Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank



Home > News & Events > Financial Institution Letters




Financial Institution Letters

Identity Theft
FDIC's Supervisory Policy on Identity Theft
FIL-32-2007
April 11, 2007


Summary: The FDIC has issued the attached "Supervisory Policy on Identity Theft." The policy describes the characteristics of identity theft. It also sets forth the FDIC's expectations that institutions under its supervision take steps to detect and prevent identity theft and mitigate its effects in order to protect consumers and help ensure institutions' safe and sound operations.

Highlights:
  • Identity theft poses risks to consumers and the safe and sound operation of financial institutions.
  • The FDIC has well-defined expectations of how institutions should detect and prevent ID theft and mitigate its effects.
  • The attached policy lays out the FDIC's approach to addressing identity theft, and contains standards that institutions are expected to meet to protect customers' sensitive information and notify them of compromises in appropriate circumstances.
  • The FDIC believes that consumer education has an important role to play in helping to prevent identity theft and will continue its consumer education efforts during 2007.

Distribution:
FDIC-Supervised Banks (Commercial and Savings)

Suggested Routing:
Chief Executive Officer
Chief Information Security Officer

Related Topics:

  • FFIEC Information Security Handbook, issued July 2006
  • FIL-18-2006, Fair Credit Reporting Act - Revised Examination Procedures (See module 5), February 22, 2006
  • FIL-103-2005, Authentication in an Internet Banking Environment, October 12, 2005
  • FIL-66-2005, Guidance on Mitigating Risks From Spyware, issued July 22, 2005
  • FIL-64-2005, Guidance on How Financial Institutions Can Protect Against Pharming Attacks issued July 18, 2005
  • Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice, April 1, 2005
  • FIL-27-2004, Guidance on Safeguarding Customers Against E-Mail and Internet Related Fraud, issued March 12, 2004
  • Interagency Informational Brochure on Phishing Scams, contained in FIL-113-2004, issued September 13, 2004

Attachment:
Supervisory Policy on Identity Theft

Contact:
Senior Policy Analyst Jeffrey Kopchik at (202) 898-3872 or JKopchik@fdic.gov, or Policy Analyst (Compliance) David Lafleur at (202) 898-6569 or dlafleur@fdic.gov

Printable Format:
FIL-32-2007 - PDF 90k (PDF Help)

Note:
FDIC financial institution letters (FILs) may be accessed from the FDIC's Web site at www.fdic.gov/news/news/financial/2007/index.html.

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html.

Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1102, Arlington, VA 22226 (1-877-275-3342 or 202-416-6940).


Last Updated 4/11/2007 communications@fdic.gov

Skip Footer back to content