Trio of Settled Enforcement Actions Highlights SEC Concerns About Identity Theft Policies and Procedures

In 2013, the SEC and CFTF jointly adopted Regulation S‑ID – the Identity Theft Red Flag Rules (Regulation) – and Rule 201 thereunder, which require firms with so-called “covered accounts” to adopt, implement and maintain a program reasonably designed to identify and respond to identity theft red flags. The SEC recently entered into three settlement orders instituting administrative and cease-and-desist proceedings against three large investment advisers and/or broker-dealers over alleged deficiencies in their identity theft red flags programs. This article explores the relevant requirements of the Regulation, the alleged programs’ shortcomings that gave rise to the enforcement proceedings and the terms of the settlement orders, with additional insights from Jason Elmer, founder and CEO of Drawbridge Partners. See “Private Funds Top the SEC’s 2022 Exam Priorities” (Jun. 9, 2022); and “Lessons for Fund Managers From the SEC’s First Identity Theft Red Flags Rule Settlement” (Nov. 15, 2018).

To read the full article

Continue reading your article with a HFLR subscription.