Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

FTC Delays Enforcement of Red Flags Rule Again

Melissa Klein Aguilar | May 4, 2009

The Federal Trade Commission has extended for another three months its delay of enforcement of the new Red Flags Rule to give creditors and financial institutions more time to develop and implement written identity theft prevention programs.

Like the previous enforcement delay, the latest delay, in effect until Aug. 1, 2009, is limited to the Identity Theft Red Flags Rule and doesn’t extend to the rule regarding address discrepancies applicable to users of consumer reports, or to the rule regarding changes of address applicable to card issuers.

Full compliance for all covered entities was originally required by Nov. 1, 2008. However, the FTC last October delayed enforcement until May 1, 2009, for the entities under its jurisdiction following confusion about their coverage by and obligations under the rule.

Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further, FTC Chairman Jon Leibowitz said in a statement.

The FTC said it will release a template to help entities that have a low risk of identity theft, such as businesses that know their customers personally, comply with the law.

The Fair and Accurate Credit Transactions Act of 2003 directed financial regulatory agencies, including the FTC, to promulgate rules requiring creditors and financial institutions with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.

FACTA’s definition of creditor applies to any entity that regularly extends or renews credit—or arranges for others to do so—and includes all entities that regularly permit deferred payments for goods or services. Examples of creditors include finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals.

Financial institutions include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers.