Download:
pdf |
pdfSupporting Statement for Information Collection
Identity Theft Red Flags and Address Discrepancies Regulations under the
Fair and Accurate Credit Transactions Act of 2003
16 C.F.R. 681
(OMB Control #: 3084-0137)
The Federal Trade Commission (“FTC” or “Commission”) requests renewed clearance
from the Office of Management and Budget (“OMB”) for the collections of information in the
regulations implementing sections 114 and 315 of the Fair and Accurate Credit Transactions Act
of 2003 (“FACT Act”), Pub. L. No. 108-159 (2003).1 As detailed, below, portions of the FACT
Act amended the Fair Credit Reporting Act of 1970 (“FCRA”), 15 U.S.C. 1681 et seq., to
enhance the ability of consumers to resolve problems caused by identity theft and increase the
accuracy of consumer reports.
1.
Necessity for Collecting and Retaining the Information
FACT Act Section 114
Section 114 of the FACT Act, 15 U.S.C. § 1681m(e), amended section 615 of the FCRA
to require the Commission, among other things, to issue:
q
A regulation requiring each financial institution and creditor to develop and
implement a written Identity Theft Prevention Program (“Program”) to detect,
prevent, and mitigate identity theft in connection with existing accounts or the
opening of new accounts (“Red Flags Rule”); and
q
A regulation generally requiring credit and debit card issuers to assess the validity of
change of address requests (“Card Issuers Rule”).
FACT Act Section 315
Section 315 of the FACT Act, 15 U.S.C. § 1681c(h), amended section 605 of the FCRA
to require the Federal Trade Commission to issue regulations providing guidance regarding
reasonable policies and procedures that a user of consumer reports must employ when a user
receives a notice of address discrepancy from a consumer reporting agency (“CRA”) (“Address
Discrepancies Rule”). This rule must describe reasonable policies and procedures for users of
consumer reports to:
q
1
Enable a user to form a reasonable belief that it knows the identity of the person for
whom it has obtained a consumer report, and
The three regulations – Address Discrepancies Rule (16 C.F.R. 641.1), Red Flags Rule (16 C.F.R. 681.1),
and Card Issuers Rule (16 C.F.R. 681.2) (collectively, “Regulations”) – were issued jointly with Office of the
Comptroller of the Currency (Treasury), the Board of Governors of the Federal Reserve System, the Federal
Deposit Insurance Corporation, the Office of Thrift Supervision (Treasury), and the National Credit Union
Administration (collectively “Agencies”).
�q
2.
Reconcile the address of the consumer with the CRA, if the user establishes a
continuing relationship with the consumer and regularly and in the ordinary course of
business furnishes information to the CRA.
Use of the Information
FACT Act Section 114
As required by section 114, the Red Flags Rule requires each financial institution and
creditor to identify patterns, practices, and specific forms of activity that indicate the possible
existence of identity theft. The Red Flags Rule also requires each financial institution and
creditor to establish reasonable policies and procedures to address the risk of identity theft. In
addition, each financial institution and creditor must create a Program and report to the board of
directors, a committee thereof, or senior management at least annually on compliance with the
Red Flags Rule. In addition, staff of covered entities must be trained to carry out the Program.
Further, the Address Discrepancies Rule requires credit card and debit card issuers to
develop policies and procedures to assess the validity of a request for a change of address under
certain circumstances. Each credit and debit card issuer must establish policies and procedures
to assess the validity of a change of address request. The card issuer must notify the cardholder
or use another means to assess the validity of the change of address.
FACT Act Section 315
As required by section 315, the Address Discrepancies Rule provides guidance on
reasonable policies and procedures that a user of consumer reports must follow when a user
receives a notice of address discrepancy from a CRA. Each user of consumer reports must
develop reasonable policies and procedures that it will follow when it receives a notice of
address discrepancy from a CRA. In certain instances, a user of consumer reports must furnish
an address that the user has reasonably confirmed to be accurate to the CRA from which it
receives a notice of address discrepancy.
3.
Consideration of Using Improved Information Technology to Reduce Burden
Consistent with the aims of the Government Paperwork Elimination Act, 44 U.S.C.
§ 3504 note, the Regulations permit financial institutions, creditors, and credit card users great
latitude in using new technologies to reduce compliance costs. Nothing in the Regulations
preclude the use of electronic methods for compliance purposes. For example, the Red Flags
Rule was drafted to be flexible and in a technologically neutral manner so that covered entities
would not be forced to acquire expensive new technology in order to comply with that Rule.
