Comments:

Please call me at 818-871-5231 if there is any problem opening the attachment. Thank you.

Chris Weinstock

Senior VP and Assistant General Counsel

Countrywide Financial Corp.

5220 Las Virgenes Rd., AC-11

Calabasas, CA 91302

June 15, 2004

Donald S. Clark, Secretary

Federal Trade Commission

Office of the Secretary, Room H-159 (Annex J)

600 Pennsylvania Avenue

N.W., Washington, D.C. 20580

Re:  FACTA Identity Theft Rule, Matter No. R411011

Dear Mr. Clark:

Countrywide Financial Corporation (“Countrywide”) appreciates the opportunity to comment on the proposed regulations implementing Section 411 of the Fair and Accurate Transactions Act of 2003 (“Act”), issued by Federal Trade Commission (“Commission”) and addressing identity theft-related definitions and associated issues.  Through its family of companies, Countrywide provides mortgage banking and diversified financial services in domestic and international markets.  Since 1969, Countrywide has helped millions of American families realize the dream of home ownership.  For an increasing number of consumers, however, financial plans and dreams are delayed or ruined by the growing reality of identity theft.  Consumers, businesses, and the government expend substantial time and other resources to remedy the harm caused by identity thieves.  The problem is particularly acute with respect to credit cards, personal loans and bank accounts and, to a lesser extent, secured loans such as car loans and home equity lines of credit.  It is less common in the first mortgage industry.

Countrywide considers prevention of identity theft an important priority.  We provide education about identity theft to all employees, and specific identification and authentication training to employees involved in opening accounts and underwriting loans.  We maintain a fraud hotline which serves as a quick-response, single point-of-contact for consumers reporting identity theft complaints to Countrywide.  Countrywide is also a founding member of a non-profit industry consortium formed to pilot the Identity Theft Assistance Center (ITAC), an innovative effort to ease the burden for identity theft victims at no cost to them.

We note the critical need for increased cooperation and coordination between industry and governmental and quasi-governmental agencies, including law enforcement.  Substantial inroads against identity theft can be made by government and industry working together and continuing to invest increased resources and expertise.  Industry will do its part, but must be able to rely on law enforcement to commit comparable resources to successfully criminally prosecute identity theft in a sophisticated and dedicated fashion.

Our responses to the questions posed by the Commission appear below.  We have provided comments only where we feel we can offer valuable insight on the particular issue. 

A.        Questions Relating to the Definition of Identity Theft

Countrywide agrees with the Commission that additional definition of the term “identity theft” is warranted.  We support the Commission’s proposal to broaden this definition to include attempted fraud.   However, we recommend the following expansion of the definition:

The term ‘identity theft’ means a fraud committed or attempted using one or more pieces of the identifying information of another person without lawful authority.

Without this change, we are concerned that only victims of “true name” fraud, i.e. whose entire identity is co-opted in the thief’s commission of the crime, will be protected under the Act.  The fraudulent misuse of even one piece of identifying information, such as a Social Security number, generally results in harm to the victim.  Adoption of our suggested clarification should result in more consistent treatment of all identity theft victims.

Countrywide does not believe that it is helpful to add the element that a person’s identifying information must be used either “without such person’s knowledge” or “without such person’s lawful authority.”   The term “without lawful authority” is the appropriate phrase to prevent individuals from colluding to obtain goods and services for free and then using the Act to clear negative, legitimate information from their credit records.  To deal with this issue of collusion and illegitimate disputes, Countrywide believes that the Commission should add an element to the final rule that a consumer’s refusal to cooperate in the prosecution of the perpetrator of identity theft after some reasonable period of time creates a presumption that the consumer’s identifying information was used with lawful authority and did not involve identity theft.  If the consumer is aware of identity theft for the reasonable period and refuses to prosecute, the consumer should bear the burden of rebutting this presumption through clear and convincing evidence. 

