[Federal Register Volume 87, Number 60 (Tuesday, March 29, 2022)]
[Notices]
[Pages 18071-18072]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-06549]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency


Agency Information Collection Activities: Information Collection 
Renewal; Request for Comment; Identity Theft Red Flags and Address 
Discrepancies Under the Fair and Accurate Credit Transactions Act of 
2003

AGENCY: Office of the Comptroller of the Currency, Treasury (OCC).

ACTION:  Notice and request for comment.

-----------------------------------------------------------------------

SUMMARY:  The OCC, as part of its continuing effort to reduce paperwork 
and respondent burden, invites the general public and other Federal 
agencies to take this opportunity to comment on a continuing 
information collection as required by the Paperwork Reduction Act of 
1995 (PRA). An agency may not conduct or sponsor, and a respondent is 
not required to respond to, an information collection unless it 
displays a currently valid OMB control number. The OCC is soliciting 
comment concerning the renewal of its information collection titled, 
``Identity Theft Red Flags and Address Discrepancies under the Fair and 
Accurate Credit Transactions Act of 2003.''

DATES: Comments must be received by May 31, 2022.

ADDRESSES:  Commenters are encouraged to submit comments by email, if 
possible. You may submit comments by any of the following methods:
     Email: [email protected].
     Mail: Chief Counsel's Office, Attention: Comment 
Processing, Office of the Comptroller of the Currency, Attention: 1557-
0237, 400 7th Street SW, Suite 3E-218, Washington, DC 20219.
     Hand Delivery/Courier: 400 7th Street SW, Suite 3E-218, 
Washington, DC 20219.
     Fax: (571) 465-4326.
    Instructions: You must include ``OCC'' as the agency name and 
``1557-0237'' in your comment. In general, the OCC will publish 
comments on www.reginfo.gov without change, including any business or 
personal information provided, such as name and address information, 
email addresses, or phone numbers. Comments received, including 
attachments and other supporting materials, are part of the public 
record and subject to public disclosure. Do not include any information 
in your comment or supporting materials that you consider confidential 
or inappropriate for public disclosure.
    Following the close of this notice's 60-day comment period, the OCC 
will publish a second notice with a 30-day comment period. You may 
review comments and other related materials that pertain to this 
information collection beginning on the date of publication of the 
second notice for this collection by the method set forth in the next 
bullet.
     Viewing Comments Electronically: Go to www.reginfo.gov. 
Hover over the ``Information Collection Review'' tab and click on 
``Information Collection Review'' dropdown. Underneath the ``Currently 
under Review'' section heading, from the drop-down menu select 
``Department of Treasury'' and then click ``submit.'' This information 
collection can be located by searching by OMB control number ``1557-
0237'' or ``Identity Theft Red Flags and Address Discrepancies under 
the Fair and Accurate Credit Transactions Act of 2003.''
    Upon finding the appropriate information collection, click on the 
related ``ICR Reference Number.'' On the next screen, select ``View 
Supporting Statement and Other Documents'' and then click on the link 
to any comment listed at the bottom of the screen.
     For assistance in navigating www.reginfo.gov, please 
contact the Regulatory Information Service Center at (202) 482-7340.

FOR FURTHER INFORMATION CONTACT: Shaquita Merritt, Clearance Officer, 
(202) 649-5490, Chief Counsel's Office, Office of the Comptroller of 
the Currency, 400 7th Street SW, Washington, DC 20219. If you are deaf, 
hard of hearing, or have a speech disability, please dial 7-1-1 to 
access telecommunications relay services.

SUPPLEMENTARY INFORMATION: Under the PRA (44 U.S.C. 3501-3520), Federal 
agencies must obtain approval from OMB for each collection of 
information they conduct or sponsor. ``Collection of information'' is 
defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3(c) to include agency 
requests and requirements that members of the public submit reports, 
keep records, or provide information to a third party. Section 
3506(c)(2)(A) of title 44 (44 U.S.C. 3506(c)(2)(A)) requires Federal 
agencies to provide a 60-day notice in the Federal Register concerning 
each proposed collection of information, including each proposed 
extension of an existing collection of information, before submitting 
the collection to OMB for approval. To comply with this requirement, 
the OCC is publishing notice of the proposed extension of this 
collection of information.
    Title: Identity Theft Red Flags and Address Discrepancies under the 
Fair and Accurate Credit Transactions Act of 2003.
    OMB Control No.: 1557-0237.
    Description: Section 114 of the Fair and Accurate Credit 
Transactions Act of 2003 (FACT Act) \1\ amended section 615 of the Fair 
Credit Reporting Act

[[Page 18072]]

(FCRA) \2\ to require the Agencies \3\ to issue jointly:
---------------------------------------------------------------------------

    \1\ 15 U.S.C. 1681m(e).
    \2\ 15 U.S.C. 1681m.
    \3\ Section 114 required the guidelines and regulations to be 
issued jointly by the federal banking agencies (OCC, Board of 
Governors of the Federal Reserve System, and Federal Deposit 
Insurance Corporation), the National Credit Union Administration, 
and the Federal Trade Commission. Therefore, for purposes of this 
filing, ``Agencies'' refers to these entities. Note that Section 
1088(a)(8) of the Dodd-Frank Act further amended section 615 of FCRA 
to also require the Securities and Exchange Commission and the 
Commodity Futures Trading Commission to issue Red Flags guidelines 
and regulations.
---------------------------------------------------------------------------

