Red Flag Clarification Act of 2010 – Keeping Red Flags on the Radar

by Margaret Wright, Esq.

The Red Flag Program Clarification Act of 2010, effective December 18, 2010, is substantively an amendment to the definition of creditor as used in Section 615(e) of the Fair Credit Reporting Act. 

The Red Flag Program Requirement

Section 615(e) of the Fair Credit Reporting Act establishes the requirement for Red Flag Guidelines and Regulations as applicable in part to financial institutions offering mortgage services.

The Federal banking agencies, the National Credit Union Administration, and the (Federal Trade)
Commission shall jointly:

(A)   establish and maintain guidelines for use by each financial institution and each creditor regarding identity theft with respect to account holders at, or customers of, such entities, and update such guidelines as often as necessary;

(B)   prescribe regulations requiring each financial institution and each creditor to establish reasonable policies and procedures for implementing the guidelines established… to identity possible risks to account holders or customers or to the safety and soundness of the institution or customers;

Creditor Clarification

Under section 702 of the Equal Credit Opportunity Act, a creditor is “any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit.”  The Red Flag Program Clarification Act of 2010 (“the Act”) refines this definition of creditor as used in Section 615(e) of the Fair Credit Reporting Act as follows:

A creditor, as defined in section 702 of the Equal Credit Opportunity Act, that regularly and in the ordinary course of business:

(i)   obtains or uses consumer reports, directly or indirectly, in connection with a credit transaction;

(ii)   furnishes information to consumer reporting agencies…in connection with a credit transaction; or

(iii)   advances funds to or on behalf of a person, based on an obligation of the person to repay the funds or repayable from specific property pledged by or on behalf of the person.

With respect to subparagraph (iii), the Act further explains that this definition does not include a creditor “that advances funds on behalf of a person for expenses incidental to a service provided by the creditor to that person.”

The Act reiterates that a creditor under the Red Flags Rule may also be determined based on the offering or maintenance of “accounts that are subject to a reasonably foreseeable risk of identity theft.”

Impact of the Red Flag Program Clarification Act

The main clarification of the Act lies with the subparagraph (iii) definition of creditor, or more importantly what that definition does not include as outlined in paragraph (B):  a creditor “that advances funds on behalf of a person for expenses incidental to a service provided by the creditor to that person.”  Previously, the definition of creditor used under the Rules and as prescribed by the Federal Trade Commission had been inclusive of small businesses not normally thought of as creditors as a result of their established payment plans for services rendered.  No longer will these businesses be considered creditors under the Red Flags Rule. 

Important  in further distinguishing creditors is paragraph (C) of the Act in which coverage is “based on a determination that such creditor offers or maintains accounts that are subject to a reasonably foreseeable risk of identity theft.”  The determination of risk under paragraph (C) will be made by the agency which has authority over the creditor.  The decision making agency will be as stated in the Fair Credit Reporting Act Section 615(e)(1):  the Federal banking agencies, the National Credit Union Administration and the Federal Trade Commission.  In the upcoming weeks the Federal Trade Commission will be updating their Red Flag information and interpretation to reflect the new Act at http://www.ftc.gov/redflagsrule.

The Red Flag Program Clarification Act solidifies the inclusion of financial institutions offering mortgage services under the Red Flag requirements as the definitions of subparagraphs (i), (iii) and (iii) are met by standard mortgage lending practices and the paragraph (B) exclusion does not apply.

Although the new clarification of the definition of creditor under the Red Flags Rule does not further impact the application of the Rule to financial institutions offering mortgage services, let the Act serve as a reminder to keep your fraud protection and identity theft prevention practices current and compliant.  Bankers Advisory can provide a customized Red Flags Plan that is especially tailored for your business model.  For more detailed information about Bankers Advisory policy manuals, please contact Lindsay Sayre Kift, Esq., at 617-489-2008 or by email to lindsay@bankersadvisory.com.    Under the law, plans must be in place by December 31, 2010.


Margaret is a Compliance Specialist and Associate Counsel at Bankers Advisory.  She is a graduate of Stonehill College and received her Juris Doctor from Suffolk University School of Law. She is a member of the Massachusetts Bar Association.  Have a question?  E-mail her directly at margaret@bankersadvisory.com

  • 781-402-6443

Margaret Wright, JD, is regulatory compliance director with CLA. She is a graduate of Stonehill College and earned her juris doctor at Suffolk University Law School. She is admitted to the Massachusetts Bar.

Comments are closed.