B.        Questions Relating to the Definition of Identity Theft Report

Countrywide supports the Commission’s proposed addition of section 603.3(a)(3), permitting the information furnisher or consumer reporting agency to reasonably request additional information.  We believe the term “identity theft report” requires further clarification with respect to the time period in which such additional information or documentation must be requested from the consumer.  The proposed definition gives only five business days after receipt of the consumer’s initial identity theft report to request additional information.  This is an insufficient amount of time in which to conduct the preliminary verification and investigation necessary to determine exactly what additional information, if any, is needed.  This period is so short that it may compel information furnishers and consumer reporting agencies to create pro forma requests to victims to ensure the deadline is met.  Such pro forma requests will not always further the most appropriate, efficient and effective resolution of identity theft complaints in the shortest time practical.  We accordingly suggest that a period of ten business days is more realistic. 

In addition, we request the Commission to clarify that a reasonable request for additional information, when made within the requisite timeframe, must be responded to by the consumer.  The Commission can achieve these two objectives with the following minor modifications to section 603.3(a)(3):

   (3) That may shall include additional information or documentation that an information furnisher or consumer reporting agency reasonably requests for the purpose of determining the validity of the alleged identity theft, provided that the information furnisher or consumer reporting agency makes such request not later than five ten business days after the date of receipt of the copy of the report form identified in paragraph (a)(2) of this section or the request by the consumer for the particular service, whichever shall be the later.

We believe this reflects the Commission’s intent in proposing this section and removes any possible ambiguity.

 In addition, the Commission should specify what constitutes an “appropriate law enforcement agency.”  Specifically, the consumer should not be allowed to submit information from a law enforcement agency without jurisdiction over the claim in question, as it may lead to circumvention of the purposes of the Act.

            The Commission also requested comment on the adequacy of criminal penalties for false filings to deter abuse of the credit reporting system.  The single most important deterrent to fraud, identity theft and abuse of the credit reporting system is law enforcement’s commitment of appropriate resources to criminally prosecute and sentence identity thieves and other criminal abusers of the credit reporting system.  Deterrence is unlikely until these thieves and abusers perceive a high probability of negative consequences, including consistent pursuit of criminal penalties.

            Finally, the Commission asked whether its proposed examples of when it would or would not be “reasonable” to request additional information are useful.  In general, Countrywide would prefer that information furnishers and consumer reporting agencies have sufficient latitude to conduct an appropriate, reasonable investigation into the facts and circumstances alleged by the consumer and to make an independent finding as to the validity of the allegation.  Countrywide is concerned that reliance on examples in this area will lead to overly narrow or restrictive boundaries without furthering the goal of ensuring that victimized consumers are handled in a fair, consistent and timely manner. 

Specifically, we disagree with the example set forth in section 603.3(c)(1), illustrating when such a request would not be reasonable.  Countrywide’s Fraud Prevention Unit sometimes reasonably requests further information from the consumer even when the police report appears valid on its face and there are no indicia of a fraudulently obtained report.  In an era of PC-based counterfeiting, an abuser of the credit system can easily create a forged police report which appears on its face to be legitimate.  Even without the Commission’s negative examples, the reasonableness standard should be adequate to improve victim assistance without compromising the integrity of information furnishers and consumer reporting agencies investigations when asking for supporting information to determine the validity of a submitted identity theft report.  We encourage the Commission to stick with a flexible reasonableness standard and to consider adding guidance to consumers to the Commission’s standard ID Theft Affidavit to help them understand what information may generally be required for an Affidavit to be considered reasonably complete.  

C.        Questions Relating to the Duration of Active Duty Alerts

            Countrywide cannot offer any unique insights into proposed Section 613 setting the duration of an active duty alert at 12 months and provides no public comment on those questions.

D.        Questions Relating to the Appropriate Proof of Identity

            Countrywide is supportive of the Commission’s approach of allowing information furnishers and consumer reporting agencies to establish standards of proof for consumer identification.  As the Commission has astutely noted, these requirements must be flexible enough to allow for a risk-based approach to consumer identification.  In our view, the overriding principle is that industry must be allowed to carefully, responsibly, and incrementally develop identification requirements.  Countrywide believes that the Commission’s examples of reasonable information for proof of identity are appropriate. Countrywide welcomes the opportunity to work with the consumer reporting agencies to develop and implement reasonable requirements for what information consumers must provide as proof of identity.  We applaud the Commission for its judgment in providing financial institutions with an appropriate level of flexibility in this area. 

Once again, we thank the Commission for this opportunity to comment.  We look forward to working with the Commission to tackle the challenge of identity theft in a manner best serving both consumers and businesses.

Sincerely,

Chris Weinstock