AUGUST 2010

ARE YOU COMPLYING WITH THE NEW RED FLAG RULES?
Jeff Holt, CPA - Partner, Assurance & Advisory Practice

In October 2007, the Federal Trade Commission (FTC) issued the Red Flags Rule for financial institutions and creditors to help fight identity theft. The rule requires these businesses to implement a written identity theft program designed to detect the warning signs, or “red flags” of identity theft in their operations. The program must include the following 4 basis elements: • • • • • • • Reasonable policies and procedures to identify the red flags of identity theft that may arise in the day-to-day operations of your business. The program must be designed to detect the red flags that have been identified. For example, if an entity has identified fake ID’s as a red flag, it must have procedures in place to detect possible fake, forged, or altered identification. The program must spell out appropriate actions to take when red flags are detected. The program must address how the program will be reevaluated periodically to reflect new risks from this crime because identity theft is an ever-changing threat.

So how does this new rule affect a nonprofit organization? Well, the Rule applies to organizations who are deemed creditors, and while one may not immediately

identify a nonprofit as a creditor, some in fact are. While the Rule does not name specific types of organizations that have to comply with the Rule, for nonprofits, compliance requirements are based on the types of accounts that the organization has with its customers or client. Examples include: a) Payment plans for tuition at a college or university b) Club dues of nonprofit that are allowed to be paid in installments Because of their creditor status in these situations, the Red Flag Rule currently would apply to nonprofits. So does a nonprofit have to immediately comply? Well, it’s a bit up in the air right now. At the request of Congress, the FTC is further delaying enforcement of the Red Flags Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule. So stay tuned! For more information, or if we can be of assistance to you, please do not hesitate contact one of SingerLewak’s Nonprofit Partners:

Stephen P. Carter - Silicon Valley SCarter@singerlewak.com Jeff Holt - Los Angeles JHolt@singerlewak.com

Lewis Sharpstone - Los Angeles LSharpstone@singerlewak.com Rob Schlener - Orange County RSchlener@singerlewak.com