red flag rule

Subscribe to red flag rule via RSS

The Federal Trade Commission announced today that it is once again extending the deadline for enforcing its “Red Flags” Rule, while Congress considers legislation that would affect the scope of entities covered by the Rule. The FTC is delaying enforcement of the Rule until December 31, 2010 in response to a request from members of Congress who are working to finalize legislation that would limit the scope of business covered by the Rule.

According to regulations published by the Federal Trade Commission and the federal banking agencies, covered companies that hold any customer accounts must implement identity theft prevention programs that identify and detect “Red Flags” signaling possible identity theft. Companies establishing such programs must create policies and procedures not only to recognize and detect Red Flags, but also to respond to Red Flags by preventing or mitigating potential identity theft. Furthermore, companies must develop reasonable policies and procedures to verify the identity of a customer opening an account, and must also periodically update their identity theft programs. The rules went into effect on January 1, 2008, and businesses must comply by November 1, 2008.