ALEXANDRIA, Va. (11/3/08)—The National Credit Union Administration (NCUA) said Friday that for credit unions not in compliance as of Nov. 1 with the identity theft “red flags” rule, examiners will consider the credit union’s progress and compliance efforts to date when developing appropriate plans for corrective action. In an official letter, the NCUA communicated to credit unions the “red flags” examination procedures adopted earlier this month by the Federal Financial Institutions Examination Council (FFIEC), comprised of the NCUA and the federal bank and thrift regulators. The NCUA also reaffirmed that the effective date for federal credit union compliance with the “red flags” rule remained Nov. 1. Earlier this month—and just about a week after the FFIEC approved the examination procedures to determine compliance--the Federal Trade Commission (FTC) said it would suspend compliance enforcement of the rule for six months until May 1, 2009. The FTC action covered state-chartered credit unions, along with a broad array of other entities. At that time, the FTC stated that its delay did not affect other federal agencies' enforcement of the original Nov. 1 deadline. The agency explained that it moved back its compliance timetable to give creditors and financial institutions "additional time in which to develop and implement written identity theft prevention programs." The agency said that during its outreach effort, it found some industries and entities under the FTC's jurisdiction were uncertain about their coverage under the rule. After the FTC action, however, federal credit unions questioned whether the NCUA might act to put federal and state credit unions on the same compliance schedule and the Credit Union National Association pursued clarification. In fact, CUNA President/CEO Dan Mica sent a letter to the NCUA Thursday asking for clarification regarding FTC’s decision to delay the enforcement date. The letter was a follow up of CUNA’s earlier discussions with NCUA staff. CUNA received a response that clarified that examiners will be flexible. The identity theft “red flags” rule, along with a companion rule governing how to handle address discrepancies on consumer reports, was issued under the Fair and Accurate Transactions Act of 2003 (FACT Act) and became effective Jan. 1 this year. The "red flags" rule requires an institution to develop and implement a written identity theft prevention program designed to detect, prevent, and mitigate identity theft in connection with any new or existing "covered account." A covered account generally is a consumer account or any other account the institution determines carries a foreseeable risk of identity theft. The address discrepancy rule, in part, requires a user of consumer reports to develop reasonable policies and procedures to confirm that the report relates to the consumer whose report was requested when there is an address discrepancy. To assist credit unions in compliance, the NCUA announced it will issue an examiner checklist to review for compliance during exams which will be sent via express to all credit unions early next week.