The Federal Trade Commission announced today that it is once again extending the deadline for enforcing its “Red Flags” Rule, while Congress considers legislation that would affect the scope of entities covered by the Rule. The FTC is delaying enforcement of the Rule until December 31, 2010 in response to a request from members of Congress who are working to finalize legislation that would limit the scope of business covered by the Rule.
red flags rule
DC Court Sides with the ABA – No Red Flag Rules for Lawyers
The U.S. District Court for the District of Columbia has ruled that the Federal Trade Commission’s Red Flags Rules cannot be enforced against lawyers, saying that the FTC’s interpretation of the Fair and Accurate Credit Transactions Act overreaches, and its application to lawyers is unreasonable. Judge Reggie Walton said he…
Third Time’s A Charm: FTC Delays Enforcement Of The Red Flags Rule Again
The Federal Trade Commission (“FTC”) announced today that, for the third time, it will delay enforcement of the Red Flags Rule until November 1, 2009 – a year after the original November 1, 2008 compliance deadline. In delaying enforcement yet again, the Commission stated that it intends to engage in an “expanded business education campaign” in which the staff will “redouble its efforts to educate [businesses] about compliance.” Such a campaign is designed to “clarify whether businesses are covered by the Rule and what they must do to comply.” The delay does not affect companies subject to the enforcement authority of federal agencies other than the FTC.
Doesn’t Alice Live Here Anymore? FACTA and the Address Discrepancy Rule
Section 315 of FACTA requires institutions that utilize consumer reports (“users”) to develop and follow certain procedures when notified of an address discrepancy by a national CRA (Equifax, Experian and TransUnion). Under FACTA, national CRAs are required to issue a “notice of address discrepancy” when an address provided by a user requesting a consumer report “substantially differs” from the address the CRA has on file for that consumer. The Address Discrepancy Rule then requires users of consumer reports to develop and implement written policies and procedures to respond to receipt of a discrepancy notice. There are two components to the policies required by the Rule: the first relates to the user’s evaluation of the address discrepancy; the second relates to the user’s potential obligation to report the consumer’s address to the CRA.
Red Flags and Address Discrepancies FAQs
On Thursday, the staff of the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision and the Federal Trade Commission issued a set of FAQs to assist financial institutions, creditors, users of consumer reports, and card issuers in complying with the Red Flags and Address Discrepancies Rules under FACTA.
…
Red Flags Rule Interpretation Raises Red Flags
We noted in an earlier post that the FTC determined that the Red Flags Rule applies to retailers who pass credit card applications on to lenders. However, there appears to be strong arguments against this interpretation.
FTC Suspends Enforcement of Red Flag Rules For Six Months
The Federal Trade Commission (“FTC”) recently announced that it will not enforce the new Red Flag Rules until May 1, 2009, giving financial institutions and creditors an additional six months to comply by developing and implementing a written identity theft prevention program. In an Enforcement Policy Statement released on October 22, 2008, the FTC acknowledged the uncertainty felt by many entities and some industries regarding whether they would be considered “covered entities” and thus subject to the rules. This announcement though does not affect companies subject to the enforcement authority of federal agencies other than the FTC.
Red Flag Alert — Compliance Deadline is November 1, 2008
According to regulations published by the Federal Trade Commission and the federal banking agencies, covered companies that hold any customer accounts must implement identity theft prevention programs that identify and detect “Red Flags” signaling possible identity theft. Companies establishing such programs must create policies and procedures not only to recognize and detect Red Flags, but also to respond to Red Flags by preventing or mitigating potential identity theft. Furthermore, companies must develop reasonable policies and procedures to verify the identity of a customer opening an account, and must also periodically update their identity theft programs. The rules went into effect on January 1, 2008, and businesses must comply by November 1, 2008.
…