Red Flags Rule

Beginning June 1, 2010, the Federal Trade Commission (FTC) will enforce its Fair and Accurate Credit Transactions Act of 2003 (FACT Act) Red Flags Rule. The Red Flags Rule requires that each "financial institution" or "creditor"—which includes most securities firms—implement a written program to detect, prevent and mitigate identity theft in connection with the opening or maintenance of "covered accounts." These include consumer accounts that permit multiple payments or transactions, such as a retail brokerage account, credit card account, margin account, checking or savings account, or any other accounts with a reasonably forseeable risk to customers or your firm from identity theft.

 

The following resources may be useful to firms:

 

• FTC FACT Act Red Flags Rule Template (Word 152 KB) and related Information Notice 7/1/09 and Podcast
• FTC Announces Expanded Business Education Campaign on 'Red Flags' Rule (Including Delay of Enforcement to November 1).
• FINRA Webinar: FTC's Red Flags Rule and the FACT Act - August 19, 2009
• FTC Will Grant Three-Month Delay of Enforcement of ‘Red Flags’ Rule Requiring Creditors and Financial Institutions to Adopt Identity Theft Prevention Programs
• 08-69 - Fair and Accurate Credit Transactions Act of 2003 (Alert to Member Firms About the Federal Trade Commission’s FACT Act Regulations and the Announcement of the FTC’s Decision to Delay Enforcement of the Red Flags Rule until May 1, 2009) Note: Section 1 of p. 3 of the Notice was updated on 8/20/09 to reflect current FTC guidance on the scope of the term "transaction account."
• Podcast: FACT Act Red Flags Rule
• FTC’s Fighting Fraud with the Red Flags Rule: A How to Guide for Business
• Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003; Final Rule, Federal Trade Commission and the Federal Financial Institution Regulatory Agencies (PDF 802 KB)
• FTC Identity Theft Site