The latest compliance deadline for the FACTA Red Flag rules is quickly approaching, and you should be afraid (very afraid). Well, okay, maybe not afraid afraid, but you should be concerned. Sure, about compliance, but also about a larger slippery-slope issue that is escalating. See, the government wants us to believe that every business that invoices for services rendered are extending credit, and are thus subject to the new rules. This argument is dangerous and represents a serious, unwarranted overreach of authority.
First, before you go too far, please check out this summary of the matter on the InfoLawGroup blog:
"Physicians Seek Relief On Eve of FTC's Red Flags Enforcement Deadline"
Now that you've read that, consider the crux of the issue: what exactly is meant by "extending credit"? Certainly the ECOA definitions aren't overly helpful here. More importantly, we have to wonder: to issue credit, don't you have to know how much credit you're extending? In the case of most bills invoiced post-service-delivery, there isn't a known cost up front (which is why the bill is invoiced rather than charged before the service is provided). This situation is further exaggerated in the case of medical practitioners when you factor in filing health insurance claims. Even if the physician or facility knows how much the services cost at list price once the service is rendered, they are unlikely to know how much the patient actually owes until the bill has been submitted to the insurance provider (at which point negotiated rates kick-in, deductibles are calculated, and so on).
More concerning to me is that this seems like a blatant attempt by the FTC to broaden the definition of "credit" and "creditor" to an absurd point. What's next? Are consulting firms going to told that they're subject to the rules, too, because we give a cost estimate up front? What about the gutter cleaning service that gives me an estimate ahead of the work, but then invoices me afterward? What about retail stores that list the price of an item on a shelf, but let you carry that item for a while before having to pay for it? Where does the line get crossed?
The fundamental problem is this: the FTC is create a false range of authority that is not properly granted to them by Congress. We've already seen how well this has worked out for the FCC - it didn't (see NYT: "U.S. Court Curbs F.C.C. Authority on Web Traffic"). The key takeaway here is that regulatory agencies seem to be pushing hard to extend their authority (turf building?) using any possible excuse. This is not beneficial to business or society, because it means that Executive Branch agencies are trying to operate outside the degree of authority that has been Constitutionally granted to them by Congress.
So, I ask: where does it all end? Rather than fixing the problem through establishing proper authority and regulatory control, will we tolerate pseudo-authorities enforcing regulations on technically-out-of-scope orgs that may end up representing an undue burden on those organizations? It's highly vexing to me, and I hope to you as well. Scope of authority is not at the discretion of the regulating agency. Lawlessness cannot be used to apply legal rules.
