90 FR 84 pgs. 18891-18893 - Agency Information Collection Activities: Information Collection Renewal; Comment Request; Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003
Type: NOTICEVolume: 90Number: 84Pages: 18891 - 18893
Pages: 18891, 18892, 18893FR document: [FR Doc. 2025-07642 Filed 5-1-25; 8:45 am]
Agency: Treasury Department
Sub Agency: Customs Service
Official PDF Version: PDF Version
[top]
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
Agency Information Collection Activities: Information Collection Renewal; Comment Request; Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003
AGENCY:
Office of the Comptroller of the Currency, Treasury (OCC).
ACTION:
Notice and request for comment.
SUMMARY:
The OCC, as part of its continuing effort to reduce paperwork and respondent burden, invites comment on a continuing information collection, as required by the Paperwork Reduction Act of 1995 (PRA). In accordance with the requirements of the PRA, the OCC may not conduct or sponsor, and respondents are not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. The OCC is soliciting comment concerning the renewal of its information collection titled, "Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003."
DATES:
Comments must be received by July 1, 2025.
ADDRESSES:
Commenters are encouraged to submit comments by email, if possible. You may submit comments by any of the following methods:
• Email: prainfo@occ.treas.gov.
• Mail: Chief Counsel's Office, Attention: Comment Processing, Office of the Comptroller of the Currency, Attention: 1557-0237, 400 7th Street SW, Suite 3E-218, Washington, DC 20219.
• Hand Delivery/Courier: 400 7th Street SW, Suite 3E-218, Washington, DC 20219.
• Fax: (571) 293-4835.
Instructions: You must include "OCC" as the agency name and "1557-0237" in your comment. In general, the OCC will publish comments on www.reginfo.gov without change, including any business or personal information provided, such as name and address information, email addresses, or phone numbers. Comments received, including attachments and other supporting materials, are part of the public record and subject to public disclosure. Do not include any information in your comment or supporting materials that you consider confidential or inappropriate for public disclosure.
Following the close of this notice's 60-day comment period, the OCC will publish a second notice with a 30-day comment period. You may review comments and other related materials that pertain to this information collection beginning on the date of publication of the second notice for this collection by the method set forth in the next bullet.
• Viewing Comments Electronically: Go to www.reginfo.gov. Hover over the "Information Collection Review" tab and click on "Information Collection Review" from the drop-down menu. From the "Currently under Review" drop-down menu, select "Department of Treasury" and then click "submit." This information collection can be located by searching by OMB control number "1557-0237" or "Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003." Upon finding the appropriate information collection, click on the related "ICR Reference Number." On the next screen, select "View Supporting Statement and Other Documents" and then click on the link to any comment listed at the bottom of the screen.
• For assistance in navigating www.reginfo.gov, please contact the Regulatory Information Service Center at (202) 482-7340.
FOR FURTHER INFORMATION CONTACT:
Shaquita Merritt, Clearance Officer, (202) 649-5490, Chief Counsel's Office, Office of the Comptroller of the Currency, 400 7th Street SW, Washington, DC 20219. If you are deaf, hard of hearing, or have a speech disability, please dial 7-1-1 to access telecommunications relay services.
SUPPLEMENTARY INFORMATION:
[top] Under the PRA (44 U.S.C. 3501 et seq. ), Federal agencies must obtain approval from the OMB for each collection of information that they conduct or sponsor. "Collection of information" is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3(c) to include agency requests or requirements that members of the public submit reports, keep records, or provide information to a third party. Section 3506(c)(2)(A) of title 44 generally requires Federal agencies to provide a 60-day notice in the Federal Register concerning each proposed collection of information, including each proposed extension of an existing collection of information, before submitting the collection to OMB for approval. To comply with this requirement, the OCC is publishing notice of the renewal/revision of this collection.
Title: Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003.
OMB Control No.: 1557-0237.
Description: Section 114 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act)? 1 amended section 615 of the Fair Credit Reporting Act (FCRA)? 2 to require the Agencies? 3 to jointly issue:
Footnotes:
1 ?15 U.S.C. 1681m(e).
2 ?15 U.S.C. 1681m.
3 ?Section 114 required the guidelines and regulations to be issued jointly by the Federal banking agencies (OCC, Board of Governors of the Federal Reserve System, and Federal Deposit Insurance Corporation), the National Credit Union Administration, and the Federal Trade Commission. Therefore, for purposes of this filing, "Agencies" refers to these entities. Section 1088(a)(8) of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) further amended section 615 of FCRA to also require the Securities and Exchange Commission and the Commodity Futures Trading Commission to issue Red Flags guidelines and regulations.
• Guidelines for financial institutions and creditors regarding identity theft with respect to their account holders and customers. (In developing the guidelines, the Agencies are required to identify patterns, practices, and specific forms of activity that indicate the possible existence of identity theft. The guidelines must be updated as often as necessary and cannot be inconsistent with the policies and procedures required under section 326 of the USA PATRIOT Act, (31 U.S.C. 5318(l));
• Regulations that require each financial institution and each creditor to establish reasonable policies and procedures for implementing the guidelines to identify possible risks to account holders or customers or to the safety and soundness of the institution or customers; and
• Regulations generally requiring credit and debit card issuers to assess the validity of change of address requests under certain circumstances.
Section 315 of the FACT Act? 4 also amended section 605 of FCRA to require the Bureau of Consumer Financial Protection (CFPB), in consultation with the Agencies, to issue regulations providing guidance regarding what reasonable policies and procedures a user of consumer reports must have in place and employ when a user receives a notice of address discrepancy from a consumer reporting agency (CRA). These regulations are required to describe reasonable policies and procedures for users of consumer reports to:
Footnotes:
4 ?15 U.S.C. 1681c(h)(2).
• Enable a user to form a reasonable belief that it knows the identity of the person for whom it has obtained a consumer report; and
• Reconcile the address of the consumer with the CRA if the user establishes a continuing relationship with the consumer and regularly and, in the ordinary course of business, furnishes information to the CRA.
As required by section 114 of the FACT Act, appendix J to 12 CFR part 41 contains guidelines for financial institutions and creditors that are national banks, Federal savings associations, Federal branches or agencies of a foreign bank, or any of their operating subsidiaries that are not functionally regulated to use in identifying patterns, practices, and specific forms of activity that may indicate the existence of identity theft. In addition, 12 CFR 41.90 requires each financial institution or creditor that is a national bank, Federal savings association, Federal branch or agency of a foreign bank, and any of their operating subsidiaries that are not functionally regulated, to establish an Identity Theft Prevention Program (Program) designed to detect, prevent, and mitigate identity theft in connection with covered accounts. Pursuant to §?41.91, credit card and debit card issuers that are national banks, Federal savings associations, Federal branches or agencies of a foreign bank, or any of their operating subsidiaries that are not functionally regulated must establish and implement reasonable policies and procedures to assess the validity of a request for a change of address under certain circumstances.
Section 41.90 requires each OCC-regulated financial institution or creditor that offers or maintains one or more covered accounts to develop and implement a Program. In developing a Program, financial institutions and creditors are required to consider the guidelines set forth in appendix J and include in its Program those guidelines that are appropriate. The initial Program must be approved by the institution's board of directors or by an appropriate committee thereof. The board, an appropriate committee thereof, or a designated employee at the level of senior management must be involved in the oversight, development, implementation, and administration of the Program. In addition, staff members must be trained, as necessary, to effectively implement the Program. Pursuant to §?41.91, each credit and debit card issuer is required to establish and implement policies and procedures to assess the validity of a change of address request if it is followed within a short period of time by a request for an additional or replacement card. Before issuing the additional or replacement card, the card issuer must notify the cardholder of the request at the cardholder's former address or by any other means of communication that the card issuer and cardholder have previously agreed to use and provide the cardholder a reasonable means to promptly report incorrect address changes or use another means to assess the validity of the change of address.
As required by section 315 of the FACT Act, 12 CFR 1022.82? 5 requires users of consumer reports to have in place reasonable policies and procedures that must be followed when a user receives a notice of address discrepancy from a CRA.
Footnotes:
5 ?Title X of the Dodd-Frank Act transferred this regulation to the CFPB. The OCC retains enforcement authority for this regulation for institutions with $10 billion or less in total assets.
Section 1022.82 requires each user of consumer reports to develop and implement reasonable policies and procedures designed to enable the user to form a reasonable belief that a consumer report relates to the consumer about whom it requested the report when it receives a notice of address discrepancy from a CRA. A user of consumer reports also must develop and implement reasonable policies and procedures for furnishing a customer address that the user has reasonably confirmed to be accurate to the CRA from which it receives a notice of address discrepancy when the user can: (1) form a reasonable belief that the consumer report relates to the consumer about whom the user has requested the report; (2) establish a continuing relationship with the consumer; and (3) establish that it regularly and in the ordinary course of business furnishes information to the CRA from which it received the notice of address discrepancy.
Type of Review: Regular.
Affected Public: Individuals; Businesses or other for-profit.
Estimated Number of Respondents: 1,172.
Estimated Total Annual Burden: 130,342 hours.
Comments submitted in response to this notice will be summarized and included in the request for OMB approval. All comments will become a matter of public record. Comments are invited on:
(a) Whether the collection of information is necessary for the proper performance of the functions of the OCC, including whether the information shall have practical utility;
[top] (b) The accuracy of the OCC's estimate of the burden of the collection of information;
(c) Ways to enhance the quality, utility, and clarity of the information to be collected;
(d) Ways to minimize the burden of the collection on respondents, including through the use of automated collection techniques or other forms of information technology; and
(e) Estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information.
Patrick T. Tierney,
Assistant Director, Office of the Comptroller of the Currency.
[FR Doc. 2025-07642 Filed 5-1-25; 8:45 am]
BILLING CODE 4810-33-P