SPST-0152 ID Theft Red Flags 2025 Renewal Final

Download: docx | pdf

SUPPORTING STATEMENT

ID THEFT RED FLAGS

(OMB Control No. 3064-0152)

INTRODUCTION

The FDIC is requesting OMB approval for a three-year extension to continue the information collection captioned above. This collection is imposed on insured nonmember banks as a result of the requirements of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), Pub. L. 108-159 (2003). The current clearance for the collection expires on July 31, 2025. There is no change in the method or substance of the collection.

A. JUSTIFICATION

1. Circumstances that make the collection necessary:

FACT Act Section 114: Section 114 requires the federal banking agencies to jointly propose guidelines for financial institutions and creditors identifying patterns, practices, and specific forms of activity that indicate the possible existence of identity theft. In addition, each financial institution and creditor is required to establish reasonable policies and procedures, that incorporate the guidelines, to address the risk of identity theft. Credit card and debit card issuers must develop policies and procedures to assess the validity of a request for a change of address under certain circumstances.

The information collections pursuant to section 114 require each financial institution and creditor to create an Identify Theft Prevention Program and report to its board of directors, a committee thereof, or senior management at least annually on compliance with the proposed regulations. In addition, staff must be trained to carry out the program. Each credit and debit card issuer is required to establish policies and procedures to assess the validity of a change of address request. The card issuer must notify the cardholder or use other means to assess the validity of the change of address.

FACT Act Section 315: Section 315 requires the federal banking agencies to issue regulations providing guidance regarding reasonable policies and procedures that a user of consumer reports must employ when such a user receives a notice of address discrepancy from a consumer reporting agencies. For the FDIC, 12 CFR Part 334 provides such guidance. Each user of consumer reports must develop reasonable policies and procedures that it will follow when it receives a notice of address discrepancy from a consumer reporting agency. A user of consumer reports must furnish an address that the user has reasonably confirmed to be accurate to the consumer reporting agency from which it receives a notice of address discrepancy.

2. Use of information collected:

The information collection is used to identify patterns, practices, and specific forms of activity that indicate the possible existence of identity theft. The policies and procedures address the risk of identity theft and assess the validity of requests for changes of address under certain circumstances.

3. Consideration of the use of improved information technology:

Respondents may use any technology they wish to reduce the burden associated with this collection.

4. Efforts to identify duplication:

There is no duplication. Each respondent is encouraged to adopt policies and procedures appropriate to their particular circumstances, level of complexity and size.

5. Methods used to minimize burden if the collection has a significant impact on a substantial number of small entities:

The information collection is not expected to have a significant impact on a substantial number of small entities. Each respondent is encouraged to adopt policies and procedures appropriate to their particular circumstances, level of complexity and size.

6. Consequences to the Federal program if the collection were conducted less frequently:

The FDIC believes that less frequent collection (a less stringent disclosure standard) would result in unacceptable risk of harm to customers of financial institutions.

7. Special circumstances necessitating collection inconsistent with 5 CFR Part 1320.5(d)(2):

There are no special circumstances. This information collection is conducted in accordance with the guidelines in 5 CFR 1320.5(d)(2).

8. Efforts to consult with persons outside the agency:

A 60-day notice seeking public comment on the FDIC’s renewal of the information collection was published on April 25, 2025 (90 FR 17433). No comments were received.

9. Payments or gifts to respondents:

None.

10. Any assurance of confidentiality:

Confidential information will be kept private to the extent allowed by law.

11. Justification for questions of a sensitive nature:

The information collection does not request information of a sensitive nature.

