Memo #
26120

ICI Files Comment Letter with SEC on Proposed "Red Flag" Identity Theft Rules
| Print

[26120]

May 1, 2012

TO: OPERATIONS MEMBERS No. 1-12
SEC RULES MEMBERS No. 34-12
SMALL FUNDS MEMBERS No. 12-12
TRANSFER AGENT ADVISORY COMMITTEE No. 28-12 RE: ICI FILES COMMENT LETTER WITH SEC ON PROPOSED "RED FLAG" IDENTITY THEFT RULES

 

As you may recall, the Dodd-Frank Act (“DFA”) transferred the regulation of the identify theft programs of SEC registrants from the Federal Trade Commission to the SEC.  These programs are designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account.  In particular, the DFA requires the SEC to adopt identity theft rules and guidelines similar to those previously imposed by the FTC.  Consistent with this mandate, last month the SEC published its proposed rules for comment. * The Institute has filed the attached comment letter on the proposal.  The Institute’s letter is briefly summarized below.

Summary of the Institute’s Comment Letter

The Institute’s letter commends the Commission for drafting a rule with requirements that are consistent with those of the FTC.  As a result of this consistency, SEC registrants should be able to transition from the FTC’s rule to the SEC’s rule with little or no disruption.  One concern members raised with the proposal, which is address in the letter, relates to the requirement to have the fund’s board or an appropriate committee of the board approve the fund’s identify theft program.   The Commission’s Release seems to indicate that programs approved pursuant to this requirement under the FTC’s rule would not need to be reapproved under the SEC’s rule.  Indeed, based upon my conversation with Commission staff, they were not expecting existing programs to be reapproved under the SEC’s rule.  To better clarify this issue, however, our letter recommends that the Commission’s release adopting the rule affirm that this is, in fact, the case.  As noted in our letter, this clarification will enable SEC registrants to avoid the time and expense in again obtaining board approval of their existing programs.

 

Tamara K. Salmon
Senior Associate Counsel

Attachment

endnotes

 *See Identity Theft Red Flag Rules, SEC Release No. IC-29969 (Feb. 28, 2012) (“Release”), which is available at: http://www.sec.gov/rules/proposed/2012/ic-29969.pdf.