On April 10, 2013, the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) jointly issued final rules and guidelines requiring certain SEC and CFTC-regulated entities that offer or maintain “covered accounts” to establish programs to address risks of identity theft. These new rules largely transfer enforcement authority from the Federal Trade Commission to the SEC and CFTC, as required under the Dodd-Frank Wall Street Reform and Consumer Protection Act. However, the final rules also provide additional guidance that may help entities that have not implemented identity theft programs to evaluate whether they are required to do so.
Read SEC and CFTC Issue Identity Theft Red Flags Rules.
