Skip to main content

Financial institutions and creditors are now required to develop and implement written identity theft prevention programs under the new "Red Flags Rules."

The Red Flags Rules are part of the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under these Rules, financial institutions and creditors with covered accounts must have identity theft prevention programs in place by November 1, 2008, to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.

The Commission staff is launching an outreach effort to explain the Rules in greater detail. It has now published a general alert on what the Rules require, and, in particular, an explanation of which businesses - financial institutions and creditors - are covered by the Rules.

"We want financial institutions and creditors to know that they are covered by the Red Flags Rules and to understand what is required of them," said Lydia Parnes, Director of the Bureau of Consumer Protection at the Federal Trade Commission. "We encourage all organizations that have ongoing accounts or relationships with consumers to keep an eye out for red flags that signal identity theft. But this rule does not apply to every business or employer; only those entities that are considered creditors or financial institutions are subject to the Red Flags Rules."

To learn more, go to

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.

(Red Flags FYI.wpd)

Contact Information

Office of Public Affairs