The Securities and Exchange Commission yesterday adopted rules requiring broker-dealers, mutual funds, investment advisers, and certain other entities regulated by the agency to adopt programs to detect red flags and prevent identity theft. For RIAs, it formalizes an obligation to have policies and procedures in place to protect clients from identity theft.
Some history (paraphrasing from a statement by SEC Chair Mary Jo White):
In 2007, six federal agencies jointly adopted identity theft rules under the Fair Credit Reporting Act. Those agencies were the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, the National Credit Union Administration, and the Federal Trade Commission. Their rules applied to business entities that qualify as “financial institutions” or “creditors” under the Fair Credit Reporting Act and offer or maintain certain types of accounts. Neither the SEC nor the CFTC adopted those identity theft rules in 2007, because the laws at that time did not authorize either of the Commissions to do so. Instead, entities that the SEC and CFTC regulate such as broker-dealers and futures commission merchants were covered by the rules of the six agencies.
The rules adopted yesterday unanimously by the SEC is substantially similar to the rules six federal agencies adopted in 2007, but they also include examples and guidance to help the relevant businesses determine how to comply with the new rules. On page 32 of the final rules released yesterday, RIAs and broker-dealers are provided guidance about what regulators expect them to do to comply. On page 106, a supplement provides details on “red flags” that RIAs and BDs should be prepared to spot to prevent identity theft of their clients.
“Any person who entrusts money to a financial institution or who receives money on credit can be vulnerable to those who may falsely pose as the individual and divert the money to a third party,” White said in a statement.
Notably, yesterday’s release included a video of the open meeting of the SEC and remarks by Commission Chair Mary Jo White. The agency does not normally release such video statements. As the agency seeks to become more open and transparent, the quality of such videos will likely improve.