Red Flags Rule Compliance Deadline is June 1, 2010

The FTC's Red Flags Rule (, which requires covered organizations to implement a written identity thefts prevention program, is slated to go into effect on June 1, 2010. The scope of covered organizations is very broadly defined to cover organizations well beyond financial institutions. Rather, it also applies to creditors, organizations that regularly extend, renew, or continue credit - and likely applies to telecommunications companies and other utilities as well as businesses that grant loans. The rule itself obligates financial institutions and any other creditor that holds a consumer account to "develop and implement an Identity Theft Prevention Program" with policies and procedures to help reduce identity theft. What makes this rule so challenging, however, is that unlike other rules relating to financial institutions (such as the Gramm-Leach-Bliley privacy rules), the Red Flags Rule applies to any firm that maintains an ongoing account through which a consumer is charged. As the FTC may not further extend the compliance deadline, you need to begin working on compliance now if you have not already done so.

As we previously advised, on October 29, 2009 the District Court for the District of Columbia ruled that the FTC cannot force practicing attorneys to comply with Red Flags Rule.

Add a comment

Type the following characters: romeo, mike, mike, whisky, hotel

* Indicates a required field.


Recent Posts



Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.