UPDATE: The Federal Trade Commission recently issued a revised guide on the Red Flags Identity Theft Rule, designed to help businesses comply with the requirements of the Rule. Our detailed Client Alert on the Final Red Flags Rule and compliance obligations issued by the SEC and CFTC can be found here.   Compliance with the Red Flags Rule for entities regulated by the FTC has been required since 2007.

The revised guide is a helpful tool for entities that are considering whether they are covered by the Rule as well as for covered entities as it:

  • Provides a two-part analysis that businesses can use to determine if they are a “financial institution” or a “creditor” covered by the Rule,
  • Contains an FAQ section that clarifies the definition of “creditor,” and
  • Outlines a four-step compliance process for businesses under FTC jurisdiction.

You can find a copy of the guide here.