65913Federal Register / Vol. 80, No. 208 / Wednesday, October 28, 2015 / Rules and Regulations
1 Public Law 111–203, 124 Stat. 1376 (2010).
2 Section 312 of the Dodd-Frank Act, codified at
12 U.S.C. 5412.
3 76 FR 39247 (July 6, 2011).
other computer crimes. See OCC Bulletin
2000–14, ‘‘Infrastructure Threats—Intrusion
Risks’’ (May 15, 2000); Advisory Letter 97–
9, ‘‘Reporting Computer Related Crimes’’
(November 19, 1997) (general guidance still
applicable though instructions for new SAR
form published in 65 FR 1229, 1230 (January
7, 2000)). See also Federal Reserve SR 01–11,
Identity Theft and Pretext Calling, Apr. 26,
2001.
13 See FFIEC Information Technology
Examination Handbook, Information Security
Booklet, Dec. 2002, pp. 68–74.
14 The institution should, therefore, ensure
that it has reasonable policies and procedures
in place, including trained personnel, to
respond appropriately to customer inquiries
and requests for assistance.
15 Currently, the FTC Web site for the ID
Theft brochure and the FTC Hotline phone
number are http://www.consumer.gov/idtheft
and 1–877–IDTHEFT. The institution may
also refer customers to any materials
developed pursuant to section 151(b) of the
FACT Act (educational materials developed
by the FTC to teach the public how to
prevent identity theft).
PART 391—FORMER OFFICE OF
THRIFT SUPERVISION REGULATIONS
■ 4. The authority citation for part 391
is revised to read as follows:
Authority: 12 U.S.C. 1819 (Tenth).
Subpart A also issued under 12 U.S.C.
1462a; 1463; 1464; 1828; 1831p-1; 1881-1884;
15 U.S.C. 1681w; 15 U.S.C. 6801; 6805.
Subpart C also issued under 12 U.S.C.
1462a; 1463; 1464; 1828; 1831p-1; and 1881-
1884; 15 U.S.C. 1681m; 1681w.
Subpart D also issued under 12 U.S.C.
1462; 1462a; 1463; 1464; 42 U.S.C. 4012a;
4104a; 4104b; 4106; 4128.
Subpart E also issued under 12 U.S.C.
1467a; 1468; 1817; 1831i.
Subpart B—[Removed and Reserved]
■ 5. Remove and reserve subpart B
consisting of §§ 391.10 through 391.14,
and Appendices A and B.
Dated at Washington, DC, this 22nd day of
October 2015.
By order of the Board of Directors.
Federal Deposit Insurance Corporation.
Robert E. Feldman,
Executive Secretary.
[FR Doc. 2015–27293 Filed 10–27–15; 8:45 am]
BILLING CODE 6714–01–P
FEDERAL DEPOSIT INSURANCE
CORPORATION
12 CFR Parts 334 and 391
RIN 3064–AE29
Removal of Transferred OTS
Regulations Regarding Fair Credit
Reporting and Amendments;
Amendment to the ‘‘Creditor’’
Definition in Identity Theft Red Flags
Rule; Removal of FDIC Regulations
Regarding Fair Credit Reporting
Transferred to the Consumer Financial
Protection Bureau
AGENCY: Federal Deposit Insurance
Corporation.
ACTION: Final rule.
SUMMARY: The Federal Deposit
Insurance Corporation (FDIC) is
adopting a final rule (Final Rule) to
make several amendments to its
regulations covering ‘‘Fair Credit
Reporting.’’ The amendments conform
FDIC Fair Credit Reporting regulations
to the Dodd-Frank Act by consolidating
the regulations for all institutions for
which the FDIC is the appropriate
Federal banking agency into a single
part. The amendments also address the
role of the Consumer Financial
Protection Bureau in promulgating rules
relating to Fair Credit Reporting.
DATES: The Final Rule is effective
November 27, 2015.
FOR FURTHER INFORMATION CONTACT:
Sandra Barker, Senior Policy Analyst,
Division of Depositor and Consumer
Protection, (202) 898–3615 or sabarker@
fdic.gov; Jeffrey Kopchik, Senior Policy
Analyst, Division of Risk Management
Supervision, (703) 254–0459 or
jkopchik@fdic.gov; Richard M.
Schwartz, Counsel, Legal Division, (202)
898–7424 or rischwartz@fdic.gov.
