Transferred OTS Regulations Regarding Fair Credit Reporting and Amendments; Amendment to the “Creditor” Definition in Identity Theft Red Flags Rule; Removal of FDIC Regulations Regarding Fair Credit Reporting Transferred to the Consumer Financial Protection Bureau, 5069-5076 [2015-01499]

Agencies

• FEDERAL DEPOSIT INSURANCE CORPORATION

[Federal Register Volume 80, Number 20 (Friday, January 30, 2015)]
[Proposed Rules]
[Pages 5069-5076]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2015-01499]


-----------------------------------------------------------------------

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Parts 334 and 391

RIN 3064-AE29


Transferred OTS Regulations Regarding Fair Credit Reporting and 
Amendments; Amendment to the ``Creditor'' Definition in Identity Theft 
Red Flags Rule; Removal of FDIC Regulations Regarding Fair Credit 
Reporting Transferred to the Consumer Financial Protection Bureau

AGENCY: Federal Deposit Insurance Corporation.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: In this notice of proposed rulemaking (Proposed Rule), the 
Federal Deposit Insurance Corporation (FDIC) proposes to make several 
amendments to its regulations covering ``Fair Credit Reporting.''
    First, the FDIC proposes to rescind and remove from the Code of 
Federal Regulations 12 CFR part 391, subpart C (part 391, subpart C), 
entitled ``Fair Credit Reporting.'' This subpart was included in the 
regulations that were transferred to the FDIC from the Office of Thrift 
Supervision (OTS) in connection with the implementation of applicable 
provisions of title III of the Dodd-Frank Wall Street Reform and 
Consumer Protection Act (Dodd-Frank Act). The requirements for State 
savings associations in part 391, subpart C are substantively similar 
to those in the

[[Page 5070]]

FDIC's 12 CFR part 334 (part 334), also entitled ``Fair Credit 
Reporting,'' and is applicable for all insured depository institutions 
(``IDIs'') for which the FDIC has been designated the appropriate 
Federal banking agency.
    The FDIC proposes to modify the scope of 12 CFRs 334.1(b), 
334.90(a), and 334.91(a) to include State savings associations and 
their subsidiaries to conform to the scope of the FDIC's current 
supervisory responsibilities as the appropriate Federal banking agency. 
The FDIC also proposes to add new subsections to define ``State savings 
association'' as having the same meaning as in section 3(b)(3) of the 
Federal Deposit Insurance Act (FDI Act).
    Second, the FDIC proposes to amend the definitional portion of its 
Identity Theft Red Flags regulations to be in conformance with the Red 
Flag Program Clarification Act of 2010.
    Third, the FDIC proposes to rescind and remove from the Code of 
Federal Regulations those portions of the FDIC's ``Fair Credit 
Reporting'' regulations where the rule writing authority was provided 
to the Consumer Financial Protection Bureau (``CFPB'') in the Dodd-
Frank Act. The FDIC will continue to examine for and enforce violations 
of these regulations for all IDIs for which the FDIC has been 
designated the appropriate Federal banking agency.
    Consistent with this part of the proposal, the FDIC also proposes 
to make a technical change in one provision in its version of the 
Interagency Guidelines on Identity Theft Detection, Prevention, and 
Mitigation.

DATES: Comments must be received on or before March 31, 2015.

ADDRESSES: You may submit comments by any of the following methods:
     FDIC Web site: https://www.fdic.gov/regulations/laws/federal. Follow instructions for submitting comments on the agency Web 
site.
     FDIC Email: Comments@fdic.gov. Include RIN #3064-AE29 on 
the subject line of the message.
     FDIC Mail: Robert E. Feldman, Executive Secretary, 
Attention: Comments, Federal Deposit Insurance Corporation, 550 17th 
Street NW., Washington, DC 20429.
     Hand Delivery to FDIC: Comments may be hand-delivered to 
the guard station at the rear of the 550 17th Street building (located 
on F Street) on business days between 7 a.m. and 5 p.m.
    Please include your name, affiliation, address, email address, and 
telephone number(s) in your comment. Where appropriate, comments should 
include a short Executive Summary consisting of no more than five 
single-spaced pages. All statements received, including attachments and 
other supporting materials, are part of the public record and are 
subject to public disclosure. You should submit only information that 
you wish to make publicly available.

    Please note:  All comments received will be posted generally 
without change to https://www.fdic.gov/regulations/laws/federal/, 
including any personal information provided. Paper copies of public 
comments may be requested from the Public Information Center by 
telephone at 1-877-275-3342 or 1-703-562-2200.


FOR FURTHER INFORMATION CONTACT: Sandra Barker, Senior Policy Analyst, 
Division of Depositor and Consumer Protection, (202) 898-3615; Jeffrey 
Kopchik, Senior Policy Analyst, Division of Risk Management 
Supervision, (703) 254-0459; Richard M. Schwartz, Counsel, Legal 
Division, (202) 898-7424.

SUPPLEMENTARY INFORMATION: 

I. Proposed Removal of Transferred OTS Regulations Regarding Fair 
Credit Reporting and Amendments to 12 CFR Part 334 of FDIC's Rules and 
Regulations

A. Background

The Dodd-Frank Act
    The Dodd-Frank Act \1\ provided for a substantial reorganization of 
the regulation of State and Federal savings associations and their 
holding companies. Beginning July 21, 2011, the transfer date 
established by section 311 of the Dodd-Frank Act, codified at 12 U.S.C. 
5411, the powers, duties, and functions formerly performed by the OTS 
were divided among the FDIC, as to State savings associations, the 
Office of the Comptroller of the Currency (OCC), as to Federal savings 
associations, and the Board of Governors of the Federal Reserve System 
(FRB), as to savings and loan holding companies.\2\ Section 316(b) of 
the Dodd-Frank Act, codified at 12 U.S.C. 5414(b), provided the manner 
of treatment for all orders, resolutions, determinations, regulations, 
and advisory materials that had been issued, made, prescribed, or 
allowed to become effective by the OTS. The section provided that if 
such materials were in effect on the day before the transfer date, they 
continue to be in effect and are enforceable by or against the 
appropriate successor agency until they are modified, terminated, set 
aside, or superseded in accordance with applicable law by such 
successor agency, by any court of competent jurisdiction, or by 
operation of law.
---------------------------------------------------------------------------

    \1\ Dodd-Frank Wall Street Reform and Consumer Protection Act, 
Public Law 111-203, 124 Stat. 1376 (2010).
    \2\ Section 312 of the Dodd-Frank Act, codified at 12 U.S.C. 
5412.
---------------------------------------------------------------------------

