On February 28, 2012, the SEC and the Commodity Futures Trading Commission proposed joint rules and guidelines in order to address identity theft, as required under the Dodd-Frank Act. The SEC and CFTC note in the proposing release that the proposed rules and guidelines are similar to those adopted in 2007 by the Federal Trade Commission (“FTC”) and other agencies. Similar to the FTC rules, the proposed rules would require financial institutions and creditors to develop and implement a written identity theft prevention program that is designed to identify relevant red flags, detect the occurrence of red flags, respond appropriately to any red flags when detected and periodically update the program. The proposed guidelines provide examples of red flags and means to detect certain types of red flags, and also provide other information intended to assist in the formulation and administration of an identity theft program.
The proposed rules would apply to “financial institutions” and “creditors.” The proposing release notes that the scope of the terms “financial institutions” and “creditors” would include broker-dealers, investment companies and investment advisers. However, the SEC specifically requests comments regarding whether any type of entity should be excluded from the scope of the rules.
Comments on the proposed rules are due by May 7, 2012.