FTC Extends Deadline to Comply with Red Flag Rules to Aug. 1, 2009-05-01-2009

LOUISVILLE, Ky. (May 1, 2009) - Extension gives creditors and financial institutions more time to implement identity theft prevention programs

The Federal Trade Commission (FTC) announced on April 30, 2009, it will delay enforcement of the Red Flags Rules until Aug. 1, 2009, to give creditors and financial institutions more time to develop and implement written identity theft prevention programs. The previous compliance deadline was May 1, 2009.

The Red Flag Rules require financial institutions and creditors to develop and implement a written identity theft prevention program if offering or maintaining one or more covered accounts. Moreover, the Rules require service providers for a financial institution or creditor, including third-party debt collectors, to also develop and implement policies and procedures designed to detect, prevent, and mitigate the risk of identity theft.

During outreach efforts last year, the FTC staff learned some industries and entities within the agency's jurisdiction were uncertain about their coverage under the Red Flag Rules. The Commission stated delaying enforcement of the Red Flag Rules will permit industries and associations to share guidance with their members.

FTC staff developed and published materials to help explain what types of entities are covered, and how they might develop their identity theft prevention programs. Among these materials were an alert on the Rule's requirements, and a Web site with more resources to help covered entities and service providers design and implement identity theft prevention programs. The FTC also announced it will soon release a template to assist entities who have a low risk of identity theft, including but not limited to businesses that know their customers personally. The template will be available on the Red Flag Rules resources Web site.

The deadline extension announced by the FTC does not affect other federal agencies' enforcement of the original November 1, 2008 compliance deadline for institutions subject to their oversight.

The FTC press release announcing the commission's delayed enforcement of the Red Flag Rules is available on the FTC's Web site.

ACA International offers its members a number of resources to assist in complying with the Red Flag Rules. First, ACA has prepared a detailed Fastfax document on the Red Flag Rules. Second, a model identity theft prevention program is also available for members to develop and implement identity theft prevention policies and procedures. Third, ACA hosted a number of teleseminars on this topic, as well as presentations at ACA events, which are available for purchase through the ACA Online Store. Lastly, ACA members are encouraged to contact ACA's Compliance Department at compliance@acainternational.org if they have questions about complying with the Red Flag Rules.

Source: ACA International