United States: SEC Throws a Flag on Red Flags Programs
By: Jessica D. Cohn and Keri E. Riemer
On 5 December 2022, the staff of the Division of Examinations (Staff) of the Securities and Exchange Commission (SEC) issued a risk alert identifying practices that are inconsistent with Regulation S-ID, thereby exposing retail customers to potential identity theft.
Regulation S-ID, which applies to SEC-regulated entities that are financial institutions or creditors under the Fair Credit Reporting Act (including most registered broker-dealers, registered investment companies and registered investment advisers), requires the establishment of programs designed to detect, prevent, and mitigate identity theft in connection with covered accounts (each, a Program). Programs must include reasonable policies and procedures to identify, detect, and respond to red flags relevant to identity theft.Read More