Episode 26: Identity Theft Red Flags

On this week’s episode we’ll be discussing the buzzworthy topic of Identity Theft Red flags.


CCO Buzz: Hello and Welcome Back! I’ve got a question for you- where has the year gone? It’s already mid-November and we are on episode 26 of CCO Buzz. We are baffled by how fast this year is passing by and we know you are too.

On this week’s episode we have Core Compliance’s very own Compliance Consultant. He is rejoining us this week to speak on a specialty of his – cybersecurity. But this time around he’ll be discussing the buzzworthy topic of Identity Theft Red flags.

Compliance Consultant: Red flags are identified as a pattern, practice, or specific activity that indicates the occurrence of identity theft.  Now, as you may know, regulation S-ID, otherwise known as the Identity Theft Red Flags Rule, requires registered investment advisers to implement an Identify Theft Prevention Program or “ITPP”, which encompasses the implementation of procedures and controls to identify, detect, and respond to red flags.

To start when opening accounts, it is imperative for associated persons to obtain identifying information from the individual opening the account. Examples of identifying information can include:

  • Name, Social Security number, date of birth, official State or government issued driver’s license or identification number;
  • Unique biometric data, such as fingerprints; and/or,
  • Unique electronic identification numbers.

Unless this information and client authorizations are received and verified, associated persons of an investment adviser should never execute the following actions:

  • Provide ANY information regarding the client whether verbal or written;
  • Change an address; or
  • Send monies from the account to a different address or third-party.

On this last item, I should note that any requests for sending monies to a third-party should be approved by the CCO or other authorized officer at the firm prior to processing. Also, the banking and account information on same name transfers should be verified and/or confirmed with the client.

CCO Buzz: Now I’m curious… what are some examples of red flags?

Compliance Consultant: Well, examples of red flags might include:

  • Receiving a document, such as personal identification, application or letter from a client or potential client that appears to be altered and/or forged;
  • Receiving verbal or written information that is supposedly from a client that does not match with information the Firm has on file. For example, an incorrect or invalid social security number, address or phone number;
  • Notification of a change of address to a P.O. Box that appears out of the ordinary;
  • A person calling in to obtain account information cannot provide identifying information, such as account number, social security number, account registration or address of record.

CCO Buzz: So now that we have a few examples of Identity Theft Red Flags – what should an associated person do if they notice red flag patterns or red flag activity?

Compliance Consultant: Report it to the CCO! The CCO should then take steps to review the activity, investigate further, and take steps to mitigate the identify theft. These steps can include:

  • Contacting the client;
  • Changing any passwords, security codes, or other security devices that permit access to a client’s account; and/or,
  • Notifying law enforcement.

Identify theft is a scary and difficult issue to deal with; however, with thorough policies and procedures and a solid ITPP in place, CCOs and investment advisers can be well-prepared for dealing with incidents of identity theft. If you have any questions or concerns about Regulation S-ID, Identity Theft Red Flags, or you would like help in drafting, updating, or analyzing your ITPP or policies and procedures, please contact us at (619) 278-0020.

CCO Buzz: Thanks for your time and speaking with us today. Oh, and Happy Thanksgiving in advance to you and your family. And Happy Thanksgiving to all of our CCO Buzz listeners. Next week we will be taking a brief hiatus for the holiday.

So again, on behalf of all of us at Core Compliance & Legal Services, we wish you all a Happy and Warm Thanksgiving holiday.

We will see you in two weeks for the next episode of the CCO Buzz.