U.S. Securities and Exchange Commission

Decoding the Red Flags

April 12th, 2013

Investors can now heave a sigh of relief. The Securities and Exchange Commission and the Commodity Futures Trading Commission (CFTC) have formulated a new set of rules and guidelines that enable entities subject to their enforcement authorities to develop platforms which would protect investors from identity theft.

The rules that were tabled on April 10th are not very different from the present day rules put in place by the Fair Credit Reporting Act and federal banking regulators.

The rules, named, ‘Red Flags Rules’ can be looked at as an adopted pursuant to the Dodd-Frank Act. For the uninitiated, Dodd-Frank Act was an act to promote the financial stability of U.S.A; to save the tax payer’s money by improving accountability and transparency in the financial system; to protect the American taxpayer by ending bailouts; to protect consumers from abusive financial services practices and for other purposes.

It requires the businesses to implement a written identity theft prevention code to scrutinize the signs of theft termed as the red flags.

The new set of acts are meant for those “creditors” and “financial institutions” that have certain covered accounts .These rules necessitate such “creditors” and “investors”  to process and execute a theft identification and detection platform.

The program should identify and detect and find an answer to such activities that would indicate identity theft.

Entities such as broker dealers who create accounts for minors, investment companies permitting investor wire transfers and check writing, and investment advisers permitting payments out of transaction accounts are the ones who would fall in the ambit of the SEC. CFTC, on the other hand, would look after futures commission merchants, retail foreign exchange dealers, commodity trading advisers, commodity pool operators, introducing brokers, swap dealers and major swap participants.

It’s pertinent for an entity maintaining one or multiple covered accounts to determine whether the accounts meet the risk- assessment criteria. Since any account other than an account for personal, family or household purposes under the covered account contains foreseeable risk to customers this rule is particularly meted out for such kind of accounts. These types of consumer accounts include ‘‘a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account.’’

How to identify Red Flags?

The theft detection code of each business entity must carry out the following five functions.

  1. Identifying red flags : Identification of relevant patterns, practices  and specific forms in a periodic and sporadic manner would rule out any possible theft.
  2. Detecting them: Detecting the red flags so that suitable policies implemented.
  3. Finding a suitable response: Resolving those issues would come in this step.
  4. Periodic Review and Updating. There should also be a mechanism to evaluate and update the code for future threats.
  5. Administration of Program. The program must be approved by the board of directors of the company. Also, an experienced person must be responsible for administering the program.
  6. The program must initially be approved by the board of directors or, if the entity does not have a board, by a senior-level manager. It must specify who is responsible for implementing and administering the program.

The Red Flags Rules will become effective 30 days after publication in the Federal Register, and the compliance date will be six months after the effective date (around November 15).

The Red Flag Rules are deemed to be a breath of fresh air for the investors. Even though most of the entities are privy to similar rules doled out by FTC, this rule is deemed to be a novel one for many private fund advisers.
The results of the risk assessment would help to prioritize the risk areas (e.g., portable devices, offshore business associates, lack of encryption) that would be targeted for the implementation of controls (e.g., policies, processes, training) to manage identified risks.

Secure your Data with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need ofData encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta