The Federal Reserve has released SR 08-7/CA 08-10. This letter establishes the Federal Reserve's expectations for Federal Reserve-supervised financial institutions and examination staff with respect to the final rules and guidelines regarding identity theft red flags and other regulations under the Fair Credit Reporting Act (FCRA).
The Federal Financial Institutions Examination Council's Task Force on Consumer Compliance recently approved examination procedures for regulations implementing three provisions of the FCRA, as amended by the Fair and Accurate Credit Transactions Act.
The three provisions address:
- Duties of users regarding address discrepancies (12 CFR 222.82) (address discrepancy rule)
- Duties regarding the detection, prevention, and mitigation of identity theft (12 CFR 222.90) (identity theft red flags rule)
- Duties of card issuers regarding changes of address (12 CFR 222.91) (card issuer rule)
Safety-and-soundness examiners with experience in operational risk will review institutions for compliance with the identity theft red flags rule. Consumer compliance examiners will review institutions for compliance with the address discrepancy and card issuer rules. Examiners should include an evaluation of a financial institution's compliance with these provisions during the next regularly scheduled examination or supervisory cycle after the mandatory compliance date of November 1, 2008.
After an initial evaluation, subsequent examinations should be risk-focused in scoping future reviews of these provisions. Financial institutions are expected to be in compliance with these rules by the mandatory compliance date.
See the SR/CA letter for full details.