Ad Law Access https://www.kelleydrye.com/viewpoints/blogs/ad-law-access Updates on advertising law and privacy law trends, issues, and developments Thu, 14 Nov 2024 09:14:48 -0500 60 hourly 1 FTC Issues Guidance to Clarify Scope and Requirements of Red Flags for Identity Theft Prevention Rule https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/ftc-issues-guidance-to-clarify-scope-and-requirements-of-red-flags-for-identity-theft-prevention-rule https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/ftc-issues-guidance-to-clarify-scope-and-requirements-of-red-flags-for-identity-theft-prevention-rule Wed, 26 Jun 2013 14:18:06 -0400 The FTC has released a guidance document that clarifies the scope of its Red Flags for Identity Theft Prevention Rule (“the Red Flags Rule”) and provides a practical four step guide for covered entities to assess compliance.

The Red Flags Rule requires certain businesses and organizations to have in place a written identity theft program designed to detect “red flags” indicative of identity theft and take appropriate steps to prevent it. While the Red Flags Rule has always applied to “financial institutions” and “creditors,” the scope of the term “creditors” has generated some confusion. The initial Red Flags Rule defined “creditor” broadly by reference to the definition in the Equal Credit Opportunity Act and arguably covered any company that extended credit by allowing a customer to defer payment. This would include most businesses and service providers, including retailers, doctors, and lawyers.

After allegations that such a broad definition exceeded the FTC’s authority under the Fair and Accurate Credit Transactions Act (“the FACT Act”), Congress reacted by passing the Red Flag Program Clarification Act of 2010. The Act clarifies that for the purposes of the FACT Act, creditor means only those creditors that regularly and in the ordinary course of business either: (1) obtain or use consumer reports in connection with a credit transaction, (2) furnish information to consumer reporting agencies in connection with a credit transaction, or (3) advance funds to or on behalf of a person, based on an obligation of the person to repay. The Act further clarifies that creditor does not include an entity that “advances funds on behalf of a person for expenses incidental to a service provided by the creditor to that person."

The FTC Guidance expands on the clarification provided by Congress by offering both general guidance and specific “FAQs” concerning the scope of the Red Flags Rule. With regard to the meaning of “regularly and in the ordinary course of business,” the Guidance explains that “[i]solated conduct does not trigger application of the rule, but if your business regularly furnishes delinquent account information to a consumer reporting company but no other information, that [would] satisf[y]” the requirement and fall within the scope of the Rule. The Guidance also explicitly advises that a professional who bills clients subsequent to rendering services would not qualify as a creditor under the Rule. On the other hand, the Guidance explains that any business that regularly uses credit reports would be subject to the Rule, even if a third party evaluates the credit reports on the business’s behalf.

The Guidance goes on to provide a “four-step process” towards compliance. Specifically, the Guidance advises covered entities to:

• Identify relevant red flags, including alerts from a credit reporting company, suspicious documents, and personal identifying information suggestive of fraud.
• Detect red flags by considering what procedures would work best in the particular organization.
• Prevent and mitigate identity theft by responding immediately and terminating service as necessary.
• Periodically update the program to stay on top of developments and industry best practices.

While the Guidance provides a helpful resource in facilitating compliance with the Red Flags Rule, companies must undertake their own analyses to customize their identity theft programs to meet the requirements of the Rule.

]]>
New FACTA Rules Take Effect on July 1, 2010 https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/new-facta-rules-take-effect-on-july-1-2010 https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/new-facta-rules-take-effect-on-july-1-2010 Sat, 05 Jun 2010 21:51:21 -0400 Businesses have until July 1, 2010 to comply with the new rules and guidelines under the Fair and Accurate Credit Transactions Act (“FACTA”), which amended the Fair Credit Reporting Act (“FCRA”), adopted by the Federal Trade Commission nearly a year ago relating to information provided to credit reporting agencies. Many know FACTA as the statute that allows consumers to request and obtain a free credit report once every 12 months from each of the three nationwide consumer credit reporting companies (Equifax, Experian, and TransUnion), or the Act that contains provisions to help reduce identity theft. These new guidelines are designed to increase the accuracy and integrity of the information that furnishers provide to credit reporting agencies. The rules, in turn, require furnishers to establish reasonable written policies and procedures that implement the guidelines. The policies and procedures that furnishers are required to establish will vary depending on the “nature, size, complexity, and scope of each furnisher’s activities.” 16 C.F.R. § 660.3(a).

