After a three-year delay amid a swirl of controversy and
litigation over the types of entities covered under the Identity
Theft Red Flags Rule ("Red Flags Rule"), the Federal
Trade Commission ("FTC") has bowed to the will of
Congress and amended the rule to limit the scope of covered
entities, as reported in the Federal Register on December 6 [77 FR
72712]. The controversy revolved around the expanded definition of
"creditor," which provided the FTC with a jurisdictional
hook to mandate compliance with the rule by virtually all
The Red Flags Rule requires creditors and financial institutions
that hold certain credit accounts to develop and implement a
written identity theft and prevention program. The program must
provide for identification and detection of and responses to
patterns, practices, or specific activities -- known as "red
flags" -- that could indicate identity theft. (See
July 28, 2009, Day Pitney Client Alert for details on the Red
Under the FTC's former definition, creditors had been defined
as entities that regularly extend or renew credit or arrange for
others to do so and included any entity that regularly permits
deferred payment for goods and services. Under that definition,
entities subject to the rule included those that permit payment
after products are sold or services rendered, e.g., lawyers, health
care providers, accountants, retailers, and nonprofit
After the American Bar Association successfully challenged the
authority of the FTC to include lawyers under the rule, Congress
stepped in and enacted the Red Flag Program Clarification Act [15
U.S.C. 1681m(e)(4)], which narrowed the scope of entities covered
as creditors. The clarification, which the FTC has inserted in the
amended rule, defines a creditor as an entity that in the ordinary
course of business involving a credit transaction regularly (i)
obtains or uses consumer reports, (ii) furnishes information to
consumer reporting agencies, or (iii) advances funds to or on
behalf of a person based on an obligation of the person to repay
the funds. Under the amended definition, mainly financial
institutions and other traditional lenders are covered. The
compliance date of the rule is February 11, 2013.
It is essential that entities correctly determine whether they
fall under the definition of "creditor" and, if so,
whether they maintain specified credit accounts. Entities so
designated should design and implement appropriate identity theft
prevention programs. Even in the absence of a legal obligation,
implementing a program containing elements of the rule would help
companies mitigate the risk of identity theft and reduce their
Allegations of corporate malfeasance may arise in myriad ways: whistleblowers, current or former employees, internal or external auditors, shareholders, the media, regulatory or law enforcement agencies, and/or the plaintiff 's bar.
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
Drafting an arbitration clause for your agreement is a straightforward matter most of the time. Sometimes it can be as simple as incorporating by reference an arbitration provision in another document or agreement.
Both the CFTC and the NFA have signaled their expectation—now nearly four years after swap dealers first became provisionally registered—that firms have had sufficient time to implement fully the CFTC's swap regulations.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).