Federal Red Flags Rule goes into effect Aug. 1, 2009
NOTE TO EDITORS: The Federal Trade Commission has postponed the compliance date for the Red Flags Rule to Nov. 1, 2009. For more information, please go to http://www.ftc.gov/opa/2009/07/redflag.shtm.
Grant Thornton LLP white paper helps companies understand how to comply with identity theft regulation
CHICAGO, July 22, 2009 - Beginning Aug. 1, 2009, companies that extend any sort of credit to their customers - even something as simple as sending a bill at the end of the month - will need to have a documented, board-approved Red Flag compliance strategy in place to help combat identity theft. The Red Flags Rule, a component of the Fair and Accurate Credit Transactions (FACT) Act signed into law in December 2003, requires that financial institutions and creditors in a number of industries implement a plan to identify, detect and respond to attempts to use stolen identity information. Grant Thornton LLP's Advisory Services group has created a white paper - The Red Flags Rule: What you need to know - to help companies understand what the rule requires, determine whether it applies to them and develop a compliance strategy.
"This rule is completely different from policies you have in place to protect sensitive information," said Randy Green, a principal in Grant Thornton LLP's Advisory Services group and the author of the white paper. "Instead, this regulation is designed to prevent thieves who have somehow acquired another person's identity from using it to commit a fraud. The rule requires you to identify all of the indicators that might tip you off to possible identity theft, implement appropriate predictive and detective controls, and react appropriately."
While the Rule has been in effect since November 2008, enforcement by the Federal Trade Commission (FTC) will begin Aug. 1 of this year. Initially, the FTC will assess retroactive penalties for violations, require additional compliance reporting from companies and obtain an injunctive compliance order. Further violations could result in a visit to federal district court and a fine of up to $16,000 per individual occurrence of identity theft.
"After Aug. 1, 2009, any occurrence of identity theft at your business exposes you to an FTC investigation," said Green. "We believe that enforcement of this rule will be complaint-driven, and given the staggering number of identity thefts, there will be no shortage of complaints."
"In summary, the Red Flags Rule is likely to become the standard of care that all companies will need to provide to prevent identity theft," concluded Green. "Skipping red flags compliance will expose you to real regulatory, reputational and litigation risks."
To download a full copy of this Grant Thornton white paper, The Red Flags Rule: What you need to know, please go to www.GrantThornton.com/redflags.
- ends -
About Grant Thornton's Advisory Services Practice
Today you need advisors that focus on insightful and innovative solutions for your complex issues, such as complying with changing legislation, managing risk, containing costs, streamlining business processes and identifying strategic transaction opportunities. Grant Thornton's Advisory Services professionals can deliver value by providing independent advice to public, private and not-for-profit organizations. Our specialists combine insight and innovation from multiple disciplines with a wide range of business and industry knowledge.
About Grant Thornton LLP
The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd, one of the six global audit, tax and advisory organizations. Grant Thornton International Ltd and its member firms are not a worldwide partnership, as each member firm is a separate and distinct legal entity.
In the U.S., visit Grant Thornton LLP at www.GrantThornton.com.
