Court Delays Red Flags Rule for AICPA Members

A district court has granted a delay in the enforcement of the Federal Trade Commission’s Red Flags Rule governing identity theft prevention for members of the American Institute of CPAs in public practice.

The Red Flags Rule is part of the Fair and Accurate Credit Transactions Act, which Congress passed in 2003. The rule requires financial institutions and creditors, including CPAs who bill clients, to develop and implement a written identity theft prevention program to protect customers’ personal information. The rule was originally intended to take effect on Nov. 1, 2008, but has been delayed three times by the FTC and is scheduled to take effect on June 1, 2010.

However, the AICPA filed suit last November to exempt CPAs from the requirement, claiming that the FTC exceeded its statutory authority by extending the rule to encompass accountants.

The U.S. District Court for the District of Columbia issued an order on March 18 stating that the FTC should continue to delay enforcement of the Red Flags Rule “with respect to members of the AICPA engaged in the practice of public accountancy for 90 days after the U.S. Court of Appeals for the District of Columbia renders an opinion in the American Bar Association’s case against the FTC.”

The American Bar Association has also sought to exempt attorneys from the Red Flags Rule. It filed suit against the FTC last August and received a summary judgment in its favor last October. An appeal in the ABA case is still pending.

For reprint and licensing requests for this article, click here.
Financial reporting
MORE FROM ACCOUNTING TODAY