Red flags effective date looming for CPA firms

Feb 10, 2012

Sep 01, 2011

Without further extensions, Dec. 31, 2010, is the effective date for compliance with the “red flags” rule from the Federal Trade Commission (FTC).

The U.S. Appeals Court will hear oral arguments on Nov. 15 in the American Bar Association’s (ABA) lawsuit.  The U.S. District Court in Washington, D.C. originally ruled in favor of the ABA’s lawsuit to exempt lawyers from the red flags rule requirements. However, the FTC appealed the ruling. The AICPA filed a similar lawsuit on behalf of its members in public practice.

The red flags rule requires financial institutions and creditors to develop and implement written identity theft prevention programs, as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003.

The FTC could stretch the regulation to include CPAs and other professional organizations indicating that a “creditor” includes “any entity that defers payments, even in the normal course of a traditional billing process.” Therefore, if a CPA bills clients monthly, this could be considered an extension of credit that would require the CPA to have an internal program, subject to inspection and review, designed to detect, prevent and mitigate client identity theft. 

“Red flags” rule resources