- September 19, 2008
- All Issuing Offices
- Red Flag Rules - Identity Theft Prevention
As of November 1, 2008, it is mandatory that each "financial institution" and "creditor" (as defined in 15 U.S.C.S. § 1681a) have a written Identity Theft Prevention Program. The basis for this requirement is the Fair and Accurate Credit Transactions Act of 2003 (Public Law 108-159) and the regulations issued in connection with this statute. "Financial institutions" and "creditors" include banks, mortgage companies and mortgage brokers. For purposes of this particular statutory requirement, a title company is not a "financial institution" or a "creditor".
As part of their Identity Theft Prevention Program, covered lenders are required to identify Red Flags relevant to their business. (See attached copy of 16 C.F.R. 681.2 and the guidelines in Appendix A to these regulations.) "Red Flag" is defined to be a pattern, practice, or specific activity that indicates the possible existence of identity theft.
Another requirement of each Identity Theft Prevention Program is that the covered lender must exercise "appropriate and effective" oversight of its service providers. A "service provider" is a person that provides a service directly to the financial institution or creditor.
Although title companies do not fit within the definition of a "financial institution" or a "creditor" for purposes of this statute, title companies and others closing real estate loans are service providers. Because you are a "service provider" your lender clients may be contacting you regarding their Identity Theft Prevention Programs and their Red Flags rules.
The guidelines which must be considered by each financial institution and creditor in developing and implementing its Identity Theft Prevention Program are set forth in Appendix A to 16 CFR Part 681, a copy of which is attached. These guidelines provide a framework; however each covered lender is to identify its own Red Flags and implement its own Identity Theft Prevention Program based on what is relevant and appropriate to its particular business and experience. Accordingly, Identity Theft Prevention Programs adopted by different lenders can vary. Your review of these various Programs, including the Red Flags and specific requests from your lender clients, will be on a case-by-case basis keeping in mind the appropriateness and relevancy to your own business and the services you are providing.
16 C.F.R. 681.2 (Click to View)
Guidelines in Appendix A (Click to View)
For on-line viewing of this and other bulletins, please log onto www.vuwriter.com.
THIS BULLETIN IS FURNISHED TO INFORM YOU OF CURRENT DEVELOPMENTS. AS A REMINDER, YOU ARE CHARGED WITH KNOWLEDGE OF THE CONTENT ON VIRTUAL UNDERWRITER AS IT EXISTS FROM TIME TO TIME AS IT APPLIES TO YOU, AS WELL AS ANY OTHER INSTRUCTIONS. OUR UNDERWRITING AGREEMENTS DO NOT AUTHORIZE OUR ISSUING AGENTS TO ENGAGE IN SETTLEMENTS OR CLOSINGS ON BEHALF OF STEWART TITLE GUARANTY COMPANY. THIS BULLETIN IS NOT INTENDED TO DIRECT YOUR ESCROW OR SETTLEMENT PRACTICES OR TO CHANGE PROVISIONS OF APPLICABLE UNDERWRITING AGREEMENTS. CONFIDENTIAL, PROPRIETARY, OR NONPUBLIC PERSONAL INFORMATION SHOULD NEVER BE SHARED OR DISSEMINATED EXCEPT AS ALLOWED BY LAW. IF APPLICABLE STATE LAW OR REGULATION IMPOSES ADDITIONAL REQUIREMENTS, YOU SHOULD CONTINUE TO COMPLY WITH THOSE REQUIREMENTS.