WASHINGTON (CN) - The Securities and Exchange Commission and Commodity Futures Trading Commission published regulations and guidance that would require certain financial institutions to create programs that address identity theft.
The Fair Credit Reporting Act, as amended by the Dodd-Frank Wall Street Reform and Consumer Protection Act, requires that the commissions create guidelines for the institutions to create "red flag" programs for identity theft.
The rules apply to financial entities already regulated by the SEC, including brokers and dealers, creditors and investment companies.
A financial institution or creditor must establish a red flag program if it offers or maintains accounts that are used for personal, family, or household purposes.
"The [regulations] provide that each financial institution or creditor that offers or maintains one or more covered accounts must develop and implement a written program designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account," the commissions wrote.
"These provisions also require that each program be appropriate to the size and complexity of the financial institution or creditor and the nature and scope of its activities. Thus, the [regulations] are designed to be scalable, by permitting programs that take into account the operations of smaller institutions."
The regulations go into effect May 20, with a Nov. 20 compliance date.
Read the Top 8
Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.