    Section 316(c) of the Dodd-Frank Act, codified at 12 U.S.C. 
5414(c), further directed the FDIC and the OCC to consult with one 
another and to publish a list of the continued OTS regulations that 
would be enforced by the FDIC and the OCC, respectively. On June 14, 
2011, the FDIC's Board of Directors approved a ``List of OTS 
Regulations to be Enforced by the OCC and the FDIC Pursuant to the 
Dodd-Frank Wall Street Reform and Consumer Protection Act.'' This list 
was published by the FDIC and the OCC as a Joint Notice in the Federal 
Register on July 6, 2011.\3\
---------------------------------------------------------------------------

    \3\ 76 FR 39247 (July 6, 2011).
---------------------------------------------------------------------------

    Although section 312(b)(2)(B)(i)(II) of the Dodd-Frank Act, 
codified at 12 U.S.C. 5412(b)(2)(B)(i)(II), granted the OCC rulemaking 
authority relating to both State and Federal savings associations, 
nothing in the Dodd-Frank Act affected the FDIC's existing authority to 
issue regulations under the FDI Act and other laws as the ``appropriate 
Federal banking agency'' or under similar statutory terminology. 
Section 312(c) of the Dodd-Frank Act amended the definition of 
``appropriate Federal banking agency'' contained in section 3(q) of the 
FDI Act, 12 U.S.C. 1813(q), to add State savings associations whose 
deposits are insured by the FDIC (``State savings associations'') to 
the list of entities for which the FDIC is designated as the 
``appropriate Federal banking agency.'' As a result, when the FDIC acts 
as the designated ``appropriate Federal banking agency'' (or under 
similar terminology) for State savings associations, as it does here, 
the FDIC is authorized to issue, modify and rescind regulations 
involving such associations, as well as for State nonmember banks and 
insured branches of foreign banks.
    As noted, on June 14, 2011, pursuant to this authority, the FDIC's 
Board of Directors reissued and redesignated certain transferring 
regulations of the former OTS. These transferred OTS regulations were 
published as new FDIC regulations in the Federal Register on August 5, 
2011.\4\ When it republished the transferred OTS regulations as new 
FDIC regulations, the FDIC specifically noted that its staff would 
evaluate the transferred OTS rules and might later recommend 
incorporating the transferred OTS regulations into other

[[Page 5071]]

FDIC rules, amending them, or rescinding them, as appropriate.
---------------------------------------------------------------------------

    \4\ 76 FR 47652 (Aug. 5, 2011).
---------------------------------------------------------------------------

    One of the OTS rules transferred to the FDIC governed OTS oversight 
of the Fair Credit Reporting regulations, which implemented the Fair 
Credit Reporting Act (FCRA),\5\ in the context of State savings 
associations. The OTS rule, formerly found at 12 CFR part 571, was 
transferred to the FDIC \6\ and is now found in the FDIC's rules at 
part 391, subpart C, entitled ``Fair Credit Reporting.'' Before the 
transfer of the OTS rules and continuing today, the FDIC's rules 
contained part 334, also entitled ``Fair Credit Reporting,'' a rule 
governing FDIC regulation with respect to IDIs for which the FDIC has 
been designated the appropriate Federal banking agency. After careful 
review and comparison of part 391, subpart C and part 334, the FDIC 
proposes to rescind part 391, subpart C, because, as discussed below, 
it is substantively redundant to existing part 334 and simultaneously 
we propose to make technical conforming edits to our existing rule.
---------------------------------------------------------------------------

    \5\ 15 U.S.C. 1681a, et seq.
    \6\ The Dodd-Frank Act transferred the rule-writing authority of 
several parts of the ``Fair Credit Reporting'' regulations contained 
in parts 334 and 571, as well as the regulations of the OCC, FRB, 
and National Credit Union Administration (``NCUA''), to the newly 
created CFPB. See sections 1061 and 1088, codified at 12 U.S.C. 
5581, 15 U.S.C. 1666. When the OTS regulations for state savings 
associations were transferred to part 391, only those portions of 
the regulation that were retained by the FDIC were included.
---------------------------------------------------------------------------

B. FDIC's Existing 12 CFR Section 334.2 and Former OTS's 12 CFR Section 
571.2 (Transferred to FDIC's Part 391, Subpart C, as 12 CFR Section 
391.20)

    On November 22, 2005, the FDIC, OTS, OCC, FRB and NCUA (``the 
Agencies'') jointly published rules in the Federal Register \7\ to 
implement section 411 of the Fair and Accurate Credit Transactions Act 
of 2003 (FACT Act),\8\ which amended section 604 of the FCRA.\9\ 
Section 411 of the FACT Act generally limited the ability of creditors 
to obtain and use medical information in connection with credit 
eligibility determinations and the ability of consumer reporting 
agencies to disclose medical information, as well as restricting the 
sharing of medical information and other medically related information 
with affiliates.\10\ That section required the Agencies to issue 
regulations on several aspects related to the medical privacy 
amendment.
---------------------------------------------------------------------------

    \7\ 70 FR 70664 (Nov. 22, 2005).
    \8\ Public Law 108-159, 117 Stat. 1952, 1999-2002 (2003).
    \9\ 15 U.S.C. 1681b.
    \10\ 70 FR 70664 (Nov. 22, 2005).
---------------------------------------------------------------------------

    Although Dodd-Frank Act transferred the 2005 medical privacy 
regulations to the CFPB, as discussed below, the Agencies issued a 
regulation in the ``General Provisions'' portion of the Fair Credit 
Reporting regulations that remains in effect in the Agencies' 
regulations today.
    That regulation related to ``examples'' issued in any regulation in 
the Fair Credit Reporting part. The OTS regulation, stated: ``The 
examples in this part are not exclusive. Compliance with an example, to 
the extent applicable, constitutes compliance with this part. Examples 
in a paragraph illustrate only the issue described in the paragraph and 
do not illustrate any other issue that may arise in this part.'' \11\ 
The concurrently issued FDIC regulation contains identical 
language.\12\
---------------------------------------------------------------------------

    \11\ 12 CFR 571.2.
    \12\ 12 CFR 334.2.
---------------------------------------------------------------------------

    The OTS regulation issued at section 391.20 was amended slightly 
because it was placed in a subpart of section 391: The word ``part'' 
was replace by ``subpart.'' Nevertheless, the portion of the OTS 
regulation that applied to State savings associations and their 
subsidiaries, originally codified at 12 CFR part 571 and subsequently 
transferred to FDIC's part 391, subpart C, is substantively similar to 
the current FDIC regulations codified at 12 CFR part 334. Therefore, to 
eliminate redundancy and streamline its regulations, the FDIC will 
rescind section 391.20.

