On April 10, 2013, the Securities and Exchange Commission (the “SEC”) and the Commodity Futures Trading Commission (the “CFTC”) issued joint Identity Theft Red Flags Rules requiring broker-dealers, mutual funds, investment advisers, and certain other entities to adopt programs to detect red flags and prevent identity theft. Notably, certain state laws may also require the adoption of similar guidelines.
Additionally, entities that retain service providers must ensure that the providers conduct their activities in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft. A financial institution may be found in violation of the Rules if it fails to exercise appropriate and effective oversight over the engagement.