Red Flags Rule enforcement date extended
The FTC has pushed back enforcement of the rule aimed to reduce identity theft through December 31, 2010, at the request of several members of Congress, who say they need to consider legislation that would affect the scope of entities covered by the rule.
FTC Chairman Jon Leibowitz agrees that Congress needs to fix the unintended consequences, but emphasizes that the fix must come quickly.
"As an agency we're charged with enforcing the law, and endless extensions delay enforcement," Leibowitz says.
The rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” -- that could indicate identity theft.
It became effective on January 1, 2008, with full compliance for all covered entities originally required by November 1, 2008. This latest extension does not affect other federal agencies’ enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance, according to the FTC.