C. FDIC's Existing 12 CFR Section 334.83 and Former OTS's 12 CFR 
Section 571.83 (Transferred to FDIC's Part 391, Subpart C, as 12 CFR 
Section 391.21)

    Section 216 of the FACT Act added a new section 628 to the FCRA 
that, in general was designed to protect a consumer against the risks 
associated with the unauthorized access to information about a consumer 
contained in a consumer report, such as fraud and related crimes 
including identity theft.\13\ Specifically, section 216 required each 
of the Agencies, including the Federal Trade Commission (FTC), to adopt 
a regulation with respect to the entities subject to its enforcement 
authority ``requiring any person that maintains or otherwise possesses 
consumer information, or any compilation of consumer information, 
derived from a consumer report for a business purpose to properly 
dispose of any such information or compilation.'' \14\ The FDIC, OCC, 
FRB and OTS jointly published their rules in the Federal Register on 
December 28, 2004.\15\ The FDIC and OTS regulations were identical.\16\ 
Neither regulation contained a scope provision, because each regulation 
referred to the respective agency's version of the Interagency 
Guidelines Establishing Information Security Standards, which itself 
contained a scope provision.\17\
---------------------------------------------------------------------------

    \13\ Public Law 108-159, 117 Stat. at 1985-86; 15 U.S.C. 1681w.
    \14\ Id.
    \15\ 69 FR 77610 (Dec. 28, 2004).
    \16\ 12 CFR 334.83, 571.83 (2004).
    \17\ Id. (both regulations stated, in relevant part, ``You must 
properly dispose of any consumer information that you maintain or 
otherwise possess in accordance with the Interagency Guidelines 
Establishing Information Security Standards . . . to the extent the 
Guidelines are applicable to you.''). Both the FDIC's and the OTS's 
Interagency Guidelines were placed in the Safety and Soundness 
regulations, parts 364 and 570, respectively.
---------------------------------------------------------------------------

    In 2007, the Agencies jointly issued rules pursuant to section 114 
of the FACT Act, which dealt with identity theft ``red flag'' rules and 
rules on the duties of credit card issuers to validate notifications of 
changes of address under certain circumstances,\18\ as discussed in 
more detail below. Although those regulations were nearly identical 
from agency to agency, the OTS unilaterally amended its disposal 
regulation, as part of that rulemaking, to include a scope 
provision.\19\ The OTS explained that that amendment was nonsubstantive 
and technical in nature, caused by the placement of the address 
discrepancy regulation in the same subpart as the disposal 
regulation.\20\ No other Agency amended its disposal regulation.
---------------------------------------------------------------------------

    \18\ 72 FR 63718 (Nov. 9, 2007). That rulemaking also included 
rules issued pursuant to section 315 of the FACT Act, which required 
the Agencies to issue joint regulations that provide guidance 
regarding reasonable policies and procedures that a user of a 
consumer report should employ when the user receives a notice of an 
address discrepancy. The rule-writing authority for that rule was 
given to the CFPB in the Dodd-Frank Act.
    \19\ See 12 CFR 571.83(a) (2007).
    \20\ 72 FR at 63739.
---------------------------------------------------------------------------

    After careful comparison of the FDIC's disposal regulation with the 
transferred OTS rule in part 391, subpart C, the FDIC has concluded 
that, with the exception of the scope provision, which now includes 
``State savings associations whose deposits are insured by the Federal 
Deposit Insurance Corporation,'' \21\ the transferred OTS rule is 
substantively redundant. Therefore, based on the foregoing, the

[[Page 5072]]

FDIC proposes to rescind and remove from the Code of Federal 
Regulations the rule located at part 391, subpart C and to make minor 
conforming changes to incorporate State savings associations.
---------------------------------------------------------------------------

    \21\ The scope provision of the original 2007 amendment covered 
all savings associations with deposits insured by the FDIC and 
Federal savings associations' operating subsidiaries. When the OTS 
disposal regulation was transferred to section 391.21, it was 
amended to state that the scope provision applies to ``State savings 
associations whose deposits are insured by the Federal Deposit 
Insurance Corporation,'' consistent with the authority given to the 
FDIC in the Dodd-Frank Act.
---------------------------------------------------------------------------

    There are several ways to deal with this technical difference 
between the FDIC and the OTS disposal regulations, including adding a 
scope provision to the FDIC's disposal regulation at section 334.83, an 
idea that was not proposed back in 2007. Instead, because of the direct 
reference in the disposal regulation to the Interagency Guidelines 
Establishing Information Security Standards, the FDIC is proposing, 
through a separate notice of proposed rulemaking relating to the FDIC's 
Safety and Soundness regulations, 12 CFR part 364, to be issued 
shortly, a change in the scope provision of the FDIC's version to cover 
State savings associations.
    As a backstop for this and any future fair credit regulations, the 
FDIC is also proposing a change to section 334.1(b), the general scope 
provision of the FDIC's Fair Credit Reporting regulations, to cover 
State savings associations. The FDIC also proposes to add a definition 
of ``State savings association'' to section 334.3. That definition 
would have the same meaning as in section 3(b)(3) of the FDI Act, 12 
U.S.C. 1813(b)(3).\22\
---------------------------------------------------------------------------

    \22\ ``The term `State savings association' means-- (A) any 
building and loan association, savings and loan association, or 
homestead association; or (B) any cooperative bank (other than a 
cooperative bank which is a State bank as defined in subsection 
(a)(2) of this section), which is organized and operating according 
to the laws of the State (as defined in subsection (a)(3) of this 
section) in which it is chartered or organized.'' 12 U.S.C. 
1813(b)(3).
---------------------------------------------------------------------------

D. FDIC's Existing 12 CFR Sections 334.90 and 334.91 and Part 334, 
Appendix J, and Former OTS's 12 CFR Sections 571.82 and 571.90 and Part 
571, Appendix J (Transferred to FDIC's Part 391, Subpart C, as 12 CFR 
Sections 391.22 and 391.23 and Part 391, Subpart C, Appendix)

    As discussed above (and in some detail below), the Agencies, in 
2007, jointly issued rules pursuant to section 114 of the FACT Act, 
which dealt with identity theft ``red flag'' rules and rules on the 
duties of credit card issuers to validate notifications of changes of 
address under certain circumstances.\23\ In addition to the rules 
required in section 114, the Agencies also jointly issued Interagency 
Guidelines on Identity Theft Detection, Prevention, and Mitigation.
---------------------------------------------------------------------------

