Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
INACTIVE
This page is no longer active. Its content has expired or been rescinded by the FDIC.

Identity Theft Red Flags, Address Discrepancies, and Change of Address Regulations Examination Procedures

Summary: The FDIC has issued the attached examination procedures on identity theft "red flags," address discrepancies, and change of address requests.

Highlights:

  • The exam procedures are intended to assist financial institutions in implementing the Identity Theft Red Flags, Address Discrepancies, and Change of Address Regulations, reflecting the requirements of Sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003.
  • The regulations require
    • financial institutions and creditors to implement a written identity theft prevention program;
    • card issuers to assess the validity of change of address requests; and
    • users of consumer reports to verify the identity of the subject of a consumer report in the event of a notice of address discrepancy.
  • The regulations and guidelines took effect on January 1, 2008, and compliance is required by November 1, 2008.
  • Risk management examiners will examine institutions for compliance with the red flags regulation (12 CFR 334.90) during risk management examinations. Compliance examiners will examine institutions for compliance with the address discrepancies and change of address regulations (12 CFR 334.82 and 334.91) during compliance examinations.

Distribution:
FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:
Chief Compliance Officer
Chief Information Security Officer


  • FIL-100-2007, Identity Theft Red Flags, November 15, 2007


  • FIL-32-2007, Identity Theft, FDIC's Supervisory Policy on Identity Theft, April 11, 2007


  • FIL-27-2005, Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice, April 1, 2005


  • FIL-7-2005, Guidelines Requiring the Proper Disposal of Consumer Information, February 2, 2005


  • FIL-22-2001, Guidelines Establishing Standards for Safeguarding Customer Information, March 14, 2001

  • Identity Theft Red Flag, Address Discrepancies, and Change of Address Examination Procedures
  • Identity Theft Red Flag, Address Discrepancies, and Change of Address Examination Procedures - PDF ( PDF Help )
  • Note:
    To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html .

    FDIC financial institution letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/financial-institution-letters/2008/index.html

    Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877- 275-3342 or 703-562-2200).



    Last Updated: October 16, 2008