it seems the actual intent of S2155 was to provide access to online banking and not hinder that process. Based on this discussion below, you could retain a copy of the photo ID for "valid business purposes".....
https://www.nafcu.org/compliance-blog/plain-english-reading-s2155s-id-retention-provisionThe plain reading of the deletion section of the bill seems to indicate that unless federal BSA laws require the credit union to keep a copy or image of a member's ID, the credit union would have to permanently destroy this copy/image after using it for one of the three purposes. And as it is the case, current BSA laws do not require the retention of a copy/image of the member's ID.
Section 1020.220 of the BSA only requires credit unions to "record a description of any documents that were relied on, noting the type of document, any identification number contained in the document, the place of issuance and, if any, the date of issuance and expiration date†rather than the scanning or copying of a member's ID. For those reasons, if the account, service or product requested online requires the member's ID for verification purposes, it seems that the credit union may now be required to permanently delete this record after using it for those purposes.
The good news here is that NAFCU's legislative affairs team raised this issue during consideration of the bill and we were informed Congress was reading the legislative language to mean credit unions can keep the member's ID for as long as they need it for a valid purpose, such as for the credit union's CIP. Our legal intern also sorted through the legislative history of the bills to find the Congressional intent behind the destruction section and found that this was added to end the practice of selling consumer's personal information by financial institutions. The legislative history also did not indicate intent to upend use of this information for viable and legitimate business purposes.
Additionally, keeping in mind the main Congressional intent of the MOBILE Act was to make online account opening easier, it may be arguable that Congress did not want to affect the use of a member's identification for other legitimate business purposes aside from online account opening/verification such as fraud prevention. For example, this part of the Congressional Record stresses that S.2155 was not intended to interfere with current operations of financial institutions, but to allow greater access to small banks and credit unions for consumers in underserved or unserved regions.