[Federal Register Volume 77, Number 188 (Thursday, September 27, 2012)]
[Notices]
[Pages 59452-59453]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2012-23745]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency


Agency Information Collection Activities; Proposed Information 
Collection; Submission for OMB Review

AGENCY: Office of the Comptroller of the Currency, Treasury.

ACTION: Notice and request for comment.

-----------------------------------------------------------------------

SUMMARY: The OCC, as part of its continuing effort to reduce paperwork 
and respondent burden, invites the general public and other Federal 
agencies to take this opportunity to comment on a continuing 
information collection, as required by the Paperwork Reduction Act of 
1995. An agency may not conduct or sponsor, and a respondent is not 
required to respond to, an information collection unless it displays a 
currently valid OMB control number. The OCC is soliciting comment 
concerning its information collection titled, ``Identity Theft Red 
Flags and Address Discrepancies under the Fair and Accurate Credit 
Transactions Act of 2003.'' The OCC also is giving notice that it is 
sending the collection to OMB for review.

DATES: Comments must be received by October 29, 2012.

ADDRESSES: Communications Division, Office of the Comptroller of the 
Currency, Mailstop 2-3, Attention: 1557-0237, 250 E Street SW., 
Washington, DC 20219. In addition, comments may be sent by fax to (202) 
874-5274 or by electronic mail to [email protected]. You may 
personally inspect and photocopy comments at the OCC, 250 E Street SW., 
Washington, DC 20219. For security reasons, the OCC requires that 
visitors make an appointment to inspect comments. You may do so by 
calling (202) 874-4700. Upon arrival, visitors will be required to 
present valid government-issued photo identification and to submit to 
security screening in order to inspect and photocopy comments.
    Additionally, please send a copy of your comments by mail to: OCC 
Desk Officer, 1557-0237, U.S. Office of Management and Budget, 725 17th 
Street NW., 10235, Washington, DC 20503, or by fax to (202) 
395-6974.

FOR FURTHER INFORMATION CONTACT: You can request additional information 
or a copy of the collection from Mary H. Gottlieb, (202) 874-5090, 
Legislative and Regulatory Activities Division, Office of the 
Comptroller of the Currency, 250 E Street SW., Washington, DC 20219.

SUPPLEMENTARY INFORMATION: There have been no changes to the 
requirements of the regulations; however, certain sections of the 
regulations have been transferred to the Bureau of Consumer Financial 
Protection (CFPB) pursuant to title X of the Dodd-Frank Wall Street 
Reform and Consumer Protection Act, Public Law 111-203, 124 Stat. 1955, 
July 21, 2010 (Dodd-Frank Act), and republished as CFPB regulations (76 
FR 79308 (December 21, 2011)). The transferred regulations, which 
relate to address discrepancies, previously were found at 12 CFR 41.82, 
and have now been moved to 12 CFR 1022.82. The burden estimates for 
this portion of the collection have been revised to remove the burden 
attributable to OCC-regulated institutions with over $10 billion in 
total assets, now carried by CFPB pursuant to section 1025 of the Dodd-
Frank Act. The OCC retains enforcement authority under 12 CFR 1022.82 
for those institutions under its supervision with total assets of $10 
billion or less.
    Title: Identity Theft Red Flags and Address Discrepancies under the 
Fair and Accurate Credit Transactions Act of 2003.
    OMB Control No.: 1557-0237.
    Description: Section 114 of the FACT Act amended section 615 of the 
Fair Credit Reporting Act (FCRA) to require the Agencies \1\ to issue 
jointly:
---------------------------------------------------------------------------

    \1\ Section 114 required regulations to be issued jointly by the 
Federal banking agencies, the National Credit Union Administration 
and the Federal Trade Commission. Therefore, for purposes of this 
filing, ``Agencies'' refers to these entities. It is important to 
note that Section 1088(a)(8) of the Dodd-Frank Act further amended 
section 615 of FCRA to also require the Securities and Exchange 
Commission and the Commodity Futures Trading Commission to issue Red 
Flags Rules.
---------------------------------------------------------------------------

     Guidelines for financial institutions and creditors 
regarding identity theft with respect to their account holders and 
customers. In developing the guidelines, the Agencies were required to 
identify patterns, practices, and

