On December 19, 2010, President Obama signed the Red Flag Program Clarification Act of 2010 (Act), which narrows the definition of creditor under the Fair Credit Reporting Act, as amended by section 114 of the Fair and Accurate Credit Transactions Act of 2003 (Section 114). Section 114 requires each financial institution or creditor to develop and implement a written Identity theft prevention program to detect, prevent and mitigate losses from identity theft in connection with the opening of certain accounts or certain existing accounts. The Federal Trade Commission (FTC) and the federal banking agencies have issued guidance to assist financial institutions and creditors with the formation and maintenance of programs that satisfy these requirements.
In addition, the FTC and the federal banking agencies have issued regulations (Red Flag Rules) implementing the requirements of Section 114. The FTC’s Red Flag Rules have been controversial because of the broad interpretation of “creditor,” which covers providers of goods and services who regularly grant their customers the right to defer payments. The Act amends the definition to expressly exclude any entity that “advances funds on behalf of a person for expenses incidental to a service provided by the creditor to that person.”
The Act is expected to resolve litigation initiated by the American Bar Association and other trade organizations challenging the broad scope of the FTC’s Red Flag Rules. The FTC's Red Flag Rules required creditors to have written identity theft prevention program in place by December 31, 2010, but implementation has been delayed numerous times due to legal challenges and the hope that Congress would ultimately resolve the dispute concerning the proper scope of Section 114.