SEC and CFTC Issue Identity Theft Red Flags Rules Applicable to Financial Institutions and Creditors

April 23, 2013

The SEC and CFTC recently issued joint Identity Theft Red Flags Rules (the “Rules”), which are rules and guidelines requiring certain financial institutions worldwide to adopt comprehensive data security programs to detect red flags and prevent identity theft. Pursuant to the Rules, covered entities must develop and implement a written, board-approved program which identifies and detects the relevant warning signs – or “red flags” – of identity theft. Given the Rules’ potential breadth and scope, SEC-registered investment advisers, broker-dealers, mutual funds, commodity pool operators, commodity trading advisors and futures commission merchants should carefully consider whether and how the Rules apply to their organizations. In addition, all companies should keep in mind that certain state laws may require adoption of privacy practices and procedures to limit the risk of identity theft and to protect against loss of consumers’ personal information.

Read “SEC and CFTC Issue Identity Theft Red Flags Rules Applicable to Financial Institutions and Creditors.”