AICPA challenges application of "red flags rule" to CPAs

Feb 10, 2012

Sep 01, 2011

The AICPA filed a lawsuit in the U.S. District Court for the District of Columbia seeking an injunction barring the Federal Trade Commission from applying the “red flags rule” to CPAs.

The AICPA’s complaint alleges that the FTC is exceeding its congressionally granted powers under the Fair and Accurate Credit Transactions Act of 2003 (FACTA) law by interpreting its red flags rule to apply to accountants. 

The complaint further alleges that the FTC has acted arbitrarily, capriciously, and contrary to law by failing to articulate a rational connection between the profession of public accounting and identity theft. The FTC failed to explain how the manner in which public accountants bill their clients in the normal course of business constitutes an extension of credit. The FTC further failed to identify any legally supportable basis for applying the rule to accountants.

CPAs could become subject to the FTC’s red flags rule, since interpretations from the FTC to other professional organizations (lawyers, physicians) indicate that a “creditor” includes “any entity that defers payments, even in the normal course of a traditional billing process.”  Therefore, if a CPA bills clients monthly, this could be considered an extension of credit that would require the CPA to have an internal program, subject to inspection and review, designed to detect, prevent and mitigate client identity theft.

The AICPA’s lawsuit follows an Oct. 30 order by U.S. District Court Judge Reggie B. Walton in an earlier, similar lawsuit by the American Bar Association seeking to enjoin the FTC from applying its Red Flags Rule to practicing attorneys. Judge Walton granted the ABA’s motion in a partial summary judgment, holding that the FTC had exceeded its authority by interpreting the term “creditor” to include attorneys engaged in the practice of law.

Also on Oct. 30, the FTC delayed enforcement of the red flags rule until June 1, 2010.