Fair Credit Reporting: Appendix L to Part 1022—Standardized Form for Requesting Annual File Disclosures
[Editor’s note: This form is reproduced in Appx. C.2, infra.]
[Editor’s note: This form is reproduced in Appx. C.2, infra.]
The prescribed form for this disclosure is a separate document that is substantially similar to the Bureau’s model notice with all information clearly and prominently displayed. Consumer reporting agencies may limit the disclosure to only those items that they know are relevant to the furnisher that will receive the notice.
The prescribed form for this disclosure is a separate document that is substantially similar to the Bureau’s notice with all information clearly and prominently displayed. Consumer reporting agencies may limit the disclosure to only those items that they know are relevant to the user that will receive the notice.
[Editor’s note: This form is reproduced in Appx. C.7, infra.]
AUTHORITY: 12 U.S.C. § 5514(a)(1)(B); 12 U.S.C. § 5514(a)(2); 12 U.S.C. § 5512(b)(1); 12 U.S.C. § 5514(b)(7)(A).
SOURCE: 76 Fed. Reg. 44,242 (July 22, 2011); 77 Fed. Reg. 42,898 (July 20, 2012), unless otherwise noted.
This part defines those nonbank covered persons that qualify as larger participants of certain markets for consumer financial products or services pursuant to 12 U.S.C. 5514(a)(1)(B) and (a)(2). A larger participant of a market covered by this part is subject to the supervisory authority of the Bureau under 12 U.S.C. 5514. This part also establishes rules to facilitate the Bureau’s supervision of such larger participants pursuant to 12 U.S.C. 5514(b)(7).
For the purposes of this part, the following definitions apply:
Affiliated company means any company (other than an insured depository institution or insured credit union) that controls, is controlled by, or is under common control with, a person.
(1) For purposes of this definition “company” means any corporation, limited liability company, business trust, general or limited partnership, proprietorship, cooperative, association, or similar organization.
A person qualifying as a larger participant under subpart B of this part shall not cease to be a larger participant under this part until two years from the first day of the tax year in which the person last met the applicable test under subpart B.
(a) If a person receives a written communication from the Bureau initiating a supervisory activity pursuant to 12 U.S.C. 5514, such person may respond by asserting that the person does not meet the definition of a larger participant of a market covered by this part within 45 days of the date of the communication.
(a) Market-Related definitions.
Annual receipts means receipts calculated as follows:
All parts and subparts of this subchapter are separate and severable from one another. If any part or subpart is stayed or determined to be invalid, the Commission intends that the remaining parts and subparts shall continue in effect.
[69 Fed. Reg. 29,063 (May 20, 2004); 69 Fed. Reg. 35, 496 (June 24, 2004); 84 Fed. Reg. 31,191 (July 1, 2019)]
* * *
(a) Scope. This section applies to financial institutions and creditors that are subject to administrative enforcement of the FCRA by the Federal Trade Commission pursuant to 15 U.S.C. 1681s(a)(1).
(b) Definitions. For purposes of this section, and appendix A, the following definitions apply:
(a) Scope. This section applies to a person described in § 681.1(a) that issues a debit or credit card (card issuer).
(b) Definitions. For purposes of this section:
(1) Cardholder means a consumer who has been issued a credit or debit card.
(2) Clear and conspicuous means reasonably understandable and designed to call attention to the nature and significance of the information presented.
[Editor’s note: Appendix A to Part 681, “Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation,” is included at Appx. B.3.3, infra.]
(a) In general. Except as modified by this part or unless the context otherwise requires, the terms used in this part have the same meaning as set forth in the Fair Credit Reporting Act, 15 U.S.C. 1681 et seq.
(a) Purpose. This part (“rule”) implements section 216 of the Fair and Accurate Credit Transactions Act of 2003, which is designed to reduce the risk of consumer fraud and related harms, including identity theft, created by improper disposal of consumer information.
(b) Scope. This rule applies to any person over which the Federal Trade Commission has jurisdiction, that, for a business purpose, maintains or otherwise possesses consumer information.
(a) Standard. Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
Nothing in the rule in this part shall be construed:
(a) To require a person to maintain or destroy any record pertaining to a consumer that is not imposed under other law; or
(b) To alter or affect any requirement imposed under any other provision of law to maintain or destroy such a record.
[69 Fed. Reg. 35,496 (June 24, 2004); 69 Fed. Reg. 68,697 (Nov. 24, 2004); 84 Fed. Reg. 31,191 (July 1, 2019)]
The rule in this part is effective on June 1, 2005.
[69 Fed. Reg. 35,496 (June 24, 2004); 69 Fed. Reg. 68,697 (Nov. 24, 2004); 84 Fed. Reg. 31,191 (July 1, 2019)]
Under the Dodd-Frank Act, the CFPB was prohibited from issuing any rules that govern motor vehicle dealers. Thus, the FTC’s existing FCRA regulations regarding users govern them. The following a table of citations for FTC regulations that parallel the CFPB regulations, but apply to motor vehicle dealers. In 2021, the FTC amended several of these rules to make clear that their scope is specifically limited to motor vehicle dealers.5
Section 681.1 of this part requires each financial institution and creditor that offers or maintains one or more covered accounts, as defined in § 681.1(b)(3) of this part, to develop and provide for the continued administration of a written Program to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. These guidelines are intended to assist financial institutions and creditors in the formulation and maintenance of a Program that satisfies the requirements of § 681.1 of this part.
In designing its Program, a financial institution or creditor may incorporate, as appropriate, its existing policies, procedures, and other arrangements that control reasonably foreseeable risks to customers or to the safety and soundness of the financial institution or creditor from identity theft.
(a) Risk Factors. A financial institution or creditor should consider the following factors in identifying relevant Red Flags for covered accounts, as appropriate:
(1) The types of covered accounts it offers or maintains;
(2) The methods it provides to open its covered accounts;
(3) The methods it provides to access its covered accounts; and
(4) Its previous experiences with identity theft.
The Program’s policies and procedures should address the detection of Red Flags in connection with the opening of covered accounts and existing covered accounts, such as by:
(a) Obtaining identifying information about, and verifying the identity of, a person opening a covered account, for example, using the policies and procedures regarding identification and verification set forth in the Customer Identification Program rules implementing 31 U.S.C. 5318(l) (31 C.F.R. 103.121); and
The Program’s policies and procedures should provide for appropriate responses to the Red Flags the financial institution or creditor has detected that are commensurate with the degree of risk posed.