WASHINGTON — The federal financial institution regulatory agencies and the Federal Trade Commission have sent to the Federal Register for publication final rules on identity theft “red flags” and address discrepancies. The final rules implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003.
According to a report of the President’s Identity Theft Task Force, identity theft (a fraud attempted or committed using identifying information of another person without authority), results in billions of dollars in losses each year to individuals and businesses.
The final rules require each financial
institution and creditor that holds any consumer account, or other
account for which there is a reasonably foreseeable risk of identity
theft, to develop and implement an Identity Theft Prevention Program
(Program) for combating identity theft in connection with new and
existing accounts. The Program must include reasonable policies and
procedures for detecting, preventing, and mitigating identity theft
and enable a financial institution or creditor to:
·
Identify relevant
patterns, practices, and specific forms of activity that are “red
flags” signaling possible identity theft and incorporate those red
flags into the Program;
·
Detect red flags
that have been incorporated into the Program;
·
Respond
appropriately to any red flags that are detected to prevent and
mitigate identity theft; and
·
Ensure the
Program is updated periodically to reflect changes in risks from
identity theft.
The agencies also issued guidelines to assist financial
institutions and creditors in developing and implementing a Program,
including a supplement that provides examples of red flags.
The
final rules also require credit and debit card issuers to develop
policies and procedures to assess the validity of a request for a
change of address that is followed closely by a request for an
additional or replacement card. In addition, the final rules
require users of consumer reports to develop
reasonable policies and procedures to apply when they receive a
notice of address discrepancy from a consumer reporting
agency.
The
attached final rulemaking is issued by the Board of Governors of the
Federal Reserve System, the Federal Deposit Insurance Corporation,
the Federal Trade Commission, the National Credit Union
Administration, the Office of the Comptroller of the Currency, and
the Office of Thrift Supervision. The final rules are
effective on January 1, 2008.
Covered financial institutions and creditors must comply with
the rules by November 1, 2008.
The
final rules are attached and will be published
shortly.
# # #