Joint Release
Board Of Governors of the Federal Reserve System
Federal Deposit Insurance Corporation
Federal Trade Commission
National Credit Union Administration
Office of the Comptroller of the Currency
Office of Thrift Supervision
For immediate release July 18, 2006
Agencies Propose Rules on Identity Theft Red Flags and Notices of Address Discrepancy
WASHINGTON -- The federal financial institution regulatory agencies and the Federal Trade
Commission are soliciting comments on a Notice of Proposed Rulemaking (NPRM) concerning
identity theft "red flags" and address discrepancies. The NPRM, which has been reviewed and
approved by each of the listed agencies, implements sections 114 and 315 of the Fair and
Accurate Credit Transactions Act of 2003.
The regulations that the agencies are jointly proposing would require each financial institution
and creditor to develop and implement an identity theft prevention program that includes policies
and procedures for detecting, preventing, and mitigating identity theft in connection with account
openings and existing accounts. The proposed regulations include guidelines listing patterns,
practices, and specific forms of activity that should raise a "red flag" signaling a possible risk of
identity theft. Under the proposed regulations, an identity theft prevention program established
by a financial institution or creditor would have to include policies and procedures for detecting
any "red flag" relevant to its operations and implementing a mitigation strategy appropriate for
the level of risk.
The proposed regulations also would require credit and debit card issuers to develop policies
and procedures to assess the validity of a request for a change of address followed closely by a
request for an additional or replacement card.
Additional proposed regulations would require users of consumer reports to develop reasonable
policies and procedures that they must apply when they receive a notice of address discrepancy
from a consumer reporting agency.
Comments on the NPRM are due no later than 60 days after publication in the Federal Register,
which is expected shortly. The NPRM is attached.
# # #
Attachments:
Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit
Transactions Act of 2003: Part 1 - PDF 1,985k (PDF Help)
Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit
Transactions Act of 2003: Part 2 - PDF 1,472k (PDF Help)
Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit
Transactions Act of 2003: Part 3 - PDF 1,101k (PDF Help)
Board Of Governors of the Federal Reserve System
Federal Deposit Insurance Corporation
Federal Trade Commission
National Credit Union Administration
Office of the Comptroller of the Currency
Office of Thrift Supervision
For immediate release July 18, 2006
Agencies Propose Rules on Identity Theft Red Flags and Notices of Address Discrepancy
WASHINGTON -- The federal financial institution regulatory agencies and the Federal Trade
Commission are soliciting comments on a Notice of Proposed Rulemaking (NPRM) concerning
identity theft "red flags" and address discrepancies. The NPRM, which has been reviewed and
approved by each of the listed agencies, implements sections 114 and 315 of the Fair and
Accurate Credit Transactions Act of 2003.
The regulations that the agencies are jointly proposing would require each financial institution
and creditor to develop and implement an identity theft prevention program that includes policies
and procedures for detecting, preventing, and mitigating identity theft in connection with account
openings and existing accounts. The proposed regulations include guidelines listing patterns,
practices, and specific forms of activity that should raise a "red flag" signaling a possible risk of
identity theft. Under the proposed regulations, an identity theft prevention program established
by a financial institution or creditor would have to include policies and procedures for detecting
any "red flag" relevant to its operations and implementing a mitigation strategy appropriate for
the level of risk.
The proposed regulations also would require credit and debit card issuers to develop policies
and procedures to assess the validity of a request for a change of address followed closely by a
request for an additional or replacement card.
Additional proposed regulations would require users of consumer reports to develop reasonable
policies and procedures that they must apply when they receive a notice of address discrepancy
from a consumer reporting agency.
Comments on the NPRM are due no later than 60 days after publication in the Federal Register,
which is expected shortly. The NPRM is attached.
# # #
Attachments:
Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit
Transactions Act of 2003: Part 1 - PDF 1,985k (PDF Help)
Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit
Transactions Act of 2003: Part 2 - PDF 1,472k (PDF Help)
Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit
Transactions Act of 2003: Part 3 - PDF 1,101k (PDF Help)
Media Contacts
Federal Reserve Susan Stawick (202) 452-2955
FDIC David Barr (202) 898-6992
OCC Bryan Hubbard (202) 874-5770
OTS Kevin Petrasic (202) 906-6677
NCUA Cherie Umbel (703) 518-6330
FTC Claudia Bourne Farrell (202) 326-2181
FDIC: PR-71-2006
Federal Reserve Susan Stawick (202) 452-2955
FDIC David Barr (202) 898-6992
OCC Bryan Hubbard (202) 874-5770
OTS Kevin Petrasic (202) 906-6677
NCUA Cherie Umbel (703) 518-6330
FTC Claudia Bourne Farrell (202) 326-2181
FDIC: PR-71-2006