Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
INACTIVE
This page is no longer active. Its content has expired or been rescinded by the FDIC.

Identity Theft Red Flags and Address Discrepancies Joint Notice of Proposed Rulemaking

Information Technology / Cybersecurity
July 18, 2006
Summary: The federal bank, thrift and credit union regulatory agencies and the Federal Trade Commission are requesting public comment on the attached proposed regulation to implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). The proposed regulation would require financial institutions and creditors to adopt reasonable policies and procedures to indicate the possible existence of identity theft and to validate addresses under certain circumstances. Comments are due by September 18, 2006.

Highlights:

The federal bank, thrift and credit union regulatory agencies and the Federal Trade Commission have published the attached notice of proposed rulemaking to implement sections 114 and 315 of the FACT Act. The proposed rule would establish:

  • Guidelines for financial institutions and creditors in identifying patterns, practices and specific forms of activity that indicate the possible existence of identity theft;
  • Regulations requiring financial institutions and creditors to establish reasonable policies and procedures for implementing the guidelines, including, where applicable, a provision requiring credit and debit card issuers to assess the validity of a request for a change of address under certain circumstances; and
  • Regulations requiring reasonable policies and procedures that users of consumer reports should employ upon receiving a notice of address discrepancy from a consumer reporting agency.

Distribution:
FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:
Chief Executive Officer
Chief Information Security Officer
Compliance Officer

Note:
FDIC financial institution letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/financial-institution-letters/2006/index.html .

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html .

Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 North Fairfax Drive, Room E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).

Additional Related Topics:

  • Interagency Guidelines Establishing Information Security Standards, 12 CFR part 364, Appendix B
FIL-64-2006
Attachment(s)
Joint Notice of Proposed Rulemaking: Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 (71 FR 40786, July 18, 2006)
Contact(s)
Senior Policy Analyst Jeffrey Kopchik at or, or Policy Analyst (Compliance) David Lafleur at dlafleur@fdic.gov, (202) 898-3872

Last Updated: July 18, 2006