FiSCA Member Alert on the
“Red Flags Rule”
11-01-09 UPDATE: The Federal
Trade Commission (“FTC”) has once again delayed enforcement
of the “Red Flags” Rule. The new enforcement date for
financial institutions and creditors subject to regulation by the FTC is
June 1, 2010. A copy of the FTC’s press release announcing
the delayed enforcement can be found at http://www.ftc.gov/opa/2009/10/redflags.shtm.
While enforcement by the FTC has been delayed, FiSCA members that are
subject to the Red Flags Rule are reminded that the regulations have
been in effect since 2008 and, as such, companies should be implementing
identity theft prevention programs designed to prevent, detect, and
mitigate identity theft in connection with covered accounts.
7-30-09 UPDATE: The Federal Trade
Commission (FTC) has announced that it will further delay enforcement of
the Red Flags Rule until Nov. 1, 2009. This decision follows the House
Appropriations Committee's request that the FTC defer enforcement, along
with additional efforts to reduce the rule's burdens on health care
providers and small businesses at low risk of identity theft. The rule
has already been postponed twice, and was set to be enforced Aug. 1. The
new extension will allow businesses to gain a greater understanding of
the rule and the obligations involved, with the FTC boosting its efforts
to educate small businesses and other entities. The FTC delay does not
affect other federal agencies’ enforcement of the original Nov. 1,
2008, compliance deadline for institutions subject to their
oversight.
Pursuant to the Fair and
Accurate Credit Transactions Act of 2003 (“FACT Act”),
certain financial institutions and creditors are required to develop and
implement a written identity theft prevention program containing
policies and procedures that address identifying, detecting, and
responding to patterns, practices, or specific activities that could
indicate identity theft (i.e., “Red Flags”). The
program must be tailored to detect, prevent and mitigate identity theft
in connection with covered accounts, as defined in the regulations
implementing the FACT Act (“Red Flags Rule”).
Mandatory compliance with the Red Flags was effective as of November 1,
2008; however, for covered entities subject to regulation by the Federal
Trade Commission, the deadline for mandatory compliance has been
extended until August 1, 2009 and has just been extended again until
Nov. 1, 2009.
The applicability of the Red
Flags Rule is not based on a particular industry or sector, but rather
on whether your business’s activities are covered by relevant
definitions; namely, “creditor” and “covered
account.” To assist FiSCA members who are subject to the
FACT Act and Red Flags Rule, FiSCA has prepared a Member Guide and a Model
Red Flags Policies and Procedures Manual , which are intended to
provide a general overview of the Red Flags Rule and an outline for an
effective written identity theft prevention program. Links to
these publications along with other related resources and links
can be found below. Should there be any questions regarding these
materials, please contact FiSCA at 201-487-0412 or by e-mail at info@fisca.org.
Please note that the Member
Guide and Model
Red Flags Policies and Procedures Manual , are not intended to be
legal advice and are provided solely to FiSCA members for informational
purposes. FiSCA members should also seek the advice of independent
counsel to review the applicability of the Red Flags Rule and to
implement the appropriate policies and procedures, as deemed necessary.
For more information about the Red Flags Rule visit http://www.ftc.gov/redflagsrule, a site created by
the Federal Trade Commission to assist entities subject to the Red Flags
Rule in developing and implementing identity theft prevention
programs.
|