2
�4.
Efforts to Identify Duplication/Availability of Similar Information
FTC staff has not identified any other federal or state statutes, rules, or policies that
duplicate, overlap, or conflict with the Red Flags Regulations. To the extent that there exist any
such state laws, sections 114 and 314 of the FACT Act preempt them.
5.
Efforts to Minimize Burdens on Small Businesses
Although the reach of the Red Flags Rule is broad, the Rule nonetheless permits
maximum flexibility, enabling each covered entity to prepare a Program tailored to its particular
size, sophistication, and prior experience with identity theft. To assist small businesses and other
entities, the FTC staff will redouble its efforts to educate them about compliance with the Red
Flags Rule and ease compliance by providing additional resources and guidance to clarify
whether businesses are covered by the Rule and what they must do to comply. These resources
include a how-to guide for business entitled “Fighting Fraud with the Red Flags Rule,” and a
compliance template for low-risk entities. To give creditors and financial institutions more time
to review this guidance and develop and implement written Identity Theft Prevention Programs,
the FTC will further delay enforcement of the Rule until November 1, 2009.
The Address Discrepancies Rule and Card Issuers Rule minimize the burden on all
covered business – including small businesses – by building upon standard business practices,
many of which were in use before these two rules were promulgated. For example, it is the usual
and customary business practice (except in connection with new deposit relationships) for users
of credit reports covered by the Address Discrepancies Rule to furnish information to CRAs in
response to notices of address discrepancies. Similarly, many entities covered by the Card
Issuers Rule routinely assess the validity of change of address requests and, for the most part,
have automated the process for doing so. Accordingly, the burden on all businesses covered by
the Address Discrepancies Rule and Card Issuers Rule is minimal.
6.
Consequences of Conducting Collection Less Frequently
The burden associated with the Regulations is largely attributable to the policies and
procedures that a covered entity must develop to create a Program, to assess the validity of a
change of address request, or to respond to notices of address discrepancy. Once they are
developed, these policies and procedures will only need to be adjusted if they become
ineffective. Similarly, staff of covered entities will need to be trained only once, unless policies
and procedures change.
With respect to the Red Flags Rule, Commission staff believes that the board, a
committee of the board, or senior management should monitor compliance through the review of
annual reports that assess the effectiveness of the entity’s Program. Hence, the Red Flags Rule
requires annual reports to the board or senior management.
3
�7.
Circumstances Requiring Disclosures Inconsistent with Guidelines
The collection of information required by the Regulations is consistent with all
applicable guidelines contained in 5 C.F.R. § 1320.5(d)(2).
8.
Consultation Outside the Agency/Public Comments
Six federal Agencies (see supra note 1) collaborated on promulgating the Regulations.2
Together, they sought public comment for the then-proposed Regulations. The Agencies
collectively received 129 comments in response to the Notice of Proposed Rulemaking. The
comments included 63 from financial institutions, 12 from financial institution holding
companies, 23 from financial institution trade associations, 12 from individuals, nine from other
business entities, three from consumer groups, one from a member of Congress, and one from
the United States Small Business Administration. The agencies modified the proposed rules in
light of the comments received. Moreover, they continued to seek public comment at the final
rule stage.3 No comments were received.
Additionally, the Commission sought public comment regarding its latest PRA clearance
request for this Rule. See 74 Fed. Reg. 18709 (Apr. 24, 2009). Again, no comments were
received. Pursuant to PRA implementing regulations under 5 CFR Part 1320, the Commission is
providing a second opportunity for public comment on the instant burden analysis,
contemporaneous with this submission.
9.
Payments/Gifts to Respondents
Not applicable.
10. & 11.
Assurances of Confidentiality/Matters of a Sensitive Nature
No assurance of confidentiality is necessary because the Regulations do not require
financial institutions or creditors to register or file any documents with the Commission. To the
extent that information covered by a recordkeeping requirement is collected by the Commission
for law enforcement purposes, the confidentiality protections of sections 6(f) and 21 of the FTC
Act, 15 U.S.C. §§ 46(f), 57b-2 will apply.
2
71 Fed. Reg. 40786 (Jul. 18, 2006) (proposed rule). The Commission enforces the Regulations only with
respect to those entities within its jurisdiction, as described in this Statement.
3
72 Fed. Reg. 63718, 63743 (Nov. 9, 2007) (final rule).
4
�12.
Estimated Hours Burden: 6,151,062 total burden hours (5,374,728 hours for section
114 + 776,334 hours for section 315)
Section 114: Red Flags and Card Issuers Rules
A.
