Last Minute Reprieve from FTC Red Flag Rules Enforcement
The Federal Trade Commission ("FTC") announced yesterday that it will delay enforcement of the Red Flag Rules until August 1, 2009 (enforcement was scheduled to begin today). The Red Flag Rules require creditors and financial institutions with covered accounts to implement programs to identify, detect and respond to patterns, practices, or specific activities that would indicate identity theft. The definition of "creditor" includes any entity that regularly extends or renews credit and all entities that regularly permit deferred payments for goods or services. This definition also includes professionals, such as physicians and lawyers, who provide services and bill later.
There is also some good news for entities that have a low risk of identity theft - the FTC will soon release a template to help them comply with the Red Flag Rules. This is in response to feedback from low risk entities that they were having difficulty determining how to tailor the Rules to fit their businesses.
Although this is the second time the FTC has delayed enforcement of the Red Flag Rules, the November 1, 2008 deadline by which creditors should have been in compliance has always remained the same.
