Please ensure Javascript is enabled for purposes of website accessibility
February 5, 2023

The “Red Flags” Rule is Still Useless for CPAs

In more government bureaucracy news, the FTC is granting a reprieve to CPAs when it comes to a new law that deals with identity theft, one which some CPAs say is useless given professional responsibility.

The new FTC rules requires businesses to “develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities -– known as ‘red flags’ — that could indicate identity theft.” The problem with that, of course, is that the AICPA Code of Professional Conduct already deals with the issue of identity theft in that there is an iron-clad confidentiality rule by which all CPAs must abide. Seems simple, right?


The US District Court has ordered an FTC delay of the rule for AICPA members in public practice, says the Maryland Association of CPAs. Barry Melancon, AICPA President said in 2009 when the AICPA filed a lawsuit against the FTC, “We do not believe that there is any reasonably foreseeable risk of identity theft when CPA clients are billed for services rendered. As trusted advisors, CPAs are personally acquainted with their clients and already adhere to strict privacy requirements governing identifying information.”

Don’t take it personal, Barry, the FTC is just trying to do its job, even if that means overreaching its authority and attempting to place restrictions on professionals who already go above and beyond the intent of the FTC on a daily basis.

In the meantime – and just in case the rule cannot be delayed indefinitely (as is, implementation has been put off until June 1, 2010) – the AICPA has some guidance for CPAs on creating an identity theft prevention program. Keep in mind the new requirements, if implemented, only affect CPAs who bill their clients on a monthly or revolving basis as it is meant to place additional controls in client billing.

The American Bar Association is also fighting the rule.

Another ‘Red Flags’ delay: CPAs get 90 more days [CPA Success]

In more government bureaucracy news, the FTC is granting a reprieve to CPAs when it comes to a new law that deals with identity theft, one which some CPAs say is useless given professional responsibility.

The new FTC rules requires businesses to “develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities -– known as ‘red flags’ — that could indicate identity theft.” The problem with that, of course, is that the AICPA Code of Professional Conduct already deals with the issue of identity theft in that there is an iron-clad confidentiality rule by which all CPAs must abide. Seems simple, right?


The US District Court has ordered an FTC delay of the rule for AICPA members in public practice, says the Maryland Association of CPAs. Barry Melancon, AICPA President said in 2009 when the AICPA filed a lawsuit against the FTC, “We do not believe that there is any reasonably foreseeable risk of identity theft when CPA clients are billed for services rendered. As trusted advisors, CPAs are personally acquainted with their clients and already adhere to strict privacy requirements governing identifying information.”

Don’t take it personal, Barry, the FTC is just trying to do its job, even if that means overreaching its authority and attempting to place restrictions on professionals who already go above and beyond the intent of the FTC on a daily basis.

In the meantime – and just in case the rule cannot be delayed indefinitely (as is, implementation has been put off until June 1, 2010) – the AICPA has some guidance for CPAs on creating an identity theft prevention program. Keep in mind the new requirements, if implemented, only affect CPAs who bill their clients on a monthly or revolving basis as it is meant to place additional controls in client billing.

The American Bar Association is also fighting the rule.

Another ‘Red Flags’ delay: CPAs get 90 more days [CPA Success]

Latest Accounting Jobs--Apply Now:

There are currently no vacancies.

Have something to add to this story? Give us a shout by email, Twitter, or text/call the tipline at 202-505-8885. As always, all tips are anonymous.

Related articles

cute dog with Valentine hearts

Friday Footnotes: Know Your Value; Retired EY Partners Complain; ‘Rest For Success’ | 2.3.23

Hail Eris! Today is 2/3/23 and this is your Friday roundup of all the week’s news that wasn’t fit to print (or make fun of). We appreciate you stopping by! Big 4 EY considers handing retired US partners cut of proceeds from spin-off [Financial Times] EY has told retired US partners it is considering giving […]

a kid in business attire working on a laptop

If You Let 23-Year-Olds Sign Off on Audits, You’re Gonna Have a Bad Time

On January 24, short seller Hindenburg Research dropped a report called Adani Group: How The World’s 3rd Richest Man Is Pulling The Largest Con In Corporate History, in which Hindenburg accuses Indian conglomerate Adani Group of engaging in “a brazen stock manipulation and accounting fraud scheme over the course of decades,” among other things. A […]