At the eleventh hour, the Federal Trade Commission announced that it will once again delay enforcement of the Red Flags Rule. The Red Flags Rule was promulgated pursuant to the Fair and Accurate Credit Transactions Act of 2003 ("FACTA"). The previous compliance date was May 1, 2009, which was an extension from the original deadline of November 1, 2008. The new extension applies only to the provisions of the Rule requiring financial institutions and creditors to implement an identity theft prevention program. The continuing enforcement delays respond to ongoing uncertainty about the Rule’s intended scope. In announcing this latest delay, the FTC cited "the ongoing debate about whether Congress wrote this provision [of FACTA] too broadly" and stated that extending the compliance deadline would "allow industries and associations to share guidance with their members . . . and give Congress time to consider the issue further." On March 20, 2009, the FTC published the Red Flags Rule Compliance Guide to assist organizations that must comply with the Red Flags Rule. The FTC stated in its news release yesterday that it will attempt to address some of the concerns regarding compliance with the Rule by publishing an identity theft prevention program template for low risk entities. The FTC’s news release is available here.