Funds and Advisers
As we posted in a previous Compliance Alert, the compliance date for the FTC’s Red Flags Rule is June 1, 2010. The Rule requires “financial institutions” or “creditors” with “covered accounts” to develop and implement a written program designed to detect and respond to the red flags of identity theft.
According to the Rule, a “financial institution” is: 1) a state or national bank, 2) a state or federal savings and loan association, 3) a mutual savings bank, 4) a state or federal credit union, or 5) any other entity that directly or indirectly holds a “transaction account” belonging to a consumer. “Transaction accounts” are deposits or accounts from which a consumer can make payments or transfers to third parties.
The Rule defines “creditor” very broadly, and includes any company that provides services and allows customers to pay later. Therefore, if an adviser charges a quarterly fee for investment advisory services for the previous quarter, it may be considered a creditor and therefore subject to the Rule.
“Covered accounts” are either: (1) consumer accounts designed to permit multiple payments or transactions, or (2) any other account that presents a reasonably foreseeable risk from identity theft. If a company determines it has covered accounts, it must implement a written program designed to identify, detect and respond to the red flags of identity theft. If a company determines it does not have covered accounts, but is still deemed a creditor, then it does not need a written program but must conduct periodic reviews to determine if it has acquired any covered accounts.
If you are not sure whether this new Rule applies to your firm, please contact Vista360.