CUSOs and corporate credit unions are covered by the federal regulations on establishing a system for detecting and preventing identity theft, but they don't apply to foreign branches of U.S. financial institutions.
Those are some of the facts contained in a document recently issued by the NCUA and other regulatory agencies to provide guidance on Red Flag rules. The information is contained in FAQ form. In addition to the NCUA, the other agencies are the Federal Reserve, the FDIC, the Office of the Comptroller of the Currency, the Office of Thrift Supervision and the Federal Trade Commission.
While the rules don't contain record retention requirements, financial institutions are required to show they have complied with the rules outlined.
The explanatory document can be found at www.ncua.gov.
The Red Flag regulations have been in effect since Nov. 1 for NCUA-regulated credit unions. The Federal Trade Commission enforces state-chartered credit unions' compliance, and those credit unions must have their compliance plans in place by Aug. 1.