After a three-year delay amid a swirl of controversy and litigation over the types of entities covered under the Identity Theft Red Flags Rule ("Red Flags Rule"), the Federal Trade Commission ("FTC") has bowed to the will of Congress and amended the rule to limit the scope of covered entities, as reported in the Federal Register on December 6 [77 FR 72712]. The controversy revolved around the expanded definition of "creditor," which provided the FTC with a jurisdictional hook to mandate compliance with the rule by virtually all businesses.
The Red Flags Rule requires creditors and financial institutions that hold certain credit accounts to develop and implement a written identity theft and prevention program. The program must provide for identification and detection of and responses to patterns, practices, or specific activities -- known as "red flags" -- that could indicate identity theft. (See July 28, 2009, Day Pitney Client Alert for details on the Red Flags Rule.)
Under the FTC's former definition, creditors had been defined as entities that regularly extend or renew credit or arrange for others to do so and included any entity that regularly permits deferred payment for goods and services. Under that definition, entities subject to the rule included those that permit payment after products are sold or services rendered, e.g., lawyers, health care providers, accountants, retailers, and nonprofit organizations.
After the American Bar Association successfully challenged the authority of the FTC to include lawyers under the rule, Congress stepped in and enacted the Red Flag Program Clarification Act [15 U.S.C. 1681m(e)(4)], which narrowed the scope of entities covered as creditors. The clarification, which the FTC has inserted in the amended rule, defines a creditor as an entity that in the ordinary course of business involving a credit transaction regularly (i) obtains or uses consumer reports, (ii) furnishes information to consumer reporting agencies, or (iii) advances funds to or on behalf of a person based on an obligation of the person to repay the funds. Under the amended definition, mainly financial institutions and other traditional lenders are covered. The compliance date of the rule is February 11, 2013.
It is essential that entities correctly determine whether they fall under the definition of "creditor" and, if so, whether they maintain specified credit accounts. Entities so designated should design and implement appropriate identity theft prevention programs. Even in the absence of a legal obligation, implementing a program containing elements of the rule would help companies mitigate the risk of identity theft and reduce their overall exposure.
For more information about the Red Flags Rule or how to design an identity theft compliance program, please contact any of the individuals listed above or Jim Bowers, our director, Compliance Risk Services, who can be reached at (860) 275 0339 or firstname.lastname@example.org.
Jeffrey Mueller will be a speaker on the topic of "Legal Ethics for In-House Counsel," during the Annual Ethics CLE at IBM presented by the Westchester, New York/Southern Connecticut Chapter of the Association of Corporate Counsel.
Jed Davis will be a featured panelist in a CLE program titled, "Implementing the New DFS Cybersecurity Regulation," (click on title to register), sponsored by the Data Law Initiative at Cardozo Law School.
Rachel Gonzalez, Mary Rogers and Patrick McCarthy wrote an article "NLRB Eases Organizing of Temporary Workers" for CBIA’s H&R Safety Newsletter on the impact of the recent decision of the National Labor Relations Board (NLRB).
On June 7, R. Scott Beach spoke on a panel at a breakfast held by Private Asset Management at The Lambs Club in New York. The panel discussed planning a successful succession in private wealth management firms. Some of the topics they discussed included when a private wealth manager should start considering the succession options available to them; why the issue is often overlooked, and creating a culture to change this; options for private wealth managers such as in-house mentoring, selling a business, or passing it over to a new generation; the pitfalls and potential risks associated with merging or selling to another firm; and who to entrust with your book of business, and retaining client trust throughout the process.
On April 28, Steven Cash will be speaking at the Seventh National Institute on Internal Corporate Investigations and Forum for In-House Counsel. Cash will be speaking on a panel about Congressional Investigations. The panel focuses on how Congress conducts its investigations, including the scope of its subpoena power and the procedures for congressional hearings.
Day Pitney Press Release
Steven Cash was quoted in a pair of articles, "Trump-Mueller tensions escalate," published in The Hill; and "Jeff Sessions' appointment of special prosecutor bites Trump," published in The Washington Times.
Eliza Fromberg was quoted in an article, "Equity Crowdfunding Tops $10M Since SEC Rules Took Effect," in Law360.
Eliza Fromberg was quoted in an article, "SEC Boosts Intrastate Crowdfunding, But Hurdles Remain," in Law360. In the article, Fromberg discusses the U.S. Securities and Exchange Commission’s adoption of amendments to the intrastate offering exemption.
Eliza Fromberg was quoted in an article, "CCO or CCO/ General Counsel: Make the Choice That Fits Your Firm's Needs," in ACA Insight. In the article, Fromberg discusses the pros and cons of different legal and compliance department structuring and reporting arrangements.