New hedge fund mangers and persons who are considering starting their own hedge fund need to be aware that the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) amended the FAIR CREDIT REPORTING ACT (FCRA) to add the Commodity Futures Trading Commission (“CFTC”) and the Securities and Exchange Commission (“SEC”) to the list of federal agencies that must jointly adopt and individually enforce identity theft red flag rules. The Dodd-Frank Act provides for the transfer of rule making responsibility and enforcement authority to the CFTC and SEC with respect to the entities subject to each agency’s enforcement authority.
- First, the rules require financial institutions and creditors to develop and implement a written identity theft prevention program designed to detect, prevent, and mitigate identity theft in connection with certain existing accounts or the opening of new accounts. The rules include guidelines to assist entities in the formulation and maintenance of programs that would satisfy the requirements of the rules.
- Second, the rules establish special requirements for any credit and debit card issuers that are subject to the Commissions’ respective enforcement authorities, to assess the validity of notifications of changes of address under certain circumstances.
The CFTC’s “scope” subsection “applies to financial institutions and creditors that are subject to” the CFTC’s enforcement authority under the FCRA. The CFTC’s proposed definitions of “financial institution” and “creditor” describe the entities to which its identity theft red flag rules and guidelines apply.
The CFTC defines “financial institution” as having the same meaning as in section 603(t) of the FCRA. In addition, the CFTC’s definition of “financial institution” also specified that the term includes:
- any futures commission merchant (“FCM”), retail foreign exchange dealer (“RFED”),
- commodity trading advisor (“CTA”),
- commodity pool operator (“CPO”),
- introducing broker (“IB”),
- swap dealer (“SD”), or
- major swap participant (“MSP”) that directly or indirectly holds a transaction account belonging to a consumer.
Similarly, in the CFTC’s definition of “creditor,” the CFTC applies the definition of “creditor” from 15 U.S.C. 1681m(e)(4) to any:
- SD, or
- MSP that“regularly extends, renews, or continues credit; regularly arranges for the extension, renewal, or continuation of credit; or in acting as an assignee of an original creditor, participates in the decision to extend, renew, or continue credit.”
The CFTC has determined that the final identity theft red flag rules apply to these entities because of the increased likelihood that these entities open or maintain covered accounts, or pose a reasonably foreseeable risk to customers, or to the safety and soundness of the financial institution or creditor, from identity theft.
The SEC’s “scope” subsection provides that the final rules apply to a financial institution or creditor, as defined by the FCRA, that is:
- A broker, dealer or any other person that is registered or required to be registered under the Securities Exchange Act of 1934 (“Exchange Act”);
- An investment company that is registered or required to be registered under the Investment Company Act of 1940 (“Investment Company Act”), that has elected to be regulated as a business development company (“BDC”) under that Act, or that operates as an employees’ securities company (“ESC”) under that Act; or
- An investment adviser that is registered or required to be registered under the Investment Advisers Act of 1940 (“Investment Advisers Act”).
The following are illustrative examples of an SEC-regulated entity that could fall within the meaning of the term “financial institution” because it holds transaction accounts belonging to individuals:
- a broker-dealer that offers custodial accounts;
- a registered investment company that enables investors to make wire transfers to other parties or that offers check-writing privileges; and
- an investment adviser that directly or indirectly holds transaction accounts and that is permitted to direct payments or transfers out of those accounts to third parties.
For Registered investment advisers, even if an investor’s assets are physically held with a qualified custodian, an adviser that has authority, by power of attorney or otherwise, to withdraw money from the investor’s account and direct payments to third parties according to the investor’s instructions would hold a transaction account. However, an adviser that has authority to withdraw money from an investor’s account solely to deduct its own advisory fees would not hold a transaction account, because the adviser would not be making the payments to third parties. Registered investment advisers to private funds also may directly or indirectly hold transaction accounts. If an individual invests money in a private fund, and the adviser to the fund has the authority, pursuant to an arrangement with the private fund or the individual, to direct such individual’s investment proceeds (e.g., redemptions, distributions, dividends, interest, or other proceeds related to the individual’s account) to third parties, then that adviser would indirectly hold a transaction account. For example, a private fund adviser would hold a transaction account if it has the authority to direct an investor’s redemption proceeds to other persons upon instructions received from the investor.
Under the final rules, a financial institution or creditor that offers or maintains “covered accounts” must establish an identity theft red flag program designed to detect, prevent, and mitigate identity theft. To that end, the final rules discussed below specify: (1) which financial institutions and creditors must develop and implement a written identity theft prevention program (“Program”); (2) the objectives of the Program; (3) the elements that the Program must contain; and (4) the steps financial institutions and creditors need to take to administer the Program.
Back to Hedge Fund News and Articles