Red Flags Regulations Currently Under Enforcement

While the Red Flags Clarification Act may have exempted a number of very specific types of small businesses, it didn't exempt all of them.
For this reason, the Federal Trade Commission's (FTC's) much-discussed, oft-delayed "Red Flags" rules went into effect with the New Year, meaning many entities need to be in compliance with the amended statute. As described by the FTC, the new law "gives businesses the flexibility to tailor their written ID theft detection program to the nature of the business and the risks it faces. Businesses with a high risk for identity theft may need more robust procedures-like using other information sources to confirm the identity of new customers or incorporating fraud detection software. Groups with a low risk for identity theft may have a more streamlined program-for example, simply having a plan for how they'll respond if they find out there has been an incident of identity theft involving their business."
"We're pleased Congress clarified its law, which was clearly overbroad," said FTC Chairman Jon Leibowitz. "Now we can go forward with less litigating and more protecting consumers from identity theft."
While the new legislation made the "Red Flags" rules apply to far fewer businesses, it failed to exempt trade creditors in any meaningful way. "I don't think this changes a thing for our trade creditors," said Wanda Borges, Esq. of Borges & Associates, LLC. "It's so short and almost nonsensical, I really think they accomplished very little." Specifically, Borges noted that the bill's adjustments to the definition of what constitutes a "creditor" fail to explicitly exclude trade creditors. Moreover, a provision at the end of the bill serves as something of a catch-all, noting that creditors can be required to comply with the "Red Flags" Rule if they're determined to maintain accounts subject to a reasonably foreseeable risk of identity theft.
Instead, according to Borges, the law allows businesses to better determine how at risk for identity theft they are, and how much they have to do to comply with the regulations. "They may have succeeded in eliminating the need for small law firms and small doctor's offices to have 'Red Flags' programs in place, but that catch-all at the end means our trade creditors aren't exempt," she added. "I think what it does is gives businesses a better opportunity to determine whether or not they're low risk or high risk. It's clear that they have not excluded trade credit."
NACM continues to seek further clarification from the FTC. Stay tuned to NACM's eNews and Credit Real-Time Blog for updates.
Jacob Barron, NACM staff writer

1 comment:

  1. The company I work for does pull consumer credit reports for small businesses. We require the customer sign the application approving us to pull a consumer credit report to determine creditworthiness. Raben is a privately owned small business. Should we have a red flag policy? If so, where can I find the template on the NACM website? I heard there is a sample template but could not find where it is located. thanks

    ReplyDelete