As we mentioned in our December 8th posting on the Red Flags Rule (“Rule”), implementation of the Rule by the Federal Trade Commission (“FTC”) has been repeatedly delayed since 2008 while members of Congress seek a legislative fix limiting the scope of the Rule. The FTC is currently slated to begin enforcement of the Rule on January 1, 2011.
The purpose of the Rule is to reduce instances of identity theft. To that end, the Rule requires financial institutions and “creditors” with covered accounts to create and implement a written program geared toward preventing identity theft.
The term “creditor” has been broadly interpreted under the Rule and includes many businesses and entities that were not intended to comply with the Rule. As noted in our recent blog posting, we believe it is likely that community associations which enter into payment plans or stipulations for payment of past due assessments are currently required to comply with the Rule. It is also likely that associations which bill-back charges for services after they have been rendered currently fall under the Rule.
The United States Congress has finally passed a bill that attempts to limit the “creditors” that will be required to comply with the Rule. On December 9, 2010, Congress sent S.3987 to President Obama for consideration. If the President signs S.3987 into law, implementation of the Rule should be delayed again while the FTC interprets the new definition of “creditor” and provides guidance for compliance with the Rule.
Until S.3987 is signed into law and the FTC delays implementation, we recommend that community associations which currently fall within the definition of “creditor” consider complying with the Rule. At the very least, it is wise for associations to review whether there is any risk for identity theft resulting from the governance of their communities and to take reasonable steps to prevent it.