The Federal Trade Commission (FTC) has informally confirmed to White & Case that it will not consider 401(k) plans that allow in-service loans to participants to be "creditors" under the Fair and Accurate Credit Transactions (FACT) Act of 2003, and thus 401(k) plans that allow such loans will not be subject to the FTC's Identity Theft Red Flag Rules. As we stated in our February Executive Compensation, Benefits and Employment Law Focus newsletter, the FTC had not previously exempted such 401(k) plans from the Red Flag Rules. If such plans had been subject to the Red Flag Rules, the plans would have been required to create and implement written identity theft prevention programs by May 1, 2009. However, the FTC could not confirm that employer-sponsored welfare benefit plans which offer Flexible Spending Accounts ("FSAs") would not be considered "creditors" for purposes of the Red Flag Rules. As such, further guidance from the FTC on the applicability of the Red Flag Rules to FSAs is needed.