Iman Fund. Identify Theft Prevention Program

Transcription

1 Iman Fund Identify Theft Prevention Program Background The Federal Trade Commission adopted a rule, applicable to those investment companies that offer transaction accounts, requiring that investment companies establish and boards approve an identity theft prevention program by November 1, The rule impacts, for example, money market funds or any other investment company that permits shareholders to make payments or transfers to third parties such as through check writing or wire transfers. The Iman Fund (the Fund ), through its transfer agent, U.S. Bancorp Fund Services ( USBFS ), permits shareholders to direct payments and/or transfers to third parties with appropriate authorization and documentation. As such, the Fund is required to implement an Identity Theft Prevention Program (the Program ). Identity Theft Program Requirements The Program, which may include existing policies and procedures, must incorporate four requirements: 1. Identify relevant red flags. Identify patterns, practices or activities that indicate the possibility of identity theft for covered accounts and incorporate those red flags into the Program. Consider the following factors: the types of covered accounts offered/maintained, the methods provided to open them, the methods used to access the accounts and USBFS previous experiences with identity theft. 2. Detect red flags. Obtain identifying information about and verify the identity of people opening covered accounts, authenticate customers, monitor transactions and verify the validity of change of address requests. 3. Respond appropriately to any detected red flags. Provide appropriate responses to the red flags detected that are commensurate with the degree of risk posed. Consider aggravating factors that may heighten the risk of identity theft, such as a prior data security incident. Responses to red flags may include monitoring a covered account for evidence of identity theft, contacting the customer, changing passwords or security codes, reopening a covered account with a new account number, notifying law enforcement, or determining that no response is warranted. 4. Ensure that the Program is updated periodically. The Program should be periodically updated to reflect changes in risks to customers or to the safety and soundness of the financial institution with respect to identity risk. When determining whether it is time to update the Program, consider USBFS experiences with identity theft, changes in the types of accounts offered/maintained, and changes in USBFS business arrangements (i.e., any mergers, acquisitions or changes in service providers).

2 Appointment of Identity Theft Prevention Program Administrator As the Fund s transfer agent, USBFS appears to be in the best position to monitor for identity theft with respect to the shareholders of the Fund. As such, the Board of Trustees of the Fund (the Board ) has designated USBFS as the party primarily responsible for administering the Program of the Funds. Pursuant to an agreement between USBFS and the Fund, USBFS already provides many components of the Fund s theft and identity prevention program, on behalf of and subject to monitoring and review by the Fund. USBFS has already implemented both an Anti-Money Laundering ( AML ) program and a Customer Identification Program ( CIP ), parts of which are incorporated into the Program. The AML and CIP programs are supported and overseen by the Fund s Chief Compliance Officer (the CCO ) and the Fund s investment adviser Allied Assets Advisors. The Fund s CCO will act as the Identity Theft Prevention Program Administrator ( Program Administrator ). Identity Theft Program Administration To administer the Program, the Fund must: Obtain approval of the initial written Program from the Board by November 1, Involve the Board or the designated Program Administrator in the development, implementation, oversight and administration of the Program. Oversight of the Program should include assigning specific responsibility for the Program s implementation, reviewing reports prepared by USBFS regarding compliance and approving material changes to the Program as necessary to address changing identity theft risks. Reporting on the Program. Program Administrator should report to the Board at least annually on compliance with the rule. The report should address and evaluate material matters such as the effectiveness of the Program, significant incidents involving identity theft and management s response, service-provider arrangements and recommendations for material changes. Exercise appropriate and effective oversight of service provider arrangements. Program Administrator should take steps to ensure that the activity of any service providers is conducted in accordance with the Fund s Program designed to detect, prevent and mitigate the risk of identity theft. Reliance on USBFS Program The Fund has received from USBFS its Identity Theft Prevention Program (the USBFS Program ). The Program Administrator will review and oversee the implementation of USBFS Program. In complying with the rule, this Program relies on USBFS Program. The USBFS Identity Theft Prevention Program is attached as Exhibit A.

3 Identifying Relevant Red Flags The USBFS Program incorporates both a list of relevant red flags and criteria to be used to identify new relevant red flags. The Fund is relying on the USBFS Program to identify relevant red flags. Detecting Red Flags The USBFS Program contains procedures that USBFS will utilize to detect red flag activity. The Fund is relying on these procedures to detect red flags for its Program. Responding Appropriately to any Detected Red Flags The USBFS Program contains procedures that it will utilize to respond to any detected red flag activity. The Fund is relying on these procedures to provide an appropriate response to any detected red flag activity for its Program. Ensure that the Program is Updated Periodically. The USBFS Program contains provisions for a periodic review and updating, as required. The Program Administrator will monitor USBFS to ensure that there is a periodic review and, based on the results of such reviews, propose adoption by the Fund of such changes to the Fund s Program, as may be appropriate. Periodic Reporting The Program Administrator will provide a written report periodically, but not less than annually, regarding compliance with the Rule. The report will address material matters such as: The Administrator s evaluation of the effectiveness of the Program Significant incidents of identity theft with respect to the Fund s shareholders Management s response to such incidents Material changes to the USBFS Program Recommendations for material changes to the Program Oversight of Service Providers The Program Administrator is charged with the responsibility to monitor USBFS with respect to the implementation and the ongoing operation of the USBFS Program. The Program Administrator may request periodic reports and/or certifications from USBFS with respect to the operation of the USBFS Program. The Program Administrator, to the extent he/she deems it appropriate, may also make inquiries and conduct on-site visits of USBFS.

4 Responsibilities of USBFS USBFS shall be required to provide a prompt notification to the Program Administrator of any incident of identity theft with respect to the Fund and/or any regulatory inquiry or examination with respect to the operation of the USBFS Program. USBFS will provide the Program Administrator notice of planned staff training with respect to its Program so as to permit the Program Administrator to attend such training. Additionally with respect to staff training, upon request USBFS will make available to the Program Administrator training session agendas, summaries of topics covered, training materials, and attendance records. USBFS will promptly notify the Program Administrator of any material changes to the USBFS Program and will provide marked copies of the updated program to the Program Administrator. Coordination with the Trust s Compliance Program The Fund is incorporating this Program into the Fund s compliance program under Rule 38a-1. Adopted:, 2008

5 U.S. Bancorp Fund Services, LLC Identify Theft Prevention Program As of, 2008 Exhibit A