Red Flags Rule
Affected Public: State-chartered credit unions; certain property, casualty and life, and
health insurance companies, investment companies, broker-dealers, and money service
businesses; and any person that regularly participates in a credit decision, including setting the
terms of credit.
Estimated Hours Burden: 5,163,072 hours
The Red Flags Rule requires financial institutions and creditors with covered accounts to
develop and implement a written Program and report to the board of directors, a committee
thereof or senior management at least annually on compliance with the Rule. Under the Rule, a
“financial institution” is “a State or National bank, a State or Federal saving and loan
association, a mutual savings bank, a State or Federal credit union, or any other person that,
directly or indirectly, holds a transaction account (as defined in section 19(b) of the Federal
Reserve Act) belonging to a consumer.”4
Under the Rule, “creditor” has the same meaning as in section 702 of the Equal Credit
Opportunity Act (ECOA).5 Under Regulation B, a creditor means a person who regularly
participates in a credit decision, including setting the terms of credit (a transaction is credit if
there is a right to defer payment of a debt, regardless of whether the credit is for personal or
commercial purposes).6
Given the broad scope of entities covered, it is difficult to determine precisely the
number of financial institutions and creditors that are subject to the FTC’s jurisdiction. There
are numerous small businesses under the FTC’s jurisdiction and there is no formal way to track
them; moreover, as a whole, the entities under the FTC’s jurisdiction are so varied that there are
no general sources that provide a record of their existence. Nonetheless, FTC staff estimates that
4
The Rule refers to the definition of “financial institution” that is found in FCRA, 15 U.S.C. § 1681a(t).
5
15 U.S.C. §1681a(r)(5).
6
Regulation B Equal Credit Opportunity, 12 C.F.R. § 202 (as amended effective Apr. 15, 2003).
5
�the Red Flag Rule’s requirement to have a written Program affects over 57,000 financial7
institutions and almost 2 million creditors.8
To estimate burden hours for the Red Flags Rule under section 114, FTC staff has
divided affected entities into two categories, based on the nature of their businesses: (1) entities
that are subject to a high risk of identity theft; and (2) entities that subject to a low risk of
identity theft.9
1.
High-Risk Entities
FTC staff estimates that high-risk entities will each require 25 hours to create and
implement a written Program, with an annual recurring burden of one hour. FTC staff
anticipates that these entities will incorporate into their Programs policies and procedures that
they likely already have in place. Further, FTC staff estimates that preparation of an annual
report will require each high-risk entity four hours initially, with an annual recurring burden of
one hour. Finally, FTC staff believes that many of the high-risk entities, as part of their usual
and customary business practices, already take steps to minimize losses due to fraud, including
conducting employee training. Accordingly, only relevant staff need to be trained to implement
the Program: for example, staff already trained as part of a covered entity’s anti-fraud prevention
efforts do not need to be re-trained except as incrementally needed. FTC staff estimates that
training in connection with the implementation of a Program of a high-risk entity will require
four hours, and recurring annual training thereafter will require one hour. Thus, the estimated
hours burden for high-risk entities is as follows:
! 320,217 high-risk entities subject to the FTC’s jurisdiction at an average annual burden
of 13 hours per entity [average annual burden over 3-year clearance period for creation and
implementation of Program ((25+1+1) ÷3), plus average annual burden over 3-year clearance
7
As of December 31, 2005, there were 3,302 state-chartered federally-insured credit unions and 362 statechartered nonfederally insured credit unions. See www.ncua.gov/news/quick_facts/quick_facts.html and
“Disclosures for Non-Federally Insured Depository Institutions under the Federal Deposit Insurance
Corporation Improvement Act (FDICIA),” 70 Fed. Reg. 12823 (Mar. 16, 2005). As of 2007, there were 3,913
property, casualty and life, and health insurance companies. See Insurance Department Resources Report
2007, published by the National Association of Insurance Commissioners (NAIC). As of September 2007,
there were 4,733 registered investment companies. See Securities and Exchange Commission, Proposed
Regulation S-P, at 13709 (Mar. 13, 2008). As of December 31, 2007, there were 5,561 broker-dealers. See
Securities and Exchange Commission, Amendments to Regulation SHO, Release No. 34-58773, at 45 (Oct.
14, 2008) (available at www.sec.gov/rules/final/2008/34-58773.pdf). As of November 2008, there were
39,408 money service businesses. See Department of the Treasury Financial Crimes Enforcement Network
MSB Registration List (available at www.msb.gov/pdf/msb_registration_list.pdf).
