Well, here we are about two weeks from the Federal Trade Commission’s June 1, 2010 Red Flags Rule enforcement date. While this date has been a bit of a moving target for the past year or so, I believe this one will stick. It appears that the new reality is one in which individual trade associations and advocacy groups will, one by one, seek relief from enforcement and related penalties post-June 1. Here’s why I say that:
The American Bar Association has already file suit against the FTC, and in October, 2009, The U.S. District Court for the District of Columbia ruled that the Red Flags Rule is not applicable to attorneys engaged in the practice of law. While an appeal of this case is still pending, in mid-March, the U.S. District Court for the District of Columbia issued another order declaring that the FTC should postpone enforcement of the Red Flags Rule “with respect to members of the American Institute of Certified Public Accountants” engaged in practice for 90 days after the U.S. Court of Appeals for the District of Columbia renders an opinion in the American Bar Association’s case against the FTC.”
Slippery slope here. Is this what we can expect for the foreseeable future?
A rather ambiguous guideline that leaves openings for specific categories of “covered entities” to seek exemption? The seemingly innocuous element to the definition of “creditor” that includes “businesses or organizations that regularly defer payment for goods or services or provide goods or services and bill customers later” is causing havoc among peripheral industries like healthcare and other professional services.
Those of you in banking are locked in for sure, but it ought to be an interesting year as the outliers fight to make sense of it all while they figure out what their identity theft prevention programs should or shouldn’t be.