A covered account generally refers to an account maintained for a consumer or individual customer where there is a risk related to identity theft or unauthorized access to customer information. A personal margin account owned by an individual client would fit this concept.

Institutional accounts are generally not treated as covered accounts for this purpose. Banks, pension funds, hedge funds, and investment companies are institutional customers, so their accounts would not be the best answer.

Cybersecurity concerns arise when records or client information are stored, accessed or transmitted electronically. Electronic financial records, personal devices used by independent contractors, and home computers containing firm records can all create cybersecurity risks.

Paper only records locked in a filing cabinet may create physical security concerns, but they do not create the same cybersecurity risk because cyber fraud involves electronic systems, devices, or data access.

A notice of an address change that the account holder did not request is a potential identity theft red flag. It may indicate that someone is trying to redirect account information or gain access to the account.

A promotional balance transfer offer is common and is not usually a red flag by itself. Receiving a replacement credit card before the current card expires is also normal. A routine monthly account statement is expected and does not suggest identity theft unless it contains unusual or unauthorized activity.

A covered account generally includes consumer accounts where there is reasonably foreseeable risk of identity theft or unauthorized access. Personal brokerage accounts, margin accounts, and individual consumer loan accounts can all create identity theft concerns.

A business account owned by a large publicly traded company is least likely to be treated as a covered account. Business accounts are generally not included unless the business is small or structured in a way that creates a foreseeable risk to customers due to weaker internal safeguards.

This situation includes several possible identity theft red flags. The caller does not sound like the client, uses a different name than the client normally uses, and requests a large wire transfer to an overseas account. Even though the caller gives an excuse for the different voice, the combination of facts should cause concern.

Regulation SP deals with the privacy of customer information for financial institutions. It requires financial institutions to protect customer information and provide privacy notices regarding how customer information may be used or shared.

Regulation D relates to private placement and includes the accredited investor definition. HIPAA deals with health information privacy, not financial institution customer privacy. The Affordable Care Act deals with health care law and is not the securities regulation being tested.

A covered account generally refers to a personal or family account maintained at a financial institution where there is a reasonably foreseeable risk of identity theft or unauthorized access. These accounts require safeguards to help protect customer information.

A covered account is generally a personal, family, or household account that permits multiple payments or transactions. The key concern is that repeated access to funds or account activity creates a greater risk of identity theft or unauthorized transactions.

SEC Regulation S-ID requires certain broker dealers and investment advisers to have programs designed to detect, prevent, and mitigate identity theft. An investment adviser may be covered when it has the ability to direct transfers or payments from individual client accounts to third parties based on the client's instructions.

One major difference between identity theft and physical theft is that identity theft may not be discovered right away. A person might not realize their identity has been stolen until unusual account activity appears, credit problems develop, or unauthorized accounts are discovered.