SUPPORTING STATEMENT

ID Theft Red Flags

(3064-0152)

INTRODUCTION

The FDIC is requesting OMB approval of a three‑year extension of the collection of information captioned above, without any change in the method or substance of collection. This collection is imposed on insured nonmember banks as a result of the requirements of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), Pub. L. 108-159 (2003).

1. JUSTIFICATION

1. Circumstances that make the collection necessary

The FDIC is requesting OMB approval to extend for three years the expiration date of information collection 3064‑0152, "ID Theft red Flags.” The regulation containing this information collection requirement is 12 CFR Part 334, which implements sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), Pub. L. No. 108-159 (2003).

FACT Act Section 114: Section 114 requires the Agencies to jointly propose guidelines for financial institutions and creditors identifying patterns, practices, and specific forms of activity that indicate the possible existence of identity theft. In addition, each financial institution and creditor is required to establish reasonable policies and procedures to address the risk of identity theft that incorporate the guidelines. Credit card and debit card issuers must develop policies and procedures to assess the validity of a request for a change of address under certain circumstances.

The information collections pursuant to section 114 require each financial institution and creditor to create an Identify Theft Prevention Program and report to the board of directors, a committee thereof, or senior management at least annually on compliance with the proposed regulations. In addition, staff must be trained to carry out the program. Each credit and debit card issuer is required to establish policies and procedures to assess the validity of a change of address request. The card issuer must notify the cardholder or use another means to assess the validity of the change of address.

FACT Act Section 315: Section 315 requires the Agencies to issue regulations providing guidance regarding reasonable policies and procedures that a user of consumer reports must employ when such a user receives a notice of address discrepancy from a consumer reporting agencies. Part 334 provides such guidance. Each user of consumer reports must develop reasonable policies and procedures that it will follow when it receives a notice of address discrepancy from a consumer reporting agency. A user of consumer reports must furnish an address that the user has reasonably confirmed to be accurate to the consumer reporting agency from which it receives a notice of address discrepancy.

The Agencies believe that the entities covered by the proposed regulation are already furnishing addresses that they have reasonably confirmed to be accurate to consumer reporting agencies from which they receive a notice of address discrepancy as a usual and customary business practice. Therefore, this requirement is not included in the burden estimates set out below.

2. Use of the Information Collected

The information collection is used to identify patterns, practices, and specific forms of activity that indicate the possible existence of identity theft. The policies and procedures address the risk of identity theft and assess the validity of requests for changes of address under certain circumstances.

3. Consideration of the use of improved information technology

Respondents may use any technology they wish to comply with this collection.

4. Efforts to identify duplication

There is no duplication.

5. Methods used to minimize burden if the collection has a significant impact on a substantial number of small entities

This information collection does not have a significant impact on a substantial number of small entities.

6. Consequences to the Federal program if the collection were conducted less frequently

The FDIC believes that less frequent collection (a less stringent disclosure standard) would result in unacceptable risk of harm to bank customers.

7. Special circumstances necessitating collection inconsistent with 5 CFR part 1320

No special circumstances exist.

8. Consultation with persons outside the agency

Extensive collaboration among the six sponsoring agencies (Board, FDIC, NCUA, OTS, OCC and FTC) was involved in creating this collection. In addition, the agencies sought public comment on the collection as part of the rulemaking process.

On July 23, 2015, the FDIC published a 60-day notice in the Federal Register (80 FR 43772), but received no comments.

9. Payment to respondents

Not applicable.

10. Confidentiality

Confidential information will be kept private to the extent allowed by law.

11. Information of a Sensitive Nature

None.

12. Burden estimate

Number of respondents: 4,017 banks

Updating program: 8 hours

Preparing annual report: 4 hours

Training: 4 hours

Total estimated time per response: 16 hours

Total estimated annual burden: 4,017 respondents x 16 hours = 64,272 hours

13. Estimate of annualized costs to respondents

Not applicable.

14. Estimate of annualized costs to the government

Not applicable.

15. Analysis of change in burden

There has been a reduction in the number of respondents.

16. Information regarding collections whose results are planned to be published for statistical use

The results of these collections will not be published for statistical use.

17. Display of expiration date

Not applicable.

18. Exceptions to certification statement

None.

2. STATISTICAL METHODS

Not applicable.