Implementation date for Red Flag Rules extended to May 2009

Identity thieves continue to demonstrate the lengths to which they will go. Victims, on the other hand, continue to struggle to repair their credit after falling prey to the criminals. In response to the growing problem the FTC, in cooperation with federal bank regulatory agencies and the National Credit Union Administration (NCUA), developed a set of regulations called the Red Flag Rules. As part of the FACT Act of 2003, the Rules are require “creditors” to develop and implement a policy that will protect consumers.

Under the regulation, governments who provide services whose payments may be deferred to a future date are considered “creditors.” The regulation specifically identifies “utility companies.” The regulation further states, “…government entities defer payment for goods or services, they, too, are to be considered creditors.” If payment for service is required after the service has been rendered, the government is considered to have extended the customer credit according to the FTC.

The Red Flag Rule requires governments to create and implement a written program that identifies and guards consumers against the warning signs of identity theft. Examples of Red Flags include the following categories:

• alerts, notifications, or warnings from a consumer reporting agency;
• suspicious documents;
• suspicious personally identifying information, such as a suspicious address;
• unusual use of – or suspicious activity relating to – a covered account; and
• notices from customers, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with covered accounts.

In addition, the policy must define the government’s response to suspected identity theft. The FTC allows governments to design their own plans, taking into consideration the size of the government and the “nature of their operations.”

The FTC has extended this deadline to May 1, 2009 from November 1, 2008. For more information on your responsibilities and the Red Flag Rules, you may contact the FTC at (877) FTC-HELP.

Additional Resources:

http://www.ftc.gov

http://www.ftc.gov/os/fedreg/2007/november/071109redflags.pdf

http://ftc.gov/opa/2008/10/redflags.shtm

Appendix A to Part 681 -- Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation (Published as an Appendix in the Federal Register at www.gpoaccess.gov. Reformatted for ease of viewing.

Kentucky League of Cities (http://www.klc.org/)

North Carolina League of Municipalities (http://www.nclm.org)

Tennessee Associations of Utility Districts (www.ruralwater.org/tnredflagrule.pdf)

W. Virginia Rural Water Association (http://www.wvrwa.org/operators/regs/redflag.pdf)