The Federal Trade Commission (FTC) recently announced yet another delay in the enforcement date for the agency's "Red Flags" rules from August 1, 2009 to November 1, 2009, marking the third time in the regulations' lifespan that a delay in implementation was deemed necessary. Most notably, the announcement of the delay also contained some of the agency's strongest language on the persistent haze of confusion that has consistently surrounded the rules and their application to businesses.
"To assist small businesses and other entities, the Federal Trade Commission staff will redouble its efforts to educate them about compliance with the â€˜Red Flags' Rule and ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply," said the release. "The three-month extension, coupled with this new guidance, should enable businesses to gain a better understanding of the Rule and any obligations that they may have under it."
As previously mentioned in NACM's eNews, the FTC also concurrently released a collection of FAQs geared toward business creditors, which can be found here. In response to the question "Am I a creditor under the Rule if I extend credit to other businesses?" the FAQ explicitly answers "yes, you're a creditor whether you have consumer or business customers." Other questions the FAQ aims to answer are what it means to "regularly" extend credit and if covered accounts are possible in the entity in question is a business creditor. "There's no bright line definition for â€˜regularly,'" says the FAQ. "But if the activities that meet the definition of â€˜creditor' are more than just an isolate occurrence for your business, the â€˜Red Flags' rule applies to you." In regards to the second issue, regarding covered accounts and business creditors, the FTC noted that "it depends. If you're a creditor with only business-to-business accounts, you have to assess whether those accounts pose a reasonably foreseeable risk from identity theft. If they do, they're â€˜covered accounts' under the Rule."
No date was given as to when small businesses and other entities anxious about the regulations will receive the FTC's proposed guidance. For now, the agency offered its "Red Flags" Rule website, wherein companies can design their own compliant identity theft protection program. That site can be found by clicking here.
Other resources for companies can be found in Business Credit magazine, in the March, May and July/August 2009 issues.