WASHINGTON (10/23/08)--Just about a week after federal credit union, bank and thrift regulators approved the examination procedures required to determine a financial institution's compliance with rules regarding identity theft "red flags" (12 CFR 222.90), the Federal Trade Commission (FTC) said it will suspend enforcement of the rule for six months until May 1, 2009. State-chartered credit unions fall under the FTC’s rules. The FTC said that its announcement and the release of an Enforcement Policy Statement do not affect other federal agencies’ enforcement of the original Nov. 1 deadline for institutions subject to their oversight. The National Credit Union Administration’s rule applies to federal credit unions. The FTC explained that it moved back its compliance timetable to give creditors and financial institutions “additional time in which to develop and implement written identity theft prevention programs.” The agency said that during its outreach effort, it found some industries and entities under the FTC’s jurisdiction were uncertain about their coverage under the rule. “Many entities also noted that, because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the Rule’s requirements too late to be able to come into compliance by Nov. 1, 2008. "The Commission’s delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the rule,” the FTC said in a release. Although the Credit Union National Association (CUNA) recognizes that the FTC's action is primarily directed at non-financial institution creditors not aware of these rules until recently, CUNA has contacted the NCUA to seek clarification regarding the extent to which that agency might apply this suspension to federal credit unions. The FTC’s delay does not apply to address discrepancy rules that were issued at the same time as the Red Flags rules. The Red Flags Rule was developed to implement parts of the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under the rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. A covered account generally is a consumer account or any other account the institution determines carries a foreseeable risk of identity theft. Earlier this month, the federal credit union, bank and thrift regulators approved the examination procedures required to determine a financial institution's compliance with identity theft "red flags" rules (12 CFR 222.90) and other regulations under the Fair Credit Reporting Act (FCRA). Use the resource link below to interagency exam procedures.