Identity Theft Prevention Program: Definitions – NMP
Regulation and Compliance

Identity Theft Prevention Program: Definitions

Jul 11, 2014

Question: We are a mortgage lender and have an Identity Theft Prevention Program, but we are still not sure what is considered a “covered account,” or an “account,” or a "Red Flag," or even a “customer.” What are the definitions for these terms? Answer: Required by the Federal Trade Commission (FTC) and other Federal agencies, the Identity Theft Prevention Program must be implemented by “financial institutions” and “creditors.” The foregoing two categories of subject entities have been defined very broadly, so as to reach to all residential mortgage lenders and originators. Essentially, a financial institution or creditor that offers or maintains one or more covered accounts must develop and implement a written Identity Theft Prevention Program, the purpose of which is to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. A “covered account” consists of two classes: 1. An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account; and, 2. Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks. [16 CFR § 681.1(b)(3) (2010)] An “account” is a continuing relationship established by a person with a financial institution or creditor to obtain a product or service for personal, family, household or business purposes. For instance, an account would include an extension of credit, such as for the purchase of property or services involving a deferred payment. [16 CFR § 681.1(b)(1) (2010)] A “Red Flag” is a pattern, practice, or specific activity that indicates the possible existence of identity theft. [16 CFR § 681.1(b)(9) (2010)] A “customer” is a person who has a covered account with a financial institution or creditor. [16 CFR § 681.1(b)(6) (2010)] Jonathan Foxx is president and managing director of Lenders Compliance Group and Brokers Compliance Group, mortgage risk management firms devoted to providing regulatory compliance advice and counsel to the mortgage industry. He may be contacted at (516) 442-3456 or by e-mail at [email protected].
About the author
Jonathan Foxx
Link copied
Published
Jul 11, 2014
Get the NMP Daily
Industry News
Commercial, Multifamily Mortgage Debt Tops $5 Trillion In Q1

MBA says outstanding debt grew by $26.3 billion in the first quarter, led by multifamily lending and increased holdings from banks, agencies, and life insurers

Commercial and multifamily mortgage debt outstanding surpassed $5 trillion for the first time during the first quarter of 2026, according to new data from the Mortgage Bankers Association (MBA).MBA's latest Commercial/Multifamily Mortgage Debt Outstanding report found total ...

Continue reading
Tech
Blue Sage Expands SageVision, UW Studio, Voice AI Capabilities

Latest updates bring embedded AI automation to lending and servicing workflows

Blue Sage Solutions has expanded its artificial intelligence platform with new automation capabilities for document analysis, underwriting workflows, and mortgage servicing operations.The mortgage technology provider announced enhancements across three core components of its...

Continue reading
Renew your NMLS License — for free.

Enjoy access to a free NMLS renewal class when you attend an in-person event.

Find an event
More from
Regulation and Compliance
MISMO Updates Business Glossary To Support AI, eMortgages

New definitions covering eHELOCs, remote online notarization, valuation modernization, and compliance initiatives aim to improve consistency

Regulation and Compliance
Jun 17, 2026
MISMO Launches AI Governance Framework For Mortgage Lenders

New FRAME toolkit gives lenders, servicers, and technology providers a roadmap for managing AI risk while supporting innovation

Regulation and Compliance
Jun 11, 2026
CFPB Tells Lenders Immigration Status Can Factor Into ATR Analysis

CFPB frames immigration status as a potential ability-to-repay factor when future U.S.-based income is at risk

Regulation and Compliance
Jun 10, 2026
UAD 3.6 Deadline Nears; First American Earns Verification

First American's ACI Sky Workbench gains verification ahead of the Nov. 2 implementation date for the GSEs' updated appraisal reporting requirements

Regulation and Compliance
Jun 08, 2026
MISMO Introduces New Loan Boarding Standard

Wrapper Files support standardized data transfers between origination and servicing systems, with potential savings of $60 to $160 per loan

Regulation and Compliance
May 29, 2026
The GLBA Compliance Gap Your AI Deployment Just Opened

Old statutes, new models, and the vendor contract you signed before machine learning became operational

Regulation and Compliance
May 26, 2026