[[Page 59453]]

specific forms of activity that indicate the possible existence of 
identity theft. The guidelines must be updated as often as necessary, 
and must be consistent with the policies and procedures required under 
section 326 of the USA PATRIOT Act, 31 U.S.C. 5318(l).
     Regulations requiring each financial institution and each 
creditor to establish reasonable policies and procedures for 
implementing the guidelines in order to identify possible risks to 
account holders or customers or to the safety and soundness of the 
institution or creditor.
     Regulations generally requiring credit and debit card 
issuers to assess the validity of change of address requests under 
certain circumstances.
    Section 315 of the FACT Act also amended section 605 of the FCRA to 
require the Agencies to issue regulations providing guidance regarding 
what reasonable policies and procedures a user of consumer reports must 
have in place and employ when a user receives a notice of address 
discrepancy from a consumer reporting agency (CRA).\2\ These 
regulations are required to describe reasonable policies and procedures 
for users of consumer reports to:
---------------------------------------------------------------------------

    \2\ As noted above, these regulations have been transferred to 
the CFPB.
---------------------------------------------------------------------------

     Enable a user to form a reasonable belief that it knows 
the identity of the person for whom it has obtained a consumer report, 
and
     Reconcile the address of the consumer with the CRA, if the 
user establishes a continuing relationship with the consumer and 
regularly and, in the ordinary course of business, furnishes 
information to the CRA.
    As required by section 114 of the FACT Act, appendix J to 12 CFR 
part 41 contains guidelines for financial institutions and creditors to 
use in identifying patterns, practices, and specific forms of activity 
that indicate the possible existence of identity theft. In addition, 12 
CFR 41.90 requires each financial institution or creditor that is a 
national bank, Federal branch or agency of a foreign bank, and any of 
their operating subsidiaries that are not functionally regulated, to 
establish reasonable policies and procedures to address the risk of 
identity theft that incorporate the guidelines. Pursuant to Sec.  
41.91, credit card and debit card issuers must implement reasonable 
policies and procedures to assess the validity of a request for a 
change of address under certain circumstances.
    Section 41.90 requires each OCC-regulated financial institution or 
creditor that offers or maintains one or more covered accounts to 
develop and implement a written Identity Theft Prevention Program 
(Program). In developing the Program, financial institutions and 
creditors are required to consider the guidelines in appendix J and 
include the suggested provisions as appropriate. The initial Program 
must be approved by the institution's board of directors or an 
appropriate committee thereof. The board, an appropriate committee 
thereof, or a designated employee at the level of senior management 
must be involved in the oversight of the Program. In addition, staff 
members must be trained to carry out the Program. Pursuant to Sec.  
41.91, each credit and debit card issuer is required to establish and 
implement policies and procedures to assess the validity of a change of 
address request if it is followed by a request for an additional or 
replacement card. Before issuing the additional or replacement card, 
the card issuer must notify the cardholder of the request and provide 
the cardholder a reasonable means to report incorrect address changes 
or use another means to assess the validity of the change of address.
    As required by section 315 of the FACT Act, Sec.  1022.82 requires 
users of consumer reports to have in place reasonable policies and 
procedures that must be followed when a user receives a notice of 
address discrepancy from a credit reporting agency (CRA).
    Section 1022.82 requires each user of consumer reports to develop 
and implement reasonable policies and procedures designed to enable the 
user to form a reasonable belief that a consumer report relates to the 
consumer about whom it requested the report when it receives a notice 
of address discrepancy from a CRA. A user of consumer reports also must 
develop and implement reasonable policies and procedures for furnishing 
an address for the consumer that the user has reasonably confirmed to 
be accurate to the CRA from which it receives a notice of address 
discrepancy when the user can: (1) Form a reasonable belief that the 
consumer report relates to the consumer about whom the user has 
requested the report; (2) establish a continuing relationship with the 
consumer and; (3) establish that it regularly and in the ordinary 
course of business furnishes information to the CRA from which it 
received the notice of address discrepancy.
    Type of Review: Extension of a currently approved collection.
    Affected Public: Individuals; Businesses or other for-profit.
    Estimated Number of Respondents: 2,010.
    Estimated Total Annual Burden: 223,860 hours.
    This collection was published for 60 days of comment on May 25, 
2012. 77 FR 31439. No comments were received. Comments continue to be 
invited on:
    (a) Whether the collection of information is necessary for the 
proper performance of the functions of the OCC, including whether the 
information has practical utility;
    (b) The accuracy of the OCC's estimate of the burden of the 
collection of information;
    (c) Ways to enhance the quality, utility, and clarity of the 
information to be collected;
    (d) Ways to minimize the burden of the collection on respondents, 
including through the use of automated collection techniques or other 
forms of information technology; and
    (e) Estimates of capital or start-up costs and costs of operation, 
maintenance, and purchase of services to provide information.

    Dated: September 19, 2012.
Michele Meyer,
Assistant Director, Legislative and Regulatory Activities Division.
[FR Doc. 2012-23745 Filed 9-26-12; 8:45 am]
BILLING CODE 4810-33-P