BlankFacebook button
Contact Us button

Red Flags Rule Enforcement Now In Effect

Posted by Kevin Endres - Jan 17, 2011

Red Flags Rule Enforcement Now In Effect

After being postponed 5 times, enforcement of the Red Flags Rule (RFR), went into effect on January 1, 2011.  The Red Flags Rule is one of the 19 provisions of the Federal Trade Commission's (FTC) Fair and Accurate Credit Transactions Act (FACTA) passed back in 2003.  Do not confuse the Enforcement issue with the Compliance issue.  The compliance deadline for the Red Flags Rule was back on November 1, 2008. But, up until January 1, being out of compliance with the RFR was an infaction comparable to jaywalking.  The FTC can now assess FACTA's non-compliance fines of $3,500 per violation. 

The FTC estimates that 11 million businesses (nearly 40% of all businesses in the US) must comply with this law by requiring them to develop a written ID Theft Prevention Program. So what does the RFR say:

  • "The final [Red Flags] rules require each financial institution and creditor that hold any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program (Program) for combating identity theft in connection with new and existing accounts"

The FTC defines a "Creditor" as:

  • "Under the Rule, the definition of "creditor" is broad and includes businesses or organizations that regularly provide goods or services first and allow customers to pay later"

The financial instituiton or creditor must also maintain a "consumer account, or other account information for which there is a reasonably foreseeable risk of identity theft."

So what does your business have to do to be compliant? The 30-second elevator pitch goes something like this; Develop a Program that documents the policies and procedures by which your organization will detect, prevent, and mitigate identity theft.  The plan must be written, be signed off annually by the board of directors, owner, or senior management, and reviewed annually.

ProFILE, as a member of NAID, is equipped with a Compliance Toolkit to help your business produce a portion of this program as it relates to your Information Destruction.  If you are interested in utilizing this tool, please contact us to schedule an in-office compliance consultation.

 PermaLink       Comments (1)

Feb 01, 2011
Comment by: Peter Read

I appreciate this update and will pass it on to TAAR and MAR for theit input.
I am interested in the Compliance Toolkit you mentioned. Please contact me regarding costs and an appointment.
Thank you
Peter Read
Read & Associates, LLC
856 E Eighth St

Post a Comment

Your name:
Your email:
  Note: Your email will not appear anywhere on this site. we only ask in case we need to contact you about your comment.
  How many fingers up?

GT ProFILE, LLC | 3820 Cass Road, Traverse City, MI 49684 | Ph 231.947.4717 | Fax 231.947.2477 | © 2018