FTC to Suspend Enforcement of ‘Red Flags’ Rule

The Red Flags Rule was to go into effect on November 1st, 2008. Developed pursuant to FACTA (Fair and Accurate Credit Transactions Act), financial institutions and creditors with applicable accounts must have had identity theft prevention programs in place to identity, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. 

Under FACTA, a “creditor” is defined as any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. “Credit” includes a right granted to defer payment for any purchase. So any person that provides a product or service for which the consumer pays after delivery is a creditor. A “financial institution” is defined by FACTA to include all banks, savings and loan associations, credit unions, and any other person that holds a consumer transaction account as defined by section 19(b) of the Federal Reserve Act.  

The difficulty was that the law’s definition of a “creditor” or “financial institution” was not entirely clear to many businesses. Therefore, they were not aware that they were engaged in activities that would have caused them to fall under the Red Flags Rule. When contacted through FTC outreach efforts, the FTC realized that these businesses were unprepared or did not even know that they were required to be in compliance. Therefore, the FTC will delay enforcement of the Rule for six months to allow these businesses sufficient time to establish and implement appropriate identity theft prevention programs in compliance with the Rule. 

Suggestion:  Unsure whether or not you should be in compliance? Better be safe than sorry and bring yourself into compliance. (Besides, you should have an identity theft plan in place in any case!) You will need to take several actions to protect yourself. Contact us if you would like more information on how to be in compliance or need training to do so (info@identitytheftforum.net)