Financial institutions and other creditors soon will be under the close eye of the Federal Trade Commission and banking regulators, which are stepping up their scrutiny of how those businesses detect and respond to identity theft.

According to new “Red Flags” rules that went into effect Jan. 1, any organization that handles consumer financial data must not only design and implement policies and procedures that detect possible identity theft, but also must maintain a written policy for how they prevent or mitigate such theft. Covered companies must comply with the new rules by Nov. 1.

The publication of the final rules comes ...