FTC Delays Enforcement of the Red Flag Rules Until November 1, 2009

July 31, 2009


The "Red Flags" Rule is an anti-fraud regulation requiring "creditors" and "financial institutions" with covered accounts to implement programs to identify, detect, and respond to the warning signs, or "red flags," that could indicate identity theft. The Federal Trade Commission (FTC) staff has extended the Red Flags Rule deadline by three months to give small businesses and other entities additional time to review new FTC resources about compliance.

The FTC's Red Flags Rule website offers resources to help offices determine if they must be compliant and, if so, how to meet the terms of the Rule. Look for a user-friendly online compliance template that enables companies to design their own Identity Theft Prevention Program, as well as articles directed to specific businesses and industries, guidance manuals, and Frequently Asked Questions to help companies navigate the Rule.

The three-month extension, coupled with this new guidance, should enable businesses to gain a better understanding of any obligations that they may have under the Rule.