     Guidelines for financial institutions and creditors 
regarding identity theft with respect to their account holders and 
customers; (in developing the guidelines, the Agencies are required to 
identify patterns, practices, and specific forms of activity that 
indicate the possible existence of identity theft. The guidelines must 
be updated as often as necessary and must be consistent with the 
policies and procedures required under section 326 of the USA PATRIOT 
Act, (31 U.S.C. 5318(l));
     Regulations that require each financial institution and 
each creditor to establish reasonable policies and procedures for 
implementing the guidelines in order to identify possible risks to 
account holders or customers or to the safety and soundness of the 
institution or creditor; and
     Regulations generally requiring credit and debit card 
issuers to assess the validity of change of address requests under 
certain circumstances.
    Section 315 of the FACT Act \4\ also amended section 605 of FCRA to 
require the Agencies to issue regulations providing guidance regarding 
what reasonable policies and procedures a user of consumer reports must 
have in place and employ when a user receives a notice of address 
discrepancy from a consumer reporting agency (CRA). These regulations 
are required to describe reasonable policies and procedures for users 
of consumer reports to:
---------------------------------------------------------------------------

    \4\ 15 U.S.C. 1681c(h)(2).
---------------------------------------------------------------------------

     Enable a user to form a reasonable belief that it knows 
the identity of the person for whom it has obtained a consumer report; 
and
     Reconcile the address of the consumer with the CRA if the 
user establishes a continuing relationship with the consumer and 
regularly and, in the ordinary course of business, furnishes 
information to the CRA.
    As required by section 114 of the FACT Act, appendix J to 12 CFR 
part 41 contains guidelines for financial institutions and creditors to 
use in identifying patterns, practices, and specific forms of activity 
that may indicate the existence of identity theft. In addition, 12 CFR 
41.90 requires each financial institution or creditor that is a 
national bank, Federal savings association, Federal branch or agency of 
a foreign bank, and any of their operating subsidiaries that are not 
functionally regulated, to establish an Identity Theft Prevention 
Program (Program) designed to detect, prevent, and mitigate identity 
theft in connection with accounts. Pursuant to Sec.  41.91, credit card 
and debit card issuers must implement reasonable policies and 
procedures to assess the validity of a request for a change of address 
under certain circumstances.
    Section 41.90 requires each OCC-regulated financial institution or 
creditor that offers or maintains one or more covered accounts to 
develop and implement a Program. In developing a Program, financial 
institutions and creditors are required to consider the guidelines in 
appendix J and include the suggested provisions, as appropriate. The 
initial Program must be approved by the institution's board of 
directors or by an appropriate committee thereof. The board, an 
appropriate committee thereof, or a designated employee at the level of 
senior management must be involved in the oversight of the Program. In 
addition, staff members must be trained to carry out the Program. 
Pursuant to Sec.  41.91, each credit and debit card issuer is required 
to establish and implement policies and procedures to assess the 
validity of a change of address request if it is followed by a request 
for an additional or replacement card. Before issuing the additional or 
replacement card, the card issuer must notify the cardholder of the 
request and provide the cardholder a reasonable means to report 
incorrect address changes or use another means to assess the validity 
of the change of address.
    As required by section 315 of the FACT Act, 12 CFR 1022.82 \5\ 
requires users of consumer reports to have in place reasonable policies 
and procedures that must be followed when a user receives a notice of 
address discrepancy from a CRA.
---------------------------------------------------------------------------

    \5\ Title X of the Dodd-Frank Wall Street Reform and Consumer 
Protection Act transferred this regulation to the Consumer Financial 
Protection Bureau. The OCC retains enforcement authority for this 
regulation for institutions with $10 billion or less in total 
assets.
---------------------------------------------------------------------------

    Section 1022.82 requires each user of consumer reports to develop 
and implement reasonable policies and procedures designed to enable the 
user to form a reasonable belief that a consumer report relates to the 
consumer about whom it requested the report when it receives a notice 
of address discrepancy from a CRA. A user of consumer reports also must 
develop and implement reasonable policies and procedures for furnishing 
a customer address that the user has reasonably confirmed to be 
accurate to the CRA from which it receives a notice of address 
discrepancy when the user can: (1) Form a reasonable belief that the 
consumer report relates to the consumer about whom the user has 
requested the report; (2) establish a continuing relationship with the 
consumer; and (3) establish that it regularly and in the ordinary 
course of business furnishes information to the CRA from which it 
received the notice of address discrepancy.
    Type of Review: Regular.
    Affected Public: Individuals; Businesses or other for-profit.
    Estimated Number of Respondents: 1,172.
    Estimated Total Annual Burden: 130,342 hours.
    Comments submitted in response to this notice will be summarized, 
included in the request for OMB approval, and become a matter of public 
record. Comments are invited on:
    (a) Whether the collection of information is necessary for the 
proper performance of the functions of the OCC, including whether the 
information has practical utility;
    (b) The accuracy of the OCC's estimate of the burden of the 
collection of information;
    (c) Ways to enhance the quality, utility, and clarity of the 
information to be collected;
    (d) Ways to minimize the burden of the collection on respondents, 
including through the use of automated collection techniques or other 
forms of information technology; and
    (e) Estimates of capital or start-up costs and costs of operation, 
maintenance, and purchase of services to provide information.

Theodore J. Dowd,
Deputy Chief Counsel, Office of the Comptroller of the Currency.
[FR Doc. 2022-06549 Filed 3-28-22; 8:45 am]
BILLING CODE P