Effective May 20, 2013, the US Securities and Exchange Commission and the US Commodity Futures Trading Commission will take on joint responsibility for administering and enforcing identity theft “red flags” rules that closely mirror other federal agencies’ rules with which certain entities that the SEC and CFTC regulate have had to comply since at least December 31, 2010. The red flags rules now adopted by the SEC and CFTC (the “Rules”), like those of the other agencies, require certain financial institutions to adopt programs with detailed policies and procedures designed to detect, prevent, and mitigate identity theft. Despite the lack of substantive change, the Rules are worth revisiting for some firms, as the SEC and CFTC have provided clarifications that their adopting release says “may lead some entities that had not previously complied with the [other federal agencies’] rules to determine that they fall within the scope of” the newly adopted Rules.View full memo, "SEC and CFTC Take Over Responsibility for “Red Flags” Identity Theft Rules and Provide Clarifications"
