The SEC and CFTC have jointly adopted and must individually enforce identity theft prevention rules as a result of the Dodd-Frank Act.
The SEC and CFTC have adopted a joint rule requiring “financial institutions” and “creditors” that carry “covered accounts” to create identity theft prevention rules.
The new rules were effective May 20, 2013. However, entities have until November 20, 2013 to comply.
The term “covered accounts” is defined broadly to include personal accounts designed to permit multiple transactions and any account with risk of identity theft.
FCMs, CTAs, CPOs, BDs, and RIAs must develop and maintain a written identity theft prevention program that includes: identifying the relevant red flags and incorporating them into the program, detecting the red flags, responding appropriately to red flags, and ensuring periodic program updates.
Please contact us if you need to discuss how to incorporate these new rules into your written operating procedures.