No, you are not required to continue mailing periodic statements in this situation. In fact, it may be advisable to discontinue mailing periodic statements to an address that you know to be incorrect, to prevent the statements and the personal financial information contained in them from falling into the wrong hands. 

We recommend monitoring the account for other activities, such as debit card transactions, which could be fraudulent. The Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation note that this pattern could be a red flag for fraudulent activity. (See this IBA Q&A for more information.) 

We also note that under the Uniform Commercial Code, customers have a duty to report unauthorized transactions with reasonable promptness, which is measured from the time that your institution “sends or makes available” an account statement to the customer. For this reason, some deposit account agreements provide that when a customer’s mail is returned as undeliverable, the bank will discontinue mailing statements and will consider statements to be “made available” to the customer on the day that the account statement is generated.  

For citations related to our guidance, please see below:

• Regulation V, 12 CFR 334, Appendix J (Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation: “Unusual Use of, or Suspicious Activity Related to, the Covered Account . . . 23. Mail sent to the customer is returned repeatedly as undeliverable although transactions continue to be conducted in connection with the customer’s covered account.”)

• Uniform Commercial Code, 810 ILCS 5/4-406 (Customer’s duty to review account statements with reasonable promptness)