Compliance Week reported Monday that the U.S. Federal Trade Commission has extended the compliance deadline for its Identity Theft Red Flags Rule. Most recently scheduled to become effective May 1, the rule was promulgated under The Fair and Accurate Credit Transactions Act of 2003. It requires creditors and financial organizations under the FTC's jurisdiction to develop identity theft prevention programs.
Covered entities will now have until Aug. 1 to further develop their programs. The original compliance deadline was Nov. 2008, but the FTC first extended it to May 1, 2009, after financial organizations and creditors exhibited confusion regarding whether they were subject to the rule.
Compliance Week says FACTA "covered entities" include creditors, or "any entity that regularly extends or renews credit," and financial institutions, or "entities that offer accounts that enable consumers to...make payments to third parties."