Appeals Court Considers Applicability of the Red Flags Rule to Attorneys

Several news outlets are reporting today on the November 15, 2010 argument before the U.S. Court of Appeals for the D.C. Circuit on the applicability of the Federal Trade Commission's Identity Theft Red Flags Rule. 

The relevant part of the Rule implements Section 114 of the Fair and Accurate Credit Transactions Act (FACTA) and requires certain creditors to develop and maintain an identity theft prevention program designed to detect, prevent and mitigate fraud attempted or committed through identity theft. The FTC has taken the position that attorneys and law firms are within the scope of the Rule’s definition of “creditor” to the extent they allow clients to pay for legal services after the services are preformed. The ABA successfully challenged the applicability of the Rule to attorneys before the D.C. District Court. The FTC appealed that ruling.

The BLT is reporting that the appellate panel struggled with the Red Flags Rule's terms in trying to determine whether the FTC's interpretation of the Rule exceeded the agency's authority in regulating attorneys. The issues in the case are both whether and in which circumstances the federal government can regulate attorneys, and the propriety of the FTC's interpretation of FACTA and the Red Flags Rule as applying to at least some attorneys who receive payment only after providing services to a client. 

The ABA and the FTC have clearly articulated their positions on the issue. According to the BLT, FTC attorney Michael Bergman argued that "lawyers are no different — though they might think they are — from other service providers,” and "judge Thomas Griffith echoed that argument... discounting the ABA’s argument that Congress must be explicit when it intends to regulate the legal profession because the industry is the longtime province of states." The ABA Journal is quoting ABA's President Stephen N. Zack, who observed that "the mission of every lawyer is to provide aid and counsel to our clients and improve access to the justice system — not to push paperwork that attempts to solve what is, for the legal profession, a non-existent problem and promises to raise legal costs."

Our take is that while the outcome of this litigation remains in question, law firms, especially those servicing clients who are individuals, should take steps to familiarize themselves with the requirements of the Red Flags Rule. Given the low incidence of identity theft fraud at law firms, many firms may be able to take advantage on the the FTC's Do-It-Yourself Template for Businesses at Low Risk For Identity Theft. The template provides a streamlined approach to compliance with the Rule that should help firms lower the burden of complying with the regulation.