December 21, 2010

New Law Limits Scope of Red Flags Rule

A new federal law has significantly limited the scope of the Red Flags Rule, a federal law that requires many businesses and organizations to implement a written identity theft prevention program. There has recently been a substantial amount of confusion about whether the Rule imposes new obligations on various persons and organizations (including community associations), and this new law clarifies who must comply with the Rule. The Red Flags Rule now applies to financial institutions and creditors that:

1) obtain and use consumer reports in connection with a credit transaction,

2) furnish information to consumer reporting agencies in connection with a credit transaction, or

3) advance funds to or on behalf of a person, based on an obligation of the person to repay the funds or repayable from specific property pledged by or on behalf of the person.

The third category is apparently intended to cover businesses like payday loan companies that sometimes lend without using consumer reports. Creditors who advance funds on behalf of a person for expenses incidental to a service provided by the creditor to that person are specifically exempted from the Red Flags Rule. Other types of creditors may be required to comply with the Rule if an agency determines that they offer or maintain accounts that pose a reasonably foreseeable risk of identity theft.

The Red Flags Rule does not appear to apply to condominium and homeowners associations under the new law. However, such associations may still choose to adjust their record-keeping procedures to comply with the Rule if they are concerned that it might be interpreted or amended to apply to them or if they want to obtain a heightened measure of protection against identity theft. More information about the Red Flags Rule is available here.