Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

Red Flags delay for state-chartered CUs
WASHINGTON (10/23/08)--Just about a week after federal credit union, bank and thrift regulators approved the examination procedures required to determine a financial institution's compliance with rules regarding identity theft "red flags" (12 CFR 222.90), the Federal Trade Commission (FTC) said it will suspend enforcement of the rule for six months until May 1, 2009. State-chartered credit unions fall under the FTC’s rules. The FTC said that its announcement and the release of an Enforcement Policy Statement do not affect other federal agencies’ enforcement of the original Nov. 1 deadline for institutions subject to their oversight. The National Credit Union Administration’s rule applies to federal credit unions. The FTC explained that it moved back its compliance timetable to give creditors and financial institutions “additional time in which to develop and implement written identity theft prevention programs.” The agency said that during its outreach effort, it found some industries and entities under the FTC’s jurisdiction were uncertain about their coverage under the rule. “Many entities also noted that, because they generally are not required to comply with FTC rules in other contexts, they had not followed or even been aware of the rulemaking, and therefore learned of the Rule’s requirements too late to be able to come into compliance by Nov. 1, 2008. "The Commission’s delay of enforcement will enable these entities sufficient time to establish and implement appropriate identity theft prevention programs, in compliance with the rule,” the FTC said in a release. Although the Credit Union National Association (CUNA) recognizes that the FTC's action is primarily directed at non-financial institution creditors not aware of these rules until recently, CUNA has contacted the NCUA to seek clarification regarding the extent to which that agency might apply this suspension to federal credit unions. The FTC’s delay does not apply to address discrepancy rules that were issued at the same time as the Red Flags rules. The Red Flags Rule was developed to implement parts of the Fair and Accurate Credit Transactions (FACT) Act of 2003. Under the rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. A covered account generally is a consumer account or any other account the institution determines carries a foreseeable risk of identity theft. Earlier this month, the federal credit union, bank and thrift regulators approved the examination procedures required to determine a financial institution's compliance with identity theft "red flags" rules (12 CFR 222.90) and other regulations under the Fair Credit Reporting Act (FCRA). Use the resource link below to interagency exam procedures.
Other Resources

RSS print
News Now LiveWire
Goodwill Industries latest to report data security breach
13 hours ago
CUNA economist Schenk discusses regulators' focus on interest-rate risk. See CU Magazine:
14 hours ago
Fed issues annual report on general-use prepaid cards in gov't-administered payment programs.
15 hours ago
Children in foster care face higher risk of identity theft via @NBCNews
15 hours ago
.@Cornerstone_CUL's leadership conference includes food drive for San Antonio food bank
16 hours ago