SUPPLEMENTARY INFORMATION:
I. Removal of Transferred OTS
Regulations Regarding Fair Credit
Reporting and Amendments to 12 CFR
Part 334 of FDIC’s Rules and
Regulations
A. Background
The Dodd-Frank Wall Street Reform
and Consumer Protection Act (Dodd-
Frank Act) 1 provided for a substantial
reorganization of the regulation of State
and Federal savings associations and
their holding companies. Beginning July
21, 2011, the transfer date established
by section 311 of the Dodd-Frank Act,
codified at 12 U.S.C. 5411, the powers,
duties, and functions formerly
performed by the OTS were divided
among the FDIC, as to State savings
associations, the Office of the
Comptroller of the Currency (OCC), as to
Federal savings associations, and the
Board of Governors of the Federal
Reserve System (FRB), as to savings and
loan holding companies.2 Section 316(b)
of the Dodd-Frank Act, codified at 12
U.S.C. 5414(b), provided the manner of
treatment for all orders, resolutions,
determinations, regulations, and
advisory materials that had been issued,
made, prescribed, or allowed to become
effective by the OTS. The section
provided that if such materials were in
effect on the day before the transfer
date, they continue to be in effect and
are enforceable by or against the
appropriate successor agency until they
are modified, terminated, set aside, or
superseded in accordance with
applicable law by such successor
agency, by any court of competent
jurisdiction, or by operation of law.
Section 316(c) of the Dodd-Frank Act,
codified at 12 U.S.C. 5414(c), further
directed the FDIC and the OCC to
consult with one another and to publish
a list of the continued OTS regulations
that would be enforced by the FDIC and
the OCC, respectively. On June 14, 2011,
the FDIC’s Board of Directors approved
a ‘‘List of OTS Regulations to be
Enforced by the OCC and the FDIC
Pursuant to the Dodd-Frank Wall Street
Reform and Consumer Protection Act.’’
This list was published by the FDIC and
the OCC as a Joint Notice in the Federal
Register on July 6, 2011.3
Although section 312(b)(2)(B)(i)(II) of
the Dodd-Frank Act, codified at 12
U.S.C. 5412(b)(2)(B)(i)(II), granted the
OCC rulemaking authority relating to
both State and Federal savings
associations, nothing in the Dodd-Frank
Act affected the FDIC’s existing
authority to issue regulations under the
FDI Act and other laws as the
‘‘appropriate Federal banking agency’’
or under similar statutory terminology.
Section 312(c) of the Dodd-Frank Act
amended the definition of ‘‘appropriate
Federal banking agency’’ contained in
section 3(q) of the FDI Act, 12 U.S.C.
1813(q), to add State savings
associations whose deposits are insured
by the FDIC (State savings associations)
to the list of entities for which the FDIC
is designated as the ‘‘appropriate
Federal banking agency.’’ As a result,
when the FDIC acts as the designated
‘‘appropriate Federal banking agency’’
(or under similar terminology) for State
savings associations, as it does here, the
FDIC is authorized to issue, modify and
VerDate Sep<11>2014 15:03 Oct 27, 2015 Jkt 238001 PO 00000 Frm 00033 Fmt 4700 Sfmt 4700 E:\FR\FM\28OCR1.SGM 28OCR1
Lhorne on DSK5TPTVN1PROD with RULES
1 Public Law 111–203, 124 Stat. 1376 (2010).
2 Section 312 of the Dodd-Frank Act, codified at
12 U.S.C. 5412.
3 76 FR 39247 (July 6, 2011).
other computer crimes. See OCC Bulletin
2000–14, ‘‘Infrastructure Threats—Intrusion
Risks’’ (May 15, 2000); Advisory Letter 97–
9, ‘‘Reporting Computer Related Crimes’’
(November 19, 1997) (general guidance still
applicable though instructions for new SAR
form published in 65 FR 1229, 1230 (January
7, 2000)). See also Federal Reserve SR 01–11,
Identity Theft and Pretext Calling, Apr. 26,
2001.
13 See FFIEC Information Technology
Examination Handbook, Information Security
Booklet, Dec. 2002, pp. 68–74.
14 The institution should, therefore, ensure
that it has reasonable policies and procedures
in place, including trained personnel, to
respond appropriately to customer inquiries
and requests for assistance.
15 Currently, the FTC Web site for the ID
Theft brochure and the FTC Hotline phone
number are http://www.consumer.gov/idtheft
and 1–877–IDTHEFT. The institution may
also refer customers to any materials
developed pursuant to section 151(b) of the
FACT Act (educational materials developed
by the FTC to teach the public how to
prevent identity theft).
