Amendments to the Fair Credit Reporting Act (FCRA) signed by President Barack Obama on December 18, 2010, narrow the coverage of the FCRA’s red flag requirements by limiting the businesses to which those requirements apply.

Only businesses meeting the new definition of “creditor”—added to the FCRA by Public Law 111-319, the Red Flag Program Clarification Act of 2010—are subject to the red flag requirements. The definition is limited to businesses that qualify as a “creditor” under the Equal Credit Opportunity Act (ECOA), and regularly and in the ordinary course of business (1) obtain or use consumer reports in connection with credit transactions, (2) furnish information to consumer reporting agencies in connection with credit transactions, or (3) advance funds to or on behalf of a person based on such person’s obligation to repay the funds. Most significantly, the new definition does not include a creditor that advances funds on behalf of a person for expenses incidental to a service the creditor provides.

The new creditor definition means that various professionals, such as lawyers, accountants, doctors, and dentists, will not be required to comply with the Federal Trade Commission’s Red Flags Rule (FTC Rule) as a result of having made incidental advances of funds to their clients. Other businesses for whom the amendments provide compliance relief, at least in the absence of further rulemaking, include utility and telecommunications companies that do not advance funds to customers.

Further rulemaking is possible, however, because the FCRA amendments also give the FTC and each of the federal banking agencies authority to bring back within the FTC’s red flag requirements any other type of business that qualifies as a “creditor” under the ECOA if the agency determines, through rulemaking, that it offers or maintains accounts that are subject to a reasonably foreseeable risk of identity theft.

The FCRA amendments are intended to resolve confusion over who is subject to the FTC Rule, which was originally issued in 2007 to implement the FCRA’s red flag requirements. Under the FTC Rule, “financial institutions” and “creditors” that hold consumer and small business accounts must implement a written identity theft program designed to detect warning signs of such theft in their day-to-day operations. Having previously announced multiple extensions of the FTC Rule’s original November 1, 2008, compliance deadline, the FTC most recently announced that it was delaying enforcement of the FTC Rule through December 31, 2010, to allow Congress to consider the clarifying legislation. With the new law’s enactment, enforcement will begin on January 1, 2011.

Ballard Spahr’s Consumer Financial Services Group is nationally recognized for its guidance in structuring and documenting new consumer financial services products, its experience with the full range of federal and state consumer credit laws throughout the country, and its skill in litigation defense and avoidance (including pioneering work in pre-dispute arbitration programs). For more information, please contact Group Chair Alan S. Kaplinsky, 215.864.8544 or; Vice Chair Jeremy T. Rosenblum, 215.864.8505 or; John L. Culhane, Jr., 215.864.8535 or; Barbara S. Mishkin, 215.864.8528 or; or Mark J. Furletti, 215.864.8138 or  




Copyright © 2011 by Ballard Spahr LLP.
(No claim to original U.S. government material.)


All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.