Red flags

In November 2007, the FTC and the federal depository institution regulatory agencies issued final rules on identity theft red flags and address discrepancies to implement Sections 114 and 315 of the FACT Act. The rules require financial institutions and creditors to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts. The Program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft.

The agencies also issued guidelines to assist covered entities in developing and implementing a Program, including a supplement that provides examples of red flags. Covered financial institutions and creditors must comply with the rules by November 1, 2008.