Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Financial Institution Letter

Identity Theft

FDIC's Supervisory Policy on Identity Theft


The FDIC has issued the attached "Supervisory Policy on Identity Theft." The policy describes the characteristics of identity theft. It also sets forth the FDIC's expectations that institutions under its supervision take steps to detect and prevent identity theft and mitigate its effects in order to protect consumers and help ensure institutions' safe and sound operations.


  • Identity theft poses risks to consumers and the safe and sound operation of financial institutions.
  • The FDIC has well-defined expectations of how institutions should detect and prevent ID theft and mitigate its effects.
  • The attached policy lays out the FDIC's approach to addressing identity theft, and contains standards that institutions are expected to meet to protect customers' sensitive information and notify them of compromises in appropriate circumstances.
  • The FDIC believes that consumer education has an important role to play in helping to prevent identity theft and will continue its consumer education efforts during 2007.


FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing

Chief Executive Officer

Chief Information Security Officer


FDIC financial institution letters (FILs) may be accessed from the FDIC's Web site at

To receive FILs electronically, please visit

Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1102, Arlington, VA 22226 (1-877-275-3342 or 202-416-6940).

Additional Related Topics

FFIEC Information Security Handbook, issued July 2006

Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice, April 1, 2005

Interagency Informational Brochure on Phishing Scams, contained in FIL-113-2004, issued September 13, 2004

Last Updated: April 11, 2007