CPAs Gain Statutory Exemption From Red Flags Rule 

Following years of advocacy efforts and a legal battle, CPAs received a permanent exemption from the Federal Trade Commission’s Red Flags Rule with President Barack Obama’s signing of the Red Flag Program Clarification Act of 2010 on Saturday, December 18, 2010.

In 2003, Congress passed legislation (Fair and Accurate Credit Transactions Act, or “FACTA”) intended to curb identity theft.  Pursuant to this legislation, the FTC issued, on November 9, 2007, a "Red Flags" rule that requires “creditors” or “financial institutions” with “covered accounts” to implement a written identity theft prevention program to detect warning signs of identity theft in their day-to-day operations. Enforcement of the rule has been postponed numerous times—most recently until Dec. 31, 2010—since the original Nov. 1, 2008, effective date.

“The AICPA is pleased Congress passed and the president has signed into law S. 3987, the Red Flag Program Clarification Act of 2010, amending the Fair Credit Reporting Act,” said AICPA President and CEO Barry Melancon in a statement. “The AICPA, with help from state CPA societies nationwide, worked tirelessly on this issue. The bill makes clear that CPAs and CPA firms are not classified as ‘creditors’ for the purposes of the FTC’s Red Flags Rule. CPAs and CPA firms often do not receive full payment from clients at the time services are rendered. That is not the same as a financial transaction like bank loan or a credit card where ID theft is a risk. This legislation makes clear that a CPA's billing cycle isn’t an identity theft risk. This legislative fix to a burdensome regulation is a positive development in Washington.”