As expected, President Obama has signed into law the “Red Flag Program Clarification Act of 2010.” The measure narrows the definition of “creditor” in the Fair Credit Reporting Act and thus excludes CPAs and CPA firms from having to comply with the Federal Trade Commission's “red flags rule,” which requires certain business entities to “develop and implement written identity theft prevention programs” that could detect the red flags that signal identity theft.
“CPAs and CPA firms often do not receive full payment from clients at the time services are rendered. That is not the same as a financial transaction like a bank loan or a credit card where ID theft is a risk,” AICPA President and CEO Barry Melancon explained. “This legislation makes clear that a CPA's billing cycle isn’t an identity theft risk. This legislative fix to a burdensome regulation is a positive development in Washington.”
The AICPA is acknowledging Sens. John Thune, Mark Begich and Chris Dodd, and Reps. Barney Frank, Spencer Bachu, John Adler, Mike Simpson and Paul Broun for their work in passing the bill.
It's important to note that the big winners in this effort are CPAs in public practice. Small businesses and non-profits will still have to comply with the FTC's rule by the Dec. 31 deadline.