Beginning June 1, 2010, the U.S. Federal Trade Commission (FTC) will enforce its “red flags” rule on identity theft. It had been delayed by the FTC from earlier announced dates of Aug. 1, 2009, and Nov. 1, 2009. The rule requires creditors and financial institutions to implement a written program to detect, prevent and mitigate identity theft in connection with the opening of a covered account or an existing covered account. (To learn more, see the SHRM Online article Red Flags Rule on Identity Theft Explained.
As part of its guidance on the rule, the FTC has posted frequently asked questions (FAQs) on its web site, some of which explain the application of the rule to employer-provided health and welfare plans. Specifically, the FAQs clarify that the rule applies to health care flexible spending accounts (FSAs) if they feature a debit card or similar option for accessing funds (e.g., checks or wire transfers).