SEC Brings First Enforcement Action Under the Identity Theft Red Flags Rule

Last month the US Securities and Exchange Commission (“SEC”) brought and settled charges against a registered broker-dealer/investment adviser (“the Registrant”) for allegedly violating the Gramm-Leach-Bliley Act Safeguards Rule and the Identity Theft Red Flags Rule.

The SEC claims that the entity allegedly violated the SEC’s rules by failing to implement appropriately designed policies and procedures to safeguard customer information, respond to identity theft red flags, and update or train employees and contractors on its identity theft prevention program, of which the Registrant settled without admitting or denying the charges.

This is the first SEC enforcement action under the Identity Theft Red Flags Rule since it was adopted by the agency in 2013.


Mayer Brown partners Jeffrey P. Taft and Adam D. Kanter, and associate Matthew Bisanz report on the new guidance and highlight areas of interest in this Legal Update.

Tagged in: Legal Update, regulation

Related Content