The SEC voted unanimously on Wednesday, in conjunction with the CFTC, to adopt rules requiring mutual funds, investment advisers, broker-dealers and other regulated entities to adopt programs to detect and prevent identity theft.
The rules, as mandated by the Dodd-Frank Act, include guidelines to assist regulated firms in the development and implementation of programs that would satisfy the rules’ requirements. The rules also set special requirements for debit and credit issuers subject to the agencies’ oversight to identify red flags.
“Under these rules, certain businesses regulated by the SEC and CFTC would be required to adopt and implement programs to detect and respond to indicators of possible identity theft,” SEC Chairman Mary Jo White said. “These rules are a common-sense response to the growing threat of identity theft to all Americans who invest, save or borrow money.”
Additionally, the required programs would include policies and procedures aimed at identifying identity theft red flags, detecting the occurrence of red flags, responding to detected red flags and updating the program periodically. Supervised firms must also provide staff training and oversee service providers.
The rules will take effect 30 days after publication in the Federal Register, and firms and institutions will be required to comply within six months after the effective date.