The SEC brings its first enforcement action under the identity theft red flags rule
Journal of Investment Compliance
ISSN: 1528-5812
Article publication date: 4 April 2019
Issue publication date: 16 April 2019
Abstract
Purpose
To explain the significance of the first enforcement action under the Identity Theft Red Flags Rule by the US Securities and Exchange Commission (SEC), which was announced on September 26, 2018.
Design/methodology/approach
Explains how the SEC’s order not only cites violations of the Safeguards Rule under Regulation S-P (a staple of SEC cybersecurity enforcement actions against broker-dealers and investment advisers) but also is the SEC’s first enforcement action for a violation of the Identity Theft Red Flags Rule under Regulation S-ID, which requires certain SEC registrants to create and implement policies to detect, prevent and mitigate identity theft.
Findings
Cybersecurity policies and procedures must match business risks and change as business risks change.
Originality/value
Practical guidance from experienced cybersecurity and privacy lawyers.
Keywords
Citation
Martinez, V.L., Jacobson, J.B. and Iheanacho, N.C. (2019), "The SEC brings its first enforcement action under the identity theft red flags rule", Journal of Investment Compliance, Vol. 20 No. 1, pp. 31-35. https://doi.org/10.1108/JOIC-01-2019-0007
Publisher
:Emerald Publishing Limited
Copyright © 2019, K&L Gates LLP.