Implementation of the Red Flags Rule has been delayed for the fourth time.
The rule, developed under the Fair and Accurate Credit Transactions Act, requires federal agencies to develop regulations requiring creditors and financial institutions to address the risk of identity theft.
In turn, companies impacted by the rule will be required to develop and implement written identity theft prevention programs that will help identify, detect and respond suspicious patterns, practices or specific activities that could indicate identity theft.
The rule was originally scheduled to go into effect on April 2, 2009, but one day before the deadline, the Federal Trade Commission delayed implementation until Aug. 1, 2009.
Then, in July 2009, the FTC delayed implementation until Nov. 1 of that same year. That was followed on Oct. 30, 2009, with a delay until June 1 of this year.
Now, with the June 1 deadline looming, the FTC said today that enforcement of the rule would be further delayed until Dec. 31 “while Congress considers legislation that would affect the scope of entities covered by the rule.” The move was reportedly made in response to request of several lawmakers.
But the consumer protection agency warned that the originator Nov. 1, 2008, deadline still applies to other federal agencies.
“Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule — and to fix this problem quickly,” FTC Chairman Jon Leibowitz said in the statement.