PART 391—FORMER OFFICE OF
THRIFT SUPERVISION REGULATIONS
■ 4. The authority citation for part 391
is revised to read as follows:
Authority: 12 U.S.C. 1819 (Tenth).
Subpart A also issued under 12 U.S.C.
1462a; 1463; 1464; 1828; 1831p-1; 1881-1884;
15 U.S.C. 1681w; 15 U.S.C. 6801; 6805.
Subpart C also issued under 12 U.S.C.
1462a; 1463; 1464; 1828; 1831p-1; and 1881-
1884; 15 U.S.C. 1681m; 1681w.
Subpart D also issued under 12 U.S.C.
1462; 1462a; 1463; 1464; 42 U.S.C. 4012a;
4104a; 4104b; 4106; 4128.
Subpart E also issued under 12 U.S.C.
1467a; 1468; 1817; 1831i.
Subpart B—[Removed and Reserved]
■ 5. Remove and reserve subpart B
consisting of §§ 391.10 through 391.14,
and Appendices A and B.
Dated at Washington, DC, this 22nd day of
October 2015.
By order of the Board of Directors.
Federal Deposit Insurance Corporation.
Robert E. Feldman,
Executive Secretary.
[FR Doc. 2015–27293 Filed 10–27–15; 8:45 am]
BILLING CODE 6714–01–P
FEDERAL DEPOSIT INSURANCE
CORPORATION
12 CFR Parts 334 and 391
RIN 3064–AE29
Removal of Transferred OTS
Regulations Regarding Fair Credit
Reporting and Amendments;
Amendment to the ‘‘Creditor’’
Definition in Identity Theft Red Flags
Rule; Removal of FDIC Regulations
Regarding Fair Credit Reporting
Transferred to the Consumer Financial
Protection Bureau
AGENCY: Federal Deposit Insurance
Corporation.
ACTION: Final rule.
SUMMARY: The Federal Deposit
Insurance Corporation (FDIC) is
adopting a final rule (Final Rule) to
make several amendments to its
regulations covering ‘‘Fair Credit
Reporting.’’ The amendments conform
FDIC Fair Credit Reporting regulations
to the Dodd-Frank Act by consolidating
the regulations for all institutions for
which the FDIC is the appropriate
Federal banking agency into a single
part. The amendments also address the
role of the Consumer Financial
Protection Bureau in promulgating rules
relating to Fair Credit Reporting.
DATES: The Final Rule is effective
November 27, 2015.
FOR FURTHER INFORMATION CONTACT:
Sandra Barker, Senior Policy Analyst,
Division of Depositor and Consumer
Protection, (202) 898–3615 or sabarker@
fdic.gov; Jeffrey Kopchik, Senior Policy
Analyst, Division of Risk Management
Supervision, (703) 254–0459 or
jkopchik@fdic.gov; Richard M.
Schwartz, Counsel, Legal Division, (202)
898–7424 or rischwartz@fdic.gov.
SUPPLEMENTARY INFORMATION:
I. Removal of Transferred OTS
Regulations Regarding Fair Credit
Reporting and Amendments to 12 CFR
Part 334 of FDIC’s Rules and
Regulations
A. Background
The Dodd-Frank Wall Street Reform
and Consumer Protection Act (Dodd-
Frank Act) 1 provided for a substantial
reorganization of the regulation of State
and Federal savings associations and
their holding companies. Beginning July
21, 2011, the transfer date established
by section 311 of the Dodd-Frank Act,
codified at 12 U.S.C. 5411, the powers,
duties, and functions formerly
performed by the OTS were divided
among the FDIC, as to State savings
associations, the Office of the
Comptroller of the Currency (OCC), as to
Federal savings associations, and the
Board of Governors of the Federal
Reserve System (FRB), as to savings and
loan holding companies.2 Section 316(b)
of the Dodd-Frank Act, codified at 12
U.S.C. 5414(b), provided the manner of
treatment for all orders, resolutions,
determinations, regulations, and
advisory materials that had been issued,
made, prescribed, or allowed to become
effective by the OTS. The section
provided that if such materials were in
effect on the day before the transfer
date, they continue to be in effect and
are enforceable by or against the
appropriate successor agency until they
are modified, terminated, set aside, or
superseded in accordance with
applicable law by such successor
agency, by any court of competent
jurisdiction, or by operation of law.
