AICPA Calls for CPA Exemption From Recently Delayed Red Flags Rule

BY MATTHEW G. LAMOREAUX

The AICPA on Tuesday asked the Federal Trade Commission (FTC) to exempt CPAs from certain provisions of its Red Flags Rule to prevent identity theft. The current action by the AICPA follows an FTC announcement last week that it would delay enforcement of the rule until Nov. 1.

 

The Red Flags Rule, which was released Nov. 9, 2007, under the Fair and Accurate Credit Transactions Act of 2003 , requires businesses and organizations within its scope to implement a written identity theft prevention program to detect warning signs of identity theft in their day-to-day operations. Enforcement of the rule has been postponed three times since the original Nov. 1, 2008, effective date.

 

The rule applies to what it calls “financial institutions” and “creditors.” However, according to the FTC Web site, the definition of “creditor” in the rule is broad, and includes businesses or organizations that regularly provide goods or services first and allow customers to pay later. As examples, the FTC says utilities, health care providers, lawyers, accountants, and other professionals, and telecommunications companies may fall within the definition.

 

“We are concerned with the potentially broad application of the Red Flags Rule to the accounting profession, and do not believe that there is any reasonably foreseeable risk of identity theft when CPA clients are billed for services rendered,” wrote AICPA CEO Barry Melancon in an Aug. 4 letter to the FTC.

 

Melancon pointed out that CPAs are personally acquainted with their clients and adhere to strict privacy requirements related to identifying information. “We suggest that the likelihood of misrepresentation or theft of one’s identity is so low that the burdens associated with the Rules’ requirements outweigh the benefits,” he wrote.

 

The AICPA has also asked state CPA societies to write to the FTC and to their representatives in Congress about this issue.

 

—Matthew G. Lamoreaux is a JofA senior editor. His e-mail address is mlamoreaux@aicpa.org.

 

SPONSORED REPORT

Why cybercriminals are targeting CPAs

This free report expands on the most commonly found scams, why education and specialized IT knowledge help to lessen security vulnerabilities, and why every firm should plan carefully for how it would respond to a breach.

PODCAST

How tax reform — and Excel — are changing the CPA Exam

Mike Decker, the vice president of examinations at the AICPA, discusses changes being made to the exam as a result of tax reform — and about how Excel will now be available for use on the test.