The Federal Reserve has adopted final amendments to provisions of its Regulation V, the identity theft red flags rule (the “Red Flags rule”), and has repealed Regulation DD (Truth in Savings) and Regulation P (Privacy of Consumer Financial Information). The final amendments to the Red Flags rule announced on May 22 reflect legislation that amended the Fair Credit Reporting Act (“FCRA”) to clarify that these provisions apply only to creditors that regularly extend credit or obtain consumer reports in the ordinary course of their business. The amendments to the FCRA were intended to narrow the scope of the law so that it would not be applied to certain professionals, such as doctors or lawyers, who sometimes allow consumers to defer payments, which can be considered an extension of credit to consumers. The final amendments modify the definition of “creditor” in the Red Flags rule to reflect the amended definition of that term under FCRA. The Federal Reserve repealed Regulations DD and P on May 22 because the CFPB has issued interim final rules that are substantially identical to those regulations. Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”) transferred rulemaking authority for Truth in Savings and Privacy of Consumer Financial Information to the CFPB.
Nutter Notes: The Red Flags rule requires each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an identity theft prevention program in connection with new and existing consumer accounts. The rule requires identity theft prevention programs to include reasonable policies and procedures for detecting, preventing, and mitigating identity theft. The rule also requires financial institutions and creditors to exercise appropriate and effective oversight of vendors who have access to consumer account information. Under certain circumstances, the vendor oversight requirement may apply to banks servicing other creditors who are subject to the Red Flags rule. The federal banking agencies have also issued guidelines to assist banks in developing and implementing an identity theft prevention program, including a supplement that provides examples of identity theft red flags.