The Federal Deposit Insurance Corporation (FDIC) is issuing the attached "Guidance on Identity Theft and Pretext Calling" to inform banks about developments in these two areas of consumer bank fraud. The other federal banking agencies are issuing similar guidance on this matter. Each agency's guidance is consistent with one another. The guidance:
summarizes federal laws that pertain to identity theft and pretext calling;
discusses measures institutions can take to protect customer information;
informs institutions how they should report suspected criminal activity;
highlights the importance of consumer education to prevent fraud and assist victims of fraud; and
provides references for additional assistance and previous FDIC publications regarding or relating to identity theft and pretext calling.
This guidance is in response to provisions in the Gramm-Leach-Bliley Act (GLBA) that direct the FDIC and other federal banking agencies to review their regulations and guidelines to ensure that financial institutions have policies, procedures and controls in place to prevent the unauthorized disclosure of customer financial information and to deter and detect fraudulent access to such information. Consistent with section 525 of the GLBA (15 U.S.C. 6825), the FDIC has developed the attached guidance to address how banks should protect customer information against identity theft. The guidance supplements guidelines on customer information security issued on February 1 pursuant to section 501(b) of the GLBA. The guidelines take effect on July 1, 2001.
For more information, please contact Carol A. Mesheske, Chief, Special Activities Section, in the Division of Supervision, at (202) 898-6750 or Marc J. Goldstrom, Counsel in the Legal Division, at (202) 898-8807.
Distribution: FDIC-Supervised Banks (Commercial and Savings)
NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (800-276-6003 or (703) 562-2200).