Federal Agencies Propose ’Red Flags’ for Identity Theft Prevention

Agencies issue proposed rule on identity theft 'red flags.'

In response to growing concerns over identity theft, on July 18, several federal agencies -- including the Federal Reserve, the Federal Deposit Insurance Corp., the Office of the Comptroller of the Currency, the Office of Thrift Supervision, the National Credit Union Association and the Federal Trade Commission -- proposed a rule that would require financial institutions and creditors to implement identity theft prevention programs. The proposal states that programs should include policies and procedures for detecting, preventing and mitigating identity theft in connection with account openings and existing accounts.

Further, the proposed regulations include guidelines listing patterns, practices and specific forms of activity that should raise a "red flag" signaling a possible risk of identity theft, according to a release from the agencies. The regulations would require that an identity theft prevention program include policies and procedures for detecting any red flag relevant to a financial institution's operations and implementing a mitigation strategy appropriate for the level of risk.

Banking advocates, however, find fault with the proposed rules. "Our concern is primarily the compliance burden," says Nessa Feddis, senior federal council at the American Bankers Association (ABA; Washington, D.C.). The Notice of Proposed Rulemaking (NPRM) lists numerous potential red flags, some of which aren't appropriate or effective for some institutions, she explains, adding that there should be a lot of flexibility in developing and crafting an ID theft prevention program.

Strong Comments

While the ABA plans to submit comments on the NPRM urging the agencies to consider less-rigid requirements, according to Feddis, as of press time, only two comments had been submitted to the FDIC in response to the NPRM. "It is definitely apparent that identity theft is a growing problem," wrote Tim Cooper, EVP for Spearman, Texas-based First State Bank ($75 million in assets) in his comment letter. "However, banks should not be placed in the position of policing this problem and definitely not regulated to do so."

"It's always hard requesting formal plans from financial institutions because things vary so much from institution to institution," says Ariana-Michele Moore, senior analyst in Celent's (Boston) banking group. Moore contends that the proposed rules could delay the approval process and affect customers' access to credit. * --Nancy Feig

Identity Theft

Raise That Flag

The federal agencies' Notice of Proposed Rulemaking lists 31 red flags in connection with an account application or an existing account, including:

A notice of address discrepancy is provided by consumer reporting agency.,

The photograph or physical description on the identification is not consistent with the appearance of the applicant or customer presenting the ID.,

An account that has been inactive for a reasonably lengthy period of time is used. ,

The financial institution or creditor is notified that the customer is not receiving account statements.,

An employee has accessed or downloaded an unusually large number of customer account records.,