Proposed identity theft rule seen as too inflexible, costly

And, according to American Bankers Association senior federal counsel, Nedda Feddis, the highly prescriptive proposal even has the potential of educating and aiding identity thieves while possibly making fraud protection “very stagnant.”

“We do want to do everything we can to prevent identity theft and fraud,” said Lois Profili, president of First Eagle Federal Credit Union in Baltimore City, “but the extra requirements that they?re putting on us are going to drive the smaller institutions out of business.”

There are 120 credit unions in Maryland, most of which are in the Baltimore area, and 144 banks and savings and loans ? all of which would be affected by the proposed rule. Within the United States, there are 29 credit card or “monoline” banks, but none based in Maryland, according to the Federal Deposit Insurance Corporation.

The lengthy notice of proposed rulemaking would transform what now is largely an individualized and voluntary prevention program into a formal and enforced one. It would be adjusted to each institution?s size, complexity and scope of operations.

Formal programs would be required to address ? across applicable product and services lines ? each of the conditions, scenarios and suspicious “red flag” activities identified in the proposal, incorporating a risk-based response, and appropriate mitigation measures for each into a written identity-theft prevention program.

“On the surface the proposal looks fine…” Feddis said, adding that ABA was still consulting with members over its formal response. “But as a practical matter, it?s too inflexible … and it?s going to impose a huge compliance burden [on banks].

“And this is one of the problems with the ?red flags,?” Feddis said. “Once the fraud-minded know what the red flags and the solutions are, then they go around them.”