Federal Trade Commission Delays Enforcement of "Red Flags Rule" for Certain Financial Institutions and Creditors

Download IconDownload Print IconPrint

Federal Trade Commission Delays Enforcement of "Red Flags Rule" for Certain Financial Institutions and Creditors

Publication

On April 30, 2009, the Federal Trade Commission (FTC) announced a three-month delay in FTC enforcement of the "Red Flags Rule," which was set to go into effect May 1. The rule requires certain financial institutions and creditors to develop and implement Identity Theft Prevention Programs to prevent, detect, and mitigate identity theft in connection with certain covered accounts. See 16 C.F.R. § 681.2. Under the new timetable, those financial institutions and creditors subject to the FTC's enforcement jurisdiction under the Fair Credit Reporting Act will have until August 1, 2009, to achieve compliance. For entities with a low risk of identity theft, such as businesses that know their customers personally, the Commission will soon release a template to help them comply with the law.

The extension was necessary in part because of the expansive reach of the rule, which applies to any entity that regularly extends or renews credit or arranges for others to do so, and includes all entities that regularly permit deferred payments for goods or services. Examples of creditors covered by the rule are finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals. According to the FTC's press release explaining the decision to delay the rules, FTC staff learned through outreach efforts that some industries and entities within the agency's jurisdiction were uncertain about their coverage under the Red Flags Rule. FTC Chairman Jon Leibowitz explained: "Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further."

It is important to note that enforcement of the "Red Flags Rule" for financial institutions and creditors regulated by the federal bank regulatory agencies or the National Credit Union Administration is already in effect and has not been extended by those agencies.

Notice

Unless you are an existing client, before communicating with WilmerHale by e-mail (or otherwise), please read the Disclaimer referenced by this link.(The Disclaimer is also accessible from the opening of this website). As noted therein, until you have received from us a written statement that we represent you in a particular manner (an "engagement letter") you should not send to us any confidential information about any such matter. After we have undertaken representation of you concerning a matter, you will be our client, and we may thereafter exchange confidential information freely.

Thank you for your interest in WilmerHale.

I Accept Cancel