The Federal Trade Commission and the federal financial institution regulatory agencies have sent to the Federal Register for publication final rules on identity theft “red flags,” one of two rules yet to be implemented under the Fair and Accurate Credit Transaction Act of 2003.
The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program (Program) for combating identity theft in connection with new and existing accounts.
The agencies also issued guidelines to assist financial institutions and creditors in developing and implementing a Program, including a supplement that provides examples of red flags.
The final rules also require credit and debit card issuers to develop policies and procedures to assess the validity of a request for a change of address that is followed closely by a request for an additional or replacement card. In addition, the final rules require users of consumer reports to develop reasonable policies and procedures to apply when they receive a notice of address discrepancy from a consumer reporting agency.
The final rulemaking is issued by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Federal Trade Commission, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision. The final rules are effective on Jan. 1, 2008. Covered financial institutions and creditors must comply with the rules by Nov. 1, 2008.