SEC Proposes Red Flags Rule Requiring Identity Theft Programs

The SEC has proposed its own “Red Flags” rule that would require broker-dealers and mutual funds to establish identity theft protection programs. Although the proposed Rule applies to advisers as well, the programs only need to address “covered accounts” which are those “designed to permit multiple payments or transactions.” The Rule requires the establishment of an identity theft program that identifies relevant “Red Flags,” which include any “pattern, practice, or specific activity that indicates the possible existence of identity theft.” Firms must respond to Red Flags, update their programs, obtain approval from boards/senior management, train staff, and oversee service providers.