The Federal Trade Commission has issued revised guidance designed to help businesses comply with the requirements of the Red Flags Rule, which protects consumers by requiring businesses to watch for and respond to warning signs or “red flags” of identity theft.

The guidance outlines which businesses – financial institutions and some creditors – are covered by the Rule and what is required of businesses to protect consumers from identity theft.  The Red Flags Rule was revised in late 2012 to more narrowly define the types of creditors subject to the rule’s requirements.

Under the current definitions, the Red Flags Rule defines “creditor” based on conduct.  To determine if your business is a creditor under the Red Flags Rule, ask these questions:

Does my business or organization regularly:

  • defer payment for goods and services or bill customers?
  • grant or arrange credit?
  • participate in the decision to extend, renew, or set the terms of credit?

If you answer:

  • No to all, the Rule does not apply.
  • Yes to one or more, ask:

Does my business or organization regularly and in the ordinary course of business:

  • get or use consumer reports in connection with a credit transaction?
  • give information to credit reporting companies in connection with a credit transaction?
  • advance funds to — or for — someone who must repay them, either with funds or pledged property (excluding incidental expenses in connection with the services you provide to them)?

If you answer:

  • No to all, the Rule does not apply.
  • Yes to one or more, you are a creditor covered by the Rule.