12. Estimate of hour burden including annualized hourly costs:

Summary of Estimated Annual Burden (OMB No. 3064-0152)
Information Collection (IC) (Obligation to Respond)			Type of Burden (Frequency of Response)		Number of Respondents			Number of Responses per Respondent			Average Time per Response (HH:MM)		Annual Burden (Hours)
1. Program Establishment 12 CFR 334.90(d); 12 CFR 334.91(c) (Mandatory)			Recordkeeping (On occasion)		8			1			40:00		320
2. Program Operations 12 CFR 334.90(c),(e); 12 CFR 334.91(c) (Mandatory)			Recordkeeping (Annual)		2,854			1			16:00		45,664
3. Program Establishment 12 CFR 1022.82(c),(d) (Mandatory)			Recordkeeping (On occasion)		8			1			40:00		320
4. Program Operations 12 CFR 1022.82(c),(d) (Mandatory)			Recordkeeping (Annual)		2,795			1			04:00		11,180
5. Specific Incident Responses 12 CFR 1022.82(d)(1-3) (Mandatory)			Disclosure (On occasion)		2,795			16			00:10		7,453
Total Annual Burden (Hours):													64,937
Source: FDIC.
Summary of Hourly Burden Cost Estimate (OMB No. 3064-0152)
Information Collection (IC) (Obligation to Respond)		Hourly Weight (%)		Percentage Shares of Hours Spent by and Hourly Compensation Rates for each Occupation Group (by Collection)										Estimated Hourly Compensation Rate
				Exec. & Mgr. ($149.41)		Lawyer ($186.16)	Compl. Ofc. ($78.8)		IT ($113.4)	Fin. Anlst. ($102.54)		Clerical ($40.28)
1. Program Establishment 12 CFR 334.90(d); 12 CFR 334.91(c) (Mandatory)		0.49		50		0	15		20	0		15		$115.25
2. Program Operations 12 CFR 334.90(c),(e); 12 CFR 334.91(c) (Mandatory)		70.32		50		0	15		20	0		15		$115.25
3. Program Establishment 12 CFR 1022.82(c),(d) (Mandatory)		0.49		50		0	15		20	0		15		$115.25
4. Program Operations 12 CFR 1022.82(c),(d) (Mandatory)		17.22		50		0	15		20	0		15		$115.25
5. Specific Incident Responses 12 CFR 1022.82(d)(1-3) (Mandatory)		11.48		20		0	30		20	0		30		$88.29
Weighted Average Hourly Compensation Rate:														$112.16
Source: Bureau of Labor Statistics: 'National Industry-Specific Occupational Employment and Wage Estimates: Industry: Credit Intermediation and Related Activities (5221 And 5223 only)' (May 2023), Employer Cost of Employee Compensation (March 2023), and Employment Cost Index (March 2023 and December 2024). Standard Occupational Classification (SOC) Codes: Exec. And Mgr = 11-0000 Management Occupations; Lawyer = 23-0000 Legal Occupations; Compl. Ofc. = 13-1040 Compliance Officers; IT = 15-0000 Computer and Mathematical Occupations; Fin. Anlst. = 13-2051 Financial and Investment Analysts; Clerical = 43-0000 Office and Administrative Support Occupations.
Note: The estimated hourly compensation rate for a given IC is the average of the hourly compensation rates for the occupations used to comply with that IC, weighted by the estimated share of hours spent by each occupation. The weighted average hourly compensation rate for the entire ICR is the average of the estimated hourly compensation rates for all ICs, weighted by the share of hourly burden for IC. These hourly weights, as shown in the “Hourly Weight” column of this table, are the quotients of the estimated number of annual burden hours for each IC and the total estimated number of annual burden hours across all ICs.

Total Estimated Cost Burden (OMB No. 3064-0152)
Information Collection Request	Annual Burden (Hours)	Weighted Average Hourly Compensation Rate	Annual Respondent Cost
Identity Theft Red Flags	64,937	$112.16	$7,283,334
Total Annual Respondent Cost:			$7,283,334
Source: FDIC.

13. Estimate of start-up costs to respondents:

None.

14. Estimates of annualized cost to the federal government:

None.

15. Analysis of change in burden:

There is no change in the method or substance of the collection. The overall decrease in burden hours (from 72,784 hours to 64,937 hours) is the result of economic fluctuation. In particular, the decrease is attributable to the decline in the estimated number of respondents and the reduction in estimated number of responses per respondent for IC 5.

16. Information regarding collections whose results are planned to be published for statistical use:

The information contained in this collection is not published.

17. Display of expiration date:

Not applicable.

1. Exceptions to certification:

None.

2. STATISTICAL METHODS

Not Applicable

21

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified	0000-00-00
File Created	2025-07-24