The Federal Trade Commission has extended enforcement of the Red Flags Rule until June 1, 2010. Enforcement of the rule has been delayed previously as the FTC sought to adequately educate affected corporations and institutions. The Red Flags Rule impacts financial institutions and creditors subject to FTC jurisdiction. According to the Rule, created under the Fair and Accurate Credit Transactions Act, covered entities must develop and implement written policies that aid in identity theft prevention.

In an effort to extend their Red Flags education campaign, the FTC has announced that enforcement on the Red Flags Rule will be delayed until November 1, 2009. This education campaign seeks to educate businesses on whether they are covered by the Rule, and if so, which steps to take in order to be compliant. Small businesses, in particular, had fumbled to grasp whether their risk-based programs were harmonious with the Red Flags Rule.

On May 1, 2009, the FTC's six month suspension of the enforcement of the Red Flag Rules will be lifted.  Is your organization's Identity Theft Prevention Program in place?  If not, review the requirements at 16 CFR 681 on the MediRegs research portal.  If your organization has implemented a program - be sure it passes compliance muster by conducting the Red Flag Rules risk assessments developed by MediRegs for ComplyTrack.  Question sets include: