Answer:
Yes, this applies to all financial institutions. The Program must be appropriate to the size and complexity of the financial institution and the nature and scope of its activities. Examiners will need to verify that the financial institution has developed and implemented a comprehensive written Program designed to detect, prevent and mitigate identity theft in connection with the opening of a covered account or an existing covered account.