Federal Agencies Issue Final Rules On Fighting Identity Theft
Several federal regulatory agencies have adopted final rules requiring financial institutions and other creditors to adopt policies aimed at fighting identity theft. The rules require the adoption of an Identity Theft Prevention Program, and took effect January 1, 2008, although covered financial institutions and other creditors have until November 1, 2008 to comply.
The final rules implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA), and apply to "each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft." The Program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft and enable a financial institution or creditor to:
- identify relevant patterns, practices, and specific forms of activity that are "red flags" signaling possible identity theft and incorporate those red flags into the Program;
- detect red flags that have been incorporated into the Program;
- respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
- ensure the program is updated periodically to reflect changes in risks from identity theft.
The federal agencies also are issuing guidelines for financial institutions and creditors to facilitate the formulation and maintenance of a Program that satisfies the requirements of the rules.
In addition, the rules require credit and debit card issuers to "assess the validity of notifications of changes of address under certain circumstances." For example, if a request for a change of address is followed closely by a request for an additional or a replacement card on the same account, the card issuer may not honor the request and issue the new card unless the issuer assesses the validity of the change of address request, using one of the methods specified in the rules.
The requirements for Identity Theft Prevention Programs will be subject to a great deal of interpretation, and will also be governed to a large extent by the federal regulatory guidelines, when issued. Sheppard Mullin has a great deal of experience in interpreting these types of requirements, and can also assist clients in preparing their Programs.
Authored by:
(213) 617-5536
and
(213) 617-5464
In communicating with us through this blog, you should not provide any confidential information to us concerning any potential or actual legal matter you may have. Before providing any such information to us, you must obtain approval to do so from one of our lawyers.
By choosing to communicate with us without such prior approval, you understand and agree that Sheppard Mullin will have no duty to keep confidential any information you provide.