FTC Suspends Red Flags Deadline

Enforcement of the FTC Red Flags Rules has been postponed for several months, as reported by Bank Info Security:

The Federal Trade Commission (FTC) announced this week it will suspend enforcement of the new Identity Theft Red Flags Rule until May 1, 2009 – six months beyond the original Nov. 1 deadline.

This move will give non-banking creditors and state-chartered credit unions additional time to develop and implement written identity theft prevention programs. FTC observers saw that many industry segments were unaware of the compliance date, hence the six-month pushback of enforcement.


The FTC’s delay does not apply to address discrepancy rules that were issued at the same time as the red flags rule.

The FTC’s announcement also does not affect other federal agencies’ enforcement of the original Nov. 1, 2008 deadline for financial institutions subject to their oversight.

The FTC’s decision to push back the enforcement date began with its outreach efforts to explain the rule to the many different types of entities that are covered by it. Examples of businesses and organizations that said they weren’t ready included utilities, certain healthcare providers, and higher education organizations. Most of those entities that aren’t compliant have not been subject to FTC oversight in other areas of their business

The entities were unaware. That does not seem like the most convincing argument for lack of compliance, but so it goes. The FTC is trying to be nice.

In their eagerness to become compliant, companies might not take the right deliberate steps to identify what the risks are, and instead go out and buy something off the shelf for compliance or do something that wasn’t well suited to their business, Broder notes. “So in the interest of getting it right, we extended the date for enforcement to give those companies time to get their program in place.”

Eagerness to become compliant? That’s a good one.

All compliance deadlines lead to last-minute buying sprees and unbudgeted/unplanned expense. What the FTC is doing is like a teacher giving students an extension on a final exam. They did not know there would be a final exam? Ok, final warning for the final exam. Will procrastination be cured by sliding the deadlines? I would argue no, but on the other hand what good comes of the FTC finding nobody compliant on November 1st — most entities might just give up in despair and protest/fight instead of try.

The bottom line is that if you were already operating under FTC oversight, then November 1st is still your deadline.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.