At the request of several Members of Congress, the Federal Trade Commission is further delaying enforcement of the “Red Flags” rule through December 31, 2010, while congress considers legislation that would affect the scope of entities covered by the rule.
The Rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring entities that have “covered accounts,” such as financial institutions and health care providers, to implement written identity theft programs that isolate “red flags” indicating identity theft.
The rule became effective on January 1, 2008, with full compliance originally required by November 1, 2008. Numerous delays had resulted in delaying enforcement until June 1, 2010.
This announcement and the release of an Enforcement Policy Statement do not affect other federal agencies’ enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance.
