licensing transactions Inactive and closed accounts I. Sunshine Laws A. An open records law still creates duties to make most of your records open. Your records will include much personal identifying information: name, social security number, date of birth, State or government-issued drivers license or identification number, alien registration number, passport number, employer or taxpayer identification number Social Security Numbers may be open. Financial Records may be open. B. Red Flag and Sunshine Laws Not all data requests will trigger the Red Flag rules. Red Flag rules only apply to personal identifying information in a covered account. II. Considerations for Covered Accounts It is not an account unless the data is kept for a continuing relationship and exists to obtain a product or service for personal, family, household or business purposes. It is not a covered account unless it is designed to permit multiple deferred payments or transactions OR presents a reasonably foreseeable risk of identity theft. 1. What is Credit? Deferred Payment 2. When are you a creditor? Merely accepting credit card payment does not make you a creditor under the red flag rules. A creditor has: an on-going relationship involving multiple transactions. 3. Ongoing Duties: Inactive Accounts are covered accounts. Red Flags can arise from maintenance of inactive accounts. [72 Fed.Reg. 63733; Supplement A, 22 at 63774] III. Municipal Court and Permits Payment schedules for multiple payments of court fines or license and permit fees appear to fall within the definition for a covered account. . . . but the FTC is not so sure! Citations do not fall within the Rule even though the ticket is paid at a later time than the date the citation is issued, there are not multiple transactions and the imposition of a fine or penalty assessment is not a product or service and there is no credit because nothing is owed until the defendant becomes obligated to pay. 2. Deferred Payments: The FTCs Dilemma The Federal Trade Commission informally advises that the agency may not enforce the rules against courts. [per telephone conversation with a lawyer for the Federal Trade Commission] FTC appears to rely on private sector experience that doesnt correspond to unique governmental activities. The issue: whether allowing a person to pay a fine over time with deferred payments is a service. 