Compliance with the Red Flags Rule

The “Red Flags” Rule is a regulation which will go into effect December 31, 2010 and which will apply to all “financial institutions” and “creditors” with “covered accounts.” “Creditors” are defined as:

  • any person who regularly extends, renews, or continues credit;
  • any person who regularly arranges for the extension, renewal, or continuation of credit; or
  • any assignee of an original creditor who participates in the decision to extend, renew, or continue credit.

The term "credit" means the right granted by a creditor to a debtor to defer payment of a debt incurred for goods and services. Installment plans and payment plans may qualify as “credit” under the Red Flags Rule.

Under these definitions, community associations and/or property managers may be considered creditors if the association accepts installment payments for assessments, special assessments, capital assessments, reserve assessments or other required payments, and/or there is a reasonable risk of identity theft of consumer data based on size of the association, number of employees with access to association member financial records, and frequency of financial transaction with residents.

Based on the broad application of the rules by the FTC, it is probably best for community associations and property management companies to voluntarily adopt an identity theft prevention plan which would comply with the rules, especially considering how simple the creation of such a plan can be. CAI has prepared a sample compliance policy for associations who wish to comply with the rule or who want to put a policy to provide protections to member financial data.

There are four basic components to the plan required by the Red Flag Rule:

(1) Identify relevant red flags that would signal identity theft;

(2) Determine how the association will detect the red flags that were identified as relevant;

(3) Decide how to respond to any red flags that materialize; and

(4) Document how the Program will be administered and updated with approval of the Board.

If you have any questions we can answer, please feel free to leave a comment or contact us directly. We look forward to continuing this conversation with you in our future posts!