Section 316(c) of the Dodd-Frank Act,
codified at 12 U.S.C. 5414(c), further
directed the FDIC and the OCC to
consult with one another and to publish
a list of the continued OTS regulations
that would be enforced by the FDIC and
the OCC, respectively. On June 14, 2011,
the FDIC’s Board of Directors approved
a ‘‘List of OTS Regulations to be
Enforced by the OCC and the FDIC
Pursuant to the Dodd-Frank Wall Street
Reform and Consumer Protection Act.’’
This list was published by the FDIC and
the OCC as a Joint Notice in the Federal
Register on July 6, 2011.3
Although section 312(b)(2)(B)(i)(II) of
the Dodd-Frank Act, codified at 12
U.S.C. 5412(b)(2)(B)(i)(II), granted the
OCC rulemaking authority relating to
both State and Federal savings
associations, nothing in the Dodd-Frank
Act affected the FDIC’s existing
authority to issue regulations under the
FDI Act and other laws as the
‘‘appropriate Federal banking agency’’
or under similar statutory terminology.
Section 312(c) of the Dodd-Frank Act
amended the definition of ‘‘appropriate
Federal banking agency’’ contained in
section 3(q) of the FDI Act, 12 U.S.C.
1813(q), to add State savings
associations whose deposits are insured
by the FDIC (State savings associations)
to the list of entities for which the FDIC
is designated as the ‘‘appropriate
Federal banking agency.’’ As a result,
when the FDIC acts as the designated
‘‘appropriate Federal banking agency’’
(or under similar terminology) for State
savings associations, as it does here, the
FDIC is authorized to issue, modify and
VerDate Sep<11>2014 15:03 Oct 27, 2015 Jkt 238001 PO 00000 Frm 00033 Fmt 4700 Sfmt 4700 E:\FR\FM\28OCR1.SGM 28OCR1
Lhorne on DSK5TPTVN1PROD with RULES
65914 Federal Register / Vol. 80, No. 208 / Wednesday, October 28, 2015 / Rules and Regulations
4 76 FR 47652 (Aug. 5, 2011).
5 15 U.S.C. 1681a, et seq.
6 The Dodd-Frank Act transferred the rule-writing
authority of several parts of the ‘‘Fair Credit
Reporting’’ regulations contained in parts 334 and
571, as well as the regulations of the OCC, FRB, and
National Credit Union Administration (‘‘NCUA’’),
to the newly created CFPB. See sections 1061 and
1088, codified at 12 U.S.C. 5581, 15 U.S.C. 1681 et
seq. When the OTS regulations for state savings
associations were transferred to part 391, only those
portions of the regulation that were retained by the
FDIC were included.
7 70 FR 70664 (Nov. 22, 2005).
8 Public Law 108–159, 117 Stat. 1952, 1999–2002
(2003).
9 15 U.S.C. 1681b.
10 70 FR at 70664.
11 12 CFR 571.2.
12 12 CFR 334.2.
13 Public Law 108–159, 117 Stat. at 1985–86; 15
U.S.C. 1681w.
14 Id.
15 69 FR 77610 (Dec. 28, 2004).
16 12 CFR 334.83, 571.83 (2004).
17 Id. (both regulations stated, in relevant part,
‘‘You must properly dispose of any consumer
information that you maintain or otherwise possess
in accordance with the Interagency Guidelines
Establishing Information Security Standards . . . to
the extent the Guidelines are applicable to you.’’).
Both the FDIC’s and the OTS’s Interagency
Guidelines were placed in the Safety and
Soundness regulations, parts 364 and 570,
respectively.
18 72 FR 63718 (Nov. 9, 2007). That rulemaking
also included rules issued pursuant to section 315
of the FACT Act, which required the Agencies to
issue joint regulations that provide guidance
regarding reasonable policies and procedures that a
user of a consumer report should employ when the
user receives a notice of an address discrepancy.
The rule-writing authority for that rule was given
to the CFPB in the Dodd-Frank Act.
19 See 12 CFR 571.83(a) (2007).
20 72 FR at 63739.
rescind regulations involving such
associations, as well as for State
nonmember banks and insured branches
of foreign banks.
