(The news featured below is a selection from the news covered in SEC Today, which is distributed to subscribers of SEC Today.)

SEC Official Reviews Developments In Identity Theft

John Walsh, an associate director and chief counsel in the SEC's Office of Compliance Inspections and Examinations, said that his office has recently initiated a new sweep examination for identity fraud in response to an increase in the number and sophistication of identity thieves. Identity thieves appear to be directing increased attention at the securities business, he said, so compliance professionals should ensure that their policies and procedures to prevent such fraudulent activities are effective. Walsh also noted that the President's Task Force on Identity Fraud will soon issue a public report that should provide helpful information on identity theft. Walsh's remarks to the NRS fall compliance conference were posted on the SEC's Web site.

Compliance professionals should consider the risk of identity fraud when they review their firm's risk profile, according to Walsh. Identity theft is one of the fastest growing crimes in America, he said, with a number of variations aimed at the securities business. Walsh described the forms of identity theft the staff has identified, including family fraud, where a family member gains access to a customer account. This was the most common variation of identity theft when the staff first began to look at this problem in its examinations several years ago, according to Walsh.

The classic account takeover fraud occurs when a stranger gains access to an account, sells the positions and wires the proceeds to another, often foreign, jurisdiction. The trading account takeover fraud is the latest development, Walsh said, which involves a stranger who takes control of an account and uses it to trade. The account may be used to buy securities that the thief wishes to unload, or it may be used to run a pump-and-dump scheme. The alias fraud is where identity thieves use their own money but use the victim's identity as cover for trading or money laundering schemes.

Walsh noted that victims of identity fraud can suffer more than financial harm. There is a lot more at stake than direct financial loss, he said. Walsh urged compliance professionals to re-read NASD Notice to Members 05-49 on safeguarding confidential customer information. He recommended it for advisers as well, even though it is not directed at them. He said that NASD members should consider whether to conduct periodic audits for potential vulnerabilities in their systems to ensure that customer records and information are safe from unauthorized access.

Walsh said that NASD members should inquire about the firm's front-end access controls for online accounts. If the identity thieves are able to get past the front-end controls, the damage is done, he said. Walsh also recommended a publication by the National Institute of Standards and Technology called the "Electronic Authentication Guideline" which recommends that firms determine the level of risk in granting access and the levels of control that should be imposed based on that risk. NIST recommends that the highest level risks be protected by multi-factor authentication.

Walsh encouraged firms to review their educational materials that are provided to customers, including any information on their policies for any losses due to identity theft. Finally, he urged firms to be alert to new developments since identity theft is a rapidly evolving area.