Bipartisan Bills & Policies

The Financial Identity Photo Protection Act of 2026 (FIPP)

by: Tyler Letren Mar 16, 26

A proposal to strengthen identity verification for financial accounts while protecting privacy and consumer rights

The purpose of this legislation is to modernize identity verification practices within the United States banking system by introducing secure photographic identity confirmation for account holders, reducing impersonation fraud in physical banking environments while maintaining strong civil liberties protections.


Bipartisan Rationale

Consumer Protection (Traditionally Democratic Priority)
The proposal strengthens protections against financial exploitation and identity theft affecting vulnerable populations.

Fraud Reduction and Financial Security (Traditionally Republican Priority)
The policy provides banks with practical tools to reduce impersonation fraud and safeguard financial systems.

THE FINANCIAL IDENTITY PHOTO PROTECTION ACT OF 2026

PREAMBLE

Whereas identity fraud losses in the United States have surpassed $35 billion annually and continue to accelerate due to AI-generated synthetic identities and in-person impersonation;

Whereas financial institutions have invested heavily in digital biometric and two-factor authentication systems, yet in-branch, in-person account access remains a critical vulnerability;

Whereas a standardized, verified photographic identifier tied to each bank and credit account would provide an immediate, low-cost layer of protection for American consumers;

Now, therefore, be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled:

SECTION 1 — SHORT TITLE

This Act may be cited as the "Financial Identity Photo Protection Act of 2026" or the "FIPP Act."

SECTION 2 — FINDINGS AND PURPOSE

2.1 Findings. Congress finds that:

(a) Impersonation fraud accounts for more than 85% of all financial fraud attempts in the United States as of 2026.

(b) Existing multi-factor authentication and biometric verification tools, while effective in digital channels, do not uniformly extend to in-person branch transactions.

(c) A verified photographic record linked to a consumer's financial account would materially reduce the success rate of in-person impersonation fraud.

(d) Such a requirement is consistent with existing Know Your Customer (KYC) obligations under the Bank Secrecy Act and can be implemented without new surveillance infrastructure.

2.2 Purpose. The purpose of this Act is to require all federally insured depository institutions and credit card issuers to maintain a current, verified photograph of the account holder on file and to display or reference that photograph during in-person account access requests.

SECTION 3 — DEFINITIONS

For purposes of this Act:

  • "Covered Institution" means any bank, credit union, savings association, or credit card issuer insured by the FDIC or NCUA.

  • "Account Profile Photo" means a current, verified digital photograph of the primary account holder, collected and stored in compliance with applicable privacy law.

  • "In-Person Transaction" means any account access, withdrawal, transfer, or modification initiated physically at a branch, ATM with teller assistance, or banking kiosk.

  • "Verification Event" means any moment a teller, banker, or agent must authenticate the identity of a customer initiating an in-person transaction.

SECTION 4 — REQUIREMENTS

4.1 Photo Collection. Within 18 months of enactment, all Covered Institutions shall:

(a) Collect a current photograph of each account holder at account opening, at next in-person visit for existing accounts, or via secure digital onboarding;

(b) Re-verify and update the Account Profile Photo no less than every five (5) years;

(c) Allow account holders to update their photograph at any branch or through a secure, identity-verified digital process at any time.

4.2 Photo Display at Verification Events. During any In-Person Transaction, the attending teller or banker shall:

(a) Retrieve and visually compare the Account Profile Photo against the presenting individual prior to completing the transaction;

(b) Flag and escalate to a branch manager any material discrepancy between the presenting individual and the Account Profile Photo on file.

4.3 Credit Card Issuers. All credit card issuers shall:

(a) Maintain an Account Profile Photo linked to each primary cardholder account;

(b) Make the photo accessible to affiliated branch personnel and, upon consumer request, display it on the card itself using secure digital card printing technology where available.

SECTION 5 — PRIVACY AND DATA PROTECTIONS

5.1 Prohibition on Secondary Use. Account Profile Photos collected under this Act shall be used solely for identity verification purposes at the institution holding the account. Sale, transfer, or use for advertising, facial recognition databases, law enforcement sharing, or any other secondary purpose is strictly prohibited absent a valid court order.

5.2 Storage Standards. All photographs shall be stored in encrypted, access-controlled systems in compliance with the Gramm-Leach-Bliley Act and applicable state privacy laws.

5.3 Consumer Rights. Account holders shall have the right to:

(a) Access and review their Account Profile Photo at any time;

(b) Request correction or update of their photo free of charge;

(c) Receive notice if their photo is accessed outside of a standard Verification Event.

SECTION 6 — ENFORCEMENT AND PENALTIES

6.1 Regulatory Authority. The Office of the Comptroller of the Currency (OCC), the Consumer Financial Protection Bureau (CFPB), and the National Credit Union Administration (NCUA) shall jointly issue implementing regulations within 12 months of enactment.

6.2 Penalties. Covered Institutions that fail to comply shall be subject to civil penalties of:

  • Up to $10,000 per day for failure to maintain Account Profile Photos;

  • Up to $50,000 per incident for failure to perform photo verification during a Verification Event that results in a documented fraud loss.

6.3 Safe Harbor. A Covered Institution shall not be liable under this section if it can demonstrate good-faith compliance efforts and the fraud resulted from a sophisticated deepfake or AI-generated attack that could not have been detected through reasonable visual comparison alone.

SECTION 7 — SMALL INSTITUTION ACCOMMODATION

Community banks and credit unions with fewer than $500 million in total assets shall receive:

(a) An additional 12-month implementation window;

(b) Access to a federally subsidized photo collection and storage technology program administered by the FDIC;

(c) A streamlined compliance certification process.

SECTION 8 — ANNUAL REPORTING

Each Covered Institution shall submit an annual report to its primary federal regulator detailing:

(a) The percentage of accounts with current Account Profile Photos on file;

(b) The number of Verification Events in which a photo discrepancy was flagged;

(c) Fraud incidents prevented or detected through photo verification.

SECTION 9 — EFFECTIVE DATE

This Act shall take effect 180 days after enactment, with full compliance required within 18 months for large institutions and 30 months for small institutions as defined in Section 7.

SECTION 10 — SEVERABILITY

If any provision of this Act is found invalid, the remaining provisions shall continue in full force.

Talking point:


"This isn't surveillance. It's a driver's license for your money. We require a photo ID to buy a beer; we should require one to access someone's life savings."