Good news for those still confused about whether they're covered by an anti-fraud rule that requires creditors to implement written Identity Theft Prevention Program: The Federal Trade Commission announced a further three-month delay of enforcement of the so-called
Red Flags Rule until Nov. 1.
A July 29
FTC press release announcing the delay notes that FTC staff plans to step up efforts to educate small businesses and other entities on the rule and to provide more resources and guidance to clarify who's covered by the Rule and how to comply.
The Red Flags Rule, mandated by the Fair and Accurate Credit Transactions Act of 2003, requires "creditors" and "financial institutions" with covered accounts to implement programs to identify, detect, and respond to the warning signs, or "red flags," that could indicate identity theft.
As Compliance Week has previously reported, the FTC has
repeatedly delayed its enforcement of the rule because of
confusion among many covered entities about their obligations.
The press release notes that the delay is in line with a House Appropriations Committee request to defer enforcement to minimize the burden on health care providers and small businesses with a low risk of identity theft problems.
The FTC notes that its enforcement delay doesn't affect other federal agencies' enforcement of the original Nov. 1, 2008, compliance deadline for institutions subject to their oversight.
Resources to help determine who's covered and how to comply are available through the
FTC's Red Flags Web site. The FTC plans to create a special link for small and low-risk entities.