Remember that looming Aug. 1 deadline for the Red Flags rule? Never mind.
The Federal Trade Commission announced today that—for a third time—it has pushed back enforcement of the anti-fraud regulations until Nov. 1, a full year after it was first scheduled to take effect.
The additional three months—which comes at the request of the House Appropriations Committee—will be used to educate small businesses about Red Flag compliance and to allow financial institutions and creditors more time to implement written identity theft prevention programs, according to the FTC.
Red Flags requires creditors and financial institutions to have in place identify theft prevention, detection, and response systems. The rule is mandated by the Fair and Accurate Credit Transactions Act of 2003. The FTC’s Red Flags Web site includes an online compliance template that enables companies to design their own identity theft prevention program.
The FTC said that many entities have already developed and implemented appropriate programs, but that some small businesses with a low risk of identity theft remain uncertain about their obligations. The FTC added it is preparing additional compliance guidance and will create a special link for low-risk entities on the Red Flags Web site. The FTC has already posted FAQs that address how it intends to enforce the Red Flags and other topics.
Red Flags was supposed to go into effect on Nov. 1, 2008, but it was pushed back to May 1, 2009, and then pushed back to Aug. 1, 2009. The FTC said today’s deadline rollback does not affect other federal agencies’ enforcement of the original Nov. 1, 2008 compliance deadline for institutions subject to their oversight.