    \23\ 72 FR 63718 (Nov. 9, 2007).
---------------------------------------------------------------------------

    The FDIC's ``red flag'' rule, styled as ``duties regarding the 
detection, prevention, and mitigation of identity theft,'' was issued 
as section 334.90. The concurrently issued OTS rule was issued as 
section 571.90. That rule was later transferred to the FDIC rules as 
section 391.22. Apart from their scope provisions, the FDIC and the OTS 
``red flag'' rules are substantively identical. As with the disposal 
rule, the scope of the transferred OTS rule covers ``a State savings 
association whose deposits are insured by the Federal Deposit Insurance 
Corporation.'' \24\
---------------------------------------------------------------------------

    \24\ 12 CFR 391.22(a).
---------------------------------------------------------------------------

    The FDIC's ``duties of card issuers regarding changes of address'' 
regulation was issued as section 334.91. The concurrently issued OTS 
rule was issued as section 571.91. That rule was later transferred to 
the FDIC rules as section 391.23. As with the ``red flag'' rules, apart 
from their scope provisions, the FDIC and OTS change of address rules 
are substantively identical. The OTS rule covers ``an issuer of a debit 
or credit card (card issuer) that is a State savings association whose 
deposits are insured by the Federal Deposit Insurance Corporation.'' 
\25\
---------------------------------------------------------------------------

    \25\ 12 CFR 391.23(a).
---------------------------------------------------------------------------

    Finally, the FDIC's Interagency Guidelines on Identity Theft 
Detection, Prevention, and Mitigation was issued as part 334, appendix 
J. The concurrently issued OTS guidelines were issued as part 571, 
appendix J. Those guidelines were later transferred to the FDIC rules 
as part 391, subpart C, appendix. The FDIC and the OTS guidelines are 
substantively identical.
    After careful comparison of the FDIC's rules and guidelines with 
the transferred OTS rules and guidelines in part 391, subpart C, the 
FDIC has concluded that, with the exception of the scope provisions, as 
set out above, the transferred OTS rules and guidelines are 
substantively redundant. Therefore, based on the foregoing, the FDIC 
proposes to rescind and remove from the Code of Federal Regulations the 
rules located at sections 391.22 and 391.23 and guidelines located at 
part 391, subpart C, appendix, and to make minor conforming changes to 
incorporate State savings associations.

II. Proposed Amendments to Fair Credit Red Flag Identity Theft Rule and 
Guidelines

    As discussed above, on November 9, 2007, the FDIC, OCC, FRB, NCUA, 
OTS, and FTC published final rules and guidelines \26\ to implement the 
identity theft red flags provisions of section 114 of the FACT Act.\27\ 
In addition to these agencies, the Commodity Futures Trading Commission 
(CFTC) and the Securities and Exchange Commission (SEC) obtained 
rulemaking authority for these regulations under section 615 of the 
FCRA, as amended by section 1088 of the Dodd-Frank Act.
---------------------------------------------------------------------------

    \26\ 72 FR 63718 (Nov. 9, 2007).
    \27\ 15 U.S.C. 1681m(e).
---------------------------------------------------------------------------

    Section 615 directed the covered Agencies to issue joint 
regulations and guidelines requiring ``financial institutions'' and 
``creditors'' to develop and implement a written identity theft program 
to identify, detect, and respond to possible risks of identity theft 
relevant to them.
    The 2007 final interagency rule (the Red Flags Rule) \28\ included 
a definition of ``financial institution,'' as set forth in in section 
603(t) of the FCRA, as amended in section 111 of the FACT Act.\29\ That 
term includes ``a State or National bank, a State or Federal savings 
and loan association, a mutual savings bank, a State or Federal credit 
union, or any other person that, directly or indirectly, holds a 
transaction account (as defined in section 19(b) of the Federal Reserve 
Act) belonging to a consumer.'' \30\
---------------------------------------------------------------------------

    \28\ 12 CFR 334.90(b)(7).
    \29\ 15 U.S.C. 1681a(t).
    \30\ Id.
---------------------------------------------------------------------------

    The Red Flags Rule \31\ also included a definition of ``creditor,'' 
as set forth in section 603(r)(5) of the FCRA, as amended in section 
111 of the FACT Act.\32\ That definition referenced the definition of 
``creditor'' in section 702 of the Equal Credit Opportunity Act 
(``ECOA''). The ECOA defines the term ``creditor'' broadly as ``any 
person who regularly extends, renews, or continues credit; any person 
who regularly arranges for the extension, renewal, or continuation of 
credit; or any assignee of an original creditor who participates in the 
decision to extend, renew or continue credit.'' \33\ The ECOA further 
defines ``credit'' as ``the right granted by a creditor to a debtor to 
defer payment of debt or to incur debts and defer its payment or to 
purchase property or services and defer payment therefor.'' \34\ 
Regulation B, promulgated under the ECOA, defines ``credit'' in similar 
terms: ``the right granted by a creditor to an applicant to defer 
payment of a debt, incur debt and defer its payment, or purchase 
property or services and defer payment therefor.'' \35\
---------------------------------------------------------------------------

    \31\ 12 CFR 334.90(b)(5).
    \32\ 15 U.S.C. 1681a(r)(5).
    \33\ 15 U.S.C. 1691a(e).
    \34\ 15 U.S.C. 1691a(d).
    \35\ 12 CFR 1002.2(j).
---------------------------------------------------------------------------

    The current FDIC definition of ``creditor'' also expressly includes 
``lenders such as banks, finance companies, automobile dealers,

[[Page 5073]]

mortgage brokers, utility companies, and telecommunications 
companies,'' \36\ the same definition as the joint rules issued by the 
OCC, FRB, OTS and FTC.
---------------------------------------------------------------------------

    \36\ 12 CFR 334.90(b)(5).
---------------------------------------------------------------------------

    Since the scope of the FDIC's red flag regulation covers ``an 
insured state nonmember bank, or a subsidiary of such entities (except 
brokers, dealers, persons providing insurance, investment companies, 
and investment advisors),'' \37\ the vast majority, but not all, of the 
entities covered by the FDIC regulation fall under the ``financial 
institutions'' definition.\38\
---------------------------------------------------------------------------

    \37\ 12 CFR 334.90(a).
    \38\ This result would be the same if the new scope provision of 
the Red Flags Rule as proposed in this notice of proposed 
rulemaking--which would add ``a State savings association whose 
deposits are insured by the Federal Deposit Insurance 
Corporation''--is finalized.
---------------------------------------------------------------------------

