Observations from B-D and IA exams related to prevention of identity theft under Reg S-ID

"Programs must include reasonable policies and procedures to identify relevant red flags for covered accounts offered by the firm and incorporate those red flags into the Program"