Skip to main content

Identity Theft Prevention Program: Definitions

Jonathan Foxx
Jul 11, 2014

Question: We are a mortgage lender and have an Identity Theft Prevention Program, but we are still not sure what is considered a “covered account,” or an “account,” or a "Red Flag," or even a “customer.” What are the definitions for these terms? Answer: Required by the Federal Trade Commission (FTC) and other Federal agencies, the Identity Theft Prevention Program must be implemented by “financial institutions” and “creditors.” The foregoing two categories of subject entities have been defined very broadly, so as to reach to all residential mortgage lenders and originators. Essentially, a financial institution or creditor that offers or maintains one or more covered accounts must develop and implement a written Identity Theft Prevention Program, the purpose of which is to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. A “covered account” consists of two classes: 1. An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account; and, 2. Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks. [16 CFR § 681.1(b)(3) (2010)] An “account” is a continuing relationship established by a person with a financial institution or creditor to obtain a product or service for personal, family, household or business purposes. For instance, an account would include an extension of credit, such as for the purchase of property or services involving a deferred payment. [16 CFR § 681.1(b)(1) (2010)] A “Red Flag” is a pattern, practice, or specific activity that indicates the possible existence of identity theft. [16 CFR § 681.1(b)(9) (2010)] A “customer” is a person who has a covered account with a financial institution or creditor. [16 CFR § 681.1(b)(6) (2010)] Jonathan Foxx is president and managing director of Lenders Compliance Group and Brokers Compliance Group, mortgage risk management firms devoted to providing regulatory compliance advice and counsel to the mortgage industry. He may be contacted at (516) 442-3456 or by e-mail at
The New URLA – What’s the Big Deal?

Lenders will need to update their technology stack to comply with the redesigned URLA.

Regulation and Compliance
Jun 14, 2021
Texas State Legislators Looks To Protect Reverse Mortgage Borrowers

A Texas House Bill has been introduced to prevent false, misleading or deceptive advertising by reverse mortgage lenders.

Jun 02, 2021
Could Prudential Standards for Nonbank Mortgage Servicers be Eased?

From The Desk Of The “Om-Bobs-Man”

Regulation and Compliance
May 31, 2021
Get Ready to Duck and Cover

After years of hands-off attitude by regulators, a new wave of mortgage enforcement is building. Expect a tsunami.

Regulation and Compliance
May 13, 2021