    In contrast, the vast majority of the entities supervised by the 
FTC's rule would be covered by the statutory ``creditor'' definition. 
As such, the FTC had issued guidance on the scope of that definition. 
For example, in a set of answers to frequently asked questions issued 
in June, 2009, the FTC stated: ``Under the [Red Flags Rule], the 
definition of `creditor' is broad and includes businesses or 
organizations that regularly provide goods or services first and allow 
customers to pay later. . . . Examples of groups that may fall within 
this definition are utilities, health care providers, lawyers, 
accountants, and other professionals, and telecommunications 
companies.'' \39\ The FTC had also stated in the preamble to the final 
Red Flags Rule that a ``broad scope of entities'' was covered.\40\ 
Similar guidance was provided in policy statements issued in 2008 and 
early 2009.\41\ This guidance led to a law suit brought by the American 
Bar Association against the FTC alleging that the application of the 
rules to attorneys exceeded FTC's authority. Similar complaints were 
brought by the American Medical Association and other professionals.
---------------------------------------------------------------------------

    \39\ See American Bar Ass'n v. Federal Trade Comm'n (``ABA v. 
FTC''), 671 F. Supp. 2d 64, 70 (D.D.C. 2009) (quoting Red Flags 
Rule: Frequently Asked Questions, https://www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm (since amended)), vacated as moot, 
636 F.3d 641 (D.C. Cir. 2011).
    \40\ 72 FR at 63741.
    \41\ See ABA v. FTC, 671 F. Supp. 2d at 69-70.
---------------------------------------------------------------------------

    In December 2010, Congress enacted the Red Flag Program 
Clarification Act (Clarification Act), 15 U.S.C. 1681m(e)(4), which 
narrowed the scope of entities covered as ``creditors'' under the Red 
Flags Rule.\42\ The Clarification Act retained the ECOA definition of 
``creditor,'' but generally limited the application of the Red Flags 
Rule to those ECOA creditors that ``regularly and in the ordinary 
course of business'' engaged in at least one of the following three 
types of conduct:
---------------------------------------------------------------------------

    \42\ Pub. L. 111-319, 124 Stat. 3457 (2010).
---------------------------------------------------------------------------

    1. Obtaining or using consumer reports, directly or indirectly, in 
connection with a credit transaction; \43\
---------------------------------------------------------------------------

    \43\ 15 U.S.C. 1681m(e)(4)(A)(i).
---------------------------------------------------------------------------

    2. Furnishing information to consumer reporting agencies in 
connection with a credit transaction; \44\ or
---------------------------------------------------------------------------

    \44\ 15 U.S.C. 1681m(e)(4)(A)(ii).
---------------------------------------------------------------------------

    3. Advancing funds to or on behalf of a person, based on an 
obligation of the person to repay the funds or repayable from specific 
property pledged by or on behalf of the person.\45\
---------------------------------------------------------------------------

    \45\ 15 U.S.C. 1681m(e)(4)(A)(iii).
---------------------------------------------------------------------------

    The Clarification Act also expressly excluded creditors that 
advanced funds on behalf of a person for expenses incidental to a 
service provided by the creditor to that person.\46\
---------------------------------------------------------------------------

    \46\ 15 U.S.C. 1681m(e)(4)(B).
---------------------------------------------------------------------------

    Finally, in addition to limiting the scope of coverage for 
``creditors'' by creating these specified categories, the Clarification 
Act empowered the Agencies to determine through a future rulemaking 
whether to include any other type of creditor that offers or maintains 
accounts that are subject to a reasonably foreseeable risk of identity 
theft.\47\
---------------------------------------------------------------------------

    \47\ 15 U.S.C. 1681m(e)(4)(C).
---------------------------------------------------------------------------

    When amending its Red Flag ``creditor'' definition in 2012, the FTC 
choose not to use its discretionary rulemaking to extend coverage of 
the Red Flags Rule to additional creditors and merely cited to the 
Clarification Act statutory definition.\48\ The FDIC is now proposing a 
similar result, to amend the ``creditor'' definition in its Red Flags 
Rule to expressly cite to the Clarification Act statutory provision, 15 
U.S.C. 1681m(e)(4).
---------------------------------------------------------------------------

    \48\ See 77 FR 72712 (Dec. 6, 2012).
---------------------------------------------------------------------------

    The FDIC has conferred with staff from the other Federal banking 
agencies, who do not object to the issuance of this notice of proposed 
rulemaking to amend the Red Flags Rule to conform it to the 
Clarification Act. In May, 2014, both the OCC and the Federal Reserve 
Board issued final rules making the conforming change.\49\ The SEC and 
CFTC have previously issued final rules under section 615 of FCRA that 
included a definition of ``creditor'' as set forth in the Clarification 
Act.\50\
---------------------------------------------------------------------------

    \49\ See 79 FR 28393, 28400 (May 16, 2014) (OCC); 79 FR 30709, 
30711 (May 29, 2014) (Federal Reserve Board).
    \50\ See 78 FR 23638 (Apr. 19, 2013) (SEC and CFTC joint final 
rules; the CFTC ``creditor'' definition cited the Clarification Act 
provision, but also specifically listed the covered entities).
---------------------------------------------------------------------------

    The FDIC is also proposing a technical amendment to supplement A to 
the guidelines that accompanied the Red Flags Rule consistent with the 
proposal, discussed below, to vacate the FDIC Fair Credit Reporting 
regulations with rule writing authority transferred to the CFPB.\51\ In 
supplement A, the Agencies provided a list of red flags to be 
considered by the entities covered by the rule. One of those red flags 
was ``[a] consumer reporting agency provides a notice of address 
discrepancy, as defined in Sec.  334.82(b) of this part.'' \52\ Since 
the FDIC is proposing to vacate its regulation at 12 CFR 334.82, the 
FDIC is proposing to change the citation in that red flag to the CFPB 
regulation: Sec.  1022.82(b).
---------------------------------------------------------------------------

    \51\ 12 CFR part 334, supplement A to appendix J.
    \52\ Id. at 3.
---------------------------------------------------------------------------

