Catherine M. Anderson and Gabrielle A. Bernstein of Foley Hoag LLP write:
On April 10, 2013, the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) jointly adopted identity theft red flags rules (the Rules) and corresponding guidelines requiring certain SEC and CFTC-regulated entities to implement identity theft prevention programs. The Rules took effect on May 20, 2013, with a compliance date of November 20, 2013.
Read more on Lexology.