Enforcement of the Federal Trade Commission’s “Red Flags” Rule is scheduled to begin on June 1, 2010, for financial institutions and creditors subject to enforcement by the FTC. The Commission has previously delayed the enforcement of the Rule several times.
The Rule was promulgated under the Fair and Accurate Credit Transactions Act, in which Congress directed the Commission and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.
The Commission staff has continued to provide guidance to entities within its jurisdiction, both through materials posted on the dedicated Red Flags Rule Web site www.ftc.gov/redflagsrule. The Commission also published a compliance guide for business, and created a template that enables low risk entities to create an identity theft program with an easy-to-use online form. FTC staff has also published numerous general and industry-specific articles, and released a video explaining the Rule.
MHI members can contact Ann Parman at firstname.lastname@example.org with any questions.