The Federal Trade Commission (FTC) is delaying “Red Flag Rules” enforcement for RV dealers and other merchants for six months. Enforcement of the rule was to go into effect on Nov. 1, but the FTC announced Wednesday (Oct. 22) that it would extend the deadline until May 1, 2009.
The Red Flag Rules require merchants to implement an identity theft fraud-prevention programs to “identify, detect, and respond to patterns, practices, or specific activities that could indicate theft.” The FTC’s announcement makes clear that it applies only to entities subject to its jurisdiction, according to the Recreation Vehicle Dealers Association (RVDA).
The RVDA recommends RV dealers to continue with their plans to implement compliance programs by Nov. 1, since it is uncertain whether banks will accept financing contracts from dealers who have not established a program.
Other federal agencies that enforce the Red Flags – the Office of the Comptroller of the Currency, Federal Reserve Board, Federal Deposit Insurance Corp., Office of Thrift Supervision and the National Credit Union Administration – have not granted a similar delay to banks and other lending institutions.
Therefore, dealers may still face pressures from banks and lenders who still need to comply by the original Nov. 1 deadline. Although this may provide some relief for dealers concerned about the fast approaching deadline, there will likely be an enforcement sweep after the new deadline. The FTC is unlikely to feel sympathy for non-compliant entities after an 18-months head start to implement programs, RVDA noted.
Also, be aware, that the FTC’s Safeguards Rule, which similarly requires a written compliance program, has now been in effect for over five years. For dealers who are behind in their compliance obligations, RVDA stated, this is a great time to incorporate both written compliance programs into your dealerships.
The FTC responded to creditors’ and financial institutions’ request for more time to develop and implement the rules, which also require written identify theft prevention programs. According to the FTC, “Many entities also noted that, because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the rule’s requirements too late to be able to come into compliance by Nov. 1, 2008. The commission’s delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the rule.”