SEC and CFTC Propose Identity Theft Red Flag Rules

SEC and CFTC Propose Identity Theft Red Flag Rules

by Andras P. Teleki

This EIA focuses on the SEC version of the Red Flag Rules. The SEC version of the Red Flag Rules will be known as Regulation S-ID and would be added after Regulations S-P and S-AM when codified.


On March 6, 2012, the SEC and CFTC jointly proposed rules (the "Proposal") that would require registered broker-dealers, investment companies, investment advisers, commodity trading advisors, commodity pool operators and introducing brokers to develop and implement a written identity theft prevention program (a "Program") that is designed to detect, prevent and mitigate identity theft in connection with certain existing accounts or the opening of new accounts (the "Red Flag Rules"). The SEC and CFTC are also proposing guidelines (the "Guidelines") to assist entities in the formulation and maintenance of a Program that would satisfy the requirements set forth in the Proposal.

In 2007, the Federal Trade Commission ("FTC") adopted rules and guidelines regarding the detection, prevention and mitigation of identity theft (the "FTC Red Flag Rules"). The Proposal, if adopted, would not contain new requirements not already in the FTC Red Flag Rules, nor would it expand the scope of those rules to include new entities that were not already previously covered by the FTC Red Flag Rules. Thus, if a broker-dealer, registered investment company, registered investment adviser, commodity trading advisor, commodity pool operator or introducing broker was subject to the FTC Red Flag Rules, they would be subject to the Red Flag Rules.

The SEC and CFTC were required to issue the Proposal pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act ("Dodd-Frank"). Dodd-Frank provides for the transfer of rulemaking responsibility and enforcement authority with respect to identity theft red flag rules to the SEC and CFTC with respect to entities under their respective jurisdiction. The Proposal is the SEC's and CFTC's version of the FTC Red Flag Rules.

Access the full version of SEC and CFTC Propose Identity Theft Red Flag Rules" with your ID. Additional fees may be incurred.

If you do not have a ID, you can purchase this commentary and additional Emerging Issues Commentaries from the LexisNexis Store. subscribers can access the complete set of Emerging Issues Analyses for Securities Law and the Securities Area of Law page.

For more information about LexisNexis products and solutions connect with us through our corporate site.

Andras P. Teleki is a partner at K&L Gates LLP, focuses his practice on regulatory compliance issues facing registered investment companies, including mutual funds and closed-end funds, broker-dealers, investment advisers, unregistered funds, variable insurance product issuers and distributors, and related service providers. He also advises financial institutions on anti-money laundering and OFAC issues. Mr. Teleki also has experience in corporate governance and Sarbanes-Oxley issues.