The SEC adopted rules jointly with the Commodity Futures Trading Commission (CFTC) that require broker-dealers, mutual funds, investment advisers, and certain other entities regulated by the SEC to adopt programs to prevent identity theft.

A unanimous decision by the SEC commissioners resulted in the adoption of the rule, known as Regulation S-ID.

The requirement expands rules initially enacted in 2007 by several federal agencies—but not the SEC. The Dodd-Frank Wall Street Reform and Consumer Protection Act, P.L. 111-203, transferred rulemaking and enforcement authority for identity theft rules to the SEC and the CFTC for the entities they regulate.

Therefore, many entities recognized as financial institutions or creditors subject to the new Regulation S-ID have already been complying with similar rules, SEC Commissioner Luis Aguilar said.

Registered investment advisers in particular, though, may not have existing identity theft red flag programs and may need to pay particular attention to the rules adopted Wednesday, Aguilar said.

The rules require broker-dealers, mutual funds, and investment advisers to adopt policies and procedures to:

  • Identify relevant types of identity theft red flags.
  • Detect the occurrence of those red flags.
  • Respond appropriately to the detected red flags.
  • Periodically update the identity theft program.

The rules, available at, will take effect 30 days after publication in the Federal Register, and the compliance date will be six months after the rules’ effective date.


News quiz: College debt, stolen identities, and retirement planning

See how much you know about these developments and others in the Journal of Accountancy news quiz.


Preventing and detecting fraud at not-for-profits

Organizations in all industries must deal with the potential for fraud to occur, and design controls to prevent and detect it. Environment, policies, and controls can help organizations steer clear of problems.


The dangers of dabbling

To meet evolving marketplace needs, CPAs often look to diversify their service offerings. Firms can mitigate the risk of experiencing competency-related professional liability claims by implementing these basic steps.