At the request of several members of Congress, the Federal Trade Commission is further delaying enforcement of the “ Red Flags” Rule through Dec. 31, 2010, according to a release from the FTC. During that time, Congress will consider legislation that would affect the scope of entities covered by the rule.
The announcement does not affect other federal agencies’ enforcement of the original Nov. 1, 2008, deadline for institutions subject to their oversight to be in compliance.
“Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule — and to fix this problem quickly. We appreciate the efforts of Congressmen Barney Frank and John Adler for getting a clarifying measure passed in the House, and hope action in the Senate will be swift,” FTC Chairman Jon Leibowitz said in the release. “As an agency we’re charged with enforcing the law, and endless extensions delay enforcement.”
The rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring creditors and financial institutions to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have covered accounts to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities — known as “red flags” — that could indicate identity theft.
The rule became effective on Jan. 1, 2008, with full compliance for all covered entities originally required by Nov. 1, 2008. The Commission has issued several delays of the rule. Most recently, the Commission announced in October 2009 that at the request of certain members of Congress, it was delaying enforcement of the Rule until June 1, 2010, to allow Congress time to finalize legislation that would limit the scope of business covered by the rule.