FTC Extends Enforcement Deadline for Red Flags Rule to June 1, 2010

The Federal Trade Commission (FTC) has again delayed enforcement of the Red Flags Rule. Enforcement was previously delayed until November 1, 2009, but has now been delayed until June 1, 2010.

The FTC extended the deadline in response to requests from members of Congress, who are currently considering a bill that excludes health care, legal and accounting practices with 20 or fewer employees from the definition of "creditor" as set forth in the Red Flags Rule. The bill also allows other businesses to apply to the FTC for exclusion. Businesses would be granted exclusion if they know all of their customers or clients individually, only perform services in or around their customers' residences, have not experienced incidents of identity theft, and operate a type of business for which identity theft is rare. The bill passed unanimously in the House of Representatives and has been referred to the Senate Committee on Banking, Housing, and Urban Affairs.

The Red Flags Rule implements sections of the Fair and Accurate Credit Transactions Act. It requires "creditors" and "financial institutions" with "covered accounts" to develop identity theft prevention programs. Under the Red Flags Rule, the term "creditor" is broadly defined to include any business or organization that regularly defers payment for goods or services or provides goods or services and bills for them later. It also includes businesses that regularly grant loans or extend credit or arrange for the extension of loans or credit, such as mortgage brokers, car dealerships, and retailers that offer financing.

More information regarding the Red Flags Rule can be found on the FTC's website at www.ftc.gov/redflagsrule.