VSCPA Expresses Concerns Regarding Red Flags RuleNovember 3, 2009 Dear Sen. Warner: On behalf of the 8,700 members of the Virginia Society of CPAs (VSCPA), we are writing to make you aware of our concerns regarding HR 3763, which recently passed the House of Representatives. HR 3763 grants only certain sized businesses an exemption from the Federal Trade Commission’s (FTC) “Red Flags” Rule. One of the professions identified for exemption criteria in this legislation is the accounting profession, but only if a firm has 20 or fewer employees. Unfortunately, because of this size limitation, this legislation will provide relief to just a small percentage of accountants and accounting firms from the burden of complying with the Red Flags Rule, and we think the exemption should be expanded to all CPA firms. Because of the nature of the accountant-client relationship, the size of an accounting practice does not make it more susceptible to identity theft. Therefore, we ask for your help in removing the cap of 20 or fewer employees as the legislation moves through the legislative process so all accountants and accounting firms are granted this relief. The Red Flags Rule is a mandate established under the Fair and Accurate Credit Transactions Act of 2003 (FACTA). It requires that “financial institutions” and “creditors” implement programs to detect, prevent and mitigate identity theft. We support the intent of this legislation, but the FTC has taken the problematic position that those who defer payments for services rendered, even in the normal course of a billing cycle, are required to develop and implement a written Identity Theft Prevention Program. This interpretation has drawn in many unsuspecting businesses, resulting in an added regulatory burden that is not supported by the legislative history of FACTA. Although we appreciate that a bill is moving through the process to provide relief for some of those who were never intended to be included under FACTA, the number proffered in HR 3763 will prevent many of our members from taking advantage of the relief. Through the establishment of this arbitrary 20 employee cap, Congress is differentiating between what it determines to be entities with a low risk of identity theft, without evidence showing that a professional relationship is more susceptible to identity theft if a firm has more than 20 employees. In terms of the accounting profession, the evidence is clear that the professional relationship between accountants and their clients has never been considered one of high risk for identity theft, regardless of a firm’s size. HR 3763 falls short of its intended goal, and in order to achieve its desired outcome, this legislation needs to account for the unique client relationship that exists in the accounting profession and strike the cap. We hope you will consider our position before the bill moves through the Senate and remove the cap to broaden the legislation’s relief. It is essential we correct the cap because failing to comply with the Red Flags Rule attaches civil penalties, which will be a significant burden for many of the members we represent. Lastly, on October 29, 2009, a D.C. Circuit Court Judge ruled that the FTC exceeded its authority by including lawyers under the Red Flags Rule. The judge issued an injunction against the FTC, and stated in his order that he will issue a more detailed opinion supporting his ruling in the next 30 days. On October 30, 2009, the FTC took into account this decision and decided to delay its enforcement of the rule until June 2010. In essence, there is opportunity to amend HR 3763 to remove the cap now that the November 1, 2009, deadline has been extended, and we ask for your help in addressing our concerns. Thank you for your consideration. If we can be of any service to you, please contact me or VSCPA Government Affairs Director Emily Walker at ewalker@vscpa.com or (804) 612-9428. Sincerely, LAST UPDATED 11/3/2009
This content has not yet been rated.
|
||||||||||||||||
Comments