III. Proposed Removal of FDIC Fair Credit Regulations Transferred to 
the Consumer Financial Protection Bureau

    In amending the FCRA, the FACT Act gave the FDIC, along with the 
other Federal banking regulators (and, in some cases, the FTC and the 
SEC), rule writing authority for a variety of Fair Credit Reporting 
regulations. Since 2004, those regulations have been promulgated on an 
inter-agency basis as follows:
     2004: Disposal of Consumer Information, 12 CFR 334.83, 
implementing FACT Act section 216 (FCRA section 628 (15 U.S.C. 1681w));
     2005: Medical Information, 12 CFR part 334, subpart D, 
implementing FACT Act section 411 (FCRA section 604(g)(5) (15 U.S.C. 
1681b(g)(5));
     2007: Affiliate Marketing, 12 CFR part 334, subpart C and 
appendix C, implementing FACT Act section 214 (FCRA section 624 note 
(15 U.S.C. 1681s-3 note));
     2007: Identity Theft Red Flags, 12 CFR part 334, subpart J 
and appendix J, implementing FACT Act section 114 (FCRA section 615(e) 
(15 U.S.C. 1681m(e)); \53\
---------------------------------------------------------------------------

    \53\ As amended by the Clarification Act. See discussion above.
---------------------------------------------------------------------------

     2007: Address Discrepancy, 12 CFR 334.82, implementing 
FACT Act section 315 (FCRA section 605(h) (15 U.S.C. 1681c(h)); and
     2009: Duties of Furnishers of Information, 12 CFR part 
334, subpart E and appendix E, implementing FACT Act section 312 (FCRA 
section 623(e) (15 U.S.C. 1681S-2(e)).
    Title X of the Dodd-Frank Act amended a number of consumer 
financial protection laws, including provisions of the FCRA. In 
addition to substantive amendments, the Dodd-

[[Page 5074]]

Frank Act transferred rulemaking authority from the FDIC, FRB, OCC, 
FTC, NCUA, and OTS for several provisions of the ``Fair Credit 
Reporting'' regulations to the CFPB, effective July 21, 2011.\54\ These 
include the following regulations listed above: Medical information; 
affiliate marketing; address discrepancy; and duties of furnishers of 
information. Those regulations were covered under 12 CFR part 334 parts 
C, D, and E, as well as 12 CFR 334.82 in subpart I. The transfer also 
included the related Appendices, 12 CFR part 334, Appendices C and E. 
On December 21, 2011, the CFPB published in the Federal Register an 
interim final rule Regulation V, which implemented the Dodd-Frank Act 
amendments to the FCRA with regard to those regulations and appendices.
---------------------------------------------------------------------------

    \54\ See sections 1061 and 1088 of the Dodd-Frank Act.
---------------------------------------------------------------------------

    As discussed above, the Dodd-Frank Act did not transfer all 
rulemaking authority under the FCRA. Specifically, the Act did not 
transfer to the CFPB the authority to promulgate: Rules on the disposal 
of consumer information; \55\ rules on identity theft red flags and 
corresponding interagency guidelines on identity theft detection, 
prevention, and mitigation; \56\ and rules on the duties of card 
issuers regarding changes of address.\57\ These existing provisions are 
not included in the Bureau's new Regulation V.\58\
---------------------------------------------------------------------------

    \55\ See 15 U.S.C. 1681m(e); section 1088 of the Dodd-Frank Act.
    \56\ See 15 U.S.C. 1681w; section 1088 of the Dodd-Frank Act.
    \57\ See 15 U.S.C. 1681m(e); section 1088 of the Dodd-Frank Act.
    \58\ The Act also did not transfer rulemaking authority under 
the FCRA over any motor vehicle dealer that is predominantly engaged 
in the sale and servicing of motor vehicles, the leasing and 
servicing of motor vehicles, or both, subject to certain exceptions. 
See section 1029 of the Dodd-Frank Act.
---------------------------------------------------------------------------

    As a result of the of rule writing authority transferred to the 
CFPB, the FDIC is proposing to rescind and remove those regulations and 
appendices covered under the CFPB's Regulation V. In addition to the 
specific citations set out above, the FDIC is also proposing rescinding 
and removing those parts of the Purpose and Definition provisions of 
the ``Fair Credit Reporting'' regulations that related to the 
substantive regulations transferred to the CFPB.\59\
---------------------------------------------------------------------------

    \59\ Those provisions include part of 12 CFR 334.1 and the 
definitions set out at 12 CFR 334.3(a), (b), (d), (i), and (k).
---------------------------------------------------------------------------

    Even though there is no longer rule writing authority for those 
``Fair Credit Reporting'' rules, the FDIC will continue to examine for 
compliance with the rules and take enforcement action when warranted.

Request for Comments

    The FDIC invites comments on all aspects of this proposed 
rulemaking. Written comments must be received by the FDIC no later than 
March 31, 2015.

IV. Regulatory Analysis and Procedure

A. The Paperwork Reduction Act

    In accordance with the requirements of the Paperwork Reduction Act 
(PRA) of 1995, 44 U.S.C. 3501-3521, the FDIC may not conduct or 
sponsor, and the respondent is not required to respond to, an 
information collection unless it displays a currently valid Office of 
Management and Budget (``OMB'') control number.
    Part of the Proposed Rule would rescind and remove from FDIC 
regulations part 391, subpart C. This rule was transferred with only 
nominal changes to the FDIC from the OTS when the OTS was abolished by 
title III of the Dodd-Frank Act. Part 391, subpart C is largely 
redundant of the FDIC's existing part 334 regarding ``Fair Credit 
Reporting'' regulations, including appendix J to the part. The FDIC 
reviewed its burden estimates for the collection at the time it assumed 
responsibility for supervision of State savings associations 
transferred from the OTS and determined that no changes to the burden 
estimates were necessary. This Proposed Rule will not modify the FDIC's 
existing collection and does not involve any new collections of 
information pursuant to the PRA.
    The Proposed Rule would also amend sections 334.83, 334.90 and 
334.91 to include State savings associations and their subsidiaries 
within the scope of part 334. The Proposed Rule would also amend those 
provisions to define ``State savings association.'' These measures 
clarify that State savings associations, as well as State nonmember 
banks are subject to part 334. Thus, these provisions of the Proposed 
Rule will not involve any new collections of information under the PRA 
or impact current burden estimates.
    Part of the Proposed Rule would amend the ``creditor'' definition 
in the FDIC's Identity Theft Red Flag regulation in conformance with 
the Clarification Act. The vast majority of entities regulated by the 
FDIC under the Identity Theft Red Flag regulation fall under the 
``financial institution'' definition, and, therefore, would be covered 
under the rule regardless of the change in the ``creditor'' definition. 
For any subsidiary of a covered financial institution not covered under 
the ``financial institution'' definition, the proposed change to the 
``creditor'' definition would, arguably, cover fewer, rather than more, 
entities. Thus, this provision of the Proposed Rule will not involve 
any new collections of information under the PRA or substantively 
impact current burden estimates.
    Finally, part of the Proposed Rule would rescind and remove those 
portions of 12 CFR part 334 where rule writing authority was 
transferred to the CFPB. This portion of the Proposed Rule will also 
not involve any new collections of information under the PRA or impact 
current burden estimates. Based on the foregoing, no information 
collection request has been submitted to the OMB for review.

