4 pages

English

CBA red flags comment

Voeg - Mbarham

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

4 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

1303 J Street, Suite 600 Sacramento, CA 95814 * 916-438-4404 September 15, 2006 Office of the Comptroller of the Currency, 250 E Street, SW. Public Reference Room, Mail Stop 1–5 Washington, DC 20219 Chief Counsel’s Office, Office of Thrift Supervision 1700 G Street, NW. Washington, DC 20552 Attention: No. 2006–19 Jennifer J. Johnson, Secretary, Board of Governors of the Federal Reserve System 20th Street and Constitution Avenue, NW. Washington, DC 20551 Robert E. Feldman, Executive Secretary, Attention: Comments Federal Deposit Insurance Corporation 550 17th Street, NW. Washington, DC 20429 Re: Proposed Identity Theft Red Flag Guidelines Ladies and Gentlemen: The California Bankers Association (“CBA”) appreciates this opportunity to submit comments regarding the proposal, which is required under provisions of the FACT Act. CBA is a professional nonprofit organization established in 1891 and represents most of the depository financial institutions doing business in the state of California. Introduction Federal Banking Agencies September 15, 2006 Page 2 The industry is well aware of the risks of identity theft to customers and institutions. There is not a bank that is not concerned about the impact of identity theft on customer relations, on earnings, and on the bank’s reputation. So we begin with the proposition that banks are already highly motivated to take precautions to ...

Informations

Publié par	Voeg
Nombre de lectures	31
Langue	English

Extrait

1303 J Street, Suite 600 Sacramento, CA 95814

916-438-4404

September 15, 2006

Office of the Comptroller of

the Currency, 250 E Street, SW.

Public Reference Room, Mail Stop 1–5

Washington, DC 20219

Chief Counsel’s Office,

Office of Thrift Supervision

1700 G Street, NW.

Washington, DC 20552

Attention: No. 2006–19

Jennifer J. Johnson, Secretary,

Board of Governors of the Federal Reserve System

20th Street and Constitution Avenue, NW.

Washington, DC 20551

Robert E. Feldman, Executive

Secretary, Attention: Comments

Federal Deposit Insurance Corporation

550 17th Street, NW.

Washington, DC 20429

Re: Proposed Identity Theft Red Flag Guidelines

Ladies and Gentlemen:

The California Bankers Association (“CBA”) appreciates this opportunity to submit comments

regarding the proposal, which is required under provisions of the FACT Act.

CBA is a

professional nonprofit organization established in 1891 and represents most of the depository

financial institutions doing business in the state of California.

Introduction

Federal Banking Agencies

September 15, 2006

Page 2

The industry is well aware of the risks of identity theft to customers and institutions.

There is

not a bank that is not concerned about the impact of identity theft on customer relations, on

earnings, and on the bank’s reputation.

So we begin with the proposition that banks are already

highly motivated to take precautions to prevent identity theft.

We also acknowledge that it would be helpful for the banking agencies to ensure that all banks

have access to certain guidelines and standards.

We are, however, troubled by the agencies’

unnecessarily heavy-handed approach.

The structure of the proposal has similarities to the Bank

Secrecy Act—banks are required to establish written policies and procedures, conduct an

assessment of risks, establish a monitoring program, establish a training program, and even

obtain board of director approval, thus automatically adding one more bank function that a board

must exercise direct responsibility over.

Can not the goals of the FACT Act be achieved without

imposing yet another rigid regulatory regime?

Banks are already laboring under a multitude of legal and regulatory burdens.

We concur with

the agencies’ intent that any guidelines and regulations must be flexible and risk-based.

But we

believe that the agencies’ approach would not meet this objective.

We urge the agencies to work

with the industry to adopt a less onerous approach to implementation that still assists all banks to

combat ID theft.

Our specific comments follow.

Comments

Litigation risk

One of our chief concerns about the proposal is that it could create a standard of

care that could subject banks to increased civil liability.

The proposal would require banks to

adopt and implement policies to identify red flags, to detect them, and to take steps to mitigate

risks.

Losses from identity theft purportedly run into the billions of dollars annually, and neither

the agencies nor anyone else believes that the proposal would put an end to losses.

But when a

loss does occur and a civil claim is made, a bank may find itself subjected to a raft of new and

difficult questions all based on alleged “violations” of or deviations from regulation.

Indeed,

defendant banks could find themselves having to rebut a presumption that, since a loss occurred,

it must be because of a compliance failure—in other words, failure to meet industry standards.

Written program.

CBA does not believe that the FACT Act requires banks to establish a written

ID prevention program.

Banks already employ such policies and procedures that are part of and

integrated into their financial fraud and risk management efforts.

