Reflecting on the tragic events that gripped the nation last week, we are grateful for the many service men and women who have worked relentlessly to protect our country. We keep those impacted by the tragedies in our thoughts and prayers.
On Friday, April 19, 2013, in accordance with the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the SEC and the CFTC jointly published the Identity Theft Red Flags Rules ("Red Flag Rules"), which require certain regulated entities to adopt programs to help protect investors from identity theft. The rules require that the programs be tailored to accommodate the size and complexity of each covered account and consist of policies and procedures that (1) identify relevant types of identity theft red flags, (2) detect the occurrence of those red flags, (3) respond appropriately to red flags, and (4) periodically update the program. These rules apply to certain SEC-regulated entities, such as broker-dealers, investment advisers, mutual funds, and other financial institutions and creditors, as well as certain entities under the authority of the CFTC, such as swap dealers, commodity trading advisers, commodity pool operators, futures commission merchants, and major swap participants.
More specifically, the rules apply to entities that are under the jurisdiction of the SEC or the CFTC, that meet the definition of "creditor" or "financial institution" under the Fair Credit Reporting Act of 1970, and that possess "covered accounts." According to the rules, the definition of a covered account "is deliberately designed to be flexible to allow the financial institution or creditor to determine which accounts pose a reasonably foreseeable risk of identity theft." The rules define "financial institutions" as banks or entities that maintain customer "transaction accounts." The SEC and the CFTC define the term "creditor" differently. For the purposes of the Red Flag Rules, the SEC defines a creditor based on the definition found in the Equal Credit Opportunity Act, while the CFTC defines a creditor as "any futures commission merchant, retail foreign exchange dealer, commodity trading advisor, commodity pool operator, introducing broker, swap dealer, or major swap participant that regularly extends, renews, or continues credit; regularly arranges for the extension, renewal, or continuation of credit; or in acting as an assignee of an original creditor, participates in the decision to extend, renew, or continue credit."
The Red Flag Rules will become effective on May 20, 2013, and affected entities must be in compliance by November 20, 2013.