3. What is a Service? Neither the federal rules nor statutes have a definition of service. When asked what a municipality would cite to a court in an action against the municipality based on identity theft from court payment plans, the FTC lawyer agreed that there is no existing authority. 4. Municipal Court Identity Theft Plan? It is not necessary to create a separate ITPP for municipal court if the courts covered activities are included in the overall plan and the appropriate employees in the court clerks office are trained to administer the Program 5. Licensing/Permits The same analysis applies as for municipal courts. 6. Payment Plan Data What verification will you require before releasing information to a person about a court or permit payment schedule? Would this be like an existing utility customer account? IV. Inactive and Closed Accounts A. Records retention: Do you monitor these accounts for risks of identity theft? Who has access to records in off-site storage? B. Returning Utility Deposits? What verification will you require for personal identification for the address change there will almost always be one. C. Reopen/Reactivate Closed Account: What verification will you require for personal identification for remote requests (e.g., phone, internet) from third parties Summary You must adopt an Identity Theft Prevention Program by November 1, 2008. - Your Program must be customized for your operation. - It is risk-based: the lower your risk, the less response is needed. Your Program must contain procedures and timelines for updating and annual review by your governing body. Two Immediate Objectives (1) make a good faith effort to develop a Program on time, and (2) establish realistic ways to follow up with revisions in a timely manner 3 principal elements for curbing identity theft 1. identify risks 2. develop id methods 3a. verify 3b. verify 3c. verify     Living with the Red Flag Rules Diane Pedicord March 2009 Oklahoma Municipal League PAGE  PAGE 3 The Key to Implementing an ITPP: your risk assessment This is an analysis of what you are doing now in order to identify gaps in verification and security of data. The Key to avoiding identity theft: verification that persons are who they say they are that persons accessing an account have authority to do so %&'(>?@VynbnVnJy<hhyP5\^JaJhQhyP5^JaJhQhyP>*^JaJhQhyP6^JaJhQhyP^JaJhhyP^JaJhGsRhyP5:>*^JaJhh>E^JaJ!hQh5:>*CJ^JaJ!hQh>E5:>*CJ^JaJh_5:>*CJ^JaJhQh"NCJ(^JaJ(hQhEB,CJ(^JaJ(hQh>ECJ(^JaJ(hh"N^JaJ&'(?