The Federal Trade Commission has extended – for the third time – its enforcement of the Red Flags Rule.
The new Nov. 1 deadline gives entities the FTC governs, including state-chartered credit unions, mortgage brokers, auto dealers and retailers that offer financing, three more months to develop an identity theft prevention program. The previous deadline was Aug. 1.
The FTC said the extension will give small businesses and other organizations time to review the additional Red Flags compliance guidance the agency plans to issue.
"Although many covered entities have already developed and implemented appropriate, risk-based programs, some – particularly small businesses and entities with a low risk of identity theft – remain uncertain about their obligations," the FTC said in announcing the extension Wednesday. "The additional compliance guidance that the commission will make available is designed to help them."
The extension is the third time the FTC has delayed enforcement of the Red Flags Rule for the entities it governs.
The FTC's announcement does not affect other financial regulatory agencies' enforcement of the original Red Flags Rule compliance deadline of Nov. 1, 2008.
The Red Flags Rule was issued by the FTC and federal banking regulators in October 2007. It requires financial institutions and creditors to implement a written program designed to spot red flags that indicate possible identity theft. The regulation implements Sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003.
The FTC provides information on the regulation at its Red Flags website.