The Industry's Leading Source For F&I, Sales And Technology

Compliance

FTC Issues Three-Month Delay of Enforcement of Red Flags Rule

May 01, 2009

The Federal Trade Commission will delay enforcement of the new Red Flags Rule until August 1, 2009, to give creditors and financial institutions more time to develop and implement written identity theft prevention programs.

For entities that have a low risk of identity theft, such as businesses that know their customers personally, the Commission will soon release a template to help them comply with the law. Today’s announcement does not affect other federal agencies’ enforcement of the original November 1, 2008 compliance deadline for institutions subject to their oversight.

“Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further,” FTC Chairman Jon Leibowitz said.

The Fair and Accurate Credit Transactions Act of 2003 (FACTA) directed financial regulatory agencies, including the FTC, to promulgate rules requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.

FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor.

Some examples of creditors are finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals. “Financial institutions” include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers.

During outreach efforts last year, the FTC staff learned that some industries and entities within the agency’s jurisdiction were uncertain about their coverage under the Red Flags Rule. During this time, FTC staff developed and published materials to help explain what types of entities are covered, and how they might develop their identity theft prevention programs. Among these materials were an alert on the Rule’s requirements, www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm, and a Website with more resources, including a compliance template, to help covered entities design and implement identity theft prevention programs, www.ftc.gov/redflagsrule.

Comments

  1. 1. PHILLIP [ May 03, 2009 @ 08:17AM ]

    the article falls short in underlining the windfall for the industry... they have 3-mos to become compliant...! and, remaining non-compliant does not exempt them from large fines among other penalties.

 

Your Comment

Please note that comments may be moderated. 
Leave this field empty:
Your Name:  
Your Email:  

CLOSE [X]

READ NEXT

FTC Raises the Stakes on Violators

The Federal Trade Commission (FTC) upped the ante on abuses of the FTC Act by increasing the maximum civil penalty for unfair and deceptive acts and practices from $11,000 to $16,000 per violation.