top of page

Nonprofit Compliance, Nonprofit Compliance Laws 

An ongoing series of informational entries

Red Flag Rule -Required Identity Theft Prevention Program

February 14, 2019

Federal Trade Commission: Posted on Thursday, July 21, 2011 3:23 PM

Federal Trade Commission Red Flag Rule -- Law change as of December 2010 sites/red flag rule/index.shtml

As stated by the Federal Trade Commission and as indicated in the above link, verbatim:

The following is a direct statement from the federal trade commission website, sites/red flag rule/index.shtml

" Are you complying with the Red Flags Rule?"

The Red Flags Rule (in the majority of cases The Red Flags Rule applies to nonprofit health centers and other nonprofits that have a client billing system)

"Requires many businesses and organizations to implement a written identity theft Prevention Program designed to detect the warning signs — or "red flags" — of identity theft in their day-to-day operations. By identifying red flags in advance, businesses will be better equipped to spot suspicious patterns that may arise -- and take steps to prevent a red flag from escalating into a costly episode of identity theft. Resources on this site can help business people educate their staff and colleagues about complying with the Red Flags Rule."

"What Compliance Looks Like?"

"Your Identity Theft Prevention Program is a "play book"that must include reasonable policies and procedures for detecting, preventing,and mitigating identity theft. "

"Your Program should enable your organization to:

1. identify relevant patterns, practices, and specific forms of activity — the "red flags" — that signal possible identity theft;

2. incorporate business practices to detect red flags;

3. detail your appropriate response to any red flags you detect to prevent and mitigate identity theft; and

4. be updated periodically to reflect changes in risks from identity theft. "

"The Red Flags Rule also includes guidelines to help financial institutions and creditors develop and implement a Program, including a supplement that offers examples of red flags. The FTC and the federal financial agencies have issued and answers to help businesses comply with the Rule."

"Who Must Comply with theRed Flags Rule?"

"The Rule requires "financial institutions" and"creditors" that hold consumer accounts designed to permit multiple payments or transactions -- or any other account for which there is a reasonably foreseeable risk of identity theft -- to develop and implement an identity Theft Prevention Program for new and existing accounts. "

"The definition of "financial institution" includes:

all banks, savings associations, and credit unions, regardless of whether they hold a transaction account belonging to a consumer; and

anyone else who directly or indirectly holds a transaction account belonging to a consumer."

"A change in the law on December 18, 2010 amended the the definition of "creditor," and limits the circumstances under which creditors are covered. The new law covers creditors who regularly, and in the ordinary course of business, meet one of three general criteria. They must:

obtain or use consumer reports in connection with a credit transaction;

furnish information to consumer reporting agencies in connection with a credit transaction; or

advance funds to -- or on behalf of -- someone, except for funds for expenses incidental to a service provided by the creditor to that person. "

"Bookmark this site and check it often for revisions that reflect changes in the law." written by the Federal Trade Commission

Nonprofit Integrity Act of 2004

CA Government Charities Publication: Posted on Sunday, July 31, 2011 4:37 PM

Nonprofit Integrity Act of 2004 -- Must Know!!!

bottom of page