The Federal Trade Commission has decided to postpone enforcement of the “Red Flags“ Rule through the end of 2010, at the request of several members of Congress. Capitol Hill is contemplating legislation that would “affect the scope of entities covered by the rule”.
The FTC noted that this note does not affect other federal agencies' enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance.
“Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule ““ and to fix this problem quickly. We appreciate the efforts of Congressmen Barney Frank and John Adler for getting a clarifying measure passed in the House, and hope action in the Senate will be swift,“ FTC Chairman Jon Leibowitz said. “As an agency we're charged with enforcing the law, and endless extensions delay enforcement.“
According to the FTC, “the Rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring “creditors“ and “financial institutions“ to address the risk of identity theft. The resulting Red Flags Rule requires all such entities that have “covered accounts“ to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities ““ known as “red flags“ ““ that could indicate identity theft.”