The program should be able to show red flags for identity theft and respond to the red flags while providing periodic updates about the program.
The rule only applies to SEC-regulated entities that are defined as “financial institutions” or “creditors” under the Fair Credit Reporting Act.
Click here to learn more.