New Federal Trade Commission "Red Flag" Rules; Most Telecom Carriers Must Comply

With today's e-lert, JSI notifies clients of newly effective requirements mandating the creation of an Identity Theft Prevention Program by November 1, 2008.  As part of a heightened national effort to fight identity theft in new and existing consumer accounts, several federal agencies, including the Federal Trade Commission (FTC), have issued rules requiring both financial institutions and creditors to implement a written prevention program to detect, prevent, and mitigate identity theft in connection with the opening of an account or any existing account.  The new rules also provide examples of numerous forms of activity or "red flags" that indicate a possible risk of identity theft.

The final rules implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), which added new provisions to the Fair Credit Reporting Act of 1970 (FCRA).  The new rules became effective January 1, and they require mandatory compliance by November 1, 2008.  As we explain below, JSI believes most telecommunications carriers meet the definition of the term "creditor" used in the rules and, therefore, must comply with the red flag rules, creating a written prevention program as well as training company personnel to implement it.

Telecommunications Carriers as "Creditors"

In determining whether the new rules apply, companies must first determine their status as a creditor.  Under the FCRA, the term has the same meaning as in Section 702 of the Equal Credit Opportunity Act (ECOA), 15 U.S.C. 1691a, which defines "creditor" as "...any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit." Additionally, 16 C.F.R. Sec. 681.2(b)(5) states that creditors include "...lenders such as banks, finance companies, automobile dealers, mortgage brokers, utility companies and telecommunications companies" (emphasis added).  Concerning "credit," 15 U.S.C. 1691a defines the term as "...the right granted by a creditor to a debtor to defer payment of debt or to incur debts and defer its payment or to purchase property or services and defer payment therefore."  Based on a straightforward reading of these definitions, JSI believes that the rules may also apply to a company's non-telecom-related affiliate operations; i.e., video/cable or VoIP service provider.  JSI recommends that clients consider the applicability of the terms "creditor" and "credit" to all affiliated entities and not simply telecom-related operations.

Covered Accounts

It is also important to note that the rules only require financial institutions and creditors that offer or maintain "covered accounts" to develop and implement a written Identity Theft Prevention Program.  After reviewing the definition of a covered account in the rules, JSI believes it is apparent that most telecom carriers serve such accounts and are required to implement the new rules.  A "covered account" includes: 1) an account primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions, or 2) any other account for which there is a reasonably foreseeable risk to customers or the safety and soundness of the financial institution or creditor from identity theft.

 Identity Theft Prevention Program

A company's written program must include four basic tenets to maintain reasonable policies and procedures for detecting, preventing, and mitigating identity theft.  The program must enable a financial institution or creditor to:

1. Identify relevant patterns, practices, and specific forms of activity that are "red flags" signaling possible identity theft and incorporate those red flags in the program;
2. Detect red flags that have been incorporated in the program;
3. Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
4. Ensure the program is updated periodically to reflect changes in risks from identity theft.

The rules also detail additional steps that companies must take in implementing their program, such as obtaining approval by the board of directors, maintaining oversight, training staff, and overseeing service provider arrangements.

Next Steps

JSI is assessing the impact of these new rules on client companies and will continue to communicate our findings and recommendations to ensure compliance.  JSI plans to host a webinar in the next month or two to provide additional detail on this issue.  If your company is interested in participating in such a webinar, or if you have questions concerning this issue, please contact John Kuykendall (jkuykendall@jsitel.com) or John Becci (jbecci@jsitel.com) in our Maryland office at 301-459-7590, or Craig Cook (ccook@jsitel.com) in our Texas office at 512-338-0473.

Semi-Annual Video/Cable Copyright, Royalty Fee Filings

JSI reminds clients with video/cable operations that cable copyright statement of account forms and royalty payments for the first half of calendar year 2008 must be received by the Library of Congress Copyright Office by August 29.  Note that all cable copyright royalty fees must be made via electronic funds transfer.  Video/cable providers should note the following:

• Semiannual gross receipts of $527,600 or more for the January 1 - June 30, 2008 accounting period must be reported on the SA3 Long Form and requires detailed reporting of distant signal carriage.  If you have completed SA1-2 Short Form statements in the past and are approaching this threshold, you should review your channel lineup as the carriage of distant signals significantly affects the copyright royalty fee calculation.
• If you use a shared headend, the copyright rules require that you file a cable TV/video copyright statement of account as one system.  Thus, even if the cable TV/video systems are owned by different entities, two or more cable facilities will be considered as one (individual) cable system if they share a common head-end.

If you have any questions about this information or would like assistance with this report, please contact John Becci (jbecci@jsitel.com) in JSI's Maryland office at 301-459-7590.