SUPPORTING STATEMENT
ID THEFT RED FLAGS
(OMB Control No. 3064-0152)
INTRODUCTION
The FDIC is requesting OMB approval for a three-year extension, with revisions, to continue the information collection captioned above. This collection is imposed on insured nonmember banks as a result of the requirements of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), Pub. L. 108-159 (2003). The information collection expires on April 30, 2022.
A. JUSTIFICATION
1. Circumstances that make the collection necessary:
FACT Act Section 114: Section 114 requires the federal banking agencies to jointly propose guidelines for financial institutions and creditors identifying patterns, practices, and specific forms of activity that indicate the possible existence of identity theft. In addition, each financial institution and creditor is required to establish reasonable policies and procedures, that incorporate the guidelines, to address the risk of identity theft. Credit card and debit card issuers must develop policies and procedures to assess the validity of a request for a change of address under certain circumstances.
The information collections pursuant to section 114 require each financial institution and creditor to create an Identify Theft Prevention Program and report to its board of directors, a committee thereof, or senior management at least annually on compliance with the proposed regulations. In addition, staff must be trained to carry out the program. Each credit and debit card issuer is required to establish policies and procedures to assess the validity of a change of address request. The card issuer must notify the cardholder or use other means to assess the validity of the change of address.
FACT Act Section 315: Section 315 requires the federal banking agencies to issue regulations providing guidance regarding reasonable policies and procedures that a user of consumer reports must employ when such a user receives a notice of address discrepancy from a consumer reporting agencies. For the FDIC, 12 CFR Part 334 provides such guidance. Each user of consumer reports must develop reasonable policies and procedures that it will follow when it receives a notice of address discrepancy from a consumer reporting agency. A user of consumer reports must furnish an address that the user has reasonably confirmed to be accurate to the consumer reporting agency from which it receives a notice of address discrepancy.
2. Use of information collected:
The information collection is used to identify patterns, practices, and specific forms of activity that indicate the possible existence of identity theft. The policies and procedures address the risk of identity theft and assess the validity of requests for changes of address under certain circumstances.
3. Consideration of the use of improved information technology:
Respondents may use any technology they wish to reduce the burden associated with this collection.
4. Efforts to identify duplication:
There is no duplication. Each respondent is encouraged to adopt policies and procedures appropriate to their particular circumstances, level of complexity and size.
5. Methods used to minimize burden if the collection has a significant impact on a substantial number of small entities:
The information collection is not expected to have a significant impact on a substantial number of small entities. Each respondent is encouraged to adopt policies and procedures appropriate to their particular circumstances, level of complexity and size.
6. Consequences to the Federal program if the collection were conducted less frequently:
The FDIC believes that less frequent collection (a less stringent disclosure standard) would result in unacceptable risk of harm to customers of financial institutions.
7. Special circumstances necessitating collection inconsistent with 5 CFR Part 1320.5(d)(2):
None. The information is collected in a manner consistent with 5 CFR Part 1320.5(d)(2).
8. Efforts to consult with persons outside the agency:
A 60-day notice seeking public comment on the FDIC’s renewal of the information collection was published on February 9, 2022 (87 FR 7452). No comments were received.
9. Payments or gifts to respondents:
None.
10. Any assurance of confidentiality:
Confidential information will be kept private to the extent allowed by law.
11. Justification for questions of a sensitive nature:
The information collection does not request information of a sensitive nature.
12. Estimate of hour burden including annualized hourly costs:
Total estimated annual burden hours: 72,784
Total estimated annual cost: 72,784 hours x $100.55 = $7,318,443
Summary of Hourly Burden Cost Estimate (OMB No. 3064-0152) |
|||
Estimated Category of Personnel Responsible for Complying with the PRA Burden |
Total Estimated Hourly Compensation |
Estimated Weights |
Estimated Total Weighted Labor Cost Component |
Clerical* |
$35.59 |
15% |
$5.34 |
Compliance Officers** |
$69.32 |
15% |
$10.40
|
IT Specialists+ |
$96.62 |
20% |
$19.32
|
Executives and Managers++ |
$130.97 |
50% |
$65.49
|
Total Estimated Weighted Average Hourly Compensation Rate |
100% |
$100.55
|
|
* Occupation (SOC code): Office and Administrative Support Occupations (430000).
**Occupation (SOC code): Compliance Officers (131040).
+Occupation (SOC code): Computer and Mathematical Occupations (150000).
++Occupation (SOC code): Management Occupations (110000).
13. Estimate of start-up costs to respondents:
None.
14. Estimates of annualized cost to the federal government:
None.
15. Analysis of change in burden:
There is no change in the method or substance of the collection. The overall increase in burden hours is due to the inclusion of estimated program establishment costs for de novo institutions and the introduction of the costs of responses to specific address discrepancy incidents for newly established consumer accounts. Both exerted upward influences on the estimated burden hours relative to the 2019 estimate, which did not cover them. However, consideration of the jurisdictional split between the FDIC and CFPB for Section 315 and a modest decline in the number of covered institutions helped to attenuate the increased burden hours.
16. Information regarding collections whose results are planned to be published for statistical use:
The information contained in this collection is not published.
17. Exceptions to expiration date display:
Not applicable.
Exceptions to certification:
None.
STATISTICAL METHODS
Not Applicable
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Modified | 0000-00-00 |
| File Created | 2022-04-24 |