Scope. This section applies to financial institutions and creditors that are subject to administrative enforcement of the FCRA by the Federal Trade Commission pursuant to 15 U.S.C. 1681s(a)(1).
Definitions. For purposes of this section, and Appendix A, the following definitions apply:
Account means a continuing relationship established by a person with a financial institution or creditor to obtain a product or service for personal, family, household or business purposes. Account includes:
An extension of credit, such as the purchase of property or services involving a deferred payment; and
A deposit account.
The term board of directors includes:
In the case of a branch or agency of a foreign bank, the managing official in charge of the branch or agency; and
In the case of any other creditor that does not have a board of directors, a designated employee at the level of senior management.
Covered account means:
An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account; and
Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.
Credit has the same meaning as in 15 U.S.C. 1681a(r)(5).
Creditor has the same meaning as in 15 U.S.C. 1681m(e)(4).
Customer means a person that has a covered account with a financial institution or creditor.
Financial institution has the same meaning as in 15 U.S.C. 1681a(t).
Identity theft has the same meaning as in 16 CFR 603.2(a).
Red Flag means a pattern, practice, or specific activity that indicates the possible existence of identity theft.
Service provider means a person that provides a service directly to the financial institution or creditor.
Periodic Identification of Covered Accounts. Each financial institution or creditor must periodically determine whether it offers or maintains covered accounts. As a part of this determination, a financial institution or creditor must conduct a risk assessment to determine whether it offers or maintains covered accounts described in paragraph (b)(3)(ii) of this section, taking into consideration:
The methods it provides to open its accounts;
The methods it provides to access its accounts; and
Its previous experiences with identity theft.
Establishment of an Identity Theft Prevention Program—(1) Program requirement. Each financial institution or creditor that offers or maintains one or more covered accounts must develop and implement a written Identity Theft Prevention Program (Program) that is designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. The Program must be appropriate to the size and complexity of the financial institution or creditor and the nature and scope of its activities.
Elements of the Program. The Program must include reasonable policies and procedures to:
Identify relevant Red Flags for the covered accounts that the financial institution or creditor offers or maintains, and incorporate those Red Flags into its Program;
Detect Red Flags that have been incorporated into the Program of the financial institution or creditor;
Respond appropriately to any Red Flags that are detected pursuant to paragraph (d)(2)(ii) of this section to prevent and mitigate identity theft; and
Ensure the Program (including the Red Flags determined to be relevant) is updated periodically, to reflect changes in risks to customers and to the safety and soundness of the financial institution or creditor from identity theft.
Administration of the Program. Each financial institution or creditor that is required to implement a Program must provide for the continued administration of the Program and must:
Obtain approval of the initial written Program from either its board of directors or an appropriate committee of the board of directors;
Involve the board of directors, an appropriate committee thereof, or a designated employee at the level of senior management in the oversight, development, implementation and administration of the Program;
Train staff, as necessary, to effectively implement the Program; and
Exercise appropriate and effective oversight of service provider arrangements.
Guidelines. Each financial institution or creditor that is required to implement a Program must consider the guidelines in appendix A of this part and include in its Program those guidelines that are appropriate.
Copyright ©2024 LegalFix. All rights reserved. LegalFix is not a law firm, is not licensed to practice law, and does not provide legal advice, services, or representation. The information on this website is an overview of the legal plans you can purchase—or that may be provided by your employer as an employee benefit or by your credit union or other membership group as a membership benefit.
LegalFix provides its members with easy access to affordable legal services through a network of independent law firms. LegalFix, its corporate entity, and its officers, directors, employees, agents, and contractors do not provide legal advice, services, or representation—directly or indirectly.
The articles and information on the site are not legal advice and should not be relied upon—they are for information purposes only. You should become a LegalFix member to get legal services from one of our network law firms.
You should not disclose confidential or potentially incriminating information to LegalFix—you should only communicate such information to your network law firm.
The benefits and legal services described in the LegalFix legal plans are not always available in all states or with all plans. See the legal plan Benefit Overview and the more comprehensive legal plan contract during checkout for coverage details in your state.
Use of this website, the purchase of legal plans, and access to the LegalFix networks of law firms are subject to the LegalFix Terms of Service and Privacy Policy.