The Federal Trade Commission (FTC) announced on April 30, 2009 that it would will delay enforcement of the new “Red Flags Rule” until August 1, 2009, to give creditors and financial institutions more time to develop and implement written identity theft prevention programs. The rule, promulgated under the Fair and Accurate Credit Transactions Act of 2003 (FACTA), had an original mandatory compliance date of November 1, 2008. In October 2008, the FTC extended the compliance date by six months to May 1, 2009. See Alert dated October 23, 2008.

    The FTC’s latest enforcement policy states that there are still questions and concerns about complying with the rule. To address these questions and concerns, the FTC determined that some entities, particularly those that are small, non-traditional creditors, would benefit from the availability of a template Red Flags program in developing their programs. The FTC staff intends to publish such a template for low-risk entities shortly.

    Accordingly, the FTC determined that immediate enforcement of the rule on May 1, 2009 would not further the exercise of good public policy, and that an additional three month extension is warranted.

    As with the first delay, this additional extension in enforcement does not extend to the rule regarding address discrepancies applicable to users of consumer reports or to the rule regarding changes of address applicable to card issuers. The delay also does not extend to entities subject to the jurisdiction of any of the other federal agencies that have issued Red Flags Rules, including the Office of the Comptroller of the Currency, the Federal Reserve Board, the Federal Deposit Insurance Corporation and the Office of Thrift Supervision.

    Do not hesitate to contact us if you have questions or would like a copy of the enforcement policy or template.

    • Elizabeth Anstaett

    LOOKING FOR A MARKETING AND PRIVACY COMPLIANCE RESOURCE? We publish an easy-to-use reference “Marketing and Privacy Digest” that compiles the state laws governing financial privacy, fair credit reporting, telemarketing/automatic dialing and announcing devices, telephone monitoring and recording, electronic signatures and restrictions on the use of social security numbers by financial service providers. Creditors, marketers and servicers should find this resource invaluable to marketing and privacy program development and regulatory compliance. Contact us for rates and other information.