SEC, CFTC Issue Joint Rule Proposal on Identity Theft

Proposal would require SEC-regulated entities to adopt a written identity theft program

More On Legal & Compliance

from The Advisor's Professional Library
  • RIAs and Customer Identification Just as RIAs owe a duty to diligently protect their clients’ privacy and guard against theft, firms also play a vital role in customer identification. Although RIAs are not subject to an anti-money laundering rule, securities regulators expect advisors to address these issues in their policies and procedures.
  • Client Commission Practices and Soft Dollars RIAs should always evaluate whether the products and services they receive from broker-dealers are appropriate. The SEC suggested that an RIA’s failure to stay within the scope of the Section 28(e) safe harbor may violate the advisor’s fiduciary duty to clients, so RIAs must evaluate their soft dollar relationships on a regular basis to ensure they are disclosed properly and that they do not negatively impact the best execution of clients’ transactions.

The Securities and Exchange Commission on Tuesday announced a rule proposal to help protect investors from identity theft by ensuring that broker-dealers, mutual funds, and other SEC-regulated entities create programs to detect and respond appropriately to red flags.

The SEC issued the proposal jointly with the Commodity Futures Trading Commission.  As the SEC notes, Section 1088 of the Dodd-Frank Act transferred authority over certain parts of the Fair Credit Reporting Act from the Federal Trade Commission to the SEC and CFTC for entities they regulate.  The proposed rules, the SEC says, are substantially similar to rules adopted in 2007 by the FTC and other federal financial regulatory agencies that were previously required to adopt such rules. 

The rule proposal would require SEC-regulated entities to adopt a written identity theft program that would include reasonable policies and procedures to:

  • Identify relevant red flags.
  • Detect the occurrence of red flags.
  • Respond appropriately to the detected red flags.
  • Periodically update the program.

The proposed rule would include guidelines and examples of red flags to help firms administer their programs.

Reprints Discuss this story
This is where the comments go.