8
See the discussion of “high-risk” and “low-risk” entities infra for elaboration of this rounded aggregate.
9
In general, high-risk entities may provide consumer financial services or other goods or services of value to
identity thieves such as telecommunication services or goods that are easily convertible to cash, whereas
low-risk entities may do business primarily with other businesses and provide non-financial services or goods
that are not easily convertible to cash, such as health care providers.
6
�period for staff training ((4+1+1) ÷3), plus average annual burden over 3-year clearance period
for preparing annual report ((4+1+1) ÷3), for a total of 4,162,821 hours.
2.
Low-Risk Entities
FTC staff anticipates that the burden on low-risk entities to comply with the proposed
regulations will be minimal. Entities that have a minimal risk of identity theft, but that have
covered accounts, likely will only need a streamlined Program. FTC staff estimates that such
entities will require one hour to create such a Program, with an annual recurring burden of five
minutes. Training staff of low-risk entities to be attentive to future risks of identity theft should
require no more than 10 minutes in an initial year, with an annual recurring burden of five
minutes. Thus, the estimated hours burden for low-risk entities is as follows:
!
1,622,029 low-risk entities10 that have covered accounts subject to the FTC’s
jurisdiction at an average annual burden of approximately 37 minutes per entity
[average annual burden over 3-year clearance period for creation and
implementation of streamlined Program ((60+5+5) ÷3), plus average annual
burden over 3-year clearance period for staff training ((10+5+5) ÷3), plus average
annual burden over 3-year clearance period for preparing annual report ((10+5+5)
÷3], for a total of 1,000,251 hours.
B.
Card Issuers Rule
Affected Public: State-chartered credit unions; certain property, casualty and life, and
health insurance companies, investment companies, broker-dealers, and money service
businesses; and any person that regularly participates in a credit decision, including setting the
terms of credit.
Estimated Hours Burden: 211,656 hours
The Card Issuers Rule requires credit and debit card issuers to establish policies and
procedures to assess the validity of a change of address request, including notifying the
cardholder or using another means of assessing the validity of the change of address. FTC staff
believes that there may be as many as 52,914 credit or debit card issuers under the FTC’s
jurisdiction, including state-chartered credit unions, retailers, and certain universities, money
service businesses, and telecommunications companies.11 FTC staff estimates that most of these
10
This figures is derived from an analysis of a database of U.S. businesses based on NAICS codes for
businesses that market goods or services to consumers or other businesses, reduced to the number of creditors
subject to the FTC’s jurisdiction (10,813,525) and reduced further by an estimated subset of which comprise
anticipated low-risk entities not having covered accounts under the Rule (9,191,496).
11
As of December 31, 2005, there were 3,664 state-chartered credit unions under the FTC’s jurisdiction. See
www.ncua.gov/news/quick_facts/quick_facts.html and “Disclosures for Non-Federally Insured Depository
Institutions under the Federal Deposit Insurance Corporation Improvements Act, 70 Fed. Reg. 12823 (Mar. 16,
2005). In addition to the 3,664 state-chartered credit unions, FTC staff estimates that there are 100 retailers
7
�card issuers already have automated the process of notifying the cardholder or are using other
means to assess the validity of the change of address, such that implementation will pose no
further burden. Nevertheless, in order to be conservative, FTC staff estimates that it will take the
52,914 card issuers 4 hours to develop and implement policies and procedures to assess the
validity of a change of address request for a total burden of 211,656 hours.
Section 315 - Address Discrepancies Rule:
Affected Public: State-chartered credit unions, non-bank lenders, insurers, landlords,
employers, mortgage brokers, motor vehicle dealers, collection agencies, and any other person
who requests a consumer report from a nationwide CRA as described in section 603(p) of the
FCRA.
