By Erica Williams and Sunil Shenoi ( September 27, 2018, 5:24 PM EDT) -- On Sept. 26, 2018, Voya Financial Advisors Inc. settled charges with the U.S. Securities and Exchange Commission regarding alleged violations of SEC rules relating to the protection of customer information and the prevention of identity theft. The Voya settlement represents the first SEC enforcement action involving the Identity Theft Red Flags Rule, Rule 201 of Regulation S-ID (17 C.F.R. § 248.201),[1] which requires certain financial institutions and creditors, including broker-dealers and investment advisers, to develop and implement a written identity theft prevention program designed to detect, prevent and mitigate identity theft in connection with the opening of a covered account. It also represents only the third SEC action involving the Safeguards Rule, Rule 30(a) of Regulation S-P (17 C.F.R. § 248.30(a)), which requires broker-dealers and registered investment advisers to adopt written policies and procedures designed to protect against unauthorized access to customer information. The Voya settlement provides a critical data point in evaluating how the SEC plans to enforce these two rules going forward. Specifically, the Voya action provides guidance on the types of policies that are not likely to be reasonable under these rules, the role that consumer or investor harm and materiality play in the enforcement of these rules, and how the SEC will monitor companies' compliance with these rules going forward....