Red Flags Rule… Finally.

By: Gardiner Thomsen CPAsemail

The red flags rule may actually go into affect on December 31, 2010. The Rule was originally supposed to become effective on January 1, 2008, with full compliance required by November 1, 2008. The FTC or Congress has delayed enforcing the Rule a couple of times in the last two years. The Red Flags Rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the Federal Trade Commission (FTC) and other agencies to develop regulations requiring creditors and financial institutions to address the risk of identity theft. The resulting Rule requires all such entities that have “covered accounts” to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft. By focusing on red flags now, you’ll be better able to spot an imposter using someone else’s identity to get products or services from you. As a practical matter, the Rule applies to you if you provide products or services and bill customers later. You can find guidance at www.ftc.gov/redflagsrule. At this website you can find a “How-to Guide for Businesses” and a Do-It-Yourself Prevention Program for Businesses and Organizations at Low Risk for Identity Theft.