Estimated Hours Burden: 776,334 hours
As discussed above, the Address Discrepancies Rule provides guidance on reasonable
policies and procedures that a user of consumer reports must employ when a user receives a
notice of address discrepancy from a CRA. Given the broad scope of users of consumer reports,
it is difficult to determine with precision the number of users of consumer reports that are subject
to the FTC’s jurisdiction. As previously noted, there are numerous small businesses under the
FTC’s jurisdiction, and there is no formal way to track them; moreover, as a whole, the entities
under the FTC’s jurisdiction are so varied that there are no general sources that provide a record
of their existence. Nonetheless, Commission staff estimates that the Rule affects approximately
1.66 million users of consumer reports subject to its jurisdiction.12 Approximately 10,000 of
these users will, in the course of their usual and customary business practices, have to furnish to
CRAs an address confirmation upon notice of a discrepancy.13
Although section 315 created a new obligation for CRAs to provide a notice of address
discrepancy to users of consumer reports, prior to FACTA’s enactment, users of consumer
reports could compare the address on the consumer report to the address provided by the
under the FTC’s jurisdiction that issue credit or debit cards. See 71 Fed. Reg. at 40801 n. 47; 72 Fed. Reg. at
63742. In addition, there are 4,314 colleges and universities. See Digest of Education Statistics (available at
(http://nces.ed.gov/programs/digest/d07/tables/dt07_255.asp). As of November 2008, there were 39,408
money service businesses. See Department of the Treasury Financial Crimes Enforcement Network MSB
Registration List (available at http://www.msb/gov/pdf/msb_registration_list.pdf). As of November 2006,
there were 5,428 telecommunication companies. See Federal Communications Commission, Industry
Analysis and Technology Division, Wireline Competition Bureau, Trends in Telephone Service, August 2008,
Table 5.3 (available at http://hraunfoss.fcc.gov/edos_public/attachmatch/Doc-284932A1.pdf).
12
This estimate is derived from an analysis of a database of U.S. businesses based on NAICS codes for
businesses in industries that typically use consumer reports from CRAs as described in the Rule, which total
1,658,758 users of consumer reports subject to the FTC’s jurisdiction.
13
Report to Congress Under Sections 318 and 319 of the Fair and Accurate Credit Transactions of 2003,
Federal Trade Commission, at 80 (Dec. 2004), available at
http://www.ftc.gov/reports/facta/041209factarpt.pdf.
8
�consumer, and discern for themselves any discrepancy. As a result, FTC staff believes that
many users of consumer reports have developed methods of reconciling address discrepancies so
that the following estimates represent the incremental amount of time it will take users of
consumer reports to develop and comply with the policies and procedures for when they receive
a notice of address discrepancy.
Due to the varied nature of the entities under the jurisdiction of the FTC, it is difficult to
determine the appropriate burden estimates. Nonetheless, FTC staff estimates that it would take
an infrequent user no more than 16 minutes to develop and follow the policies and procedures
that it will employ when it receives a notice of address discrepancy, whereas a frequent user may
take one hour. Similarly, FTC staff estimates that, during the remaining two years of the
clearance, it may take an infrequent user no more than one minute to comply with the policies
and procedures that it will employ when it receives a notice of address discrepancy, whereas a
frequent user may take 45 minutes. Taking into account these extremes, FTC staff estimates
that, during the first year of the clearance, it will take users of consumer reports under the
jurisdiction of the FTC an average of 38 minutes [the midrange between 16 minutes and 60
minutes] to develop and comply with the policies and procedures that they will employ when
they receive a notice of address discrepancy. FTC staff also estimates that the average recurring
burden during the remaining two years of the clearance period will be 23 minutes [the midrange
between one minute and 45 minutes].
Thus, for these 1.66 million entities, the average annual burden for each of them to
perform these collective tasks will be 28 minutes [(38+23+23) ÷3]; cumulatively, 774,667 hours.
For the estimated 10,000 users of consumer reports that will additionally have to furnish to
CRAs an address confirmation upon notice of a discrepancy, staff estimates that these entities
will require 30 minutes to develop related policies and procedures. But these 10,000 affected
entities likely will have automated the process of furnishing the correct address in the first year
of a three-year PRA clearance cycle. Thus, allowing for 30 minutes in the first year, with no
annual recurring burden in the second and third year of clearance, yields an average annual
burden of 10 minutes per entity to furnish a correct address to a CRA, for a total of 1,667.
Estimated Cost Burden: $169,036,824 ($156,615,480 for section 114 and $12,421,344
for section 315)
Section 114: Red Flags and Card Issuers Rules
FTC staff derived labor costs by applying appropriate estimated hourly cost figures to the
burden hours described above. It is difficult to calculate with precision the labor costs associated
with the proposed regulations, as they entail varying compensation levels of management and/or
technical staff among companies of different sizes. In calculating the cost figures, staff assumes
that entities, professional technical personnel and/or managerial personnel will create and
9
�implement the Program, prepare the annual report, train employees, and assess the validity of a
change of address request at an hourly rate of $35.00.14
Based on the above estimates and assumptions, the total annual labor costs for all
categories of covered entities under the Red Flags and Card Issuers Rules for section 114 is
$156,615,480 [((4,162,821 hours + 1,000,251 hours + 211,656 hours) x $35.00)].
