For all you folks who, like me, waited until the last minute to knock out a term paper or class project in school, here is a friendly reminder…Yes, the Federal Trade Commission (FTC) pushed out the enforcement deadline of the Red Flags Rule to May 1, 2009. Yes, a sigh of relief was heard across compliance officers and operations managers nationwide. However, you should still keep a few things in mind as we approach May 1.
First, per the FTC, "many entities also noted that because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the requirements of the rule too late to be able to come into compliance by November 1, 2008." Those of you, who have not been subject to FTC enforcement in the past are quite possibly still subject to the Red Flags Rule based on your institution maintaining 'covered accounts' per the definition in the Red Flags Rule itself. Double check if you think otherwise.
Second, the FTC was clear in stating that "this delay in enforcement is limited to the Identity Theft Red Flags Rule (16 CFR 681.2), and does not extend to the rule regarding address discrepancies applicable to users of consumer reports (16 CFR 681.1), or to the rule regarding changes of address applicable to card issuers (16 CFR 681.3)."
So, while May 1 is still a few weeks away, if you are accessing consumer credit reports, for example, you should already have a formal written and operational process to detect and respond to address discrepancies on those credit reports.