Red Flags Rule/Identity Theft Articles
Red Flags Rule… Finally.
By: Gardiner Thomsen CPAs | email
The red flags rule may actually go into affect on December 31, 2010. The Rule was originally supposed to become effective on January 1, 2008, with full compliance required by November 1, 2008. The FTC or Congress has delayed enforcing the Rule a couple of times in the last two years.
The Red Flags Rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the Federal Trade Commission (FTC) and other agencies to develop regulations requiring creditors and financial institutions to address the risk of identity theft. The resulting Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft.
By focusing on red flags now, you’ll be better able to spot an imposter using someone else’s identity to get products or services from you. As a practical matter, the Rule applies to you if you provide products or services and bill customers later.
You can find guidance at www.ftc.gov/redflagsrule. At this website you can find a “How-to Guide for Businesses” and a Do-It-Yourself Prevention Program for Businesses and Organizations at Low Risk for Identity Theft.
Red Flags Rule Enforcement Extended
By: Gardiner Thomsen CPAs | email
The Federal Trade Commission (FTC) has issued regulations known as the “Red Flags Rule” requiring certain entities such as creditors and financial institutions to develop and implement a written Identity Theft Prevention Program. Municipal utilities and governmental entities that defer payment for goods or services are considered creditors for these purposes.
The program should include policies and procedures to identify, detect and respond to patterns, practices or specific activities that indicate the warning signs or “red flags” of potential identity theft in day-to-day operations. It should also state how to mitigate the risks of identity theft and evaluate the program to address new risks. The program must be approved by the governing body, and should include information about training staff and monitoring the work of the entity’s service providers. All members of the entity’s staff must be familiar with the Red Flags Rule and compliance procedures.
Enforcement of the rule has now been extended to December 31, 2010, while Congress considers legislation that would affect the scope of the included entities.
A handbook on developing an Identity Theft Prevention Program and information about compliance is available at http://ftc.gov/redflagsrule. A fill-in-the-blank form for businesses and organizations at low risk for identity theft is available at http://ftc.gov/redflagsrule and offers step-by-step instructions for creating a written Identity Theft Prevention Program. The form can be filled out online and printed.
If you have any questions about the Red Flags Rule or would like further assistance on developing an Identity Theft Prevention Program, please contact us, we would be happy to help.
Red Flags Rule
By: Dennis Gardiner, Partner | email
The Federal Trade Commission (FTC) has issued regulations known as the “Red Flags Rule” requiring certain entities to develop and implement a written Identity Theft Prevention Program. The purpose of the program is to assist the entity in identifying the red flags that indicate identity theft.
The Fair and Accurate Credit Transactions Act of 2003 requires creditors and financial institutions with covered accounts to implement programs to identify, detect, and respond to patterns, practices or specific activities that could indicate identity theft. The definition of a creditor applies to any entity that regularly extends or renews credit, or arranges for others to do so, and includes all entities that regularly permit deferred payments for goods and services. Municipal utilities and governmental entities that defer payment for goods or services are considered creditors for these purposes.
The Rule defines a covered account as a consumer account that allows multiple payments or any other account with a reasonably foreseeable risk of identity theft. An entity that regularly bills customers after services are provided is considered a creditor under the Red Flags Rule, and is required to develop a written Identity Theft Prevention Program.
The Identity Theft Prevention Program should include policies and procedures to identify the warning signs or “red flags” of identity theft in day-to-day operations, which are suspicious patterns or practices or specific activities that indicate the possibility of identity theft. The program should be designed to detect the red flags identified, state the appropriate actions to mitigate the risks of identity theft and address how the entity will periodically evaluate the program to address new identified risks. The Program must be approved by the governing body, and should include information about training staff and monitoring the work of the government’s service providers. Most important is that all members of the entity’s staff are familiar with the Red Flags Rule and the compliance procedures.
Enforcement of the rule has been extended to November 1, 2009 to give additional time for developing and implementing written identity theft prevention programs. There are no criminal penalties for failure to comply, however violators may be subject to financial penalties. In addition, compliance assures the entity’s customers that they are doing their part to fight identity theft.
A handbook on developing an Identity Theft Prevention Program and information about compliance is available at http://ftc.gov/redflagsrule as well as a fill-in-the-blank form for businesses and organizations at low risk for identity theft. The form can be filled out online and printed. Please contact us if you have any questions; we will be more than happy to help you.