The Federal Trade Commission has delayed enforcement of the “Red Flags Rule,” which requires creditors and financial institutions to develop and implement written identity theft prevention programs, for six months.

The final rule, issued last year by the FTC, the federal bank regulatory agencies, and the National Credit Union Administration as part of the Fair and Accurate Credit Transactions Act, took effect Jan. 1, 2008. Full compliance with the rule is required as of Nov. 1, 2008. However, the FTC announced that it would delay enforcement until May 1, 2009, because of confusion and uncertainty by some entities and industries about their coverage under the rule.

“Given the confusion and uncertainty within major industries under the FTC’s jurisdiction about the applicability of the rule ... immediate enforcement of the rule on November 1 would be neither equitable for the covered entities nor beneficial to the public,” the FTC said. Therefore, the Commission “... will forbear from bringing any enforcement action for violation of the Identity Theft Red Flags Rule, against a financial institution or creditor that is subject to administrative enforcement of the Fair Credit Reporting Act by the FTC, for a period of six months following the mandatory compliance date of November 1, 2008.”

However, the enforcement delay doesn’t extend to the rule regarding address discrepancies applicable to users of consumer reports or to the rule regarding changes of address applicable to card issuers.

Topics