NCUA Issues Examination Guidelines for ID Theft Red Flags Rule

No Reprieve for Federal Credit Unions - Exams Begin Now
NCUA Issues Examination Guidelines for ID Theft Red Flags Rule
The National Credit Union Administration (NCUA) on Monday released its examination checklists for the Identity Theft Red Flags and Consumer Address discrepancies. The checklists were posted on the website.

In the letter to federal credit unions from Chairman Michael Fryzel he states that the new procedures are based on FFIEC guidance requiring financial institutions to have identity theft prevention programs in place to identify, detect and respond to patterns, practices or specific activities that could indicate identity theft. Examiners will use the new checklists to help evaluate the quality and effectiveness of a credit union's written program.

These examination procedures are in line with previous versions released by the Office of Thrift Supervision (OTS), Office of the Comptroller of the Currency (OCC) and Federal Deposit Insurance Corporation (FDIC)

A week before the November 1 deadline, the Federal Trade Commission (FTC) pushed back the date for enforcement of ID Theft Red Flags for state-chartered credit unions until May 1, 2009. Despite this action, federal credit unions are still expected to be in compliance now, says the NCUA.

Federal credit unions under the ID Theft Red Flags guidance are required to:

  • Periodically do risk assessment on covered accounts;
  • Establish and begin a written program, fitting the credit union's size, complexity and nature and scope of its business;
  • Include reasonable policies and procedures to:
    a) identify relevant red flags;
    b) detect red flags;
    c) respond appropriately to detected red flags; and
    d) ensure the program is updated periodically to reflect changes in risks;
  • Provide for continued administration of the program to:
    ensure initial proper approval;
    ob) ensure senior management involvement;
    c) address staff training; and
    d) ensure service provider oversight; and
  • Consider the guidelines in Appendix J.

What should federal credit unions expect during exams? "Credit unions should be prepared to be able to document their compliance with the rules," says John McKechnie, NCUA's media spokesperson. "If not in compliance, they should be able to effectively demonstrate what steps they have initiated to date to get into compliance and provide a documented timeline for eventual compliance."


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.