CFTC and SEC Approve Joint Final Rule Governing Identity Theft (with Lofchie Comment)

The CFTC and the SEC (collectively, the "Commissions") are jointly issuing final rules and guidelines to require certain registrants to establish programs to address identity theft. These rules and guidelines implement provisions of the Dodd-Frank Act, which amended section 615(e) of the Fair Credit Reporting Act and directed the Commissions to adopt rules requiring entities that are subject to the Commissions' respective enforcement authorities to address identity theft. The rules apply to essentially all of the financial intermediaries regulated by the two Commissions. According to the CFTC press release:

"The rules require financial institutions and creditors to develop and implement a written identity theft prevention program designed to detect, prevent, and mitigate identity theft in connection with certain existing accounts or the opening of new accounts. The rules include guidelines to assist entities in the formulation and maintenance of programs that would satisfy the requirements of the rules. Further, the rules establish special requirements for any credit and debit card issuers that are subject to the Commissions' respective enforcement authorities, to assess the validity of notifications of changes of address under certain circumstances."

Lofchie Comment: FINRA recently issued a compliance warning on the fraudulent transfer of customer accounts based on instructions coming from compromised email accounts. See FINRA Podcast: March 2013 Monthly Recap (with Lofchie Comment). Identify theft is undeniably a real-world issue.

View Joint Final Rules and Guidelines here.See also: CFTC Press Release; SEC Press Release;Dodd Frank Section 1088.Additional Materials: Chairman White Statement; Commissioner Aguilar Statement.