SUPPORTING STATEMENT
ID Theft Red Flags
JUSTIFICATION
Circumstances that make the collection necessary
The FDIC is requesting OMB approval to extend for three years the expiration date of information collection 3064‑0152, "ID Theft red Flags.” The collection expires on September 30, 2009. The regulation containing this information collection requirement is 12 CFR Part 334, which implements sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), Pub. L. No. 108-159 (2003).
FACT Act Section 114: Section 114 requires the Agencies to jointly propose guidelines for financial institutions and creditors identifying patterns, practices, and specific forms of activity that indicate the possible existence of identity theft. In addition, each financial institution and creditor is required to establish reasonable policies and procedures to address the risk of identity theft that incorporate the guidelines. Credit card and debit card issuers must develop policies and procedures to assess the validity of a request for a change of address under certain circumstances.
The information collections pursuant to section 114 require each financial institution and creditor to create an Identify Theft Prevention Program and report to the board of directors, a committee thereof, or senior management at least annually on compliance with the proposed regulations. In addition, staff must be trained to carry out the program. Each credit and debit card issuer is required to establish policies and procedures to assess the validity of a change of address request. The card issuer must notify the cardholder or use another means to assess the validity of the change of address.
FACT Act Section 315: Section 315 requires the Agencies to issue regulations providing guidance regarding reasonable policies and procedures that a user of consumer reports must employ when such a user receives a notice of address discrepancy from a consumer reporting agencies. Part 334 provides such guidance. Each user of consumer reports must develop reasonable policies and procedures that it will follow when it receives a notice of address discrepancy from a consumer reporting agency. A user of consumer reports must furnish an address that the user has reasonably confirmed to be accurate to the consumer reporting agency from which it receives a notice of address discrepancy.
The Agencies believe that the entities covered by the proposed regulation are already furnishing addresses that they have reasonably confirmed to be accurate to consumer reporting agencies from which they receive a notice of address discrepancy as a usual and customary business practice. Therefore, this requirement is not included in the burden estimates set out below.
Use of the Information Collected
The information collection is used to identify patterns, practices, and specific forms of activity that indicate the possible existence of identity theft. The policies and procedures address the risk of identity theft and assess the validity of requests for changes of address under certain circumstances.
Consideration of the use of improved information technology
Respondents may use any technology they wish to comply with this collection.
Efforts to identify duplication
There is no duplication.
Methods used to minimize burden if the collection has a significant impact on a substantial number of small entities
This information collection does not have a significant impact on a substantial number of small entities.
Consequences to the Federal program if the collection were conducted less frequently
The FDIC believes that less frequent collection (a less stringent disclosure standard) would result in unacceptable harm to bank customers.
Special circumstances necessitating collection inconsistent with 5 CFR part 1320
No special circumstances exist.
Consultation with persons outside the agency
Payment to respondents
Not applicable.
Confidentiality
Banks treat these disclosure requirements with the same degree of confidentiality as other disclosures of sensitive customer information.
Information of a Sensitive Nature
None.
Burden estimate
Updating program: 8 hours
Preparing annual report: 4 hours
Training: 4 hours
Total estimated time per response: 16 hours
Total estimated annual burden: 5,260 respondents x 16 hours = 84,160 hours
Estimate of annualized costs to respondents
Not applicable.
Estimate of annualized costs to the government
Not applicable.
Analysis of change in burden
FDIC believes that sufficient time has elapsed for the development and deployment of the required Identity Theft Prevention Programs and the reasonable policies and procedures to be used when a notice of address discrepancy is received from a consumer reporting agency. Accordingly FDIC has re-estimated downward the burden hours associated with such requirements.
Information regarding collections whose results are planned to be published for statistical use
The results of these collections will not be published for statistical use.
17. Display of expiration date
Not applicable.
18. Exceptions to certification statement
None.
STATISTICAL METHODS
Not applicable.
Sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), Pub. L. No. 108-159 (2003).
2. “First” Federal Register Notice; “Second” Federal register Notice.
| File Type | application/msword |
| File Title | PAPERWORK REDUCTION ACT SUBMISSION |
| Author | FDIC |
| Last Modified By | hmessite |
| File Modified | 2009-07-15 |
| File Created | 2009-07-14 |