July 18, 2018

Identity theft

The “Red Flags” Rule is Still Useless for CPAs

In more government bureaucracy news, the FTC is granting a reprieve to CPAs when it comes to a new law that deals with identity theft, one which some CPAs say is useless given professional responsibility.

The new FTC rules requires businesses to “develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities -– known as ‘red flags’ — that could indicate identity theft.” The problem with that, of course, is that the AICPA Code of Professional Conduct already deals with the issue of identity theft in that there is an iron-clad confidentiality rule by which all CPAs must abide. Seems simple, right?


The US District Court has ordered an FTC delay of the rule for AICPA members in public practice, says the Maryland Association of CPAs. Barry Melancon, AICPA President said in 2009 when the AICPA filed a lawsuit against the FTC, “We do not believe that there is any reasonably foreseeable risk of identity theft when CPA clients are billed for services rendered. As trusted advisors, CPAs are personally acquainted with their clients and already adhere to strict privacy requirements governing identifying information.”

Don’t take it personal, Barry, the FTC is just trying to do its job, even if that means overreaching its authority and attempting to place restrictions on professionals who already go above and beyond the intent of the FTC on a daily basis.

In the meantime – and just in case the rule cannot be delayed indefinitely (as is, implementation has been put off until June 1, 2010) – the AICPA has some guidance for CPAs on creating an identity theft prevention program. Keep in mind the new requirements, if implemented, only affect CPAs who bill their clients on a monthly or revolving basis as it is meant to place additional controls in client billing.

The American Bar Association is also fighting the rule.

Another ‘Red Flags’ delay: CPAs get 90 more days [CPA Success]