Identity Theft LIVE Teleconference
Overview:Financial institutions and creditors will need to come into compliance with the final rules on Red Flags and Address Discrepancies by November 2008. The rules require financial institutions and creditors to develop and implement a written Identity Theft Prevention Program designed to detect, prevent, and mitigate identity theft.
The Knowledge Congress is presenting a two-hour teleconference featuring a panel of experts who will express their views on the substantive aspects of these rules and provide guidance to financial institutions and creditors that may be affected by it.
<strong id="ep-name-of-speaker">Deborah Katz, Senior Counsel, Legislative and Regulatory Activities</strong>
<em id="ep-speaker-firm">Office of the Comptroller of the Currency</em>
- The written identity theft prevention program required by the rules;
- The special provision for card issuers that receive a notice of change of address followed by a
request for an additional card; and
- The requirements applicable to users of consumer reports that receive notices of address
discrepancies from a nationwide consumer reporting agency.
<strong id="ep-name-of-speaker">Pavneet Singh, Attorney, Division of Privacy and Identity Protection, Bureau of Consumer Protection</strong>
<em id="ep-speaker-firm">Federal Trade Commission </em>
- Who must comply with the red flags rules
- Identifying covered accounts and conducting a risk assessment
- The written id theft prevention program required by the rules
- The obligations of users of consumer reports who receive notices of address discrepancies from
<strong id="ep-name-of-speaker">William H. Henley, Jr., Director, IT Risk Management, Office of Thrift Supervision</strong>
<em id="ep-speaker-firm">Office of Thrift Supervision </em>
FFIEC agencies and FTC released final rule in November 2007
– Implements sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003
– Defined “red flag” as “a pattern, practice, or specific activity that indicates the possible existence
of identity theft”
– Agencies received 129 comment letters on proposal
– Complex interagency process with five federal depository institution regulators plus the FTC
– Rule applies to both regulated and non-regulated entities
Outlines steps financial institutions and creditors must take to administer the Program:
- Obtain approval of the initial written Program
- Ensure oversight of the development
- Implementation and overseeing service provider arrangements
- Train staff, as necessary, to effectively implement the Program
- No “Silver Bullet” in Tackling ID Theft
- Flexibility is Important
- Fraudsters constantly change tactics and financial institutions need the flexibility to respond
to these changes
- A set list of red flags today may not be relevant in the future as fraudsters develop new tactics
- Large, complex financial institutions typically have multiple lines of business with responsibility
for managing fraud
- Variations in response programs & training programs
- Integration with Existing Programs
- Preamble of rule notes that an institution’s identity theft prevention program may incorporate or
cross-reference aspects of their security program and that an institution’s customer identification
program could be incorporated
- No requirement that identity theft program be identical across different lines of business
- Documentation of program
- Current processes already in place although many are not formally documented
- Lines of Business: “we know it when we see it”
- Vendor Management
- Outlining needs
- Negotiating contracts
- Impact on auditing programs (e.g., BITS Shared Assessments)
- Budget/Procurement Cycle
- 11/2008 deadline a challenge for some large firms to incorporate in technology budget cycle
- M&A impact
- Economic pressures
- Securing Board Approval
- Consistency in Regulatory Oversight
- Examination Procedures (in development):
- Impact of consumer compliance vs more risk-based IT driven process
<strong id="ep-name-of-speaker">Frank Barreca, CEO</strong>
- The responsibility of consumers in the identity theft crisis.
- Data integrity – Lack of accuracy in public records and credit reporting data.
- Risk Based Data Analysis for Identity Theft.
- Consumer Advocacy Programs for Identity Theft - (Developing Consumer Advocacy Programs).
<strong id="ep-name-of-speaker">Catherine D. Meyer, Counsel</strong>
<em id="ep-speaker-firm">Pillsbury Winthrop Shaw Pittman LLP </em>
- Vendor management
• What is required in terms of:
› Vendor oversight including contracting with vendors
› Audit of vendors
› Use of vendors who perform services for other covered companies
› Detection response issues involving vendors
- Corporate approval of the policies and procedures that are developed, and risk potential issues
• Availability of enforcement actions by government, consumer, etc.
Who Should Attend:
- Chief Compliance Officers
- Chief Security Officers
- Chief Information Security Officers
- Audit Managers
- Risk Managers
- Chief Operations Officers
- Chief Privacy Officers
- Bank, Thrift and Credit Union Auditors
- Privacy & Data Protection Personnel
Deborah Katz is a senior counsel in the Legislative and Regulatory Activities Division of the Office of the Comptroller of the Currency, a bureau of the U.S. Department of the Treasury that regulates the national banking system. She has drafted various interagency regulations relating to identity theft and information security. She also drafted the interagency Customer Identification Program rule implementing section 326 of the USA PATRIOT Act. She joined the OCC in 1986. She has been Special Assistant to the Deputy Chief Counsel, and has worked in the Enforcement and Compliance, Bank Organization and Structure, and Legal Advisory Services divisions of the OCC’s law department.
Ms. Katz received a B.S. from the Edmund E. Walsh School of Foreign Service, Georgetown University, in 1979, and a J.D. from the the Benjamin N. Cardozo School of Law, Yeshiva University, in 1986. She is a member of the New York Bar.
