New "Red Flag" Requirements for Financial Institutions and Creditors to Prevent Identity Theft

The Federal Trade Commission (FTC) issued regulations, as part of the Fair and Accurate Credit Transactions Act of 2003, that require financial institutions and creditors with “covered accounts” to develop and implement written identity theft prevention programs.

The programs must be in place by November 1, 2008, and must provide for the identification, detection, and response to certain patterns or practices – known as “red flags” – that could indicate identity theft.

The regulations define a creditor as any entity that regularly extends, renews, or continues credit; and any entity that regularly arranges for the extension, renewal, or continuation of credit. Accepting a credit card as a form of payment does not make an entity a creditor.

Creditors include finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies. Non-profit and government entities that defer payment for goods and services will also be considered creditors.

A covered account is an account used mostly for personal, family, or household purposes, and that involves multiple payments or transactions. Covered accounts include credit card accounts, mortgage loans, automobile loans, cell phone accounts, utility accounts, checking accounts, and savings accounts.

As you can see, the definitions of a creditor and covered account are very broad. Please contact Foster Swift if you want more information about whether you must comply with the Red Flag Rules.