Industry Issues
- Advertising
- Anti-Money Laundering
- Books & Records
- Breakpoints
- Business Continuity Planning
- College Savings Plans
- Consolidated Audit Trail
- Crowdfunding
- Customer Information Protection
- Mergers Acquisitions and Business Transfers
- Mutual Funds
- Research Analyst Rules
- Security Futures
- Senior Investors
- Suitability
- Supervisory Control
- Variable Annuities
Red Flags Rule
On January 1, 2011, the Federal Trade Commission (FTC) began enforcing its Fair and Accurate Credit Transactions Act of 2003 (FACT Act) Red Flags Rule. The Red Flags Rule requires that each "financial institution" or "creditor"—which includes most securities firms—implement a written program to detect, prevent and mitigate identity theft in connection with the opening or maintenance of "covered accounts." These include consumer accounts that permit multiple payments or transactions, such as a retail brokerage account, credit card account, margin account, checking or savings account, or any other accounts with a reasonably foreseeable risk to customers or your firm from identity theft.
On July 21, 2011, the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) transferred responsibility for rulemaking and enforcement of identity theft red flag rules and guidelines to the SEC and CFTC for the firms they regulate.
On Feb. 28, 2012, the SEC and CFTC jointly proposed for comment identity theft red flag rules and guidelines that are substantially similar to the FTC Red Flags Rule and do not propose new requirements or cover new entities. The proposed rules and guidelines do, however, include examples and minor language changes to help securities and commodities firms comply. The comment period closed May 7, 2012.
The following resources may be useful to firms:
- FTC FACT Act Red Flags Rule Template (Word 152 KB) and related Information Notice 7/1/09 and Podcast
- SEC Release No. IC-29969 (February 28, 2012): Identity Theft Red Flags Rules
- 08-69 - Fair and Accurate Credit Transactions Act of 2003 (Alert to Member Firms About the Federal Trade Commission’s FACT Act Regulations and the Announcement of the FTC’s Decision to Delay Enforcement of the Red Flags Rule until May 1, 2009) Note: Section 1 of p. 3 of the Notice was updated on 8/20/09 to reflect current FTC guidance on the scope of the term "transaction account."
- Podcast: FACT Act Red Flags Rule
- FTC’s Fighting Fraud with the Red Flags Rule: A How to Guide for Business
- Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003; Final Rule, Federal Trade Commission and the Federal Financial Institution Regulatory Agencies (PDF 802 KB)
- FTC Identity Theft Site