As noted, on June 14, 2011, pursuant
to this authority, the FDIC’s Board of
Directors reissued and redesignated
certain transferring regulations of the
former OTS. These transferred OTS
regulations were published as new FDIC
regulations in the Federal Register on
August 5, 2011.4 When it republished
the transferred OTS regulations as new
FDIC regulations, the FDIC specifically
noted that its staff would evaluate the
transferred OTS rules and might later
recommend incorporating the
transferred OTS regulations into other
FDIC rules, amending them, or
rescinding them, as appropriate.
One of the OTS rules transferred to
the FDIC governed OTS oversight of the
Fair Credit Reporting regulations, which
implemented the Fair Credit Reporting
Act (FCRA),5 in the context of State
savings associations. The OTS rule,
formerly found at 12 CFR part 571, was
transferred to the FDIC 6 and was moved
to the FDIC’s rules at part 391, subpart
C, entitled ‘‘Fair Credit Reporting.’’
Before the transfer of the OTS rules and
continuing today, the FDIC’s rules
contained part 334, also entitled ‘‘Fair
Credit Reporting,’’ a rule governing
FDIC regulation with respect to IDIs for
which the FDIC has been designated the
appropriate Federal banking agency.
After careful review and comparison of
part 391, subpart C and part 334, the
FDIC rescinds part 391, subpart C,
because, as discussed below, it is
substantively redundant to existing part
334 and simultaneously makes technical
conforming edits to our existing rule.
B. FDIC’s Existing 12 CFR Section 334.2
and Former OTS’s 12 CFR Section 571.2
(transferred to FDIC’s Part 391, Subpart
C, as 12 CFR Section 391.20)
On November 22, 2005, the FDIC,
OTS, OCC, FRB and NCUA (‘‘the
Agencies’’) jointly published rules in
the Federal Register 7 to implement
section 411 of the Fair and Accurate
Credit Transactions Act of 2003 (FACT
Act),8 which amended section 604 of
the FCRA.9 Section 411 of the FACT Act
generally limited the ability of creditors
to obtain and use medical information
in connection with credit eligibility
determinations and the ability of
consumer reporting agencies to disclose
medical information, as well as
restricting the sharing of medical
information and other medically related
information with affiliates.10 That
section required the Agencies to issue
regulations on several aspects related to
the medical privacy amendment.
Although Dodd-Frank Act transferred
the 2005 medical privacy regulations to
the CFPB, as discussed below, the
Agencies issued a regulation in the
‘‘General Provisions’’ portion of the Fair
Credit Reporting regulations that
remains in effect in the Agencies’
regulations today.
That regulation related to ‘‘examples’’
issued in any regulation in the Fair
Credit Reporting part. The OTS
regulation, stated: ‘‘The examples in this
part are not exclusive. Compliance with
an example, to the extent applicable,
constitutes compliance with this part.
Examples in a paragraph illustrate only
the issue described in the paragraph and
do not illustrate any other issue that
may arise in this part.’’ 11 The
concurrently issued FDIC regulation
contains identical language.12
The OTS regulation issued at § 391.20
was amended slightly because it was
placed in a subpart of part 391: the word
‘‘part’’ was replace by ‘‘subpart.’’
Nevertheless, the portion of the OTS
regulation that applied to State savings
associations and their subsidiaries,
originally codified at 12 CFR part 571
and subsequently transferred to FDIC’s
part 391, subpart C, is substantively
similar to the current FDIC regulations
codified at 12 CFR part 334. Therefore,
to eliminate redundancy and streamline
its regulations, the FDIC rescinds and
removes § 391.20.
C. FDIC’s Existing 12 CFR Section
334.83 and Former OTS’s 12 CFR
Section 571.83 (transferred to FDIC’s
Part 391, Subpart C, as 12 CFR Section
391.21)
Section 216 of the FACT Act added a
new section 628 to the FCRA that, in
general was designed to protect a
consumer against the risks associated
with the unauthorized access to
information about a consumer contained
in a consumer report, such as fraud and
related crimes including identity theft.13
Specifically, section 216 required each
of the Agencies, including the Federal
Trade Commission (FTC), to adopt a
regulation with respect to the entities
subject to its enforcement authority
‘‘requiring any person that maintains or
otherwise possesses consumer
information, or any compilation of
consumer information, derived from a
consumer report for a business purpose
to properly dispose of any such
information or compilation.’’ 14 The
FDIC, OCC, FRB and OTS jointly
published their rules in the Federal
Register on December 28, 2004.15 The
FDIC and OTS regulations were
identical.16 Neither regulation
contained a scope provision, because
each regulation referred to the
respective agency’s version of the
Interagency Guidelines Establishing
Information Security Standards, which
itself contained a scope provision.17
In 2007, the Agencies jointly issued
rules pursuant to section 114 of the
FACT Act, which dealt with identity
theft ‘‘red flag’’ rules and rules on the
duties of credit card issuers to validate
notifications of changes of address
under certain circumstances,18 as
discussed in more detail below.
