You and the Law
If You Haven't Heard of the Red Flags Rule, You Need to Read This
If you are like most businesses in this industry, you probably cannot imagine a customer ordering goods from you under a fictitious name or providing a fraudulent form of payment (your customers may not always pay on time, but at least they aren’t stealing credit cards to pay for goods). However, regardless of the actual or theoretical risk of fraud in your business, if you extend any sort of credit to a customer, you must comply with the new Red Flags rule.
To determine if you qualify, the Federal Trade Commission has published a guidebook at: www.ftc.gov/bcp/edu/pubs/business/idtheft/bus23.pdf. This is a good resource to consult, in addition to an attorney. Remember, PMA members are entitled to three free hours of legal advice from my firm—we can provide guidance on this rule. It says, in general, that any business that delivers a good or provides a service and later bills the customer/client is considered a creditor. A Net 30 account is considered a form of credit—any company that receives payment subsequent to delivery of goods or subsequent to providing a service is considered a creditor under the currently written law.
This all-encompassing rule is being challenged by the American Bar Association on behalf of lawyers. It is likely that other industries will either challenge the law in court or lobby for exclusion through their elected representatives. However, at this time, no exceptions are written into the law.
In order to comply, written policies must be adopted in accordance with the rule. Again, the Federal Trade Commission has published a guideline on how to create these policies: www.ftc.gov/bcp/edu/microsites/redflagsrule/diy-template.shtm. The policies must identify your risk level, detail how you will detect red flags, give guidance on how to respond to red flags, and must give instruction on the future administration of the Red Flag program.
Once you have created an acceptable policy, the rule must be formally adopted by the company’s board. For smaller corporations, the policy must be signed by the owner. The Red Flags rule requires the policy to be written, regardless of whether the measures are already in place, whether or not your company has a lawyer on staff. Even if you outsource your accounting, you still are required to have a written policy. Furthermore, the policy must be examined for changes and updates, and then formally renewed by the board of directors or the owner each year.
As of December 1, 2010, the rule is set to take effect on December 31. Nobody knows for sure if it will—the Federal Trade Commission has delayed it repeatedly over the past two years. Unfortunately, because the Federal Trade Commission has not yet announced a delay, it is better to become compliant as soon as possible rather than waiting. Even if you have missed the deadline, creating the policy as soon as possible is highly recommended.
Compliance will be monitored by the Federal Trade Commission, which likely will issue large fines for noncompliance if your company is ever involved with a consumer/business who reported identity theft (as the victim), or if you actually were involved in a fraudulent transaction and did not have properly document compliance with the Red Flags rule. We do not know if any spot checks will be done or what methods the Federal Trade Commission will ultimately use to determine compliance (absent the investigation of complaints of identity theft) at this time.
The good news, for most metalformers, is that a bill recently has been introduced that would create an exception for businesses “that advance funds on behalf of a person for expenses incidental to a service provided by the creditor to that person.” If this bill passes as written, it may exempt manufacturers that sell goods they manufacture on credit. MF
There are no comments posted at this time.