B. The Regulatory Flexibility Act

    The Regulatory Flexibility Act (``RFA''), requires that, in 
connection with a notice of proposed rulemaking, an agency prepare and 
make available for public comment an initial regulatory flexibility 
analysis that describes the impact of the proposed rule on small 
entities (defined in regulations promulgated by the Small Business 
Administration to include banking organizations with total assets of 
less than or equal to $550 million).\60\ However, a regulatory 
flexibility analysis is not required if the agency certifies that the 
rule will not have a significant economic impact on a substantial 
number of small entities, and publishes its certification and a short 
explanatory statement in the Federal Register together with the rule. 
For the reasons provided below, the FDIC certifies that the Proposed 
Rule, if adopted in final form, would not have a significant economic 
impact on a substantial number of small entities. A final regulatory 
flexibility analysis will be conducted after consideration of comments 
received during the public comment period.
---------------------------------------------------------------------------

    \60\ 5 U.S.C. 601 et seq.
---------------------------------------------------------------------------

    As discussed in this notice of proposed rulemaking, part 391, 
subpart C was transferred from OTS part 571, which governed Fair Credit 
Reporting. OTS part 571 had been in effect beginning in 2004, and all 
State savings associations were required to comply with it. Because it 
is redundant of existing part 334 of the FDIC's rules, the FDIC 
proposes rescinding and removing part 391, subpart C. As a result, all 
FDIC-supervised institutions--including State savings associations and 
their subsidiaries--would be required to comply with part 334. Because 
all State savings associations and their

[[Page 5075]]

subsidiaries have been required to comply with substantially the same 
rules beginning in 2004, today's Proposed Rule would have no 
significant economic impact on any State savings association.
    In a similar way, portions of part 334 of the FDIC's rules were 
transferred to the CFPB Regulation V effective 2011. Because all FDIC 
supervised institutions--including State savings associations and their 
subsidiaries--have been required to comply with part 334 beginning in 
2004, today's Proposed Rule would have no significant economic impact 
on those institutions.\61\
---------------------------------------------------------------------------

    \61\ When propounding its new Regulation V, the CFPB made the 
following representation in its Regulatory Flexibility Act 
discussion: [T]his rule has only a minor impact on entities subject 
to Regulation V. Accordingly, the undersigned certifies that this 
interim final rule will not have a significant economic impact on a 
substantial number of small entities. The rule imposes no new, 
substantive obligations on covered entities and will require only 
minor, one-time adjustments to certain model form. . . . 76 FR at 
79312.
---------------------------------------------------------------------------

    With regard to the portion of the Proposed Rule amending the Red 
Flags Rule and appendix:
    1. Statement of the need for, and objectives of, the proposed rule. 
As noted above, the Clarification Act amended the definition of 
``creditor'' in the FCRA for purposes of the red flags provisions. The 
FDIC is proposing to amend the definition of ``creditor'' in its Red 
Flags Rule to reflect the revised definition of that term in the 
Clarification Act. As also noted above, the FDIC is proposing to update 
a cross-reference in the Red Flags Rule to reflect the CFPB's 
rulemaking authority for the notice of address discrepancy provisions 
in the FCRA.
    2. Small entities affected by the proposed rule. The Proposed Rule 
would amend the definition of ``creditor'' in 12 CFR 334.90 to conform 
to the revised definition of that term in the Clarification Act. The 
proposed definition continues to refer to the FCRA definition of 
``creditor,'' which references the ECOA definition of ``creditor,'' but 
limits the application of the red flags provisions to only those 
creditors that regularly and in the ordinary course of business: (a) 
Obtain or use consumer reports in connection with a credit transaction; 
(b) furnish information to consumer reporting agencies in connection 
with a credit transaction; or (c) advance funds to or on behalf of a 
person, based on an obligation of the person to repay the funds or 
repayable from specific property pledged by or on behalf of the person. 
12 U.S.C. 1681m(e)(4)(A). Creditors that advance funds on behalf of a 
person for expenses incidental to a service provided by the creditor to 
that person are excluded from the definition. Small entity creditors 
that do not meet this more limited definition would no longer be 
covered by the rule. However, small entities that are financial 
institutions would still be covered by the rule, regardless of whether 
they meet the revised definition of creditor.
    The Proposed Rule would also update a cross-reference in the Red 
Flags Rule to reflect the CFPB's rulemaking authority for the notice of 
address discrepancy provisions in the FCRA. This revision would have no 
effect on small entities because there was no substantive difference 
between the FDIC definition of a ``notice of address discrepancy'' and 
the CFPB's definition.
    3. Recordkeeping, reporting, and compliance requirements. The 
Proposed Rule does not impose any new recordkeeping, reporting, or 
compliance requirements on small entities. Small entities that no 
longer meet the narrower definition of ``creditor'' would not have to 
comply with the requirements of the Red Flags Rule. However, small 
entity financial institutions would still be required to comply with 
the Red Flags Rule, regardless of whether they meet the revised 
definition of creditor.
    4. Other federal rules. The FDIC has not identified any federal 
statutes or regulations that would duplicate, overlap, or conflict with 
the proposed revision.
    5. Significant alternatives to the proposed revisions. The proposed 
revisions to the definition of ``creditor'' and the cross-reference to 
the definition of a ``notice of address discrepancy'' reflect statutory 
changes. The FDIC does not believe there are significant alternatives 
to these revisions. Although the FDIC has authority to determine 
through a rulemaking that any other creditor that offers or maintains 
accounts that are subject to a reasonably foreseeable risk of identity 
theft is subject to the Red Flags Rule, the FDIC does not believe it is 
appropriate to use its discretionary rulemaking authority at this time.

C. Plain Language

    Section 722 of the GLB Act, codified at 12 U.S.C. 4809, requires 
each Federal banking agency to use plain language in all of its 
proposed and final rules published after January 1, 2000. The FDIC 
invites comments on whether the Proposed Rule is clearly stated and 
effectively organized, and how the FDIC might make it easier to 
understand. For example:
     Has the FDIC organized the material to suit your needs? If 
not, how could it present the rule more clearly?
     Have we clearly stated the requirements of the rule? If 
not, how could the rule be more clearly stated?
     Does the rule contain technical jargon that is not clear? 
If so, which language requires clarification?
     Would a different format (grouping and order of sections, 
use of headings, paragraphing) make the regulation easier to 
understand? If so, what changes would make the regulation easier to 
understand?
     What else could we do to make the regulation easier to 
understand?

D. The Economic Growth and Regulatory Paperwork Reduction Act

    Under section 2222 of the Economic Growth and Regulatory Paperwork 
Reduction Act of 1996 (``EGRPRA''), the FDIC is required to review all 
of its regulations, at least once every 10 years, in order to identify 
any outdated or otherwise unnecessary regulations imposed on insured 
institutions.\62\ The FDIC completed the last comprehensive review of 
its regulations under EGRPRA in 2006 and is commencing the next 
decennial review. The action taken on this rule will be included as 
part of the EGRPRA review that is currently in progress. As part of 
that review, the FDIC invites comments concerning whether the Proposed 
Rule would impose any outdated or unnecessary regulatory requirements 
on insured depository institutions. If you provide such comments, 
please be specific and provide alternatives whenever appropriate.
---------------------------------------------------------------------------

    \62\ Public Law 104-208 (Sept. 30, 1996).
---------------------------------------------------------------------------

List of Subjects

12 CFR part 334

    Fair credit reporting.

12 CFR part 391

    Fair credit reporting.
Authority and Issuance
    For the reasons stated in the preamble, the Board of Directors of 
the Federal Deposit Insurance Corporation proposes to amend part 334 
and part 391 of title 12 of the Code of Federal Regulations as set 
forth below:

PART 334--FAIR CREDIT REPORTING

0
1. The authority citation continues to read as follows:

    Authority:  12 U.S.C. 1818, 1819 (Tenth), and 1831p-1; 15 U.S.C. 
1681a, 1681b, 1681c, 1681m, 1681s, 1681s-2, 1681s-3, 1681t, 1681w, 
6801 et seq., Pub. L. 108-159, 117 Stat. 1952.

[[Page 5076]]

Subpart A--General Provisions

0
2. Revise Sec.  334.1 to read as follows:


Sec.  334.1  Purpose and scope.

    (a) Purpose The purpose of this part is to implement the Fair 
Credit Reporting Act.
    (b) Scope Except as otherwise provided in this part, the 
regulations in this part apply to insured state nonmember banks, state 
savings associations whose deposits are insured by the Federal Deposit 
Insurance Corporation, insured state licensed branches of foreign 
banks, and subsidiaries of such entities (except brokers, dealers, 
persons providing insurance, investment companies, and investment 
advisers).
0
3. Amend Sec.  334.3 by removing and reserving paragraphs (a), (b), 
(d), and (i) through (k), and adding paragraph (m) to read as follows:


Sec.  334.3  Definitions.

* * * * *
    (m) State savings association has the same meaning as in section 
3(b)(3) of the Federal Deposit Insurance Act, 12 U.S.C. 1813(b)(3).

Subparts C through E [Reserved]

0
4. Remove and reserve subparts C, D and E consisting of Sec. Sec.  
334.20 through 334.43.

Subpart I--Records Disposal

0
5. Rename header for subpart I as shown above.


Sec.  334.82  [Removed and reserved]

0
6. Remove and reserve Sec.  334.82.

Subpart J--Identity Theft Red Flags

0
7. Amend Sec.  334.90 by revising paragraphs (a) and (b)(5) and adding 
paragraph (b)(11) to read as follows:


Sec.  334.90  Duties regarding the detection, prevention, and 
mitigation of identity theft.

    (a) Scope. This section applies to a financial institution or 
creditor that is an insured state nonmember bank, State savings 
association whose deposits are insured by the Federal Deposit Insurance 
Corporation, insured state licensed branch of a foreign bank, or a 
subsidiary of such entities (except brokers, dealers, persons providing 
insurance, investment companies, and investment advisers).
    (b) * * *
    (5) Creditor has the same meaning as in 15 U.S.C. 1681m(e)(4).
* * * * *
    (11) State savings association has the same meaning as in section 
3(b)(3) of the Federal Deposit Insurance Act, 12 U.S.C. 1813(b)(3).
* * * * *
0
8. Amend Sec.  334.91 by revising paragraph (a) and adding paragraph 
(b)(3) to read as follows:


Sec.  334.91  Duties of card issuers regarding change of address.

    (a) Scope This section applies to an issuer of a debit or credit 
card (card issuer) that is an insured state nonmember bank, state 
savings association whose deposits are insured by the Federal Deposit 
Insurance Corporation, insured state licensed branch of a foreign bank, 
or a subsidiary of such entities (except brokers, dealers, persons 
providing insurance, investment companies, or investment advisers).
    (b) * * *
    (3) State savings association has the same meaning as in section 
3(b)(3) of the Federal Deposit Insurance Act, 12 U.S.C. 1813(b)(3).
0
9. Amend supplement A to appendix J by revising example 3 to read as 
follows:

Appendix J to Part 334--Interagency Guidelines on Identity Theft 
Detection, Prevention, and Mitigation

* * * * *
    3. A consumer reporting agency provides a notice of address 
discrepancy, as defined in 12 CFR 1022.82(b).
* * * * *

PART 391--FORMER OFFICE OF THRIFT SUPERVISION REGULATIONS

0
10. The authority citation for part 391 is revised to read as follows:

    Authority:  12 U.S.C. 1819.
    Subpart A also issued under 12 U.S.C. 1462a; 1463; 1464; 1828; 
1831p-1; 1881-1884; 15 U.S.C. 1681w; 15 U.S.C. 6801; 6805.
    Subpart B also issued under 12 U.S.C. 1462a; 1463; 1464; 1828; 
1831p-1; 1881-1884; 15 U.S.C.1681w; 15 U.S.C. 6801; 6805.
    Subpart E also issued under 12 U.S.C. 1467a; 1468; 1817; 1831i.

Subpart C--[Removed and Reserved]

0
11. Remove and reserve subpart C consisting of Sec. Sec.  391.20 
through 391.23 and appendix to subpart C of part 391.

    Dated at Washington, DC, this 21st day of January, 2015.

    By order of the Board of Directors.

Federal Deposit Insurance Corporation.
Robert E. Feldman,
Executive Secretary.
[FR Doc. 2015-01499 Filed 1-29-15; 8:45 am]
BILLING CODE 6714-01-P