@  B g 4 $ & F pp^pa$gdyP $^a$gdyP$a$gdyP$a$gdyP$a$gd$$a$gd.g+KKL     ;  ;wl`TIAhUI^JaJhhUs^JaJhh>E>*^JaJhhwd>*^JaJhhl9G^JaJhhEB,^JaJhh"N5^JaJhh"N^JaJhhg*^JaJhh>E^JaJhGsRh>E5:>*^JaJhGsRhyP5:>*^JaJhyP>*^JaJhhyP^JaJhhyP5\^JaJ hhyP56\]^JaJ ' ( / 0 1 2 4 6 7 @ U V W Y c v |  F H I J a b d n ĹĮĹϔ~ocXhlhyP^JaJhUI5:>*^JaJhUIhyP5:>*^JaJhh|)^JaJhh_q^JaJhUIhwd;>*^JaJhhEB,5^JaJhhEB,^JaJhhK$l^JaJhhl9G^JaJhUI^JaJhhUs^JaJhh>E^JaJhhwd^JaJhGsR^JaJ 4 W I J . $a$gd_q$a$gd.g $ & F a$gdQ $ & F a$gdl $ & F a$gdyP$a$gdyP$a$gdwd$^`a$gdUI $`a$gdUI $`a$gd.gn } ȿ篣}n_SEhh_q5\^JaJhh_q>*^JaJhQhwd5:>*^JaJhQh_q5:>*^JaJhyPhyP>*^JaJhQhyP5:>*^JaJhlhl^JaJhQhyP>*^JaJhl^JaJhQ^JaJhl\^JaJhQ\^JaJhl5\^JaJhQ5\^JaJhlhyP^JaJhlhyP5\^JaJ 6=@Lop~45?X}}rdS hhT4C9B*^JaJphhhT4C6\^JaJhlnd5\^JaJhhT4C6]^JaJhhT4C^JaJhhT4C5^JaJhhc&<^JaJhh_q5\^JaJhh_q>*^JaJhh_q6]^JaJh-^JaJh_^JaJhQ^JaJhOC^JaJhh_q^JaJ 7pqx?@XY$ & F `a$gdFb$a$gdT4C$a$gdc&< $h^ha$gd_q$a$gd_q $h^ha$gdQ$h^h`a$gd_q$^`a$gd_q$a$gd-$a$gdOC)kuvx018huwxƺ߲ߤ߈}߈rfrXLfrhlndhT4C\^JaJhQhT4C5\^JaJhhT4C6^JaJhhT4C^JaJhhlnd^JaJhlnd^JaJhlnd]^JaJhH 6]^JaJhhH 6]^JaJhH ^JaJhhH >*^JaJhH 6\^JaJhlndhH 5\^JaJhhH ^JaJhH ]^JaJhhT4C\^JaJx1xBCDVW`ay$ & F ^a$gdk $h^ha$gdk$a$gd$a$gdc&<$^`a$gdlnd $h^ha$gdlnd $h^ha$gdH $ & F `a$gdFb+ABCDVW_`alyɾqh\MB7h}hk^JaJh}hm{^JaJhm{hm{56]^JaJhm{hm{5^JaJhm{5^JaJh_hT\5;CJ^Jh_hm{5;CJ^J&hh5:>*B*^JaJph!hQh5:>*CJ^JaJhhc&<5^JaJhhlnd^JaJhT4C^JaJhhT4C>*^JaJhhT4C>*^JaJhQhT4C5^JaJhhT4C^JaJ !"#.67SX!(n{|ɺɺuj[uPuhM5\^JaJhm{hm{5>*\^JaJhm{5\^JaJhm{hm{5\^JaJh}h}^JaJh[$]^JaJh}hm{6]^JaJh}5^JaJhkhm{5^JaJhm{hm{56]^JaJhm{hm{5^JaJhk5^JaJh}hk^JaJh}hm{\^JaJh}hm{^JaJ"#7Xz)o|,$a$gdm{ $^a$gd} $h^ha$gd}$ & F ^a$gd} $h^ha$gdk $^a$gdk$ & F ^a$gdk*+,3LOak|+29;WXh罱ƅƦ|ph\Qhh^JaJhOhO>*^JaJh^JaJh9~h5CJ^JhT\5^JaJh9~^JaJh0h0^JaJh0hO6]^JaJh0hO^JaJhOhO5^JaJh05^JaJh0^JaJh0hm{6]^JaJh0hm{^JaJh0hm{\^JaJh0h0\^JaJ,-},9:;WXhrs BC $^a$gd $ & Fa$gdcX $ & Fa$gdO $ & Fa$gd$a$gd$a$gd0$a$gdOrsCGI[e8XY͉ͫ͝}rjr_Qhh5\^JaJhhc&<^JaJhCA^JaJhcXhcX^JaJhhcX>*^JaJ&hh5:>*B*^JaJphhh6]^JaJhh5\^JaJh9~^JaJhh6^JaJhh^JaJhOhO>*^JaJhO>*^JaJh^JaJhhO^JaJC8$0^`0a$gd5$^`a$gd.g$a$gd.g$a$gdc&<$a$gdcX $h^ha$gd9~$80^8`0a$gd9~U$% .ʼʌymeWeLe@hsehse>*^JaJhseh^JaJhh6]^JaJhse^JaJh%rh>*^JaJh^JaJhh^JaJh#Vh:^JaJhj hT\5:^JaJhj h55:^JaJh%r^JaJh%rh%r5:CJ^JhT\^JaJhh^JaJhhZ)5\^JaJ(jhht^:U^JaJmHnHuU%Q$ & F ^a$gdse $^a$gdY)$a$gdse$^`a$gd$^`a$gdT\ $ & F a$gdG  $ & F a$gd#V$^`a$gd.g$0^`0a$gd5F6 0 Q R y $ & Fa$gdY) $h^ha$gdY) $ & Fa$gdY) $ & Fa$gd($a$gd($ & F`a$gdFb$a$gdse$^`a$gd.FMWi6<HW_`P R x y ! !$!%!>!?!C!!ਟwkh#Vh:^JaJh#Vh#V:^JaJhCA^JaJhG ^JaJhG hG >*^JaJhG >*^JaJhY)^JaJh(h>*^JaJhh5\^JaJh(^JaJhh6]^JaJhh^JaJhse^JaJhseh>*^JaJ) !