This PDF is the current document as it appeared on Public Inspection on 05/24/2012 at 08:45 am.
Notice and request for comment.
The OCC, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to take this opportunity to comment on a continuing information collection, as required by the Paperwork Reduction Act of 1995. An agency may not conduct or sponsor, and a respondent is not required to respond to, an information collection unless it displays a currently valid OMB control number. The OCC is soliciting comment concerning its information collection titled, “Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003.”
Comments must be received by July 24, 2012.
Communications Division, Office of the Comptroller of the Currency, Mailstop 2-3, Attention: 1557-0237, 250 E Street SW., Washington, DC 20219. In addition, comments may be sent by fax to (202) 874-5274 or by electronic mail to email@example.com. You may personally inspect and photocopy comments at the OCC, 250 E Street SW., Washington, DC 20219. For security reasons, the OCC requires that visitors make an appointment to inspect comments. You may do so by calling (202) 874-4700. Upon arrival, visitors will be required to present valid government-issued photo identification and to submit to security screening in order to inspect and photocopy comments.
Additionally, please send a copy of your comments by mail to: OCC Desk Officer, 1557-0237, U.S. Office of Management and Budget, 725 17th Street NW., #10235, Washington, DC 20503, or by fax to (202) 395-6974.
FOR FURTHER INFORMATION CONTACT:
You can request additional information or a copy of the collection from Mary H. Gottlieb, (202) 874-5090, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 250 E Street SW., Washington, DC 20219.
There have been no changes to the requirements of the regulations; however, a portion of the regulations have been transferred to the Bureau of Consumer Financial Protection (CFPB) pursuant to title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act, Public Law 111-203, 124 Stat. 1955, July 21, 2010 (Dodd-Frank Act), and republished as CFPB regulations (76 FR 79308 (December 21, 2011)). The transferred regulations, which relate to address discrepancies, were found at 12 CFR 41.82, and have now been moved to 12 CFR 1022.82. The burden estimates for this portion of the collection have been revised to remove the burden attributable to OCC-regulated institutions with over $10 billion in total assets, now carried by CFPB pursuant to section 1025 of the Dodd-Frank Act. The OCC retains enforcement authority for its institutions with total assets of $10 billion or less.
Title: Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003.
OMB Control No.: 1557-0237.
Description: Section 114 of the FACT Act amended section 615 of the Fair Credit Reporting Act (FCRA) to require the Agencies  to issue jointly:
- Guidelines for financial institutions and creditors regarding identity theft with respect to their account holders and customers. In developing the guidelines, the Agencies were required to identify patterns, practices, and specific forms of activity that indicate the possible existence of identity theft. The guidelines must be updated as often as necessary, and cannot be inconsistent with the policies and procedures required under section 326 of the USA PATRIOT Act, 31 U.S.C. 5318(l).
- Regulations requiring each financial institution and each creditor to establish reasonable policies and procedures for implementing the guidelines to identify possible risks to account holders or customers or to the safety and soundness of the institution or creditor.
- Regulations generally requiring credit and debit card issuers to assess the validity of change of address requests under certain circumstances.
Section 315 of the FACT Act amended section 605 of the FCRA to require the Agencies to issue regulations  providing guidance regarding reasonable policies and procedures that a user of consumer reports must employ when a user receives a notice of address discrepancy from a consumer reporting agency (CRA). These regulations were required to describe reasonable policies and procedures for users of consumer reports to:
- Enable a user to form a reasonable belief that it knows the identity of the person for whom it has obtained a consumer report, and
- Reconcile the address of the consumer with the CRA, if the user establishes a continuing relationship with the consumer and regularly and in the ordinary course of business furnishes information to the CRA.
As required by section 114 of the FACT Act, appendix J to 12 CFR part 41 contains guidelines for financial institutions and creditors to use in identifying patterns, practices, and specific forms of activity that indicate the possible existence of identity theft. In addition, 12 CFR 41.90 requires each financial institution or creditor that is a national bank, Federal branch or agency of a foreign bank, and any of their operating subsidiaries that are not functionally regulated (bank), to establish reasonable policies and procedures to address the risk of identity theft that incorporate the guidelines. Pursuant to § 41.91, credit card and debit card issuers must implement reasonable policies and procedures to assess the validity of a request for a change of address under certain circumstances.
Section 41.90 requires each OCC regulated financial institution or creditor that offers or maintains one or more covered accounts to develop and implement a written Identity Theft Prevention Program (Program). In developing the Program, financial institutions and creditors are required to consider the guidelines in appendix J and include those that are appropriate. The initial Program must be approved by the board of directors or an appropriate committee thereof. The board, an appropriate committee thereof, or a designated employee at the level of senior management must be involved in the oversight of the Program. In addition, staff members must be trained to carry out the Program. Pursuant to § 41.91, each credit and debit card issuer is required to establish and implement policies and procedures to assess the validity of a change of address request under certain circumstances. Before issuing an additional or replacement card, the card issuer must notify the cardholder or use another means to assess the validity of the change of address.
As required by section 315 of the FACT Act, § 1022.82 requires users of consumer reports to have reasonable policies and procedures that must be followed when a user receives a notice of address discrepancy from a credit reporting agency (CRA).
Section 1022.82 requires each user of consumer reports to develop and implement reasonable policies and procedures designed to enable the user to form a reasonable belief that a consumer report relates to the consumer about whom it requested the report when it receives a notice of address discrepancy from a CRA. A user of consumer reports also must develop and implement reasonable policies and procedures for furnishing an address for the consumer that the user has reasonably confirmed to be accurate to the CRA from which it receives a notice of address discrepancy when the user can: (1) Form a reasonable belief that the consumer report relates to the consumer about whom the user has requested the report; (2) establish a continuing relationship with the consumer and; (3) establish that it regularly and in the ordinary course of business furnishes information to the CRA from which it received the notice of address discrepancy.
Type of Review: Extension of a currently approved collection.
Affected Public: Individuals; Businesses or other for-profit.
Estimated Number of Respondents: 2,010.
Estimated Total Annual Burden: 223,860 hours.
Comments submitted in response to this notice will be summarized, included in the request for OMB approval, and become a matter of public record. Comments are invited on:
(a) Whether the collection of information is necessary for the proper performance of the functions of the OCC, including whether the information has practical utility;
(b) The accuracy of the OCC's estimate of the burden of the collection of information;
(c) Ways to enhance the quality, utility, and clarity of the information to be collected;
(d) Ways to minimize the burden of the collection on respondents, including through the use of automated collection techniques or other forms of information technology; and
(e) Estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information.
Dated: May 21, 2012.
Assistant Director, Legislative and Regulatory Activities Division.
1. Section 114 required regulations to be issued jointly by the Federal banking agencies, the National Credit Union Administration and the Federal Trade Commission. Therefore, for purposes of this filing, “Agencies” refers to these entities. It is important to note that Section 1088(a)(8) of the Dodd-Frank Act further amended section 615 of FCRA to also require the Securities and Exchange Commission and the Commodity Futures Trading Commission to issue Red Flags Rules.Back to Citation
2. As noted above, these regulations have been transferred to the CFPB.Back to Citation
[FR Doc. 2012-12757 Filed 5-24-12; 8:45 am]
BILLING CODE 4810-33-P