Washington Update

FTC's Red Flag Rule Deadline Extended Again

The Federal Trade Commission (FTC) has extended the enforcement deadline for the identity theft "Red Flag Rule" from June 1, 2010 until December 31, 2010.  The delay is in response to a request from Congress. Several members feel that the scope of the rule which was developed under the Fair and Accurate Credit Transactions Act passed in 2007 may be too broad. 

The law directed the FTC and other agencies to issue regulations "requiring ‘creditors' and ‘financial institutions' to address the risk of identity theft."  Such entities - including, it seems, colleges - with "covered accounts" were initially required "to develop and implement written identity theft programs." (For background, see this FTC Website page, which also provides details about compliance, as well as definitions of "creditor" and "financial institution.")

The FTC rule became effective January 2008, with full compliance initially required by November 1, 2008.  The compliance deadline has been put off several times.  This most recent delay is the result of Reps. Barney Frank (D-Mass.) and John Adler (D-N.J.) succeeding in the passage of House legislation clarifying which entities are covered by the Red Flag Rule (H.R. 3763). The legislation has not been passed by the Senate.

The delay by the FTC does "not affect other federal agencies' enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance." This earlier NAICU story provides additional background.


For more information, please contact:
Maureen Budetti

The Day's Articles

Back to Article Overview