Close Close
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
fingerprint on a binary code background

Regulation and Compliance > Federal Regulation > SEC

SEC Risk Alert Highlights Firms' Identity Theft Failures

Your article was successfully shared with the contacts you provided.

The Securities and Exchange Commission’s exam division has discovered broker-dealer and advisor infractions related to its Identity Theft Red Flags Rule, Regulation S-ID, which the agency said Monday may leave retail customers vulnerable to identity theft and financial loss.

In a just-released risk alert, the agency explains that Reg S-ID applies to SEC-regulated entities that qualify as financial institutions or creditors under the Fair Credit Reporting Act and requires SEC-regulated financial institutions and creditors to determine whether they offer or maintain covered accounts.

SEC-regulated entities that are likely to qualify as financial institutions or creditors and maintain covered accounts include most registered broker-dealers; registered investment companies that allow individuals to wire transfers to other parties or that offer check writing privileges; and some registered investment advisors who can direct transfers or payments from individual accounts to third parties based on the individual’s instructions or who act as agents on behalf of individuals.

“If a firm determines that it has such accounts, it must establish a Program that is designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account,” the SEC said.

The risk alert cited the following deficiencies found in SEC exams related to Reg S-ID compliance:

  • Firms failed to conduct an assessment of whether any of their accounts were “covered accounts” and as a result did not identify covered accounts at the firm and failed to implement a program as required.
  • Failure to identify new and additional covered accounts.
  • Firms lacked policies and procedures to identify, detect and respond to red flags relevant to identity theft, and failed to ensure such policies were updated periodically to reflect changes in risks to customers and to the safety and soundness of the financial institution or creditor from identity theft.
  • Firms failed to identify relevant red flags for covered accounts and incorporate those red flags into their program.

(Image: Shutterstock)


© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.