Compliance Alert: FTC Red Flags Rule
A rule requiring “creditors” and “financial institutions” to implement identity theft prevention programs is scheduled to go into effect on November 1, 2009. Small business owners, professionals, and corporate managers—at a minimum—should head to the Federal Trade Commission’s (FTC) website to learn what the Red Flags Rule is and how it may affect their business. The website is www.ftc.gov/redflagsrule.
At this time, it appears that many professionals and businesses may fall under the rule. According to the FTC, “creditors” may be “finance companies, automobile dealers that provide or arrange financing, mortgage brokers, utility companies, telecommunications companies, nonprofit and government entities that defer payments for goods and services, and businesses that provide services and bill later, including many lawyers, doctors, and other professionals.” Accepting credit cards as payment does not, by itself, make an entity a creditor.
The FTC’s Red Flags Rule website offers a number of resources to help entities determine if they are covered and, if so, how to comply with the rule. The website includes an online, fillable compliance template that enables companies to design their own identity theft program, FAQs, guidance manuals, and articles directed to specific businesses and industries. In addition, the FTC has stated that it will create a specific web link for small and low-risk entities with materials to help them navigate the rule.
Our office can help you determine whether you or your business will be covered by the Red Flags Rule and what you should do to comply with it.
Copyright © 2009 by the American Institute of Certified Public Accountants, Inc., New York, NY 10036-8775.