Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Cybersecurity & Data Breaches

AICPA Sues FTC to Block Red Flags Applicability to Accountants

The American Institute of Certified Public Accountants (AICPA) on Tuesday filed a lawsuit against the Federal Trade Commission (FTC) challenging the applicability of the agency’s Red Flags Rule to Certified Public Accountants.  This comes on the heels of district court ruling in a lawsuit brought by the American Bar Association (ABA) reported here that the regulations do not apply to lawyers.

 We do not believe that there is any reasonably foreseeable risk of identity theft when CPA clients are billed for services rendered,” said  AICPA President and CEO Barry Melancon. “As trusted advisors, CPAs are personally acquainted with their clients and already adhere to strict privacy requirements governing identifying information.

The accountants’ lawsuit  alleges primarily that the FTC lacks authority to regulate CPAs just as it lacks authority to regulate lawyers, both of whom are regulated by state authorities.  In addition, the lawsuit claims that the FTC failed to explain how the manner in which public accountants bill their clients in the normal course of business constitutes an "extension of credit" under the rule and that it failed to identify any legally supportable basis for applying the rule to accountants.   The FTC specifically referred to accountants as potentially covered entities in its FAQs concerning the rule published over the Summer.  In promulgating the rule, the AICPA alleges that the FTC never identified CPAs as potentially covered entities.

The Red Flags rule has been the source of significant controversy which,  in addition to the lawsuit by the American Bar Association, has resulted in repeated extensions of the FTC enforcement date.  Currently, the FTC is set to enorce the rule on June 1, 2010.