In October 2007 the banking regulatory agencies issued regulations that require financial institutions to implement an Identity Theft Prevention Program. This regulation is the result of Title I of The Fair and Accurate Credit Transactions Act (FACT Act) of 2003. A comprehensive consumer protection law, the FACT Act mandates that financial institutions take affirmative action to prevent identity theft crimes from being perpetrated against their customers. The first requirement is to conduct a risk assessment to determine the level of the bank's risk for identity theft. The second step is to design and put into practice an Identity Theft Prevention Program. This program should be the framework by which the bank can effectively detect, prevent and mitigate identity theft. Once the program is written, processes changed and policy and procedure updates finished, the bank should validate the program with an audit. The program should be operational before the audit is conducted.