PE may be caught by SEC identity theft rule

GPs registered with the agency may need controls in place to prevent imposters from stealing LPs’ cash.

The US Securities and Exchange Commission (SEC) has adopted a rule this week requiring registered investment advisors to create programs capable of detecting and responding to indicators of possible identity theft, though the rule’s impact on private equity managers is not entirely certain.  

The litmus test for the rule’s applicability may rest in whether a fund allows LPs to direct any due distributions to a third party group, said one private equity lawyer, adding private equity funds generally do not exhibit this feature. The concern is a criminal posing as one of the fund’s LPs, a high-net worth investor for example, could order a GP to distribute proceeds to a “family relative” or other third party account. 

The rule applies only to SEC-regulated entities that meet the definition of “financial institution” or “creditor” under the Fair Credit Reporting Act. Multiple private equity lawyers speaking with PE Manager said it was not entirely clear when a GP would meet that definition. 

The final rule notes that investment advisers who can direct transfers or payments from accounts to third parties upon an investor’s instruction, or an agent of that investor, are susceptible to the same identity theft risks as other financial institutions. 

GPs that safe keep investors’ assets at a qualified custodian, such as a bank or broker-dealer, do not necessarily meet compliance with the rule, the SEC said, arguing an imposter using an LP’s identity could order the GP to withdraw said assets. 

In a statement Mary Jo White, confirmed as SEC chairman this week, said the rules “are a common-sense response to the growing threat of identity theft to all Americans who invest, save, or borrow money”. 

The final rules will become effective 30 days after publication in the Federal Register, and the compliance date will be six months after the effective date.