Congress has passed legislation exempting accountants from the Federal Trade Commission’s Red Flags Rule requiring businesses to implement a written identity theft protection program.

Barry Melancon

President Obama signed the legislation, which the American Institute of CPAs has lobbied heavily for, into law on Saturday. The Red Flags Rule calls for “creditors” to establish a program to protect customers, clients and patients from identity theft. The enforcement date is set to take effect on Dec. 31, 2010, after numerous postponements as various industries protested their inclusion under the rule.

The bill passed by Congress earlier this month and signed by Obama over the weekend, changes the definition of a creditor. Many health care providers such as doctors and physicians, as well as many law firms and other types of professional service providers, will also be exempted under the new law.

The Red Flags Rule was originally promulgated under the Fair and Accurate Credit Transactions Act of 2003. The new law, the Red Flag Program Clarification Act of 2010, exempts businesses that “advance funds on behalf of a person for expenses incidental to a service provided.”

The law also states that the rule should only apply to businesses that obtain or use consumer reports, directly or indirectly, in connection with credit transactions; furnish information to consumer reporting agencies in connection with a credit transaction; and advance funds to or on behalf of a person based on an obligation to repay the funds or repayable from specific pledged property.

The new law also gives the FTC the authority to promulgate regulations applying the rule to businesses whose accounts the FTC decides should be “subject to a reasonably foreseeable risk of identity theft.” However, the congressional record contains many instances of lawmakers specifically calling on Congress to exempt accounting practices, according to Lexology.com.

“The AICPA is pleased Congress passed and the President has signed into law S. 3987, the Red Flag Program Clarification Act of 2010, amending the Fair Credit Reporting Act,” said AICPA president and CEO Barry Melancon in a statement. “The AICPA, with help from CPA state societies nationwide, worked tirelessly on this issue. The bill makes clear that CPAs and CPA firms are not classified as 'creditors' for the purposes of the Federal Trade Commission's Red Flags Rule. CPAs and CPA firms often do not receive full payment from clients at the time services are rendered. That is not the same as a financial transaction like a bank loan or a credit card where ID theft is a risk. This legislation makes clear that a CPA's billing cycle isn’t an identity theft risk. This legislative fix to a burdensome regulation is a positive development in Washington.”

Melancon thanked Senators John Thune, R-S.D., Mark Begich, D-Alaska, and Christopher Dodd, D-Conn., for “their good work in getting this bill passed and making clear in Senate debate that congressional intent is the FTC’s Red Flags rule will not apply to accountants and other professional service providers."

The AICPA also commended Representatives Barney Frank, D-Mass., and Spencer Bachus, R-Ala., for bringing the bill to House consideration, as well as the bill’s authors Representatives John Adler, D-N.J., Mike Simpson, R-Idaho, and Paul Broun, R-Ga.