ARLINGTON, Va. — With the majority of credit unions now in compliance with Red Flag rules, a key question still on the table is: "What will regulators exactly be looking for during upcoming exams?"
That's the status of CUs and Red Flag, summed up NAFCU and CUNA, who shared that they never sensed a great deal of confusion from credit unions about how to comply with the identity theft guidelines or shifting compliance deadlines.
Previous reports in Credit Union Journal, however, indicated that there has been confusion among credit unions regarding Red Flag rules and concerns about meeting the compliance deadlines.
Questions Being Asked
"Most of the questions I had been getting from credit unions were along the lines of what do you think regulators really want to see in the finished product," shared Anthony Demangone, NAFCU director of regulatory compliance. "For example, if you compared what credit unions were asking me about Red Flag to questions about cars, they were not asking how to drive the car, but what the car should look like - what color should it be and should it have a CD player or AM/FM radio."
Valerie moss, CUNA director of compliance, confirmed that "for the most part credit unions have been doing a very good job with Red Flag compliance. The questions have been more about what the regulators are expecting. We are waiting for feedback from credit unions as examiners start coming in."
Both Moss and Demangone said the questions they received about Red Flag stopped after Nov. 1, indicating that most CUs feel they are compliant. Both credit union trade organizations reminded that NCUA's Nov. 1 deadline for federally chartered CUs to comply with Red Flag never changed, but the FTC pushed back its Nov. 1 deadline twice. The current deadline, which state-chartered CUs follow, is Aug. 1. The FTC delays resulted, Moss and Demangone explained, due to lack of readiness from other entities, such as car dealers and finance companies.
According to the National Association of State CU Supervisors (NASCUS), despite the FTC deadline extensions, most state-chartered CUs are now Red Flag compliant. "We are not aware of any credit union that is not in compliance with the Red Flag rules," stated Brian Knight, NASCUS SVP-regulatory affairs.
With NCUA's deadline well past, John McKechnie, director of public and congressional affairs, says NCUA examiners just received the examination procedures and started reviewing credit union ID theft Red Flag programs. "Initial observations derived from the examination process indicate that CUs seem well versed in the Red Flag rules," he said. "NCUA has issued FFIEC examination guidance for FCUs that is explicit about their obligations. Also, FFIEC agencies and the FTC are preparing to release an FAQ on the Red Flags and address discrepancy rules to cover inquires the agencies have recently received. NCUA will release the FAQs under cover of a letter to credit unions. State charters can reference the FCU guidance for compliance help, but should be mindful that they are subject to FTC jurisdiction on this issue."
