We are a bank and we are particularly interested in the Interagency Guidelines relating to identity theft prevention. What do these guidelines say about detection, prevention, and mitigation?
There are seven elements that the Interagency Guidelines outline for implementation by financial institutions and creditors. These elements are incorporated in the Identity Theft Prevention Program, including a Supplement thereto that sets forth certain Red Flags (a list that is not meant to be exhaustive).
[12 CFR pt. 334: Appendix J (FDIC); 16 CFR pt. 681: Appendix A (FTC); 12 CFR pt. 222: Appendix J (FRB); 12 CFR pt. 41: Appendix J (OCC); 12 CFR pt. 717: Appendix J (NCUA). See also Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003, Final Rule: Federal Register: November 9, 2007, 72/217, Rules and Regulations: 63717-63775]
These elements are:
1) Identity Theft Prevention Program,
2) Identify relevant Red Flags,
3) Detect Red Flags,
4) Prevent and mitigate identity theft,
5) Update the Program,
6) Administer the Program, and
7) Legal requirements.
Regarding the Red Flags, these are categorized into five groups, as follows:
1) Alerts, notifications, and warnings from a consumer reporting agency.
2) Suspicious documents.
3) Suspicious personal, identifying information.
4) Unusual use of, or suspicious activity related to, the covered account(s).
5) Notice from customers, victims of identity theft, law enforcement authorities or other persons regarding possible identity theft in connection with covered accounts held by the financial institution or creditor.
[12 CFR pt. 334: Appendix J, Supplement A (FDIC); 16 CFR pt. 681: Appendix A, Supplement A (FTC); 12 CFR pt. 222: Appendix J, Supplement A (FRB); 12 CFR pt. 41: Appendix J, Supplement A (OCC); 12 CFR pt. 717: Appendix J, Supplement A (NCUA)]
President & Managing Director
Lenders Compliance Group