In an effort to combat the ongoing crime of identity theft, Congress passed the Fair and Accurate Credit Transactions (FACT) Act in 2003. Last year, as part of the FACT Act, the FTC, the National Credit Union Administration (NCUA), and federal bank regulatory agencies have issued regulations (referred to as the "Red Flags Rule") which require financial institutions and creditors to implement written Identity Theft Prevention Programs to provide for the "identification, detection, and response to patterns, practices, or specific activities" known as “red flags” that could indicate identity theft. Beginning August 1, 2009 , the FTC will enforce the Red Flag Rules.

Businesses required to comply with the Red Flags Rule must implement Identity Theft Prevention Programs that accomplish the following:

1. Identify the "red flags" of identity theft that a business may come across on a daily basis.
2. Detect the red flags that were identified.
3. Prevent and mitigate identity theft.
4. Re-evaluate and update the program to address new risks given the evolving nature of identity theft.

Recommendations:

• Businesses need to first determine whether they are covered by the Red Flags Rule. Covered entities must draft and implement an Identity Theft Prevention Program in accordance with FTC guidelines.
• Covered entities should also review and update their existing policies and procedures regarding opening customer accounts, extending credit, completing transactions or related activity.
• The Identity Theft Prevention Program must be approved by the company's board of directors (or an appropriate sub-committee) or, if the company does not have a board of directors, a member of senior management.
• New identity theft prevention policies and procedures should be distributed and staff should receive corresponding training.
• Any business that is a "creditor" but does not currently have "covered accounts" which would subject such business to these requirements, should put into place a procedure to ensure that it completes periodic risk assessments to determine if it has acquired "covered accounts."

If you have any questions on the Red Flags Rule, need assistance determining whether your business is covered by these regulations, need assistance drafting an appropriate Identity Theft Prevention Program, or require training of your employees on the program, please contact the Nukk-Freeman & Cerra , P.C. attorney with whom you normally work.