Business Services Industry
Federal Trade Commission pushes back launch of 'Red Flags Rule'
Journal Record, The (Oklahoma City), Oct 24, 2008 by Marie Price
It's called the "Red Flags Rule," and it's coming to financial institutions, brokerage firms, credit card companies and mortgage firms near you as of Nov. 1.
In essence, the regulation requires affected businesses to take a proactive approach to identity theft, developing and maintaining a written program to detect, prevent and mitigate ID theft.
Businesses like auto dealers, utilities, telecommunications companies and others regulated by the Federal Trade Commission this week got a breather from the FTC, which pushed its enforcement launch date to May 1.
Fines for noncompliance range from $2,500 to $11,000 per violation.
In addition to the FTC, businesses regulated by the FDIC, Office of the Comptroller of the Currency, Federal Reserve Board, Office of Thrift Supervision, and National Credit Union Administration must comply with the regulation. None of the other five agencies have yet announced a postponement of enforcement.
Attorney Eric Johnson explained Thursday that, as the FTC interprets the regulation, a violation could potentially be assessed for each account affected, not just for each red flag program.
Johnson, a shareholder with the Phillips Murrah law firm, said Congress told federal regulators to come up with such a rule in 2003, as part of the Fair and Accurate Credit Transactions Act.
He said the law also requires companies to conduct a risk assessment of all the accounts they maintain or offer, to see if they are covered.
"They would look at, how do we give access to our accounts, how do we open our accounts, do we have any prior experiences of identity theft on this type of account," he said.
Johnson said covered accounts are mostly consumer-related, but could include business and commercial accounts "where there is a reasonably foreseeable risk to either the customer or the creditor from identity theft."
Johnson said that in developing a required program, businesses must detail "red flags" associated with their accounts, and how they would respond to them.
"Generally, a red flag is either an activity or maybe a pattern of practice that indicates either there has been identity theft or maybe the possible existence of identity theft, something that, just like it sounds, pops up and says, wait a minute, bells and whistles going off," he said.
Some examples of red flags outlined by federal regulators include pulling a credit report that has a fraud or active duty alert, trying to pull a credit report and receiving a notice of a freeze on the credit file, receiving notification from a credit bureau of an address discrepancy, a credit report with a pattern of activity inconsistent with the applicant's historic activity, and documents a business suspects have been altered.
Once a program is approved by company management or the corporate board of directors, he said, companies must train staff about how to put it into operation, and make sure appropriate service providers comply with it or have their own program in place.
Johnson said noncompliance by banks and other routinely examined businesses will probably be revealed during those procedures, but the situation is more complex when it comes to companies regulated by the FTC.
"It's a little bit more difficult to gaze into the crystal ball to see what they are looking for," he said.
Johnson said that if the FTC reacts as it has in the past, it may wait until after May 1, 2009, then fire out a series of letters to businesses requesting copies of their Red Flag programs and asking questions about how they were developed and how they will be maintained.
Johnson said a lot of smaller, mom-and-pop businesses may have accounts that would be covered by the rule, and not be aware of it.
He also said banks and other entities that must comply beginning Nov. 1 may want car dealers and other business with which they do business to have their programs in place then as well.
When it announced the postponement, the FTC said its staff learned that some creditor-businesses subject to its regulation were not certain they were covered by the rule or whether they engaged in activities that would cause them to fall under the act. Other businesses said they learned of the rule's requirements too late to comply by Nov. 1.
Most Recent Business Articles
- Multiple criteria evaluation and optimization of transportation systems
- Multi-criteria analysis procedure for sustainable mobility evaluation in urban areas
- A two-leveled multi-objective symbiotic evolutionary algorithm for the hub and spoke location problem
- Multi-criteria analysis for evaluating the impacts of intelligent speed adaptation
- The development of Taiwan arterial traffic-adaptive signal control system and its field test: a Taiwan experience
Most Recent Business Publications
Most Popular Business Articles
- 7 tips for effective listening: productive listening does not occur naturally. It requires hard work and practice - Back To Basics - effective listening is a crucial skill for internal auditors
- FAS 109: a primer for non-accountants - Financial Accounting Standards Board's "Statement 109: Accounting for Income Taxes"
- Design a commission plan that drives sales - Sales Commissions
- Too Young to Rent a Car? - 25-years-old the minimum age for car renting - Brief Article
- Getting the global view: Nestle, led by Peter Brabeck-Letmathe, climbs to the #1 spot in this year's Best Companies for Leaders
Most Popular Business Publications
Content provided in partnership with
