The Federal Trade Commission on Thursday said it will delay its enforcement of the Red Flags Rule until Aug. 1.
The announcement gives non-banking creditors and state-chartered credit unions three more months to develop an implement an identity theft prevention program. The extension is the second one issued by the FTC for its covered entities.
"Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further," FTC Chairman Jon Leibowitz said in a prepared statement.
The agency said it will soon release a template to help businesses that have a low risk of identity theft, such as ones that know their customers personally, comply with the rule.
The FTC's announcement does not affect other federal agencies' enforcement of the original Red Flags Rule compliance deadline of Nov. 1, 2008.
Banks, federally chartered credit unions, and savings and loan associations come under the jurisdiction of federal banking regulators and/or the National Credit Union Association while the remaining financial institutions such as state-chartered credit unions and mutual funds that offer accounts with check-writing privileges fall under the FTC's jurisdiction, an FTC spokesman said.
The FTC also governs non-banking creditors like finance companies, mortgage brokers, auto dealers, and retailers that offer financing.
The Red Flag Rule was issued by the FTC and federal banking regulators in October 2007. It requires financial institutions and creditors to have policies and procedures for spotting red flags that indicate possible identity theft, and systems for thwarting the crime in connection with new and existing accounts. The regulation implements Sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003.