WASHINGTON (10/14/08)—Federal credit union, bank and thrift regulators have approved the examination procedures required to determine a financial institution’s compliance with rules regarding identity theft “red flags” (12 CFR 222.90) and other regulations under the Fair Credit Reporting Act (FCRA). The other FCRA regulations addressed by the Federal Financial Institutions Examination Council’s (FFIEC) Task Force on Consumer Compliance address the following areas:
* Duties of users regarding address discrepancies (12 CFR 222.82); and * Duties of card issuers regarding changes of address (12 CFR 222.91).
The FFIEC is comprised of representatives of the National Credit Union Administration, the Federal Reserve Board, Office of the Comptroller of the Currency, Federal Deposits Insurance Corp., and Office of Thrift Supervision. The FFIEC release announcing examination procedures also reviewed the requirements of the attendant regulations”
* The “red flags” rule requires an institution must to develop and implement a written identity theft prevention program designed to detect, prevent, and mitigate identity theft in connection with any new or existing “covered account.” A covered account generally is a consumer account or any other account the institution determines carries a foreseeable risk of identity theft. * The address discrepancy rule, in part, requires a user of consumer reports to develop reasonable policies and procedures to confirm that the report relates to the consumer whose report was requested when there is an address discrepancy. * The card issuer rule requires credit and debit card issuers to develop reasonable policies and procedures to assess the validity of a change of address that is followed closely by a request for an additional or replacement card. In such situations, the card issuer must not issue an additional or replacement card until it assesses the validity of the change of address in accordance with its policies and procedures.
Examiners are asked to include an evaluation of a financial institution’s compliance with these provisions during the next regularly scheduled examination or supervisory cycle after the mandatory compliance date of November 1, 2008. Use the resource links below to access information about exam procedures and CUNA resources on the red flags rule.