Skip to Content
Domina Law Group pc llo Domina Law Group pc llo
Call Us Today! 888-387-4134

'Red Flag' Regulations Require Financial Institutions and Creditors to Have Identity Theft Prevention Programs


Financial institutions and creditors are required to develop and implement written identity theft prevention programs under the new "Red Flags Rules." The Federal Trade Commission’s portion of the Regulations are codified at 16 C.F.R. § 681.1 et seq.

The Red Flags Rules are part of the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under these Rules, financial institutions and creditors with covered accounts must have identity theft prevention programs in place to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. “Identity theft” is defined in the Red Flag Regulations as “a fraud committed or attempted using the identifying information of another person without authority.”

Among other things, “identifying information” is defined to include “any name or number that may be used … to identify a specific person, including any name, social security number, or [personal identifying number] … ; unique electronic identification number, address, or routing code; or telecommunication identifying information or access device.” The Commentary notes that the creation of a fictitious identity using any single piece of information belonging to a real person, small business or sole proprietorship falls within the definition of identity theft because such a fraud involves “using the identifying information of another … without authority.”

The Commission staff provides help to understand legal requirements in an outreach effort to explain the Rules in greater detail. It published a general alert on what the Rules require, and, in particular, an explanation of which businesses- financial institutions and creditors- are covered by the Rules.

"We want financial institutions and creditors to know that they are covered by the Red Flags Rules and to understand what is required of them," said Lydia Parnes, Director of the Bureau of Consumer Protection at the Federal Trade Commission. "We encourage all organizations that have ongoing accounts or relationships with consumers to keep an eye out for red flags that signal identity theft. But this rule does not apply to every business or employer; only those entities that are considered creditors or financial institutions are subject to the Red Flags Rules."

Details can be found at

What is the Federal Trade Commission?

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.

The FTC publishes and makes available on its website a “How-To” guide to the Red Flags Rule entitled: “Fighting Fraud with the Red Flags Rule”.

Domina Law Group pc llo is a firm of trial lawyers. We specialize in complex litigation on a national basis. Our lawyers are ethical, aggressive, and committed to providing spirit and vitality to the judicial system and our client’s legal rights.

Share To: