Red Flags FAQ; Pandemic
A bunch of regulators, including NCUA, recently issued a frequently asked questions document to provide guidance on the recent Red Flags Identity Theft Prevention rules. Access it here. I just love FAQs. I do. They are written in English. They address real-world problems that have surfaced since the rule was released. I just love, love love them. Here's a taste of what you'll find inside:
1. Do the Red Flags Rules, Card Issuersâ Rules, or Address Discrepancy Rules contain record retention requirements?
These three Rules do not contain specific record retention requirements. However, financial institutions and creditors must be able to demonstrate that they have complied with the requirements of the Red Flags and Card Issuersâ Rules, and users of consumer reports must be able to demonstrate that they have complied with the requirements of the Address Discrepancy Rules, in addition to any other applicable record retention requirements.
8. Are credit union service organizations (CUSOs) covered by the Red Flags Rules and Guidelines?
CUSOs, according to the Federal Credit Union Act, provide âÂÂservices which are associated with the routine operations of credit unionsâ and are âÂÂestablished primarily to serve the needs of its member credit unions, and whose business relates to the daily operations of the credit unions they serve.â 12 U.S.C. çç 1757(5)(D), (7)(I). A CUSO that is a âÂÂcreditorâ under the FCRA is covered by the Red Flags Rules and Guidelines issued by the FTC.
***
The WHO has officially declared a pandemic. What does this mean for compliance? The WHO lists the risk of a pandemic with phases, numbered one through six. We're now at WHO pandemic phase six. Some credit unions use the WHO stages to trigger different parts of their pandemic plan. You may want to check your pandemic plan to see what phase 6 triggers.