Maryland Legal Alert for Financial Services

Background hero atmospheric image for Red Flags Rule: Applicability Narrows but December 31, 2010, Deadline Looms

Red Flags Rule: Applicability Narrows but December 31, 2010, Deadline Looms

This week, Congress passed the Red Flag Program Clarification Act of 2010 (Act) . It is on its way to the President for signature. This new law narrows the Federal Trade Commission’s interpretation of who is required to maintain a “Red Flag Identity Theft Program” to detect, prevent, and mitigate identity theft.

The Act does NOT change the rule for mortgage lenders and brokers who, at present, must have a Red Flag Program in place by December 31, 2010. (See below for how we can assist in compliance now.)


The FTC interpreted the law (enacted as Section 114 of the Fair and Accurate Credit Transactions Act of 2003) as applying not only to banks and credit unions and “traditional creditors” but also to any person that provides a product or service for which the consumer pays after delivery. Thus, according to the FTC any person that invoices a consumer for products sold or services rendered is covered by the Red Flags Rule.

The Act

As narrowed by the Act, “creditors” subject to the Red Flags Rule are persons who regularly extend, renew, or continue credit or who regularly arrange for the extension, renewal, or continuation of credit, along with assignees that participate in the decision to extend, renew, or continue credit, provided that (and this is what is new) the person or assignee regularly and in the ordinary course of business:

  • Obtains or uses consumer reports, directly or indirectly, in connection with a credit transaction;
  • Furnishes information to consumer reporting agencies in connection with a credit transaction; or
  • Advances funds to a person, based on an obligation of the person to repay the funds, or funds repayable from specific property pledged by the person (but does not include advancing funds on behalf of a person solely for expenses incidental to a service by the provider to that person).

Thus, the good news is that accountants, physicians, lawyers, and other service providers who were covered by the FTC’s Red Flags Rule simply because they sent invoices to consumers for services rendered will not be subject to the rule.

The anticipated news is that the FTC will not again delay its enforcement of the Red Flags Rule as to persons who clearly are subject to the Rule. If this is correct, the deadline for having a program in place is December 31, 2010.

What we can do for you now: We can assist mortgage lenders and brokers (and other businesses) that have not yet implemented their Red Flags Rule program. We developed a “Red Flags ID Theft Compliance Package” which includes background information on the Red Flags Rule and its requirements as well as a sample written Red Flags Identity Theft Program that should guide you toward implementing a compliant program that addresses the unique identity theft concerns faced by your business.

For more information, contact Chris Rahl.


December 08, 2010




Rahl, Christopher R.


Financial Services