Deborah Katz is a senior counsel in the Legislative and Regulatory Activities Division of the Office of the Comptroller of …
Pavneet Singh is an attorney with the Division of Privacy and Identity Protection at the Federal Trade Commission. Her responsibilities focus primarily on identity theft issues, FCRA rulemaking and enforcement, data security enforcement, and outreach in these areas. Ms. Singh joined the FTC in 2006. Prior to working at the FTC, she was an associate in the litigation and communications practice groups of Wilmer Cutler Pickering Hale and Dorr LLP.
Pavneet Singh is an attorney with the Division of Privacy and Identity Protection at the Federal Trade Commission. Her responsibilities …
Mr. Henley has spent his entire professional career as a financial institution regulator. Mr. Henley is the Director of IT Risk Management for the Office of Thrift Supervision. In his role as the Director, Mr. Henley serves as the principle advisor regarding the development, implementation and maintenance of policies, procedures and guidelines pertaining to the examination and supervision of saving associations in the area of Information Technology (IT) and Technology Risk Management, including electronic banking activities; and is the OTS representative to the FFIEC IT Subcommittee. Prior to joining the OTS, Mr. Henley spent 17½ years with the FDIC, including 9½ years as a Bank Examiner in the Dallas Region; and 8 years in the FDIC’s headquarters in Washington, DC in various positions including Examination Specialist in both the Planning and Program Development Section and in the Technology Supervision Branch, and the acting Section Chief of the Capital Markets Policy Branch.
Mr. Henley is a 1989 graduate of the Sam Houston State University, Huntsville, Texas with a Bachelors of Business Administration degree in International Business, and minors in Economics and French. In 2002, Mr. Henley successfully completed the Graduate School of Bank Operations and Technology, at the Owen Graduate School of Management, Vanderbilt University, Nashville, Tennessee.
Mr. Henley has spent his entire professional career as a financial institution regulator. Mr. Henley is the Director of IT …
Frank Barreca, a 25-year information technology veteran and recognized leader in the industry, provided the vision for the founding of GetYourIdentityBack.com. Frank holds a Bachelor of Science degree in Computer Science, is a council member for the Gerson Lehrman Group Financial Services Council New York, NY, and is a member of the Society of Industry Leaders - Vista Research LLC. He has worked with dozens of Fortune 100 corporations, helping them build technology solutions to solve their business needs. He has also served as an IT keynote business seminar speaker on a national circuit, talk radio guest, and host on cable television networks across the country.
Frank Barreca, a 25-year information technology veteran and recognized leader in the industry, provided the vision for the founding of …
Catherine D. Meyer has been Counsel with Pillsbury Winthrop Shaw Pitman for the past three years after having been a partner with the firm for 20 years. Her practice is a blend of finance and privacy regulation and compliance.
Ms. Meyer spends a considerable portion of her practice advising financial institutions and other companies in the privacy area including rights to financial privacy and protection of customer's privacy rights under state, federal and international statutes and regulations, and assisting when personal information is compromised or threatened. She regularly counsels clients in compliance with regulations affecting the collection, use, sale, transfer and sharing of customer information and the restrictions on such activities in a commercial setting. She assists with marketing issues such as unsolicited commercial email, fax and telephone communications, marketing to children, and issues specific to credit card and check transactions for retailers. Clients call upon her for assistance in data security breach situations to respond appropriately, whether it involves a handful or millions of affected data subjects. Ms. Meyer has also assisted clients in complying with international privacy directives when dealing with customer or employee information on a global scale, including qualifying clients for inclusion under the U.S. Department of Commerce Safe Harbor.
She has been involved in financings, representing lenders in secured transactions and participations and has extensive experience in protecting the rights of creditors in restructuring transactions and in bankruptcy. In UCC matters, particularly Articles 2, 3, 4 and 9, she is able to assist clients in developing procedures to protect themselves against potential losses.
Ms. Meyer has represented clients in many sectors, including banks, factors, manufacturers, distributors, and contractors. She has protected her clients interests in a wide variety of industries including manufacturing, travel, retail (on and off line), import/export, restaurants, record labels, casinos, hotels, clothing, medical services, shopping centers, and technology. Her clients range from individuals, to local businesses, to international companies.
Ms. Meyer served for several years as co-chair of the Business Department of the Los Angeles Office and of the firmwide Privacy & Data Protection practice team. She has previously chaired the Commerce, Technology & Licensing practice section and the Insolvency & Restructuring practice section. Ms. Meyer received her J.D. in 1979 from Northwestern University School of Law and her A.B. from Bryn Mawr College in 1973. She is a member of the California Bar and the ABA. She sits on the Board of Editors of the Privacy & Data Security Law Journal (an A.S. Pratt & Sons Publication) and the Privacy & Data Security Review (Sheshunoff Information Services). She is a frequent speaker on data protection and privacy issues.
Catherine D. Meyer has been Counsel with Pillsbury Winthrop Shaw Pitman for the past three years after having been a …
Print and review course materials
Method of Presentation:
On-demand Webcast (CLE)
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
Office of the Comptroller of the Currency
Federal Trade Commission
Office of Thrift Supervision