Section 315 - Address Discrepancies Rule:
Affected Public: State-chartered credit unions, non-bank lenders, insurers, landlords,
employers, mortgage brokers, motor vehicle dealers, collection agencies, and any other person
who requests a consumer report from a nationwide CRA as described in section 603(p) of the
FCRA.
FTC staff assumes that the policies and procedures for compliance with the Address
Discrepancies Rule will be set up by administrative support personnel at an hourly rate of $16.15
Based on the above estimates and assumptions, the total annual labor cost for the two categories
of burden under section 315 is $12,421,344 [774,667 hours +1,667 hours) x $16.00].
13.
Estimated Capital and Other Non-Labor Costs
The FTC staff estimates that the Regulations impose negligible capital or other non-labor
costs, as the affected entities are likely to have the necessary supplies and/or equipment already
(e.g., offices and computers) for the information collections described herein.
14.
Estimated Cost to the Federal Government
FTC staff estimates that a representative year’s cost to the FTC of administering the
Regulations requirements during the 3-year clearance period sought will be approximately
$15,600. This represents one tenth of an attorney work year, and includes employee benefits.
15.
Program Changes or Adjustments
Prior cleared burden hours totaled 7,110,000 hours (at that time, rounded to the nearest
thousand), comprising 6,279,000 hours for section 114 of the FACT Act + 831,000 hours for
14
This estimate is based on http://www.bls.gov/ncs/ncswage2007.htm (National Compensation Survey:
Occupational Earnings in the United States, 2007, US Department of Labor (Aug. 2008), Bulletin 2704, Table
3 (“Full-time civilian works,” mean and median hourly wages)) for the various managerial and technical staff
support exemplified above.
15
Based generally on the National Compensation Survey: Occupational Earnings in the United States, 2007,
US Department of Labor (Aug. 2008), Bulletin 2704, Table 3 (“Full-time civilian works,” mean and median
hourly wages), available at (http://www.bls.gov/ncs/ocs/sp/nctb0300.pdf). Clerical estimates are derived from
the above source data, applying roughly a mid-range of mean hourly rates for potentially applicable clerical
types, e.g., computer operators, data entry and information processing workers.
10
�section 315 of the FACT Act. The instant revised burden total, 6,151,062 hours, consists of
5,374,728 hours for section 114 + 776,334 hours for section 315. These variances are further
explained below.
The primary factor in the reduced totals is staff’s newly accounting for an estimated
number of low-risk entities under section 114 that do not have covered accounts (9,191,496),
which is the large bulk of low-risk entities. As the Red Flags Rule does not require entities that
determine that they do not have any covered accounts to create a written Program, they are
appropriately excluded from the revised PRA burden calculations.
Conversely, other aspects of staff’s current projections partially offset the above-noted
reductions. Regarding the Red Flags Rule, staff previously estimated that there were 3,664
financial institutions under the FTC’s jurisdiction (namely, state-chartered credit unions),16 but
that estimate was understated. As noted above, the FTC has jurisdiction over not only statechartered credit unions, but other entities that hold consumer transaction accounts (excluding
banks, savings and loan associations, and federal credit unions, which are subject to oversight by
the federal bank regulatory agencies and the National Credit Union Administration). In fact, the
institutions within the FTC’s jurisdiction include, but are not limited to, certain insurance
companies, investment companies, broker-dealers, and money service businesses. Accordingly,
Commission staff has revised the estimated number of financial institutions to over 57,000.
Regarding the Card Issuers Rule, staff has increased its estimate of 3,764 card issuers
(consisting of 3,664 state-chartered credit unions and 100 retailers) within the FTC’s jurisdiction
to 52,914 card issuers.17
16.
Publishing Results of the Collection of Information
There are no plans to publish any information for statistical use.
17.
Display of Expiration Date for OMB Approval
Not applicable.
18.
Exceptions to the Certifications for PRA Submissions
Not applicable.
16
See 71 Fed. Reg. at 40800 n. 44; 72 Fed. Reg. at 63741 n.61 and accompanying text,
17
See supra note 11 and accompanying text.
11
�
| File Type | application/pdf |
| File Title | H:\Red Flags '09 SS FIN_mtd.wpd |
| Author | ggreenfield |
| File Modified | 2009-08-25 |
| File Created | 2009-08-25 |