All,

I am having a hard time finding a definitive answer to what I believe is a relatively simple question. A card issuer receives notice from a consumer that an account was opened using their information, but was not opened by that consumer. After investigating, the issuer determines that the account was indeed fraudulently opened, they close the account. Is a NOAA required to be sent? If so, who does it get sent to? The victim of the ID theft? The address or email address used at the time of application? Reg B isn't entirely clear on this. I did give some thought as to whether § 1002.2(c)(2)(iv) would apply in defining this as not adverse action, but it feels like a stretch.

Thanks!

I would not sweat it. You are not taking adverse action against a legal individual.

DCinSLC welcome to BOL!

Agree with Randy, about the NOAA.
Your issuing department may want to do a post mortem to see what if anything was missed, and hopefully have no losses.

Thank you both for your quick response, that is the direction I was leaning but it is always good to get a second or third opinion.