FTC Extends Enforcement Deadline for Red Flags Rule (Again)

Posted on October 30, 2009 by Hunton & Williams LLP

The FTC today announced that it would, for the fourth time, delay enforcement of the Identity Theft Red Flags Rule.  The enforcement date is now June 1, 2010 for creditors and financial institutions subject to FTC jurisdiction.  The agency stated that the delay was requested by members of Congress, who are currently considering a bill that would limit the rule's scope.  That bill (which would exclude certain entities with 20 or fewer employees from the rule's definition of "creditor" and also would provide a mechanism for other entities to apply for that exclusion) recently passed the House by a margin of 400 to 0 and was referred to the Senate Committee on Banking, Housing and Urban Affairs.  Please refer to our recent post regarding other developments that limit the rule's application.

Tags: , , , , , , , ,

Court Finds That Lawyers Are Not Subject to the FTC's Identity Theft Red Flags Rule

Posted on October 29, 2009 by Hunton & Williams LLP

It is being reported that the U.S. District Court for the District of Columbia agreed this morning with the American Bar Association's argument that the FTC's Identity Theft Red Flags Rule ("Red Flags Rule" or the "Rule") does not apply to lawyers.  The Rule implements Section 114 and 315 of the Fair and Accurate Credit Transactions Act (the "FACT Act").  In relevant part, the Rule requires creditors and financial institutions that offer or maintain certain accounts to implement an identity theft prevention program.  The program must be designed to detect, prevent, and mitigate the risk of identity theft. The FTC has interpreted the definition of "creditor" broadly.  The Commission has taken the position in publications and numerous panels that lawyers and law firms meet the definition of creditor because they allow clients to pay for legal services after the services are rendered.  For law firms (as well as for other entities that the FTC deems subject to its enforcement jurisdiction), November 1, 2009 is the deadline for compliance with the provisions of the Rule that require implementation of an identity theft prevention program.

In reaching the decision, Judge Reggie Walton is reported to have stated that he was reluctant to conclude that Congress intended to regulate lawyers when it enacted the FACT Act, which the Red Flags Rule implements.  The court also questioned the FTC's broad interpretation of the term "creditor." Judge Walton is reported to have questioned whether the term could be interpreted so broadly as to render a plumber who bills a customer after performing his work a "creditor" within the meaning of the Rule.  Notably, the Judge's comment may leave the door open for other challenges to the Rule by myriad small businesses whom the FTC considers "creditors" subject to the Rule.

It is reported that the court granted an injunction against the enforcement of the Rule and a declaratory judgment finding that lawyers are not subject to the Rule.  The FTC is expected to appeal the decision.
Tags: , , , , , , , , , , , , ,

Obama Proposes New Agency to Regulate Consumer Financial Privacy

Posted on July 2, 2009 by Hunton & Williams LLP

On June 30, 2009, the Obama Administration sent legislation to Congress that would create a new Consumer Financial Protection Agency ("CFPA").  Working with state regulators, the new agency would assume authority for the privacy provisions of the Gramm-Leach-Bliley Act, and would have the power to write rules and impose penalties pursuant to a variety of existing statutes, including the Fair Credit Reporting Act and the Fair and Accurate Credit Transactions Act.  To date, these powers have been shared among all financial services regulators, including the Federal Trade Commission ("FTC").  Under the proposal, the FTC would retain primary responsibility for preventing fraud and encouraging security in the financial markets. 

While some regulatory authority for financial products and services protections would flow from the FTC to the CFPA, the FTC would have increased powers to issue rules related to unfair and deceptive practices, and an enhanced ability to issue civil monetary penalties.  The proposal also includes expanded FTC authority over the banking sector with respect to data security.  While the legislation proposes transferring staff from certain financial services regulators, there would be no transfer of staff from the FTC.  Accordingly, the FTC may have more resources to pursue other consumer protection issues, including privacy in non-financial markets.

The Administration's full report on its financial reform plan can be viewed here.

Tags: , , , , , , , , , ,