Federal Trade Commission Further Delays Enforcement of "Red Flags Rule"

Federal Trade Commission Further Delays Enforcement of "Red Flags Rule"

Publications
On July 29, 2009, the Federal Trade Commission (FTC) announced a three-month delay in FTC enforcement of the "Red Flags Rule," which was set to go into effect August 1. The Rule requires certain financial institutions and creditors to develop and implement Identity Theft Prevention Programs to prevent, detect, and mitigate identity theft in connection with certain covered accounts. Under the new timetable, those financial institutions and creditors subject to the FTC's enforcement jurisdiction under the Fair Credit Reporting Act will have until November 1, 2009, to achieve compliance.

The Federal Trade Commission has made clear that its rule would apply broadly to include all entities that regularly permit deferred payments for goods or services, including some small businesses and other entities with a low risk of identity theft. In announcing the extension, the FTC stated its intention to redouble its education efforts by providing additional resources and guidance intended to clarify what businesses are covered by the Rule and what they must do to comply with it. The extension is intended to give such entities additional time to review the Commission's guidance and to develop and implement written Identity Theft Prevention Programs.

It is important to note that enforcement of the "Red Flags Rule" for financial institutions and creditors regulated by the federal bank regulatory agencies or the National Credit Union Administration is already in effect and has not been extended by those agencies.

Contributors