• Attorneys
  • Thomas W. Bertz
  • Nadine I. Davy
  • Amy J. Eddy
  • Rick A. Flugaur
  • Brian G. Formella
  • Richard H. Fuller
  • Donna L. Ginzl
  • Russell T. Golla
  • David M. James
  • Robert F. Konkol
  • Gerald M. O'Brien
  • Torren K. Pies
  • Keith J. Pilger
  • Maurice G. Rice, Jr.
  • Robert J. Shannon
  • John E. Shannon, Jr.
  • Ronald T. Skrenes
• Practice Groups
  • Business
  • Estate Planning
  • Litigation
• Legal Services
  • Accident and Personal Injury
  • Business and Corporate
  • Civil Mediation
  • Dispute Resolution and Litigation
  • Divorce Mediation
  • Elder Law, Guardianships and Estate Settlements
  • Employment Law
  • Environmental Law
  • Estate Planning and Probate
  • Family Law
  • Municipal Law
  • Real Estate
  • Tax Law
  • Worker's Compensation
• News/Events
  • Firm News
  • Firm Newsletter
• Contact Us
  • Map
  • Directions

Law Office Report - Special Edition 2009

Financial Institutions and Creditors:
The New "Red Flags" Rule Affects You!

Special Alert!
At the request of members of Congress, the Federal Trade Commission announced on October 30, 2009 that it is delaying enforcement of the "Red Flags" Rule until June 1, 2010 for financial institutions and creditors subject to enforcement by the FTC.

Attorney Brian G. Formella

It seems that a day does not go by without a national or local news story about identity theft. In general, identity theft is defined as a fraud attempted or committed using identifying information of another person without his or her authority. The Federal Trade Commission (FTC) reports that as many as nine million Americans have their identities stolen each year.

In an effort to combat the problem of identity theft, the FTC has promulgated something called the “Red Flags” Rule, which requires many businesses and organizations to implement a written identity theft prevention program designed to detect the warning signs or “red flags” of identity theft in their daily operations, take steps to prevent the crime, and lessen the damage that the crime inflicts. The general goal of the Red Flags Rule is for financial institutions and creditors to consider and draft preventative measures protecting against identity theft. Although the rule became final on January 1, 2008, it will not go into effect until November 1, 2009.

Who Must Comply with the Red Flags Rule?

The Red Flags Rule applies to financial institutions and creditors that have covered accounts. The Rule defines a financial institution as a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union or any other person that directly or indirectly holds a transaction account belonging to a customer.

The definition of creditor is broad. It includes businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later. Thus, utility companies, health care providers and telecommunication companies are among the entities that may fall within this definition. Also included may be finance companies, mortgage brokers, real estate agents, automobile dealers and retailers that offer financing or help consumers get financing from others. Because of the breadth of the definition of “creditor,” municipalities that defer payment for goods or services may be considered creditors under the Rule. If they are, then they must develop an identity theft prevention program.

There are Two Types of “Covered Accounts” Under the Rule

The Red Flags Rule covers financial institutions or creditors that have “covered accounts.” Two types of categories of accounts are covered under the Rule. The first type is a consumer account offered to customers primarily for personal, family or household purposes which permits multiple payments or transactions. Examples in this category are credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts and savings accounts.

The second type of “covered account” is “any other account that a financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of a financial institution or creditor from identity theft, including financial, operational, compliance, reputation or litigation risks.” [From 16 C.F.R. '681.2(b)(3)(ii).] Examples in this category include small business accounts, sole proprietorship accounts, or single transaction consumer accounts that may be vulnerable to identity theft. This type of covered account falls under the Rule only if the risk of identity theft is reasonably foreseeable.

The Rule describes four basic elements that make up an identity theft prevention program: First, the program must include reasonable policies and procedures to identify the red flags of identity theft. Red flags are suspicious patterns or practices that indicate the possibility of identity theft. Second, the program must be designed to detect the red flags that have been identified. Third, the program must spell out appropriate actions that the financial institution or creditor will take when it detects red flags. Fourth, because identity theft is seen as an ever-changing threat, the financial institution or creditor must address how it will reevaluate its program.

The Bottom Line

Although the FTC has deferred enforcement of the Red Flags Rule to November 1, 2009, it behooves financial institutions and creditors, including affected municipalities, to consider whether they must establish an identity theft prevention program now. The FTC says that the Rule is designed to provide flexibility in the drafting of such a program. Financial institutions and creditors are advised to determine whether they are subject to the Rule and to seek further guidance regarding their own compliance. As with most federal laws, entities that choose not to comply may be subject to audit and significant fines or penalties.

© 2010 Anderson, O'Brien, Bertz, Skrenes & Golla • 1257 Main Street • Stevens Point • Wisconsin
Tel. 800-281-3643 or 715-344-0890
Disclaimer | Home