The Red Flags Rule was created by the Federal Trade Commission (FTC), along with other government agencies such as the National Credit Union Administration (NCUA), to help prevent identity theft.
[2] Under the Clarification Act, a creditor regularly and in the course of business: This definition was further clarified United States Court of Appeals For the District of Columbia Circuit in its March 4, 2010 ruling on The American Bar Association vs. Federal Trade Commission.
[6] The red flags fall into five categories: The FTC has a created a template for businesses that can be populated to meet an individual company's needs.
The Red Flags Rule requires that each "financial institution" or "creditor"—which includes most securities firms—implement a written program to detect, prevent and mitigate identity theft in connection with the opening or maintenance of "covered accounts."
On April 19, 2013 the SEC and CFTC published their joint final Identity Theft Red Flags Rule and guidelines to be effective May 20, 2013, with a compliance date of November 20, 2013.