The rules also provide consumers an additional avenue to challenge the accuracy of information used to generate their credit rating. Historically, consumers were encouraged to deal with the credit reporting agency about the accuracy of such information. Under the new FACTA rules, furnishers are now required, in most cases, to investigate disputes that are submitted directly to them by consumers regarding the accuracy of information that furnishers provided to a credit reporting agency.

Click here to review the final inter-agency rules and guidelines.

]]>
Federal Agencies Issue FAQs on FACTA Red Flag Compliance https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/federal-agencies-issue-faqs-on-facta-red-flag-compliance https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/federal-agencies-issue-faqs-on-facta-red-flag-compliance Mon, 15 Jun 2009 09:21:04 -0400 Last week , the Federal Trade Commission, jointly with other federal agencies that regulate financial institutions, released "frequently asked questions" designed to provide additional assistance to companies required to comply with new identity theft rules pursuant to the Fair and Accurate Credit Transactions Act ("FACTA") .

Those rules were issued in November 2007. Under the regulations, financial institutions are required to develop and implement written programs to detect and respond to possible identity theft as indicated by certain "red flags." These newly required programs were to be in place on or before November 1, 2008.

The FAQs are the latest step in a number of efforts by the FTC and others to assist companies in complying with the new FACTA rules. For instance, in July 2008, the FTC launched an outreach program to explain the rules in greater detail, to clarify the types of institutions to which the rules apply, and to offer guidance as to how these institutions can comply. That outreach effort included an alert providing information relating to definitions and terms used in the rules, including the definitions of “financial institution,” “creditor,” “transaction account,” and “covered account.” In addition, the alert addressed five categories of “red flag” activities.

Financial institutions should continue to monitor for guidance from the federal agencies, and/or consult with counsel, regarding their compliance with the new FACTA rules.

]]>
Welcome to the Consumer Financial Services Blog https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/welcome-to-the-consumer-financial-services-blog https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/welcome-to-the-consumer-financial-services-blog Thu, 05 Mar 2009 09:00:00 -0500 Which among the following businesses are potentially subject to consumer financial services laws, rules, and regulations?

A. a retail clothing chain
B. a bank or mortgage company
C. an internet retailer
D. a fast food franchisor
E. all of the above

If you answered E, “All of the above,” you are CORRECT. However, many companies do not realize their businesses are subject to consumer financial services laws. Consequently, their businesses may not be compliant and may be subject to litigation risk.

The focus of the Consumer Finance Law Blog is to keep – all on one site – traditional and non-traditional financial service providers subject to consumer financial services laws abreast of recent developments in:

  • State consumer protection statutes and regulations
  • State privacy statutes
  • Privacy and consumer protection litigation
  • Card Association Rules
  • Equal Credit Opportunity Act
  • Electronic Funds Transfer Act
  • Fair Credit Reporting Act
  • Fair Credit Transactions Act
  • Fair Debt Collection Practices Act
  • Payment Card Industry Data Security Standard
  • State Money Transmitter Statutes
  • State Retail Installment Sales Act
  • State and Federal Unfair and Deceptive Trade Practices Acts
  • TILA, RESPA, and related federal and state consumer disclosure and notice requirements
  • Insurance coverage issues
  • Legislation that may impact company compliance or create new litigation risk.

We welcome you and hope that you find our posts interesting, educational, and thought provoking. We also welcome your feedback and invite you to suggest topics or recent decisions of interest that you would like us to address.

]]>