SEC proposes identity theft “red flags” rules to protect investors

BY KEN TYSIAC

Broker-dealers, mutual funds and other SEC-regulated entities would be required to create programs to detect and respond appropriately to identity theft red flags under an SEC rules proposal announced Tuesday and issued for public comment.

The proposed rules are designed to protect investors from identity theft and are similar to rules adopted in 2007 by the Federal Trade Commission (FTC) and other federal financial regulatory agencies. CPAs and others received a permanent exemption from the FTC’s rule with the enactment of the Red Flag Program Clarification Act of 2010, which limited the scope of the FTC’s rule by narrowing the definition of who can be considered a “creditor.”

According to the SEC’s proposal, SEC-regulated entities would be required to adopt a written policy for detection and response to identity theft. The proposed rule would include guidelines and examples of red flags to help firms comply.

The SEC issued the proposal jointly with the Commodity Futures Trading Commission (CFTC). Authority over certain parts of the Fair Credit Reporting Act was transferred from the FTC to the SEC and CFTC, for entities they regulate, by the Dodd-Frank Wall Street Reform and Consumer Protection Act, P.L. 111-203.

Comments can be submitted on the SEC’s website. The proposal will be published in the Federal Register with a 60-day comment period.

Ken Tysiac ( ktysiac@aicpa.org ) is a JofA senior editor.

More from the JofA:

 Find us on Facebook  |   Follow us on Twitter  |   View JofA videos

SPONSORED REPORT

Time to prepare for overtime changes

As an employer, trusted business adviser, or HR professional, you will need to be aware of exemption guidance, record requirements, advice for clients, and typical problems in applying overtime pay.

QUIZ

News quiz: Points awarded and points made

Take this short quiz to see how much you know about recent news, including an index that gauges Americans’ financial outlook and a survey that provides insight into the use of credit card travel rewards.

CHECKLIST

Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.