As our readers know, the FTC, after four extensions of the deadline, currently intends to begin enforcing the Red Flags Rule with respect to organizations subject to its jurisdiction on June 1, 2010. In the meantime, the Red Flags Rule remains in effect as to all financial institutions and creditors (and has been subject to enforcement by the banking regulators since November 1, 2008). Although a recent decision of the United States District Court for the District of Columbia, ABA v. FTC, brought lawyers outside the scope of the Rule, the Rule remains broad and covers a wide range of entities as "creditors." Creditors subject to the FTC's jurisdiction need to have their written Red Flags Rule Identity Theft Prevention Programs prepared, approved by the Board, and implemented by June 1. For more on the history and the requirements of the Rule, see my recent article, "The FACTA Red Flags Rule: A Primer," published in Bloomberg Law Reports - Risk & Compliance, reproduced here with the permission of Bloomberg.
The Federal Trade Commission will begin enforcing its Red Flags Rule this Sunday, November 1. Financial institutions and creditors that hold covered accounts, as defined under the Rule, must have written Red Flags identity theft prevention programs in place by November 1. Earlier today the American Bar Association reported that a federal judge in Washington, D.C., ruled that the FTC exceeded its authority by applying the Red Flags Rule to practicing lawyers. The FTC is expected to appeal today's ruling.