If a credit union collects more identifying information than necessary during account opening, what must be done with this information?

The correct answer highlights the regulatory requirement for retaining customer information collected during the account opening process. Specifically, under the Bank Secrecy Act (BSA) and related regulations, financial institutions, including credit unions, are often required to keep certain records for a minimum period. While the precise duration can vary depending on specific circumstances and applicable regulations, a five-year retention period is a common standard for many customer identification and transaction records.

When a credit union collects personal identifying information beyond what is necessary, it still has an obligation to manage this data in compliance with legal standards. Therefore, retaining this information in accordance with regulatory requirements ensures that the credit union maintains transparency and accountability in its operations. It also allows the institution to access this information if needed for investigations or audits.

If this information is not retained appropriately, the credit union could face compliance risks, including regulatory scrutiny or penalties. Understanding the importance of data retention helps credit unions balance their operational needs with regulatory obligations.