WASHINGTON — The Federal Trade Commission (FTC) announced today it will further delay enforcement of the Red Flags Rule until Nov. 1, 2009. The FTC’s actions follow the House Appropriations Committee’s recent request that it to defer enforcement in conjunction with additional efforts to minimize the burdens of the rule on health care providers and small businesses with a low risk of identity theft problems.
Today’s announcement that the FTC will delay enforcement of the rule until Nov. 1, 2009, does not affect other federal agencies’ enforcement of the original Nov. 1, 2008, compliance deadline for institutions subject to their oversight.
The rule, which has been twice postponed already, was set to be enforced Aug. 1. The three-month extension, coupled with new guidance from the FTC for small businesses and entities, should enable businesses to gain a better understanding of the rule and any obligations that they may have under it. Although many covered entities have already developed and implemented appropriate, risk-based programs, some – particularly small businesses and entities with a low risk of identity theft – remain uncertain about their obligations, the FTC stated.
The FTC said it would redouble its efforts to educate small businesses and other entities about the rule and provide additional resources and guidance to clarify whether businesses are covered by the rule and what they must do to comply. Among other things, the FTC will create a special link for small and low-risk entities on the Red Flags Rule Website with materials that provide guidance and direction regarding the rule.
The FTC will also be sending Manas Mohapatra to the magazine’s F&I Conference and Expo, which is scheduled for Sept. 21-23 at the Orlando World Center Marriott Resort & Convention Center in Florida. He will present “Fighting Fraud With the Red Flags Rule: Practical Guidance for Business” on Wednesday, Sept. 23, during a special lunch seminar. Dealers will have an opportunity to ask the FTC’s staff attorney any and all questions related to the Red Flags Rule.
The Red Flags Rule is an anti-fraud regulation, requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to the warning signs, or “red flags,” that could indicate identity theft. The financial regulatory agencies, including the FTC, developed the Rule, which was mandated by the Fair and Accurate Credit Transactions Act of 2003 (FACTA).