Prodded by Congress, the Federal Trade Commission has
yet again delayed enforcement of the so-called
"Red Flags" Rule for financial institutions and creditors subject to its enforcement until June 1, 2010.
At the request of some lawmakers, the
11th hour delay was announced Oct. 30, just before the
previous Nov. 1 enforcement deadline was set to kick in.
"The Commission believes that such delay is warranted so that it does not begin to enforce a regulation that Congress plans to supersede," the FTC said.
The rule, which was mandated by the Fair and Accurate Credit Transactions Act of 2003, requires "creditors" and "financial institutions" with covered accounts to implement programs to identify, detect, and respond to the warning signs, or "red flags," that could indicate identity theft. As Compliance Week has reported, the FTC has repeatedly delayed its enforcement of the rule because of pressure from Congress and confusion among covered entities about their obligations.
The House of Representatives on Oct. 20 unanimously approved
HR 3763, a bill to exempt from the coverage of the Red Flags Rule any health care, accounting, or legal practice with twenty or fewer employees, as well as certain other businesses.
The move came the same day that the
U.S. District Court for the District of Columbia ruled that the FTC can't apply the Red Flags Rule to attorneys. U.S. District Judge Reggie Walton agreed with the American Bar Association that the Commission's application of the Red Flags Rule to attorneys exceeds its statutory authority under the Fair and Accurate Credit Transactions Act of 2003.
The FTC noted that its enforcement delay doesn't affect the separate timeline of that proceeding or any possible appeals or ongoing enforcement of the rule for financial institutions and creditors subject to the oversight of other federal agencies.