Red Flags Rule
Encyclopedia
The Red Flags Rule was created by the Federal Trade Commission
(FTC), along with other government agencies such as the National Credit Union Administration
(NCUA), to help prevent identity theft
. The rule was passed in January 2008, and was to be in place by November 1, 2008. But due to push-backs by opposition, the FTC has delayed enforcement (five times); the current deadline is December 31, 2010 .
of 2003 . FACTA was put in place to help Identity Theft Prevention and Credit History Restoration, Improvements in Use of and Consumer Access to Credit Information, Enhancing the Accuracy of Consumer Report Information, Limiting the Use and Sharing of Medical Information in the Financial System, Financial Literacy and Education Improvement, Protecting Employee Misconduct Investigations, and Relation to State Laws.
There are two different groups that this rule applies to: Financial Institutions and Creditors. Financial institution is defined as a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or any other entity that holds a “transaction account” belonging to a consumer . FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services
Just because you don't think you are a creditor, does not mean that the rule doesn’t apply. For example, law firms and accounting firms that receive payment after a service is completed are considered creditors. Another example is if you are a utility company. You provide the utilities and receive payment for your services rendered at the end of the month, rendering you a creditor.
There are many different companies that this rule applies to: this list includes, but is not limited to finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, medical practices, hospitals, and law firms; or any other company that performs a service, then receives payment once the work is complete.
The four basic elements to the program are:
1) Identify Relevant Red Flags
2) Detect Red Flags
3) Prevent and Mitigate Identity Theft
4) Update your Program
The Red Flags Rules provide all financial institutions and creditors the opportunity to design and implement a program that is appropriate to their size and complexity, as well as the nature of their operations .
The red flags fall into five categories:
Federal Trade Commission
The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
(FTC), along with other government agencies such as the National Credit Union Administration
National Credit Union Administration
The National Credit Union Administration is the United States independent federal agency that supervises and charters federal credit unions...
(NCUA), to help prevent identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
. The rule was passed in January 2008, and was to be in place by November 1, 2008. But due to push-backs by opposition, the FTC has delayed enforcement (five times); the current deadline is December 31, 2010 .
How the Red Flags Rule was Created
The Red Flags Rule was based on section 114 and 315 of the Fair and Accurate Credit Transactions ActFair and Accurate Credit Transactions Act
The Fair and Accurate Credit Transactions Act of 2003 is a United States federal law, passed by the United States Congress on November 22, 2003, and signed by President George W. Bush on December 4, 2003, as an amendment to the Fair Credit Reporting Act...
of 2003 . FACTA was put in place to help Identity Theft Prevention and Credit History Restoration, Improvements in Use of and Consumer Access to Credit Information, Enhancing the Accuracy of Consumer Report Information, Limiting the Use and Sharing of Medical Information in the Financial System, Financial Literacy and Education Improvement, Protecting Employee Misconduct Investigations, and Relation to State Laws.
Who This Rule Applies To
There are two different groups that this rule applies to: Financial Institutions and Creditors. Financial institution is defined as a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or any other entity that holds a “transaction account” belonging to a consumer . FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services
Just because you don't think you are a creditor, does not mean that the rule doesn’t apply. For example, law firms and accounting firms that receive payment after a service is completed are considered creditors. Another example is if you are a utility company. You provide the utilities and receive payment for your services rendered at the end of the month, rendering you a creditor.
There are many different companies that this rule applies to: this list includes, but is not limited to finance companies, automobile dealers, mortgage brokers, utility companies, telecommunications companies, medical practices, hospitals, and law firms; or any other company that performs a service, then receives payment once the work is complete.
What the Red Flags Rule States
The Red Flags Rule sets out how certain businesses and organizations must develop, implement, and administer their Identity Theft Prevention Programs. Your Program must include four basic elements, which together create a framework to address the threat of identity theft.The four basic elements to the program are:
1) Identify Relevant Red Flags
- Identify the red flags of identity theft you’re likely to come across in your business
2) Detect Red Flags
- Set up procedures to detect those red flags in your day-to-day operations
3) Prevent and Mitigate Identity Theft
- If you spot the red flags you’ve identified, respond appropriately to prevent and mitigate the harm done
4) Update your Program
- The risks of identity theft can change rapidly, so it’s important to keep your Program current and educate your staff
The Red Flags Rules provide all financial institutions and creditors the opportunity to design and implement a program that is appropriate to their size and complexity, as well as the nature of their operations .
The red flags fall into five categories:
- alerts, notifications, or warnings from a consumer reporting agency
- suspicious documents
- suspicious kk identifying information, such as a suspicious address
- unusual use of – or suspicious activity relating to – a covered account
- notices from customers, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with covered accounts