To support small businesses and other entities, the Federal Trade Commission faculty will intensify its efforts to educate them about compliance with the "Red Flags" Rule and ease compliance by provisioning additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply. To give creditors and financial institutions additional time to review this guidance and develop and implement written Identity Theft Prevention Programs, the FTC will further delay enforcement of the Rule until November 1, 2009.
The Red Flags Rule is an anti-fraud regulation, requiring creditors and financial institutions with covered accounts to implement programs to identify, detect, and respond to the warning signs, or red flags, that could indicate identity theft. FACTAs definition of creditor includes any entity that regularly extends or renews credit " or arranges for others to do so " and includes all entities that routinely permit deferred payments for goods or services.
The FTCs Red Flags Web site, www.ftc.gov/redflagsrule, offers resources to help entities determine if they are covered and, if they are, how to conform with the Rule. It includes an online compliance template that enables companies to design their own Identity Theft Prevention Program through an easy-to-do form, as well as articles directed to specific businesses and industries, guidance manuals, and Frequently Asked Questions to help companies navigate the Rule.
Although many covered entities have already matured and implemented appropriate, risk-based programs, some " particularly small businesses and entities with a low risk of identity theft " remain uncertain about their obligations. Among other things, Commission staff will create a special link for small and low-risk entities on the Red Flags Rule Web site with materials that provide guidance and direction regarding the Rule.
The Commission has already posted FAQs that address how the FTC intends to enforce the Rule and other topics " www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm. The enforcement FAQ states that Commission staff would be unlikely to recommend bringing a law enforcement action if entities know their customers or clients individually, or if they perform services in or around their customers homes, or if they operate in sectors where identity theft is rare and they have not themselves been the target of identity theft.
Todays announcement that the Commission will delay enforcement of the Rule until November 1, 2009, does not affect other federal agencies enforcement of the original November 1, 2008, compliance deadline for institutions subject to their oversight.
The Red Flags Rule is an anti-fraud regulation, requiring creditors and financial institutions with covered accounts to implement programs to identify, detect, and respond to the warning signs, or red flags, that could indicate identity theft. FACTAs definition of creditor includes any entity that regularly extends or renews credit " or arranges for others to do so " and includes all entities that routinely permit deferred payments for goods or services.
The FTCs Red Flags Web site, www.ftc.gov/redflagsrule, offers resources to help entities determine if they are covered and, if they are, how to conform with the Rule. It includes an online compliance template that enables companies to design their own Identity Theft Prevention Program through an easy-to-do form, as well as articles directed to specific businesses and industries, guidance manuals, and Frequently Asked Questions to help companies navigate the Rule.
Although many covered entities have already matured and implemented appropriate, risk-based programs, some " particularly small businesses and entities with a low risk of identity theft " remain uncertain about their obligations. Among other things, Commission staff will create a special link for small and low-risk entities on the Red Flags Rule Web site with materials that provide guidance and direction regarding the Rule.
The Commission has already posted FAQs that address how the FTC intends to enforce the Rule and other topics " www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm. The enforcement FAQ states that Commission staff would be unlikely to recommend bringing a law enforcement action if entities know their customers or clients individually, or if they perform services in or around their customers homes, or if they operate in sectors where identity theft is rare and they have not themselves been the target of identity theft.
Todays announcement that the Commission will delay enforcement of the Rule until November 1, 2009, does not affect other federal agencies enforcement of the original November 1, 2008, compliance deadline for institutions subject to their oversight.
