ResourcesArticlesSummary of the FTC’s Red Flags Rules
Print this page

Summary of the FTC’s Red Flags Rules

by Frank C. Debick

Background

On October 31, 2007, the Federal Trade Commission (the “FTC”), along with various other federal agencies passed the final legislation for Section 114 of the Fair and Accurate Credit Transactions Act of 2003, also known as the Identity Theft Red Flags and Notices of Address Discrepancy or the "Red Flags Rules." The Red Flags Rules require that all organizations subject to the legislation must develop and implement a formal, written and revisable "Identity Theft Prevention Program" to detect, prevent and mitigate identity theft.

In general, under the Red Flags Rules, companies or services that regularly permit deferred payments for goods or services must develop a written program that monitors and identifies "red flags" of identity theft. These “red flags” may include, for example, unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that may prevent and mitigate the crime and detail a plan to update the program.

Application of Red Flags Rules

The Red Flags Rules apply to a “Financial Institution” or "Creditors" who maintain "Covered Accounts.”

  1. Definition of “Financial Institution"        The FTC has stated that a “Financial Institution” is defined as a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or any other entity that holds a “transaction account” belonging to a consumer. A “transaction account” is a deposit or other account from which the owner makes payments or transfers. Transaction accounts include checking accounts, negotiable order of withdrawal accounts, savings deposits subject to automatic transfers, and share draft accounts.

  2. Definition of “Creditors”:         As set forth in 15 U.S.C. 1681a(r)(5), the term “creditor” means any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit. The FTC has further clarified this definition by stating that, “a creditor is any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. Accepting credit cards as a form of payment does not in and of itself make an entity a creditor. Creditors include finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies.”

  3. Definition of “Covered Accounts”:   Pursuant to 16 CFR §681.1, a “Covered Account” is defined as:

    1. An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account; and

    2. Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.”

Legal Challenges to Red Flags Rules and Extension of Time for FTC Enforcement

The Red Flags Rules have been subject to many legal challenges. In fact, the U.S. District Court for the District of Columbia recently ruled that attorneys are exempt from the Red Flags Rules. The ruling gave a victory to an industry that objected to the FTC's definition of what constitutes a "creditor."

Presumably as a result of these legal challenges, the FTC announced on October 30, 2009 that the FTC would delay enforcement of the Red Flags Rules for financial institutions and creditors subject to enforcement by the FTC until at least June 1, 2010. This delay in enforcement does not mean that the Red Flags Rules are not effective, but, rather that the FTC will not enforce the Red Flag Rules until at least June 1, 2010.

This Article is published for general information, not to provide specific legal advice. The application of any matter discussed in this article to anyone's particular situation requires knowledge and analysis of the specific facts involved.

Copyright © 2009 Fairfield and Woods, P.C., ALL RIGHTS RESERVED. Comments or inquiries may be directed to:
Frank C. Debick.

  search

Bookmark and Share

Home | The Firm | Practice Areas | Attorneys | Resources | Careers | Login
Wells Fargo Center, Suite 2400 • 1700 Lincoln St. • Denver, CO 80203-4524 • Tel: 303-830-2400
Copyright © 2008 Fairfield and Woods, P.C.