SEC risk alert notes compliance issues regarding ID theft rule
The Division of Examinations at the Securities and Exchange Commission (SEC) issued a risk alert detailing recent issues observed by inspectors regarding compliance with the agency’s identity theft red flags rule.
The risk alert, issued Monday, aims to help registered broker-dealers, investment firms, and certain investment advisers enact effective policies and procedures to comply with Regulation S-ID, which was implemented in 2013 by the SEC and Commodity Futures Trading Commission as part of the Dodd-Frank Act. The rule requires registered entities to develop and implement an identity theft prevention program for covered accounts that includes how a firm finds possible identity theft attempts and handles them.
Through their reviews, SEC examiners identified noncompliant practices by registered entities that may leave retail customers “vulnerable to identity theft and financial loss,” the alert said. Examples included: