With all the election news in the United States this political season, a law that affects how well U.S. financial institutions and related businesses protect their customers may have flown under the radar. On November 1, the new “Red Flag” requirements for financial institutions and creditors took affect.

The Federal Trade Commission and the National Credit Union Administration have issued rules under the Fair and Accurate Credit Transactions Act (FACT Act) that now require financial institutions and creditors to protect transaction accounts used for payments and money transfers and covered accounts used mainly for personal transactions against identity theft.

The laws require that financial organizations “implement a program to detect, prevent and mitigate instances of identity theft.” Furthermore, the laws say these organizations must have in place “programs which provide for the identification, detection and response to patterns, practices or specific activities — known as ‘red flags’ — that could indicate identity theft.”

While many financial institutions and credit unions have been aware of the identity theft threat for years and installed their own safeguards as best practice, it is a safe bet to assume that not all the organizations covered by the laws will be compliant. Some organizations have complained the new laws place an undue financial burden on them as they must ramp up their own internal sources or seek outside help to become compliant.

Identity theft is becoming easier to commit each day and the people who pursue such click-through theft seem to be more daring as well.

While the penalties for non-compliance can be as high as $2,500 per infraction, the real reason for organizations to comply with the Red Flags Rules is that it protects their money from financing people who shouldn’t be financed.