Questions Accepted, but Compliance Required: FAQs Regarding Red Flags and Address Discrepancies
Promulgated under Sections 114 and 315 of the Fair and Accurate Credit Transactions Act (“FACTA”), the rules on Identity Theft Red Flags and Address Discrepancies have caused widespread confusion as to their coverage, application, and compliance requirements. In a coordinated response to this confusion, the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision (each, a “Federal Banking Agency”), and the Federal Trade Commission (“FTC”) recently developed a set of frequently asked questions (“FAQs") to assist those that extend credit on covered accounts.
The FAQs, 37 of them in all, cover the following range of topics:
- Red Flags Rule Scope
- Definitions
- Establishment of an Identity Theft Prevention Program (“Program”)
- Program Elements
- Program Administration
- Red Flags Examples
- Change of Address Validation
- Address Discrepancies Rule Scope
- Establishing a Reasonable Belief
- Furnishing Information to a Consumer Reporting Agency
For financial institutions regulated by a federal banking agency, the Identity Theft Red Flags and Address Discrepancies under FACTA went into effect on November 1, 2008. For all other consumer creditors, the FTC has delayed the effective date, first to May 1, 2009 and now to August 1, 2009. Please see the FTC’s Red Flags website for further information on the rules and for information and guidance for low-risk businesses on the development and implementation of a complying Program.
