Jacko Law Group, PC
Call Today for a Consultation
San Diego 619-298-2880 San Francisco 415-766-3599 Los Angeles 213-631-2549

The SEC and CFTC Jointly Approve New Identity Theft Rules

Recently, the Securities and Exchange Commission (“SEC”), in tandem with the Commodity Futures Trading Commission (CFTC), jointly adopted Final Rules requiring certain entities to implement programs to detect red flags and prevent identity theft.  These rules were developed in response to the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”) which shifted responsibility for identify theft rules and enforcement of such rules from the Federal Trade Commission to the SEC and the CFTC for those entities under their respective jurisdiction.  Specifically, the SEC’s rules will apply to those entities under its jurisdiction, including broker-dealers, investment companies, and investment advisers; while the CFTC’s rules will apply to futures commission merchants, commodity trading advisors and commodity pool operators.  However, both the SEC and CFTC rules will only apply to “financial institutions” and “creditors” as those terms are defined in the Fair Credit Reporting Act that offer and maintain “covered accounts.”The new rules require those covered entities to develop and implement written policies and procedures designed to detect, prevent and mitigate identity theft in connection with certain existing accounts or the opening of new accounts.  Specifically, these policies and procedures must: (1) identify relevant red flags; (2) detect the red flags; (3) respond appropriately to red flags that have been detected; and (4) periodically update the identity theft policies and procedures.  The Final Rules provide additional guidance, including examples, to help determine which entities qualify and, if so, how to comply with the new rules.The new rules also require that covered entities provide staff training and appoint a “senior management employee” (most likely the entity’s Chief Compliance Officer) to be responsible for the program.  Furthermore, those entities not initially subject to the new rules are required to periodically reassess whether or not they are required to develop such policies and procedures in light of changes in the accounts they offer or maintain.The Final Rules will become effective 30 days after publication in the Federal Register.  Once effective, those subject to the new rules will have six months to implement their red flag programs.For further information about this, or other related topics, please contact us at (619) 298-2880 or at [email protected].

No Comments

Leave a comment
Comment Information
Email Us For A Response

How Can We Help?

Email us to request more information or to schedule an appointment.

Bold labels are required.

Contact Information

The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.


Privacy Policy

San Diego Office
1350 Columbia Street
Suite 300
San Diego, CA 92101

Toll Free: 866-497-2298
Phone: 213-631-2549
Phone: 619-298-2880
Fax: 619-298-2882
Map & Directions

San Francisco Office
Four Embarcadero Center
Suite 1400
San Francisco, CA 94111

Phone: 213-631-2549
Phone: 415-766-3599
Fax: 619-298-2882
Map & Directions

Los Angeles Office
535 N. Brand Boulevard
Suite 270
Glendale, CA 91203

Phone: 213-631-2549
Fax: 619-298-2882
Map & Directions