WASHINGTON -- The federal financial institution regulatory agencies and the Federal Trade Commission are soliciting comments on a Notice of Proposed Rulemaking (NPRM) concerning identity theft “red flags” and address discrepancies. The NPRM, which has been reviewed and approved by each of the listed agencies, implements sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003.
The regulations that the agencies are jointly proposing would require each financial institution and creditor to develop and implement an identity theft prevention program that includes policies and procedures for detecting, preventing, and mitigating identity theft in connection with account openings and existing accounts. The proposed regulations include guidelines listing patterns, practices, and specific forms of activity that should raise a “red flag” signaling a possible risk of identity theft. Under the proposed regulations, an identity theft prevention program established by a financial institution or creditor would have to include policies and procedures for detecting any “red flag” relevant to its operations and implementing a mitigation strategy appropriate for the level of risk.
The proposed regulations also would require credit and debit card issuers to develop policies and procedures to assess the validity of a request for a change of address followed closely by a request for an additional or replacement card.
Additional proposed regulations would require users of consumer reports to develop reasonable policies and procedures that they must apply when they receive a notice of address discrepancy from a consumer reporting agency.
Comments on the NPRM are due no later than 60 days after publication in the Federal Register, which is expected shortly. The NPRM is attached.
Federal Reserve Susan Stawick (202) 452-2955
FDIC David Barr (202) 898-6992
OCC Bryan Hubbard (202) 874-5770
OTS Kevin Petrasic (202) 906-6677
NCUA Cherie Umbel (703) 518-6330
FTC Claudia Bourne Farrell (202) 326-2181