According to a recent article in Lawyers USA, small and middle market business owners are so jaded by the number of times the FTC has delayed enforcement of its Red Flags Regulations, they have pushed compliance to the back burner. Tanya Forsheit, of InformationLawGroup, is quoted in the article as saying, “I suspect a lot of small businesses were hoping this ultimately wouldn’t happen.” As it stands, all businesses that bill for goods and services and accept payment on a deferred basis are covered by these regulations. Unfortunately, most such firms do not have any sort of written procedure or policy specifically dealing with identity theft — a main requirement of these regulations. Moreover, as recognized in the article, “[s]mall businesses without extensive in-house resources have found it challenging to comply with the specifics of the rules, such as the recommendations for data encryption, regular review and annual updates of the policy, procedures for responding to red flags, training of staff, and approval of the policy by the company’s board of directors.”
Professional service firms have been fighting hard to avoid compliance. Lawyers successfully challenged the applicability of the regulations to law firms with an appeal currently pending. Accountants filed suit last year and are still waiting for a decision. Doctors and dentists have sought a legislative answer by seeking a statutory exemption. Come the date of enforcement – June 1st- only law firms currently have a free pass.
It is recommended that all professional or consulting businesses who defer payment should immediately consult with their professional advisers to see how a cost effective compliance solution can be implemented.