For several months we’ve been telling you about “Red Flag” rules, which require businesses to implement anti-identity theft policies. Originally scheduled to become effective January 1, 2008, the rules have been granted a series of extensions to the deadline for compliance by the FTC.
Created through the Fair and Accurate Credit Act of 2003, the regulations require businesses that extend credit to consumers to develop a written policy that identifies warning signs and suspicious activities (i.e., red flags) of possible identity theft, and tactics to address and prevent it. If your business defers payment for goods or services, you must follow the Red Flag rules.
Associations representing various professional groups, including the American Medical Association, the American Bar Association and the American Institute of Public Accountants have brought lawsuits against the FTC during the past year, arguing on various grounds that the rule should not apply to them. In the first case to be tried, the U.S. District Court for the District of Columbia ruled that the FTC is barred from applying the Red Flag rules to lawyers, who were represented in the suit by the American Bar Association. The FTC has said it would appeal the decision.
Congress has also begun to review Red Flag rules. On Tuesday evening, the U.S. Senate passed S. 3987, the Red Flag Clarification Act of 2010. The bill amends the Fair Credit Reporting Act by exempting many small businesses, including accounting firms, from the rule. The new exemption could apply to accounting and law firms, pharmacies, and physicians.
The issue must still be considered by the U.S. House of Representatives, and it remains to be seen if the matter will be voted on before the lame duck session ends. We will monitor legislation progress and provide any updates here.
Tags: red flag rules