The ABA alleges that the FTC has taken action in excess of its statutory jurisdiction under FACTA, because Congress did not "directly and plainly" grant the FTC the power to regulate practicing lawyers, who are regulated at the state level. The ABA also claims that the FTC has acted "arbitrarily" and "capriciously" in applying the Red Flags Rule to lawyers, because the FTC has failed to show a "rational connection" between the practice of law and identity theft. The ABA is seeking declaration by the court that the application of the Red Flags Rule to lawyers is unlawful, and to permanently enjoin the FTC from including lawyers in its implementation of the Red Flags Rule. The suit is captioned ABA v. FTC, and was filed in the U.S. District Court for the District of Columbia.
On August 27, the ABA filed a lawsuit against the FTC challenging the application of the FTC’s Red Flags Rule to lawyers. The Red Flags Rule was promulgated under FACTA and requires financial institutions and creditors to implement identity theft prevention programs by November 1, 2009. These programs are required to identify patterns, practices and activities that are "red flags" for identity theft. Examples of Red Flags include a notice of address discrepancy, a fraud alert or credit freeze on a credit report, identification or an application that looks altered or forged, information that the customer isn’t receiving account statements in the mail, and claims of unauthorized charges on the account.