SEC to Require Firms to Create Identity Theft Programs
The SEC has voted to adopt rules requiring broker-dealers, mutual funds, investment advisers and others regulated by the agency to adopt programs to detect red flags and prevent identity theft.
The program should include policies and procedures designed to identify relevant types of identity theft red flags, detect the occurrence of those red flags, respond appropriately to them and provide periodic program updates, the SEC said Wednesday.
The SEC’s rules apply only to SEC-regulated entities that meet the definition of “financial institution” or “creditor” under the Fair Credit Reporting Act, according to the agency.
Affected entities would also be required to provide such things as staff training and oversight of service providers, the SEC said.
The agency said it adopted the rules jointly with the Commodity Futures Trading Commission in accordance with the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.
“These rules are a common-sense response to the growing threat of identity theft to all Americans who invest, save, or borrow money,” said SEC Chairman Mary Jo White.
The SEC said final rules will become effective 30 days after publication in the Federal Register. The compliance date for the final rules will be six months after their effective date.