>!?!!!""""2#3#U##### $ & Fa$gdj $a$gd $a$gdT\$^`a$gd.g $^a$gd.g$0^`0a$gd#V$^`a$gdT\$^`a$gd $ & Fa$gd!!!!!!!""""###1#2#3#7#U#Z####B$N$|ph]h]RChj hU5:\^JaJhh I^JaJhj h ^JaJhj ^JaJhj h :^JaJhj h#V:^JaJhT\5^JaJha]h^JaJha]\^JaJha]hZ)\^JaJha]h\^JaJhh.g^JaJhh>*^JaJhh6]^JaJhhT\^JaJhT\^JaJhh^JaJ##B$_$$$$.%T%U%i%%%%%%%&Y&& $ & Fa$gdw$h^h`a$gdj $h^ha$gd$ & F L^`La$gdFb$a$gdj $a$gd I$a$gdT\N$^$_$d$$$T%U%Y%h%i%%%%%%%&&/&3&X&Y&]&c&d&ѸzozcXMBMhw6]^JaJhY.6]^JaJhY.h^JaJhY.h\^JaJhh/f^JaJh/f^JaJhY.^JaJhh^JaJhj h\^JaJhY.h:\^JaJhj \^JaJhj hj ^JaJhh I6]^JaJhh I^JaJhj ^JaJhj h I:^JaJhj h I5:\^JaJd&~&&&&&&&& '&'B'C'Y'Z'`'''''''''((((;(V(W([(z(((9)>)))))))*׵׵߉~~~vvvnnnh ^JaJh/ F^JaJhhbr^JaJhbr^JaJhwh6]^JaJhw6]^JaJhY.h^JaJhY.h\^JaJhbr6]^JaJhY.6]^JaJhY.^JaJhw^JaJhh^JaJhh6]^JaJ+& 'Z'''(;(X(((((()9)`)a) $^a$gd/ F $ & Fa$gd/ F $ & Fa$gd $^a$gdbr $ & Fa$gdbr $^a$gdbr $ & Fa$gdw $ & Fa$gd $ & Fa$gdbr $h^ha$gda)))))***?**++1,w,,,,,-j-- $8^8a$gd; $^a$gd; $ & Fa$gd $^a$gd $h^ha$gd $h^ha$gd $ & Fa$gd_**!*,*=*>*?*******+!+I+[++++++++,,,,,--=-i-o----̴̛̼̼̏{{̛pehh I^JaJhwc6]^JaJhwc^JaJhwch\^JaJhwchwc\^JaJhh6]^JaJhhI^JaJh^JaJhMi^JaJh;^JaJhh^JaJh h\^JaJh \^JaJh h \^JaJhU^JaJ$---!.j...,/r/s/t///0M0N0w00 $ ha$gdZ)$^`a$gd.g$h^h`a$gd.g$a$gd$a$gd.g $h^ha$gd I $h`ha$gd I $h^ha$gdwc$a$gd I---- .!........///*/+/,/0/S/q/r/s/Ĺܹܹxl`WNCh I5>*^JaJh I\^JaJh*\^JaJh*^JaJhh I>*^JaJhwc^JaJhwch I5:^JaJhwchU5:^JaJs/t///////////0M0N0Z0v0w0y0{00/202th\QE=hL^JaJhLh'\^JaJhm5\^JaJhmhm\^JaJhLh':^JaJhLh'5:\^JaJhLh' 5:\^JaJhhaj ^JaJhh'5^JaJhh'^JaJhh'>*^JaJhhW^JaJh*^JaJhhfO+^JaJh ^JaJhmhW\^JaJhmh'\^JaJhhW5\^JaJhh'^JaJhh'5\^JaJhL^JaJhm^JaJha]^JaJ"444O4444)5V555+6667n7 $,^,a$gd`Z$hh^h`ha$gdH $a$gd`Z $^a$gd $ & F 8a$gd $a$gd $ h,^,a$gd $ & F ha$gdFb$a$gd.g55555556+6,6/606F6b666666666777777777ܶynbnnnVMVnh`Z>*^JaJhh >*^JaJh h \^JaJhh ^JaJhH ^JaJh`Zh`Z5\^JaJh`Z^JaJhh`Z^JaJh`Z\^JaJh`Z5\^JaJh 5\^JaJhm^JaJha]^JaJhhfO+^JaJhhIr_^JaJhm\]^JaJhm56\]^JaJn7o778s8888889:9X9Y9k99 :_:::;5;6;$a$gd5 $ & Fa$gdr$a$gdd $ & Fa$gdXO|$a$gdXO|$a$gd.g $h`ha$gd`Z78888"868U8r8y88888888888X9Y9k9o9s9ŵvj\SHhrhr^JaJhr5^JaJhrhd5:^JaJhdhd5^JaJhXO|hd^JaJhXO|hd5>*CJ^JaJhh55\^JaJhXO|5CJ^JhXO|5>*CJ^JaJhmh55>*CJ^JaJhh 5\^JaJhH h >*^JaJhh 6]^JaJhh ^JaJhH ^JaJs99999 ::^:k::::;;';6;:;Y;c;;;;;;; < <<%<8<=<Q<<<<<<=J=M===´΃u΃hhd6]^JaJhhd^JaJhhd6>*]^JaJh]^JaJhh5:^JaJhhd5:^JaJhdhd5^JaJh^JaJhrhd\^JaJhr^JaJhrhr^JaJhrhd^JaJ)6;Y;;; < < <8<<<<K====A>R>p>>>?I?J? $^a$gd# $^a$gdu $ & Fa$gdu $ & Fa$gdd$a$gd$a$gdd=============== >4>5>>>>>>>>??I?J?K?l?q???