Red Flags or Red Herring for Accounting Firms?

Barely registering a blip on the radar are imminent identity theft rules that MAY affect accountants and firms.

The Red Flag Rules, coming into effect in less than a month, establish rules designed to aid in the fight against identity theft.  For accountants, this matters if they extend credit to clients.  The act of extending credit makes an entity a 'creditor' under the regulation.  The issue then becomes whether the firm has any 'covered accounts.' These are accounts for which "for which there is a foreseeable risk of identity theft", the FTC helpfully includes small business and sole proprietorship owned accounts in this category.  As that represents a lot of the clients of accounting firms, you may well have an exposure here.

And so, if you have those accounts, you need a program designed to:

1. Identify relevant red flags;
2. Detect red flags;
3. Prevent and mitigate identity theft; and
4. Be updated periodically.

The guidelines for establishing a program are available from the FTC here.

The good news is that there are no criminal penalties for non-compliance - there are possible civil penalties.  Not to mention the PR headache if a client's identity is 'hacked' through your firm.