According to a BNA report, the Red Flag Rules require financial institutions or creditors that have “covered accounts” to develop prevention programs that identify relevant patterns, practices, and specific activities that are “red flags” for possible identity theft.
In addition, BNA said interagency guidance in the form of Frequently Asked Questions (FAQs), released June 11, said an individual retirement account (IRA) is a “covered account” because it involves “a continuing relationship established by a person with a financial institution or creditor to obtain a product or service for personal, family, household, or business purposes.”
The guidance raised the question of whether sponsors of simplified employee pensions (SEPs) and savings incentive match plans for employees (SIMPLEs) are subject to the Red Flag Rules, but Mohapatra clarified to BNA that just because an employer is a financial institution or creditor, the plan does not necessarily have to be included in an identity theft program if that plan is not a “covered account.”
Mohapatra said the FTC has determined that the conduct of allowing plan participants to take loans from their own accounts does not make the plan sponsor a creditor under the Red Flag Rules. He explained that when participants obtain loans from their own accounts, they are not receiving credit.
In the case of 401(k) plans, which are separate legal entities from the employer or plan sponsor, the participants are establishing a continuing relationship with the plan itself, so the plan sponsor or recordkeeper would not have to consider the plan accounts in deciding to institute an identification theft program, he added, according to BNA.
Mohapatra told BNA additional guidance in the form of FAQs will address these issues.
« New ETF Designed to Minimize Single Sector Impact on Returns