SEC Adopts Identity Theft Red Flags Rule for Advisers, Funds, and BDs
The SEC has adopted new Regulation S-ID, the Identity Theft Red Flags Rule, which requires certain advisers, broker-dealers, and investment companies to develop and implement written Identity Theft Prevention Programs. The new Rule applies only to entities holding certain transaction accounts: broker-dealers that offer custodial accounts; registered funds that allow investors to make wire transfers or write checks; and investment advisers (including private fund sponsors) that permit direct payments to third parties. The Identity Theft Program must identify, detect, and respond to Red Flags, which are defined as any pattern, practice or specific activity that indicates the possible existence of identity theft. The Program must also be approved by the relevant Board of Directors and include training and oversight of service providers. Covered persons must also consider the Interagency Guidelines for Identity Theft Prevention programs. The Rule goes into effect 30 days after publication.
OUR TAKE: Add another section to your compliance manual, assuming identity theft protection is not already addressed (which it might be because certain states have already adopted similar requirements).