@@ӯӯӞӞyk``h#h}d^JaJhHh}d5:^JaJh#hd:^JaJhdhd5^JaJh#hdCJ^JaJh#^JaJh#\^JaJhuhd6]^JaJhuhd;\^JaJhu^JaJhuhd^JaJhuhd>*^JaJhu\^JaJhuhd\^JaJ#J?K?l??@?@@@@:AAAqBB@C_CCoD $ & F!a$gd(Z $ & Fa$gd}d $ & Fa$gdH$80^8`0a$gdH $ & Fa$gd8tf $,^,a$gd8tf $ & Fa$gdH$a$gd8tf$a$gd}d$a$gdd@>@?@d@f@@@@@@@A4A6A9ACALAAAAAAA$BpBqB6C=CACFCJC\C_CCXDoDsDDDEܺܺܺܯummh^JaJhHh}d\^JaJhHh}d6\]^JaJhHhH^JaJhH^JaJhHh}d>*^JaJhHh}d^JaJh8tfh}d6]^JaJh8tfh}d>*^JaJh8tf^JaJh8tfh}d^JaJh8tf6]^JaJh#h}d6]^JaJ'oDDD0EEEEEkFFFFGWGGGGAH $^a$gd] $ & F"a$gd\$a$gd\ $^a$gd(Z $ & F a$gd}d $ & Fa$gd $ & Fa$gd}d$a$gd}d $h^ha$gdEEEEEEEFuFFFFFFFFFFG(GVG[G|GGGGGHHHHHH¶~~sbTh]hIr_:CJ^JaJ!h]hIr_5:CJ\^JaJh I5\^JaJh]^JaJh]h}d^JaJh]\^JaJh\^JaJh\h}d^JaJh\\^JaJh\h}d\^JaJhHh}d5^JaJh(Z^JaJhh}d\^JaJh^JaJhh}d^JaJhh^JaJ AH]HHHHHHH0I9IIIII J7JVJWJJJJJJJKK $^a$gd.l$a$gd}d$a$gd.g $ & F#a$gd]HHHE^JaJhhZ)^JaJhh^JaJhhIr_^JaJKKKK)K*K+K,K.K/K1K2K4K5K7KkKqKKKKKKKKKKKKKKKKKKKKKǾǠǠNj|ng^h/e5;^J h/e5^Jht^:h/e5:CJ^Jht^:h/e5:>*CJ^Jh$h[$0JmHnHu h/e0Jjh/e0JUhch/e:CJaJh/eCJaJh/e:CJaJh/ejh/eUhh>E^JaJhFbh}d5^JaJhFbh.l5^JaJhFb5^JaJ$K*K+K-K.K0K1K3K4K6K7KfKKKKKKKKKKKK$a$gdt^:$a$gdh]hgdc &`#$gd$$a$gd.g $^a$gdFbK+LOLPLLLLLLLLL$a$gd.g$a$gd$ & F 0^`0a$gdFb $t^ta$gdT\$a$gdT\$a$gdt^: KPLXL[L\LdLeLmLnLrLvLLLLLLLLL¸hh>E^JaJht^:h/ehT\h/e5^Jhh/e5^Jh/e5;^Jht^:h/e5;>*CJ^Jht^:h/e5:>*CJ^Jht^:h/e5:>*CJ\ h/e5^J,1h/ =!"#$% R@R Normal)B*CJOJQJ_HaJmH phsH tH `@` ' Heading 1$7$8$@&H$a$ 9B*CJ,OJQJ^JaJ,phDA@D Default Paragraph FontRiR  Table Normal4 l4a (k(No ListL@L  Balloon TextOJQJ_HmH sH tH 4 @4 cFooter  !.)@. c Page Number4@"4 cHeader  !ABDABED  z z z z z z z z zq "+4>D3 I\!&'(?@Bg4WIJ .7pqx?@XY x 1 x B C D V W ` a y  " # 7 X z )o|,-},9:;WXhrs BC8U%QF60QRy>?23UB_.TUiY Z ; X !9!`!a!!!!!"""?""##1$w$$$$$%j%%%%!&j&&&,'r's't'''(M(N(w(()))0*1*G*i*|****** +++,,,O,,,,)-V---+.../n/o//0s0000001:1X1Y1k11 2_22235363Y333 4 4 484444K5555A6R6p6667I7J7K7l778?8888:999q::@;_;;o<<<0=====k>>>>?W????A@]@@@@@@@0A9AAAAA B7BVBWBBBBBBBCC*C7CfCCCCCC+DODPDDDDD!s!t!t!s!!!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!!s!!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!!s!s!s!s!G!G!G!s!s!s!s!s!s!s!s!s!s!s!s!G!G!s!s!s!s!s!G!G!s!s!s!s!G!G!s!s!s!s!s!s!s!s!s!s!s!s!G!G!G!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s! !G!s!G!G!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s! ! !G!G!s!s!G!G!G!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!!!s!s!s!s!s!s!s!s!s!s!s!G!G!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!v:!s!s!s!s!s!s!s!s!G! ! !s!s!s!s!s!s!s!s!s!G! !s!s!s!s!s!s!s!s!s!s!G!G!s!G!G!G!s!!