Identity Theft Red Flags Interagency Final Regulation and Guidelines
FIL-100-2007 November 15, 2007
The FDIC, along with the other federal financial institution regulatory agencies and the Federal Trade Commission, has issued the attached final rule and guidelines on identity theft "red flags" and address discrepancies. The rule requires that financial institutions and creditors implement a written identity theft prevention program, that card issuers assess the validity of change of address requests, and that users of consumer reports reasonably verify the identity of the subject of a consumer report in the event of a notice of address discrepancy.
The regulation and guidelines implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003.
The regulation requires financial institutions and creditors to implement a written identity theft prevention program.
The regulation requires card issuers to assess the validity of change of address requests before issuing additional or replacement debit or credit cards.
The regulation requires users of consumer reports to reasonably verify the identity of the subject of a consumer report in the event the user receives a notice of address discrepancy from the consumer reporting agency.
The guidelines are intended to assist financial institutions in implementing the regulation.
Supplement A to the guidelines contains a list of 26 "red flags" that financial institutions and creditors may consider incorporating into their identity theft prevention programs.
The regulation and guidelines are effective on January 1, 2008, and mandatory compliance is required by November 1, 2008.
FDIC-Supervised Banks (Commercial and Savings)
Chief Executive Officer
Chief Information Security Officer
FIL-22-2006, Prohibition Against Discrimination in Credit
Transactions, issued March 9, 2006
FIL-27-2005, Guidance on Response Programs for
Unauthorized Access to Customer Information and
Customer Notice, issued April 1, 2005
FIL-7-2005, Guidelines Requiring the Proper Disposal of
Consumer Information, issued February 2, 2005
FIL-22-2001, Guidelines Establishing Standards for
Safeguarding Customer Information, issued March 14,