Some programs are written,

some are not.

Carving out and highlighting ID theft prevention would simply transform banks’

organically-developed practices into regulatory compliance exercises, and at great costs.

would tend to focus examiners’ attention on documentation and thus encourage banks to produce

needless paperwork.

It would be more effective for the agencies to articulate objectives and

allow banks to reach them in any manner suited to their particular circumstances.

(See below).

Board approval.

CBA strenuously opposes mandatory board approval of a written ID theft

prevention program.

The FACT Act does not require it.

A board of directors has the duty to

direct the affairs of the bank and management’s duty is to manage.

The agencies posit no

compelling reason why directors must, as a matter of regulatory policy, become directly

Federal Banking Agencies

September 15, 2006

Page 3

involved, and why management is presumed not to be able to give this issue adequate attention

without involving the board.

Board approval of a comprehensive, written program such as

contemplated here entails extensive preparation work and documentation by management and

would consume more time and attention from increasingly busy boards.

Regulation by objective.

In light of banks’ historical and inherent interests in combating fraud of

all types, we suggest that a more reasonable approach is for the agencies to articulate objectives

for banks to reach without mandating inflexible processes and procedures that must be followed.

At places, the proposed guidelines are static and prescriptive.

For example, banks would be

expected to produce and, presumably, document a reasonable basis for concluding that a listed

red flag does not evidence a risk of identity theft.

This approach ignores not only banks’ vastly divergent experiences, but also the fact that crooks

constantly change the way they operate, and that they respond to banks’ defensive measures.

Requiring banks to justify any change in the type of red flags that they monitor simply creates

needless work and time-consuming paperwork.

It may even set banks up for liability if, in

hindsight, the bank is found to have “guessed wrong” in changing its list.

Relation to business accounts.

The proposed definitions of “account” and “customer” are too

broad and not mandated by the FACT Act.

The guidelines and regulation should be limited in

scope to consumer financial services.

We suggest that the agencies not attempt to craft a

definition of “account,” as that term is already defined inconsistently in several regulations, both

state (e.g., UCC) and federal (Regulation E, Regulation Z, Regulation J, Regulation DD, etc.).

The agencies should clarify that the proposed guidelines are not extended to business and

commercial accounts.

Staff training.

There being no statutory basis for the agencies to require staff training, we urge

that the relevant provisions are withdrawn.

Once the agencies articulate policy objectives, it is

up to the banks to comply.

Specifically requiring training would only generate an additional

layer of regulatory burden and paperwork.

As discussed above, banks have sufficient incentives

to ensure that appropriate staff is trained.

Service provider oversight.

Similarly, we do not believe it is necessary to address service

provider arrangements.

The FACT Act does not address this issue.

There is no doubt that if a

bank delegates any of its operations to a third party that it will remain responsible for related

regulatory compliance.

Again, writing specific duties into regulation only generates extra work

for banks and examiners.

Listing of red flags.

The industry appreciates the agencies’ work in identifying potential red

flags, in essence, acting as a clearinghouse of current fraud trends.

But we caution against

attaching any duties on banks, as proposed, to adopt them formally into their programs or justify

their exclusion.

Such an approach would only require banks to enshrine a static list into their

policies and procedures regardless of their relevance.

It would also make banks less nimble in

managing fraud risks.

Many of the red flags either are too general or presumes capabilities that

most banks may not have.

Federal Banking Agencies

September 15, 2006

Page 4

For example, red flag number three cites information in a consumer report indicating “a pattern

of activity that is inconsistent with the history and usual pattern of activity of an applicant or

customer.”

Examples include a significant increase in the volume of inquiries, an unusual

number of recently established credit relationships, changes in the use of credit, and account

closures for cause.

The agencies have not demonstrated that these factors are indicative of

identity theft.

We believe the list would generate too many false positives to be useful, in part

because such factors are probably more indicative of financial stress or lack of creditworthiness

than ID theft.

Conclusion

For the reasons stated above, CBA requests that the agencies revise the proposal by giving banks

more flexibility in achieving clear objectives, and by eliminating those provisions that are not

specifically required by the FACT Act.

Banks are highly motivated to prevent ID theft and all

other forms of fraud.

This proposal merely makes banks more vulnerable to civil liability, adds

tremendous regulatory burdens without making banks more prepared, and could even hamper

risk management efforts with is rigid and cumbersome approach.

Please do not hesitate to

contact me if you have any comments or questions.

Univers
Ebooks
Livres audio
Presse
Podcasts
BD
Documents

Livre audio en ligne - Développement personnel Livre en ligne Tout le catalogue Tous les Intérêts

CBA red flags comment

YouScribe

Le catalogue

Le service

Les conditions