The FDIC recently issued a “Supervisory Policy on Identity Theft” that describes the characteristics of ID theft and emphasizes the FDIC’s well-defined expectations that institutions under its supervision detect, prevent and mitigate the effects of ID theft. FIL-32-2007 (Apr. 11, 2007). The policy asserts that the FDIC treats the theft of personal financial information as a significant risk area due to its potential to impact the safety and soundness of an institution, harm consumers and undermine confidence in the banking system. The policy also charges financial institutions with an affirmative and continuing obligation to protect the privacy of customer’s nonpublic personal information. The policy discusses FDIC’s response to ID theft in the following three general areas:

    Supervisory Action

    • FDIC guidelines require, among other things (i) development and implementation of a written program to safeguard customer information, including the proper disposal of consumer information, (ii) use of stronger and more reliable methods to authenticate the identity of customers using electronic banking, and (iii) in certain circumstances, notification to customers of unauthorized access to sensitive information.
    • Risk management examiners trained in information technology and the Bank Secrecy Act evaluate aspects of a bank’s operations that raise ID theft issues.
    • FDIC-issued revised examination procedures include steps to ensure compliance with the Fair Credit Reporting Act’s fraud and active duty alert provisions.
    • Guidelines proposed under the FACT Act would require establishment of programs to identify patterns, practices and specific forms of activity that indicate the possible existence of ID theft.

    Consumer Education

    • The FDIC has sponsored ID theft symposia aimed at educating consumers in recent years, and further efforts are planned for 2007.
    • The FDIC released a multi-media educational tool (“Don’t Be an On-Line Victim”) in 2006.

    President’s Identity Theft Task Force

    • The FDIC actively participates in the President’s ID Theft Task Force established in May 2006 and charged with improving the effectiveness and efficiency of the federal government’s activities in the area of ID theft.
    • The Task Force adopted interim recommendations in September 2006 and FDIC expects finalization of those recommendations soon.

    In light of the FDIC’s policy, financial institutions should review existing FDIC guidance on this topic and their continuing efforts at detecting, preventing and mitigating the effects of ID theft.

    • Judy Scheiderer and Margaret Stolar


    On April 16, 2007, the Nevada Assembly passed AB No. 127. The bill amends the Nevada Collection Agencies statute, Nev. Rev. Stat. Ann. §§ 649.005 et seq., to permit a person to record a telephone call that:

    • Concerns a claim that is owed or asserted to be owed by the person;
    • Is made by a collection agency or collection agent; and
    • Is received by the person.

    A person who records a telephone call pursuant to the authority described above is not required to (i) obtain the consent of the collection agency or collection agent to record the telephone call or (ii) provide notice to the collection agency or collection agent that the person is recording the telephone call.

    AB No. 127 has been referred to the Nevada Senate Committee on Judiciary. If enacted, the bill would change Nevada’s existing law, which generally requires two-party consent before a person may record a telephone conversation.

    • Margaret Stolar and Chuck Gall