Firms that carry “Covered Accounts” must have a Identity Theft Program in order to comply with the SEC and CFTC’s Red Flag Rules. A Covered Account is defined as “an account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a brokerage account with a broker-dealer or an account maintained by a mutual fund (or its agent) that permits wire transfers or other payments to third parties; and any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.” Oyster offers its clients a full range of assistance with establishing, maintaining and testing an Identity Theft Program. Oyster’s services include:
- Drafting policies and procedures to comply with the regulatory requirements
- Defining and implementing reports to identify accounts that may have been compromised
- Creating training and education for employees to understand the red flags that may indicate instances of identity theft
- Assisting in developing process to respond to incidents
The Oyster Difference
Oyster is made up of industry practitioners that have worked in AML/Fraud, Compliance, Operations and Information Technology who assist our clients with identifying the appropriate red flags based on the client’s business model and client base and identifying the appropriate steps to take to protect clients from identity theft risks. Oyster takes a ground-up approach to the Red Flag Program, providing feedback on existing policies and procedures, training to educate associates about the program, testing for the effectiveness of a program, and ultimately assistance in implementing the program.