Red Flags Rule Enforcement

Enforcement Effective December 31, 2010

After two years of confusion as to what business must comply and delays in enforcement the Red Flags Rules are now in effect, with the Federal Trade Commission (FTC) gearing up enforcement activity.  The Red Flags Program Clarification Act of 2010, signed into law on December 18, 2010, confirms that certain businesses are not within the scope of the Rules.  Attorneys, accountants, physicians, dentists and other healthcare professionals, and other small businesses are no longer subject to enforcement actions.  Dealerships however under the definition of a creditor if   they ” regularly and in the ordinary course of business: (i) obtains or uses consumer reports, directly or indirectly, in connection with a credit transaction; (ii) furnishes information to consumer reporting agencies in connection with a credit transaction; or (iii) advances funds to or on behalf of a person, based on an obligation of the person to repay the funds or repayable from specific property pledged by or on behalf of the person; however, a creditor that falls under (iii) is excluded from the requirements of the Red Flags Rules if the creditor advances funds for expenses incidental to a service provided by the creditor to the person”.

Red Flags Program from HotlinkHR™

Despite the delayed enforcement, compliance with the Red Flags rules is required.  The  FTC's Red Flags rule is specifically meant to prevent identify theft from occurring and requires all lending institutions, including auto and truck dealers, to establish and maintain a written Identity Theft Prevention Program ("ITPP") that is designed to detect, prevent, and mitigate identity theft. 

The HotlinkHR™ Red Flags Program includes all the necessary tools and guidance to:

  • Designate a compliance officer/coordinator
  • Perform a risk assessment
  • Draft and communicate policy and procedures
  • Conduct employee training
  • Undertake periodic audits
  • Obtain board approval and complete annual report

HotlinkHR™ will lead the user through the ITPP Builder to create a customized Identity Theft Prevention Plan. The HotlinkHR™ system then schedules all of the written acknowledgments, necessary training, and documentation. In addition, the Experience and Awareness Log and Annual Report are automated. This automated service makes compliance simple.

For more information on Red Flags Rule compliance click here for the Red Flags Rules Overview white paper or visit

Stay on top of ever changing HR regulations and compliance requirements with the HR Regulatory Update, KPA Compliance Newsletter and free live and recorded webinars.

The HR Regulatory Update is provided in conjunction with KPA partner, Ford & Harrison LLC, a labor and employment law firms with a national practice in all aspects of labor and employment law, providing HR advice to HotlinkHR™ clients.

Contact Us