Although those regulations were nearly
identical from agency to agency, the
OTS unilaterally amended its disposal
regulation, as part of that rulemaking, to
include a scope provision.19 The OTS
explained that that amendment was
nonsubstantive and technical in nature,
caused by the placement of the address
discrepancy regulation in the same
subpart as the disposal regulation.20 No
other Agency amended its disposal
regulation.
VerDate Sep<11>2014 15:03 Oct 27, 2015 Jkt 238001 PO 00000 Frm 00034 Fmt 4700 Sfmt 4700 E:\FR\FM\28OCR1.SGM 28OCR1
Lhorne on DSK5TPTVN1PROD with RULES
4 76 FR 47652 (Aug. 5, 2011).
5 15 U.S.C. 1681a, et seq.
6 The Dodd-Frank Act transferred the rule-writing
authority of several parts of the ‘‘Fair Credit
Reporting’’ regulations contained in parts 334 and
571, as well as the regulations of the OCC, FRB, and
National Credit Union Administration (‘‘NCUA’’),
to the newly created CFPB. See sections 1061 and
1088, codified at 12 U.S.C. 5581, 15 U.S.C. 1681 et
seq. When the OTS regulations for state savings
associations were transferred to part 391, only those
portions of the regulation that were retained by the
FDIC were included.
7 70 FR 70664 (Nov. 22, 2005).
8 Public Law 108–159, 117 Stat. 1952, 1999–2002
(2003).
9 15 U.S.C. 1681b.
10 70 FR at 70664.
11 12 CFR 571.2.
12 12 CFR 334.2.
13 Public Law 108–159, 117 Stat. at 1985–86; 15
U.S.C. 1681w.
14 Id.
15 69 FR 77610 (Dec. 28, 2004).
16 12 CFR 334.83, 571.83 (2004).
17 Id. (both regulations stated, in relevant part,
‘‘You must properly dispose of any consumer
information that you maintain or otherwise possess
in accordance with the Interagency Guidelines
Establishing Information Security Standards . . . to
the extent the Guidelines are applicable to you.’’).
Both the FDIC’s and the OTS’s Interagency
Guidelines were placed in the Safety and
Soundness regulations, parts 364 and 570,
respectively.
18 72 FR 63718 (Nov. 9, 2007). That rulemaking
also included rules issued pursuant to section 315
of the FACT Act, which required the Agencies to
issue joint regulations that provide guidance
regarding reasonable policies and procedures that a
user of a consumer report should employ when the
user receives a notice of an address discrepancy.
The rule-writing authority for that rule was given
to the CFPB in the Dodd-Frank Act.
19 See 12 CFR 571.83(a) (2007).
20 72 FR at 63739.
rescind regulations involving such
associations, as well as for State
nonmember banks and insured branches
of foreign banks.
As noted, on June 14, 2011, pursuant
to this authority, the FDIC’s Board of
Directors reissued and redesignated
certain transferring regulations of the
former OTS. These transferred OTS
regulations were published as new FDIC
regulations in the Federal Register on
August 5, 2011.4 When it republished
the transferred OTS regulations as new
FDIC regulations, the FDIC specifically
noted that its staff would evaluate the
transferred OTS rules and might later
recommend incorporating the
transferred OTS regulations into other
FDIC rules, amending them, or
rescinding them, as appropriate.
One of the OTS rules transferred to
the FDIC governed OTS oversight of the
Fair Credit Reporting regulations, which
implemented the Fair Credit Reporting
Act (FCRA),5 in the context of State
savings associations. The OTS rule,
formerly found at 12 CFR part 571, was
transferred to the FDIC 6 and was moved
to the FDIC’s rules at part 391, subpart
C, entitled ‘‘Fair Credit Reporting.’’
Before the transfer of the OTS rules and
continuing today, the FDIC’s rules
contained part 334, also entitled ‘‘Fair
Credit Reporting,’’ a rule governing
FDIC regulation with respect to IDIs for
which the FDIC has been designated the
appropriate Federal banking agency.
After careful review and comparison of
part 391, subpart C and part 334, the
FDIC rescinds part 391, subpart C,
because, as discussed below, it is
substantively redundant to existing part
334 and simultaneously makes technical
conforming edits to our existing rule.
B. FDIC’s Existing 12 CFR Section 334.2
and Former OTS’s 12 CFR Section 571.2
(transferred to FDIC’s Part 391, Subpart
C, as 12 CFR Section 391.20)
On November 22, 2005, the FDIC,
OTS, OCC, FRB and NCUA (‘‘the
Agencies’’) jointly published rules in
the Federal Register 7 to implement
section 411 of the Fair and Accurate
Credit Transactions Act of 2003 (FACT
Act),8 which amended section 604 of
the FCRA.9 Section 411 of the FACT Act
generally limited the ability of creditors
to obtain and use medical information
in connection with credit eligibility
determinations and the ability of
consumer reporting agencies to disclose
medical information, as well as
restricting the sharing of medical
information and other medically related
information with affiliates.10 That
section required the Agencies to issue
regulations on several aspects related to
the medical privacy amendment.
Although Dodd-Frank Act transferred
the 2005 medical privacy regulations to
the CFPB, as discussed below, the
Agencies issued a regulation in the
‘‘General Provisions’’ portion of the Fair
Credit Reporting regulations that
remains in effect in the Agencies’
regulations today.
That regulation related to ‘‘examples’’
issued in any regulation in the Fair
Credit Reporting part. The OTS
regulation, stated: ‘‘The examples in this
part are not exclusive. Compliance with
an example, to the extent applicable,
constitutes compliance with this part.
Examples in a paragraph illustrate only
the issue described in the paragraph and
do not illustrate any other issue that
may arise in this part.’’ 11 The
concurrently issued FDIC regulation
contains identical language.12
The OTS regulation issued at § 391.20
was amended slightly because it was
placed in a subpart of part 391: the word
‘‘part’’ was replace by ‘‘subpart.’’
Nevertheless, the portion of the OTS
regulation that applied to State savings
associations and their subsidiaries,
originally codified at 12 CFR part 571
and subsequently transferred to FDIC’s
part 391, subpart C, is substantively
similar to the current FDIC regulations
codified at 12 CFR part 334. Therefore,
to eliminate redundancy and streamline
its regulations, the FDIC rescinds and
removes § 391.20.
C. FDIC’s Existing 12 CFR Section
334.83 and Former OTS’s 12 CFR
Section 571.83 (transferred to FDIC’s
Part 391, Subpart C, as 12 CFR Section
391.21)
Section 216 of the FACT Act added a
new section 628 to the FCRA that, in
general was designed to protect a
consumer against the risks associated
with the unauthorized access to
information about a consumer contained
in a consumer report, such as fraud and
related crimes including identity theft.13
Specifically, section 216 required each
of the Agencies, including the Federal
Trade Commission (FTC), to adopt a
regulation with respect to the entities
subject to its enforcement authority
‘‘requiring any person that maintains or
otherwise possesses consumer
information, or any compilation of
consumer information, derived from a
consumer report for a business purpose
to properly dispose of any such
information or compilation.’’ 14 The
FDIC, OCC, FRB and OTS jointly
published their rules in the Federal
Register on December 28, 2004.15 The
FDIC and OTS regulations were
identical.16 Neither regulation
contained a scope provision, because
each regulation referred to the
respective agency’s version of the
Interagency Guidelines Establishing
Information Security Standards, which
itself contained a scope provision.17
In 2007, the Agencies jointly issued
rules pursuant to section 114 of the
FACT Act, which dealt with identity
theft ‘‘red flag’’ rules and rules on the
duties of credit card issuers to validate
notifications of changes of address
under certain circumstances,18 as
discussed in more detail below.
Although those regulations were nearly
identical from agency to agency, the
OTS unilaterally amended its disposal
regulation, as part of that rulemaking, to
include a scope provision.19 The OTS
explained that that amendment was
nonsubstantive and technical in nature,
caused by the placement of the address
discrepancy regulation in the same
subpart as the disposal regulation.20 No
other Agency amended its disposal
regulation.
VerDate Sep<11>2014 15:03 Oct 27, 2015 Jkt 238001 PO 00000 Frm 00034 Fmt 4700 Sfmt 4700 E:\FR\FM\28OCR1.SGM 28OCR1
Lhorne on DSK5TPTVN1PROD with RULES