The FTC recently announced a six month reprieve on the original compliance date for the new identity theft "Red Flags Rule".
The Rules mandate financial institutions and "creditors" set up and enforce written plans for identifying "red flag" transactions that could indicate identity theft or fraud. The law became effective January 1, 2008, and enforcement and full compliance was to be met by November 1, 2008.
Ultimately, since the FTC's meaning of "creditors" is so broadly defined, many businesses were caught off guard and unaware that the Red Flags Rule applied to them as well. So last week, the FTC decided to allow more time and moved the full compliance date by six months, to May 1, 2009.
According to the FTC, "Many entities also noted that because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rule making, and therefore learned of the rule's requirements too late to be able to come into compliance by Nov. 1, 2008. The commission's delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the rule."
According to AMedNews, the newspaper for American Physicians,
"...until recently, physicians and health care facilities were largely unaware of the regulations, which were thought to pertain mainly to banks and other financial institutions that offer credit in the traditional sense. But in recent weeks, the FTC signaled that the rule was intended to apply more broadly, including to the health care arena.
Most physicians and group practices likely will fall under the FTC's definition of a creditor because they generally do not collect payment at the time a service is rendered and often hold off billing patients in full, according to legal experts. While accepting credit card payments does not apply in this case, such routine practices as setting up a payment plan or billing an insurance company before charging the patient likely do."
FTC PRESS RELEASE:
FTC Will Grant Six-Month Delay of Enforcement of 'Red Flags' Rule Requiring Creditors and Financial Institutions to Have Identity Theft Prevention Programs
The Federal Trade Commission will suspend enforcement of the new "Red Flags Rule" until May 1, 2009, to give creditors and financial institutions additional time in which to develop and implement written identity theft prevention programs. The FTC's announcement and the release of an Enforcement Policy Statement do not affect other federal agencies' enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance.
The Red Flags Rule was developed pursuant to the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under the Rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.
The Rule applies to creditors and financial institutions. Federal law defines a creditor to be: any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. Accepting credit cards as a form of payment does not, in and of itself, make an entity a creditor. Some examples of creditors are finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, and non-profit and government entities that defer payment for goods or services. Financial institutions include entities that offer accounts that enable consumers to write checks or to make payments to third parties through other means, such as other negotiable instruments or telephone transfers.
The Commission staff launched outreach efforts last year to explain the Rule to the many different types of entities that are covered by the Rule.
The agency published a general alert on what the Rule requires, and, in particular, an explanation of what types of entities are covered by the Rule.
During the course of these efforts, Commission staff learned that some industries and entities within the FTC's jurisdiction were uncertain about their coverage under the Rule. These entities indicated that they were not aware that they were engaged in activities that would cause them to fall under the FACT Act's definition of creditor or financial institution. Many entities also noted that, because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rule making, and therefore learned of the Rule's requirements too late to be able to come into compliance by November 1, 2008.
The Commission's delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the Rule.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357).
The Rules mandate financial institutions and "creditors" set up and enforce written plans for identifying "red flag" transactions that could indicate identity theft or fraud. The law became effective January 1, 2008, and enforcement and full compliance was to be met by November 1, 2008.
Ultimately, since the FTC's meaning of "creditors" is so broadly defined, many businesses were caught off guard and unaware that the Red Flags Rule applied to them as well. So last week, the FTC decided to allow more time and moved the full compliance date by six months, to May 1, 2009.
According to the FTC, "Many entities also noted that because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rule making, and therefore learned of the rule's requirements too late to be able to come into compliance by Nov. 1, 2008. The commission's delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the rule."
According to AMedNews, the newspaper for American Physicians,
"...until recently, physicians and health care facilities were largely unaware of the regulations, which were thought to pertain mainly to banks and other financial institutions that offer credit in the traditional sense. But in recent weeks, the FTC signaled that the rule was intended to apply more broadly, including to the health care arena.
Most physicians and group practices likely will fall under the FTC's definition of a creditor because they generally do not collect payment at the time a service is rendered and often hold off billing patients in full, according to legal experts. While accepting credit card payments does not apply in this case, such routine practices as setting up a payment plan or billing an insurance company before charging the patient likely do."
FTC PRESS RELEASE:
FTC Will Grant Six-Month Delay of Enforcement of 'Red Flags' Rule Requiring Creditors and Financial Institutions to Have Identity Theft Prevention Programs
The Federal Trade Commission will suspend enforcement of the new "Red Flags Rule" until May 1, 2009, to give creditors and financial institutions additional time in which to develop and implement written identity theft prevention programs. The FTC's announcement and the release of an Enforcement Policy Statement do not affect other federal agencies' enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance.
The Red Flags Rule was developed pursuant to the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under the Rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.
The Rule applies to creditors and financial institutions. Federal law defines a creditor to be: any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. Accepting credit cards as a form of payment does not, in and of itself, make an entity a creditor. Some examples of creditors are finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, and non-profit and government entities that defer payment for goods or services. Financial institutions include entities that offer accounts that enable consumers to write checks or to make payments to third parties through other means, such as other negotiable instruments or telephone transfers.
The Commission staff launched outreach efforts last year to explain the Rule to the many different types of entities that are covered by the Rule.
The agency published a general alert on what the Rule requires, and, in particular, an explanation of what types of entities are covered by the Rule.
During the course of these efforts, Commission staff learned that some industries and entities within the FTC's jurisdiction were uncertain about their coverage under the Rule. These entities indicated that they were not aware that they were engaged in activities that would cause them to fall under the FACT Act's definition of creditor or financial institution. Many entities also noted that, because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rule making, and therefore learned of the Rule's requirements too late to be able to come into compliance by November 1, 2008.
The Commission's delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the Rule.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357).
NEWSLETTER SIGN UP
SUBSCRIBE
CONTACT
Leave a comment