Barring further delays, beginning Nov. 1 all financialinstitutions and any company that extends credit to customers, evenin the form of multiple-month payment plans, will be required toestablish centralized anti-fraud procedures and systems under theFederal Trade Commission's new Red Flags Rule.

|

Facing a growing wave of identity theft, the FTC wants companiesto pay more attention to establishing the identity of customers andcredit recipients, and to put in place a system to flag theftattempts early. “Identity theft has been the No. 1 consumercomplaint at the FTC for years now,” says Manas Mohapatra, anattorney with the agency's division of privacy and identityprotection.

|

But attorneys specializing in business law warn that the newregulations could surprise many companies that have never viewedthemselves as creditors. Mohapatra notes that even sendingcustomers bills for payment in 30 days for a product or servicecould be construed as extending credit.

|

The FTC has postponed the rule's effective date several times asbusinesses objected that it was not clear who would be included.Even though its Web site (http://ftc.gov/redflagsrule)offers answers to frequently asked questions, the agency haspromised further clarification.

|

“The Red Flags Rule has fines and penalties for noncompliance,”says Greg Bee, an attorney with the law firm of Taft Stettinius& Hollister, “but if it establishes a new 'standard of care' tobe taken regarding extension of credit, it could also give rise tocustomer lawsuits.” That is, if a company's customers becomevictims of ID theft because of a transaction with the firm, theycould file suit based upon any perceived failure by the company tomeet the FTC's requirements.

|

The FTC expects a company's identity theft prevention program tobe “appropriate to the size and complexity” of the business,according to the law firm's report on the rule, which concludesthat “reasonable commonsense safeguards are likely to be enough formost businesses.” These might include requiring adequateidentification of all customers and, in the event of suspected IDtheft, alerting the customer, changing passwords, and possiblyforegoing collection on an account or notifying lawenforcement.

|

Most large companies already have systems in place to protectboth themselves and their customers from ID theft and fraud,Mohapatra says. “For them, it's not a matter of adding a new layeron top of everything else,” he says. “It's just a matter ofexercising common sense and of centralizing controls as a matter ofpolicy.” Compliance could be something as simple as requiring twoforms of ID to establish customer identity instead of justone.”

|

The rule could also help businesses, he added, citing aparticipant at an April hearing who said that the process ofdeveloping a red flag system helped get different offices in thecompany talking that hadn't talked before about what they weredoing about identity theft.

|

Kevin Kalinich, national managing director of insurance brokerAon's financial services group, agrees that the new rule isprobably a good thing for most businesses. “We found that among ourclients and prospects, as of August, fully half of them did nothave a good system for guarding against ID theft,” Kalinich says.“If this rule makes them become more compliant, they will save alot of money, both in terms of fewer lawsuits by customers andlower insurance costs.”

Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.

  • Critical Treasury & Risk information including in-depth analysis of treasury and finance best practices, case studies with corporate innovators, informative newsletters, educational webcasts and videos, and resources from industry leaders.
  • Exclusive discounts on ALM and Treasury & Risk events.
  • Access to other award-winning ALM websites including PropertyCasualty360.com and Law.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.