Are you covered?
Several years ago, the Federal Trade Commission (FTC) issued its “Red Flags Rule,” which requires financial institutions and other organizations to implement a written identity theft prevention program. The rule is designed to detect the warning signs of identity theft in their day-to-day operations.
Last year, pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act, the SEC and the Commodity Futures Trading Commission (CFTC) jointly adopted their own Red Flags Rule for entities under their jurisdiction.
The FTC’s rule applies to financial institutions and “creditors.” A creditor is defined as an organization that does one or more of the following:
- Obtains or uses consumer reports in connection with credit transactions,
- provides information to credit reporting companies in connection with credit transactions, or
- advances funds to or on behalf of people (other than incidental expenses in connection with services the organization provides).
Creditors that establish certain covered consumer accounts must implement an identity theft prevention program.
The new rules don’t expand the scope of the rules that were already in place. According to the SEC, however, the adopting release includes examples and small language changes “which may lead some entities that had not previously complied . . . to determine that they fall within the scope of the rules.”
Examples of SEC-regulated entities that might be considered “financial institutions” include but are not limited to: 1) broker-dealers that offer custodial accounts, 2) registered investment companies that offer wire transfers or check-writing privileges, and 3) investment advisors that hold transaction accounts and are permitted to direct payments or transfers out of those accounts. In addition, some SEC-regulated entities may meet the definition of “creditor,” such as investment advisors that advance funds to investors to permit them to invest in a fund.
All companies, and not just public companies, should review their activities to determine whether they’re covered by the Red Flags Rules.
For more information or if you have concerns about your organization, contact Reggie Novak at 216-831-7171 or rnovak@cp-advisors.com.
Reggie is a Senior Manager in the Audit and Accounting Services Group. As a Certified Fraud Examiner, Mr. Novak can assist you with prevention services including recommending internal controls and other measures to be implemented to prevent theft or misappropriation. If fraud is suspected, he can investigate and present his findings and recommendations.
You may also be interested in:
The Costly Consequences of Fraud
© 2014