We are a bank and we are particularly interested in the
Interagency Guidelines relating to identity theft prevention. What do these
guidelines say about detection, prevention, and mitigation?
ANSWER
There are seven elements that the Interagency Guidelines
outline for implementation by financial institutions and creditors. These
elements are incorporated in the Identity Theft Prevention Program, including a
Supplement thereto that sets forth certain Red Flags (a list that is not meant
to be exhaustive).
[12 CFR pt. 334: Appendix J (FDIC); 16 CFR pt. 681: Appendix
A (FTC); 12 CFR pt. 222: Appendix J (FRB); 12 CFR pt. 41: Appendix J (OCC); 12
CFR pt. 717: Appendix J (NCUA). See also Identity
Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit
Transactions Act of 2003, Final Rule: Federal Register: November 9, 2007,
72/217, Rules and Regulations: 63717-63775]
These elements are:
1) Identity Theft Prevention Program,
2) Identify relevant Red Flags,
3) Detect Red Flags,
4) Prevent and mitigate identity theft,
5) Update the Program,
6) Administer the Program, and
7) Legal requirements.
Regarding the Red Flags, these are categorized into five
groups, as follows:
1) Alerts, notifications, and warnings from a consumer
reporting agency.
2) Suspicious documents.
3) Suspicious personal, identifying information.
4) Unusual use of, or suspicious activity related to, the
covered account(s).
5) Notice from customers, victims of identity theft, law
enforcement authorities or other persons regarding possible identity theft in
connection with covered accounts held by the financial institution or creditor.
[12 CFR pt. 334: Appendix J, Supplement A (FDIC); 16 CFR pt.
681: Appendix A, Supplement A (FTC); 12 CFR pt. 222: Appendix J, Supplement A
(FRB); 12 CFR pt. 41: Appendix J, Supplement A (OCC); 12 CFR pt. 717: Appendix
J, Supplement A (NCUA)]
Jonathan Foxx
President & Managing Director
Lenders Compliance Group
