What a Long, Strange Trip It’s Been: The (Interim) Final Red Flag Rules Have Arrived

Published On November 30, 2012 | By Jake Sommer | General
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

What a long, strange trip it’s been for Red Flag Rules.  Originally promulgated in November 2007, the Red Flag Rules have finally made their way to an Interim Final Rule today, over five years later.  The initial Red Flag Rules promulgated in 2007 caused a stir, because they appeared to apply to a huge number of entities–many of whom were outside industries traditionally subject to financial regulation.  After lobbying by industry groups, including a lawsuit brought by the American Bar Association and the American Medical Association, the Red Flag Rules’ odyssey included a return trip to Congress for the “Red Flag Program Clarification Act.”  That act narrowed the definition of creditor to that which appears in this final interim rule.  The Rules are now more consistent with FCRA and cover any entity which, in the regular course of business:

  • Obtains or uses consumer reports in connection with a credit transaction;
  • Furnishes information to consumer reporting agencies in connection with a credit transaction; or
  • Advances funds to or on behalf of a person, in certain cases.

While there is some room to expand covered entities, the FTC has stated it has no intention to do so. After five years of waiting, it appears the journey is over, and the Red Flag Rules are finally here to stay.

About The Author

Jacob Sommer's practice focuses on legal issues related to Internet-based services and social networking, with a focus on protecting client's rights in litigation or government investigations involving the Copyright Act, Lanham Act, Digital Millennium Copyright Act ("DMCA"), Electronic Communications Privacy Act (“ECPA”), the Wiretap and Communication Acts, CAN-SPAM, FISA and federal and state laws governing Internet gambling. He also helps social networks, search engines, e-mail providers, ISPs and other clients fulfill their compliance obligations pertaining to the discovery and disclosure of customer and subscriber information.