The Federal Trade Commission (FTC) has announced that it will delay enforcement of the "Red Flags" Rule until June 1, 2010, for financial institutions and creditors that are subject to enforcement by the FTC. The FTC says it is enacting the delay by request of members of Congress. The rule was originally slated to begin enforcement in November.

The Red Flags Rule requires creditors and financial institutions to adopt programs that prevent identity theft. The FTC has stated that health care professionals are subject to the rule. (See DM 9497.) The rule was mandated by the Fair and Accurate Credit Transactions Act of 2003 (FACTA). Congress directed the Commission and other agencies to develop regulations requiring "creditors" and "financial institutions" to address identity theft. FACTA's definition of "creditor" includes any entity that extends credit on a regulated basis or arranges for others to do so, and all entities that regularly permit deferred payments for goods or services. All applicable entities that have "covered accounts" will be required develop and implement written identity theft prevention programs to help identify, detect, and respond to activities -- "red flags" -- indicating identity theft.

The Commission staff has guidance to entities within the Red Flag Rule jurisdiction, including on the Red Flags Rule Web site (www.ftc.gov/redflagsrule), and periodically through speeches and participation in seminars, conferences and other training events to numerous groups. The materials to assist in preparation of enforcement include a do-it-yourself template for low-risk businesses.

Adapted in part from a press release from the FTC.
Link: http://ftc.gov/opa/2009/10/redflags.shtm

More Industry Headlines