Identity Theft Red Flags, Address Discrepancies, and Change of Address Regulations Examination Procedures
FIL-105-2008 October 16, 2008
The FDIC has issued the attached examination procedures on identity theft "red flags," address discrepancies, and change of address requests.
The exam procedures are intended to assist financial institutions in implementing the Identity Theft Red Flags, Address Discrepancies, and Change of Address Regulations, reflecting the requirements of Sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003.
The regulations require
financial institutions and creditors to implement a written identity theft prevention program;
card issuers to assess the validity of change of address requests; and
users of consumer reports to verify the identity of the subject of a consumer report in the event of a notice of address discrepancy.
The regulations and guidelines took effect on January 1, 2008, and compliance is required by November 1, 2008.
Risk management examiners will examine institutions for compliance with the red flags regulation (12 CFR 334.90) during risk management examinations. Compliance examiners will examine institutions for compliance with the address discrepancies and change of address regulations (12 CFR 334.82 and 334.91) during compliance examinations.
FDIC-Supervised Banks (Commercial and Savings)
Chief Compliance Officer
Chief Information Security Officer
FIL-100-2007, Identity Theft Red Flags, November 15, 2007
FIL-32-2007, Identity Theft, FDIC's Supervisory Policy on Identity Theft, April 11, 2007
FIL-27-2005, Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice, April 1, 2005
FIL-7-2005, Guidelines Requiring the Proper Disposal of Consumer Information, February 2, 2005
FIL-22-2001, Guidelines Establishing Standards for Safeguarding Customer Information, March 14, 2001