The Commodity Futures Trading Commission (CFTC) and the Securities and Exchange Commission (SEC) have proposed new “red flag” rules to help prevent identity theft. The new rules would require financial institutions to implement two things. The first part is to create a written identity prevention program. The program should be designed to “detect, prevent, and mitigate identity theft.” The second part of the rule establishes requirements for credit card issuers to validated changes of address.
You may have thought that the red flag rule was in effect after all the haggling from professionals when the Federal Trade Commision (FTC) tried to enact a similar rule for all creditors. In the end professionals were excempted from the law with passage of Red Flag Program Clarification Act of 2010.
The original red flag rule was proposed in 2007 as part of the Fair and accurate credit transaction act (FACTA). At the time the FTC was responsible for enforcement. The change came with the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act. This act moved FACTA enforcement of certain credit agencies to the SEC and the CFTC.
The rule would apply to commission merchants, foreign exchange dealers, commodity trading advisers, commodity pool operators, introducing brokers, swap dealers, major swap participants, brokers, dealers, investment companies and investment advisers.
The rule has just be proposed and they are accepting public comment. I hope this goes more smoothly than the 2+ years of delays that the FTC had when they enacted their version of the red flag rule.