ICI Draft Comment Letter of SEC's Proposed "Red Flag" Identity Theft Rules; Comments Requested by Friday, April 27th
[26068]
April 20, 2012
TO: OPERATIONS COMMITTEE No. 11-12SEC RULES COMMITTEE No. 25-12
SMALL FUNDS COMMITTEE No. 12-12
TRANSFER AGENT ADVISORY COMMITTEE No. 22-12 RE: ICI DRAFT COMMENT LETTER OF SEC'S PROPOSED "RED FLAG" IDENTITY THEFT RULES; COMMENTS REQUESTED BY FRIDAY, APRIL 27TH
As we previously informed you by memo, with respect to SEC registrants, the Dodd-Frank Act (“DFA”) transferred the regulation of the identity theft programs of SEC registrants from the Federal Trade Commission (“FTC”) to the SEC. [1] These programs are designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account. In particular, the DFA requires the SEC to adopt identity theft rules and guidelines similar to those previously imposed by the FTC. Consistent with this mandate, last month the SEC published its proposed rules for comment, [2] which were summarized in ICI’s previous memo. The Institute has prepared a draft comment letter on the proposal, which is attached and briefly summarized below.
Comments on the proposal are due to the SEC by May 7, 2012. Members with comments on the Institute’s letter should provide them to the undersigned by phone (202-326-5825) or email (tamara@ici.org) no later than Friday, April 27th.
Overview of the ICI’s Draft Letter
The Institute’s letter commends the SEC for drafting a rule with requirements that are consistent with those of the FTC. As a result of this consistency, SEC registrants should be able to transition from the FTC’s rule to the SEC’s rule with little or no disruption. One concern members raised with the proposal, which is addressed in the letter, relates to the requirement to have the fund’s board or an appropriate committee of the board approve the fund’s identity theft program. The SEC’s Release seems to indicate that programs approved pursuant to this requirement under the FTC’s rule would not need to be reapproved under the SEC’s rule. Based upon my conversation with SEC staff, they were not expecting existing programs to be reapproved under their rule. To better clarify this issue, however, our letter recommends that the SEC’s release adopting the rule affirm that this is, in fact, the case. As noted in our letter, this clarification will enable SEC registrants to avoid the time and expense in again obtaining board approval of their existing programs.
Tamara K. Salmon
Senior Associate Counsel
endnotes
[1] See Institute Memorandum No. 25961, dated March 5, 2012, which summarizes the SEC proposal and provides a link to it.
[2] See Identity Theft Red Flag Rules, SEC Release No. IC-29969 (Feb. 28, 2012) (“Release”), which is available at: http://www.sec.gov/rules/proposed/2012/ic-29969.pdf.