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!s!j!j{s!ssssssss&'(?@Bg4WIJ .7pqx?@XY  x 1 x B C D V W ` a y  " # 7 X z )o|,-},9:;WXhrs BC8U%QF60QRy>?23UB_.TUiY Z ; X !9!`!a!!!!!"""?""##1$w$$$$$%j%%%%!&j&&&,'r's't'''(M(N(w(()))0*1*G*i*|****** +++,,,O,,,,)-V---+.../n/o//0s0000001:1X1Y1k11 2_22235363Y333 4 4 484444K5555A6R6p6667I7J7K7l778?8888:999q::@;_;;o<<<0=====k>>>>?W????A@]@@@@@@@0A9AAAAA B7BVBWBBBBBBBCC*C+C-C.C0C1C3C4C6C7CfCCCCCCCCCCCC+DODPDDDDDDDD000000000000 0 0000000000000000 0 0 000000000000000000000 0 0000 0 000000000 0 0 0 000 0 0 0 000 0 0 0 0 000000000000000 0 000 000 0 000000000000000000000000 0 0  0  0 0000 0 0 000000 0 000000 0 00000 0 0000000000000 0 0 00000 0 0 0 0000000000 000 0 0 00 0 0000 0 00000 00000000 000 00000000000000000000000000 0 0 0 000 0 0 000 0 0 0 0 0 00 0000 0 0 0000000000000000 0 0 0 00000000 0 0000000000000000 0 000000000000 00 0 0 00 0 0 00! 0! 000 0 0000 0 000000" 0" 00# 0# 0# 00000000000000000000000000000000000000000000000000 0 000I0 &'?@Bg4WIJ .?@XYx 1 x C D V W ` a y  7 X z )|,9:;WXhrs BC8U%QF60>?23UB_.TiY Z ; X !9!`!a!!!!"""?""#1$w$$$$$%%%!&j&&,'s't'''(M(N(w(()))G*i*|****** +++,,O,,,,)-V--+.n/o/00001:1X1Y1k11 2235363Y33 4 4 4844455A6R6p66I7J7K7l788:99q::@;;o<<<0=====k>>???A@]@@@@@@@0A9AAAAAC*C+CCCCCDDDDD00000000000 0 0000000@0@0000000000000000000000000@0@000% 00000000000@0000+ 00000+ 0 0000000000 000 0000 00 00000000000000000000000/ 00001 0 2 000@1 00000000000000000000000000000 00 00 00000000 0000000000000@0@0@0000000000000000000000000000000000000000 0 0 0@0 0 0 000 0 0 0 0 0 00000 0 00K00%0@0@00000004 0000001 01 0 0000000+ 0!0+ 0"@0@0@0@0@0@00000000000@0@0@0001 0'0000000000000000000000K0`2a N0RwR@0@00L @0K00K00 @0 0|X  bmzzz} n .!N$d&*-s/0257s9=@EHKKL'*+-.023579<>@ADFGIKMNPRTVWZ4 ,C #&a)-04n76;J?oDAHKKL(,/1468:;=?BCEHJLOQSUXYL)bimtv}!!8@(  h  S 8c"` B S  ?D9 T rk 3Vn rk rk,zDrk T]-/sk0sk31sk3tk 8r;4tkd9tk<' q3ppyv#v###rCD    x~~####zCD  > *urn:schemas-microsoft-com:office:smarttags PostalCodeh *urn:schemas-microsoft-com:office:smarttagsCity0http://www.5iamas-microsoft-com:office:smarttagsV *urn:schemas-microsoft-com:office:smarttagsplacehttp://www.5iantlavalamp.com/i*urn:schemas-microsoft-com:office:smarttagsState0http://www.5iamas-microsoft-com:office:smarttags @;j  +CCD l#n#+CCD:: ##V?[?????????@@@@@@A@A@\@\@]@]@@@@@@@BBBBBBBBBCC)C*C+C7CCCCCCCDDDDDD +CCD#f\M@Pmv8?JO z_p~"4m6(}<T*~?B/*ZS>1>t2L%" lRC7pʖ 8}h.%-E6iF!0FsXw)HΙdJ<80~pM|)P0ZcTz"VrgkY=): Y2C~dY&db\BB\k aaпA$b\1MEe-}f,>p_@gpJ\Chb"&>"o2ژJK;*h^`OJQJo(hH   ^ `OJQJo(    ^ `OJQJo(n xx^x`OJQJo(n HH^H`OJQJo(n ^`OJQJo(n ^`OJQJo(n ^`OJQJo(n ^`OJQJo(n ^`OJQJo(nh^`OJQJo(hH pp^p`OJQJo(n @ @ ^@ `OJQJo(n ^`OJQJo(n ^`OJQJo(n ^`OJQJo(n ^`OJQJo(n PP^P`OJQJo(n,^`o(. dd^d`hH. 4L4^4`LhH.   ^ `hH.   ^ `hH. L^`LhH. tt^t`hH. DD^D`hH. L^`LhH.h ^`o(hH.h^`OJQJo(hHvpp^p`.@ @ ^@ `.^`.^`.^`.^`.PP^P`.h88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hH^`B*OJQJo(phhH^`OJQJ^Jo(hHo  ^ `OJQJo(hH  ^ `OJQJo(hHxx^x`OJQJ^Jo(hHoHH^H`OJQJo(hH^`OJQJo(hH^`OJQJ^Jo(hHo^`OJQJo(hH,^`o(. dd^d`hH. 4L4^4`LhH.   ^ `hH.   ^ `hH. L^`LhH. tt^t`hH. DD^D`hH. L^`LhH.h 88^8`hH.h ^`hH.h  L ^ `LhH.h   ^ `hH.h xx^x`hH.h HLH^H`LhH.h ^`hH.h ^`hH.h L^`LhH.h 88^8`hH.h ^`hH.h  L ^ `LhH.h   ^ `hH.h xx^x`hH.h HLH^H`LhH.h ^`hH.h ^`hH.h L^`LhH.h88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh 88^8`hH.h^`OJQJo(hHh  L ^ `LhH.h   ^ `hH.h xx^x`hH.h HLH^H`LhH.h ^`hH.h ^`hH.h L^`LhH.h 88^8`hH.h ^`hH.h  L ^ `LhH.h   ^ `hH.h xx^x`hH.h HLH^H`LhH.h ^`hH.h ^`hH.h L^`LhH.^`OJQJo(hH^`OJQJ^Jo(hHopp^p`OJQJo(hH@ @ ^@ `OJQJo(hH^`OJQJ^Jo(hHo^`OJQJo(hH^`OJQJo(hH^`OJQJ^Jo(hHoPP^P`OJQJo(hH^`B*OJQJo(phhH^`OJQJ^Jo(hHo  ^ `OJQJo(hH  ^ `OJQJo(hHxx^x`OJQJ^Jo(hHoHH^H`OJQJo(hH^`OJQJo(hH^`OJQJ^Jo(hHo^`OJQJo(hHh^`OJQJo(hHh pp^p`o(hH.h@ @ ^@ `OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHhPP^P`OJQJ^Jo(hHoh  ^ `OJQJo(hH88^8`B*OJQJo(phhH^`OJQJ^Jo(hHopp^p`OJQJo(hH@ @ ^@ `OJQJo(hH^`OJQJ^Jo(hHo^`OJQJo(hH^`OJQJo(hH^`OJQJ^Jo(hHoPP^P`OJQJo(hHh^`OJQJo(hH ^`OJQJo(n   ^ `OJQJo(n   ^ `OJQJo(n xx^x`OJQJo(n HH^H`OJQJo(n ^`OJQJo(n ^`OJQJo(n ^`OJQJo(nh ^`hH.h ^`hH.h  L ^ `LhH.h l l ^l `hH.h <<^<`hH.h  L ^ `LhH.h ^`hH.h ^`hH.h |L|^|`LhH.h88^8`OJQJo(hH ^`OJQJo(    ^ `OJQJo(n   ^ `OJQJo(n xx^x`OJQJo(n HH^H`OJQJo(n ^`OJQJo(n ^`OJQJo(n ^`OJQJo(nh ^`5hH)h pp^p`hH.h @ L@ ^@ `LhH.h ^`hH.h ^`hH.h L^`LhH.h ^`hH.h PP^P`hH.h  L ^ `LhH.88^8`B*OJQJo(phhH^`OJQJ^Jo(hHopp^p`OJQJo(hH@ @ ^@ `OJQJo(hH^`OJQJ^Jo(hHo^`OJQJo(hH^`OJQJo(hH^`OJQJ^Jo(hHoPP^P`OJQJo(hHh dd^d`hH.h 44^4`hH.h  L ^ `LhH.h   ^ `hH.h ^`hH.h tLt^t`LhH.h DD^D`hH.h ^`hH.h L^`LhH.h88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHhh^h`OJPJQJ^J.88^8`B*OJQJo(phhH^`.  ^ `.  ^ `.xx^x`.HH^H`.^`.^`.h^`OJQJo(hHh  ^ `OJQJ^Jo(hHoh  ^ `OJQJo(hHhxx^x`OJQJo(hHhHH^H`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJ^Jo(hHohpp^p`OJQJo(hHh@ @ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohPP^P`OJQJo(hHh88^8`OJQJo(hHh^`OJQJ^Jo(hHohpp^p`OJQJo(hHh@ @ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohPP^P`OJQJo(hH ^`OJQJo(n ^`OJQJo(n pp^p`OJQJo(n @ @ ^@ `OJQJo(n ^`OJQJo(n ^`OJQJo(n ^`OJQJo(n ^`OJQJo(n PP^P`OJQJo(n^`6o(hH. ^`hH. pLp^p`LhH. @ @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PLP^P`LhH.h ^`o(hH. dd^d`hH. 4L4^4`LhH.   ^ `hH.   ^ `hH. L^`LhH. tt^t`hH. DD^D`hH. L^`LhH.h  ^ `OJQJo(hHvh^`OJQJ^Jo(hHoh^`OJQJo(hHh| | ^| `OJQJo(hHhLL^L`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh88^8`OJQJo(hHh^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh 88^8`hH.h ^`hH.h  L ^ `LhH.h   ^ `hH.h xx^x`hH.h HLH^H`LhH.h ^`hH.h ^`hH.h L^`LhH.$MEe_iFmvcTM@~pM"VCh aa db\؉ 6(!0FdJgkY 8B\S>1.%-E>"ot2<T*}flRC7JK;_@gw)HB/*~dY)P: Y~"A$b1 JO  @CJOJQJo(n @CJOJQJo(n## <,tLt(z$Dz&VVz"X ,tLt(z$Dz&VVz  "hKH.&vV2~@v׆4+p&D          x+        LF                                                                        x+         LF        x+         Ŧ^ 4&yT%S2 Et          <,tLt(z$Dz&VVz .         x+                                                                      % }y(h{>1t/TH/L] _`/"0.tHBL~ADX5(r"tHt/t`CT4v2[GKf h0<m/'sN: |Pg4Y0gt/KT4n4% * rgMKa Lho> `/"k $8m Il47 DLBS(r"LhoDI-b\>?jp `]9b ?g`/"Vk PW [v\f,-V nHIl4s3P $-g8}tH { BtHUS]  \f{Il4R/L] g8}mhrzJ8 efg8}0<m ["Ho,\tH]E-YPTBYL~A-J;e k it*[hhrz~ 7vX\`/"@ h<;Qiot/^u} s[Y!L~AG!\f`/" $-(r"KXIxn" Ma"rgM5W#rgM:# ###/L]x#cub7s.V$L~A~$cub7rgMmy>>k 0]?@Z:?D\>?qYjU?DJ?Dq(@r{Cm@r{i&;A-L~AitBB TB +XB>t`ChCIl4BRDIl486\DT4u)lDg8}yD [DTBlD0<m En"e`ET45ZFg8}Wl`G`/"m{nG?GIl4 0&HtH#uhH`/":H`/"q4HhrzWIn"_.Kmy>Gr,L(r"f-Lr{e?ELJLrgM MrgMY^CTNg8}1XO5gO(r"3.PL~A!h7QIl4<;QQ [Qt/?R-RSSk xST0<mDTg8}2TtHptUU+UT4h8V-EwBVVTBP k 7&l`/"lEwBV0<mV ! n+*nrgM"HoxxotH] prejy@q W-rhrz3sUr`/"Ewr 2s[h'sg8}'!sg8};cu(h{^ucV3vg8} wX-whrzx(r"KXIxVxx g y/L]}yzn"zg8}>zxSr{ wT{r{ {e |\f;%A|-|---j}Il4g8}! ns~`/"up~\f~g8}N~g8}0G Se j aj wc 5lgTkc*#]UIO2<GYz("L"[$Pp%z%'#)Y)Z)|)g*fO+EB,Y.03t^:";c&<E=MR=D?@BT4COCCD>EJE/ FH2Fl9G2cGHKJH IILI;L"NHOGsR4d C C# 3qHP)?L"#t diane#                           ! " Oh+'0|   , 8 D P\dltt  Normal.dotdiane12Microsoft Office Word@X/@8e/@h-@LlC  %9՜.+,0 hp  Oklahoma Municipal Leaguey" C t Title  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry Fp7`1Table\WordDocument.SummaryInformation(DocumentSummaryInformation8CompObjq  FMicrosoft Office Word Document MSWordDocWord.Document.89qRoot Entry FDd'1Table\WordDocument.SummaryInformation(DocumentSummaryInformation8xCompObjq  FMicrosoft Office Word Document MSWordDocWord.Document.89q՜.+,D՜.+,D hp  Oklahoma Municipal Leaguey" C t Title4 $,