The Federal Trade Commission will delay enforcement of the
new “Red Flags Rule” until August 1, 2009, to give creditors
and financial institutions more time to develop and
implement written identity theft prevention programs. For
entities that have a low risk of identity theft, such as
businesses that know their customers personally, the
Commission will soon release a template to help them comply
with the law. Today’s announcement does not affect other
federal agencies’ enforcement of the original November 1,
2008 compliance deadline for institutions subject to their
oversight.
“Given the ongoing debate about whether
Congress wrote this provision too broadly, delaying
enforcement of the Red Flags Rule will allow industries and
associations to share guidance with their members, provide
low-risk entities an opportunity to use the template in
developing their programs, and give Congress time to
consider the issue further,” FTC Chairman Jon Leibowitz
said.
The Fair and Accurate Credit Transactions Act of 2003 (FACTA)
directed financial regulatory agencies, including the FTC,
to promulgate rules requiring “creditors” and “financial
institutions” with covered accounts to implement programs to
identify, detect, and respond to patterns, practices, or
specific activities that could indicate identity theft.
FACTA’s definition of “creditor” applies to any entity that
regularly extends or renews credit – or arranges for others
to do so – and includes all entities that regularly permit
deferred payments for goods or services. Accepting credit
cards as a form of payment does not, by itself, make an
entity a creditor. Some examples of creditors are finance
companies; automobile dealers that provide or arrange
financing; mortgage brokers; utility companies;
telecommunications companies; non-profit and government
entities that defer payment for goods or services; and
businesses that provide services and bill later, including
many lawyers, doctors, and other professionals. “Financial
institutions” include entities that offer accounts that
enable consumers to write checks or make payments to third
parties through other means, such as other negotiable
instruments or telephone transfers.
During outreach efforts last year, the FTC staff learned
that some industries and
entities within the agency’s jurisdiction were uncertain
about their coverage under the Red Flags Rule. During this
time, FTC staff developed and published materials to help
explain what types of entities are covered, and how they
might develop their identity theft prevention programs.
Among these materials were an alert on the Rule’s
requirements,
www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm,
and a Web site with more resources to help covered entities
design and implement identity theft prevention programs,
www.ftc.gov/redflagsrule. The compliance template will
be available on this Web site.
The Federal Trade Commission works for consumers to
prevent fraudulent, deceptive, and unfair business practices
and to provide information to help spot, stop, and avoid
them. To file a complaint in English or Spanish, visit the
FTC’s online
Complaint Assistant or call 1-877-FTC-HELP
(1-877-382-4357). The FTC enters complaints into Consumer
Sentinel, a secure, online database available to more than
1,500 civil and criminal law enforcement agencies in the
U.S. and abroad. The FTC’s Web site provides free
information on a variety of
consumer topics.
- MEDIA CONTACT:
- Office of Public Affairs
202-326-2180
Our 