| Test Your Human Resources Knowledge | ||
|
| Labor Law Journal Submissions | ||
|
| Labor Arbitrators' Awards and Biographies | ||
5500 Preparer's Manual for 2012 Plan Years
The premier resource in the field of Form 5500 preparation, 5500 Preparer's Manual will help you handle the required annual Form 5500 filings for both pension benefits and welfare benefit plans.
The Federal Trade Commission (FTC) has delayed enforcement of the "Red Flags" rule concerning identity theft prevention until November 1, 2009 and has provided guidance on the applicability of the rule to employee benefit sponsors and administrators in a series of Frequently Asked Questions (FAQs) posted to its website. The Red Flags rule requires many businesses and organizations to implement a written identity theft prevention program to detect warning signs —"red flags" —of identity theft in their day-to-day operations.
"Red Flags" rule addresses identity theft
The Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision (collectively, the financial regulatory agencies), and the FTC developed the Red Flags rule, as mandated by the Fair and Accurate Credit Transactions Act of 2003 (P.L. 108-159). The Red Flags rule requires "creditors" and "financial institutions" with covered accounts to implement programs to identify, detect, and respond to red flags that could indicate identity theft. Whether a business or organization is a creditor or financial institution is not based on the line of work of the entity, but instead on whether the entity's activities fall within the definitions in the law.
The definition of "creditor" is broad and includes any entity that regularly extends or renews credit —or arranges for others to do so —and that regularly permits deferred payments for goods or services. However, accepting credit cards as a form of payment does not, by itself, make an entity a creditor. "Financial institutions" include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means. "Covered accounts" are either consumer accounts designed to permit multiple payments or transactions, or any other account that presents a reasonably foreseeable risk from identity theft.
The FTC notes that while many entities have set up and implemented programs, some —in particular, small businesses and entities with a low risk of identity theft —remain uncertain about their obligations. To assist these entities, the FTC has, among other things, delayed enforcement of the rule until November 1, 2009 and has provided additional guidance.
Application of rule to entities administering employee benefits
The FTC has provided frequently asked questions (FAQs) that address how the FTC intends to enforce the Red Flags rule and other topics. The FTC cautions that the FAQs represent the opinions of the FTC staff and are not binding on the FTC.
Some of the questions address entities involved with providing or administering employee benefits. One question is whether a company offering individual retirement plans, such as 401(k) plans, would be a creditor because the plans allow participants to get loans from their plan accounts. The FTC responded that merely allowing participants to borrow from their own funds would not, by itself, make a plan sponsor or a plan a creditor under the rule.
Where the employer is itself a financial institution or a creditor, the employer would not need to include the individual retirement plan, such as a 401(k) plan, in a written identity program because, in such an arrangement, the account that a participant establishes is not with the employer or plan sponsor. Rather, the participant establishes the account with the plan itself, which is a separate legal entity from the employer.
A company is not considered to be a creditor because it offers employees health care flexible spending accounts (FSAs) that reimburse them for elected amounts that are more than they have contributed to date. Also, a third-party administrator that maintains the FSAs for employees of other companies is not considered a creditor. Health care FSAs operate like insurance plans, according to the FTC staff, in that employers must make the entire amount elected by participants available to them from the beginning of the plan year. If an employee leaves the company before the end of the year, they are not required to make up any difference between the amount they contributed and the benefits they received. In addition, if a company provides government benefits or administers FSAs and gives customers a debit card to access benefits, the company would be considered a financial institution. The definition of "financial institution" includes businesses that have accounts a customer can use to make payments or transfers to third parties.
Finally, the FAQs state that creditors or financial institutions have to develop identity theft prevention programs even if they already comply with data security requirements like the Health Insurance Portability and Accountability Act (HIPAA) or the Gramm-Leach-Bliley Act. The Red Flags rule is not about data security; it picks up where data security leaves off, according to the FTC staff. It is meant to help victims and businesses by having companies set up procedures to look for and respond to red flags when identity thieves do get someone's personal information and try to use that information.
Penalties and prosecution
There are potential penalties for noncompliance with the Red Flags rule. However, the FTC staff recognizes that there may be creditors that have a low risk of identity theft. As a matter of prosecutorial discretion, the FTC staff would be unlikely to recommend bringing a law enforcement action if the creditor knows its clients individually, if the creditor provides services to customers in or around their homes, or if the creditor is involved in a type of business where identity theft is rare.
For more information, see the FTC's Red Flags website, www.ftc.gov/redflagsrule.
Source: Federal Trade Commission News Release, July 29, 2009 and www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm.
For more information on this and related topics, consult the CCH Pension Plan Guide, CCH Employee Benefits Management, and Spencer's Benefits Reports.
Visit our News Library to read more news stories.
©2005-2024 CCH Incorporated or its affiliates
