Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank



Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations




FDIC Federal Register Citations

August 30, 2002

Financial Crimes Enforcement Network
Section 326 Rule Comments
P.O. Box 39
Vienna, Virginia 22183

Dear Sir or Madam:

M&T Bank Corporation ("M&T") appreciates the opportunity to comment on the proposed customer identification rules issued under section 326 of the USA PATRIOT Act ("Patriot Act"). M&T is a bank holding company that which provides regional, community-based banking services as well as securities and insurance services to American consumers and businesses primarily in New York State, Pennsylvania, Maryland and West Virginia through its subsidiary corporations, Manufacturers and Traders Trust Company, M&T Mortgage Corporation, M&T Securities, Inc., M&T Bank, N.A. and others.

M&T strongly supports the federal government's efforts to combat money laundering and related activities that help finance global terrorism and commends the Treasury Department ("Treasury") and the other federal regulatory agencies1 involved for drafting rules pursuant to section 326 of the Patriot Act that establish a reasonable framework for obtaining, verifying and retaining customer identifying information.

M&T is concerned, however, that several important aspects of the proposed rules miss the mark. In particular, M&T is troubled by some of the definitions used in the rules and Treasury's decision to impose undifferentiated identification and verification requirements on all signatories on all accounts (which includes many individuals who pose negligible, if any, risk of money laundering). M&T also believes that the rules should (a) more broadly permit financial institutions to share the customer identification and verification duties with other financial institutions (particularly affiliates), so as to avoid each institution having to undertake duplicative customer identification efforts, (b) clarify and reduce some of the burdensome recordkeeping requirements and (c) not burden financial institutions with providing notices to customers of the effect of the regulations.

In addition, M&T urges Treasury to give financial institutions some period of time (at least twelve months) after publication of the final rules to put in place and implement their customer identification programs. Such a transition period will be necessary to permit financial institutions to make the significant systems, procedural and other changes necessary to comply with the new rules. To this end, M&T believes that Treasury has significantly under-estimated the burden and compliance costs of the new rules and, thus, has not appreciated the amount of time that it will take to establish the required customer identification programs.

1. Key Definitions

A. "Account"

M&T supports Treasury's decision to define the term "account" in the bank customer identification rules as a "formal" banking or business relationship established to provide "ongoing" services, dealings or other financial transactions. That definition, as Treasury clarifies in the preamble to the bank rules, is not intended to apply to infrequent transactions such as an occasional purchase of a money order or wire transfer.

The definition of "account" in the other proposed rules, however, does not appear to incorporate this necessary concept of providing "ongoing" services. As such, isolated and one-time transactions may be captured by the definition used in the securities and futures rules, although clearly no account relationship has been established. M&T urges Treasury to clarify whether other relationships such as sales of travelers checks, sales of stored value cards, leasing of safe deposit boxes, etc. fall within or outside the definition of "account."

M&T urges Treasury to adopt the bank rules' definition and to apply it uniformly in all of the customer identification rules. In M&T's view, isolated transactions (regardless of the type of financial institution involved) should not be subject to the requirements of these rules. Inclusion of such transactions in the "account" definition could create significant compliance issues for firms without advancing the customer identification objectives of section 326 of the Patriot Act.

M&T also requests that Treasury clarify whether the definition of "account" includes situations where the bank is appointed as trustee of an inter-vivos trust or executor of a will. Even though a bank may have ongoing fiduciary obligations in these situations, these transactions do not establish "accounts" for particular persons. Rather, the bank holds and administers the assets of the trust or estate and functions as its own customer. Hence M&T Bank would urge Treasury to rule that these situations fall outside the definition of "account."

B. "Customer"

The term "customer" is given a two-part definition in each of the proposed rules. First, the term is defined in the mutual fund, broker-dealer and futures rules to include any person who opens a new account with a covered financial institution. In the bank rules, the term is defined slightly differently to include anyone who is "seeking" to open a new account. Second, in the mutual fund, broker-dealer and futures rules, the term includes any person who is granted authority to effect transactions with respect to an account; in the bank rules, the term includes any signatory on an account (either when the account is opened or added subsequently).

M&T requests that Treasury make clear that the first part of the definition -- in the bank rule and elsewhere -- applies only to persons who actually open new accounts. M&T believes, from reading the preamble to the bank customer identification rules, that Treasury did not intend to include as "customers" those persons merely seeking information on an account. Nevertheless, to avoid confusion and uncertainty, M&T suggests that the definition of "customer" in the text of the bank rules be revised to be the same as is in the other rules.

More importantly, M&T urges Treasury to reconsider the second half of the "customer" definition used in each of the rules. As drafted, this part of the definition would include as "customers" all individuals who have authority to sign for or act on behalf of (a) federal, state and municipal governments and their respective subdivisions, agencies or authorities, (b) school districts, (c) educational institutions, (d) pension plans, (e) publicly traded corporations, (f) domestically incorporated, established, privately-held companies, (g) domestic banks, and/or (h) other similar entities. A substantial number of individuals have such authority, and their ranks regularly change as personnel are hired, transferred, promoted, and resign. Obtaining personal information about each of these individuals throughout the life of an account relationship would be highly burdensome for the financial institutions involved and would do little (if anything) to further the Patriot Act's anti-money laundering goals. In implementing its Anti-Money Laundering program, M&T has had experience with asking for social security numbers and dates of birth from authorized signers of such organizations and has encountered resistance and objection on personal privacy grounds. Not only is such information of little or no benefit in furthering the Patriot Act's anti-money laundering goals, requesting it is highly objectionable to employees of these kinds of organizations.

M&T respectfully submits that employees with authority to sign on accounts maintained by (a) federal, state and municipal governments and their respective subdivisions, agencies and authorities, (b) school districts, (c) established universities, (d) pension plans, (e) publicly traded corporations, (f) domestically incorporated, established, privately-held companies, (g) domestic banks and/or (h) other similar entities present little or no money laundering risk. Indeed, it is difficult to understand the value of getting personal information (including social security numbers and dates of birth) from each of the thousands of affected employees who may be authorized to sign on or effect trades through a firm or entity account. Rather than advancing anti-money laundering goals, this requirement will merely create significant administrative burdens for covered financial institutions (who will have to monitor when employees change and then have to obtain identifying information from each new employee, verify that information, and keep records on each of these employees for the life of the entity's account) and divert valuable resources from other anti-money laundering efforts.

M&T believes that Treasury's definition is designed to ensure that nefarious individuals do not hide behind corporate forms and other legal shells. M&T suggests that Treasury's rule should be aimed more precisely at entities and individuals that pose a meaningful risk of illicit activities and, at the same time, avoid placing burdens on well-known entities and their employees that pose a negligible risk of money laundering.

To meet its objectives, M&T Bank urges Treasury to take a risk-based approach, pursuant to which financial institutions would not have to obtain information on individuals with signatory or trading authority over accounts maintained by (a) federal, state and municipal governments and their respective subdivisions, agencies and authorities, (b) school districts, (c) established universities, (d) pension plans, (e) publicly traded corporations, (f) domestically incorporated, established, privately-held companies, (g) domestic banks and/or (h) other similar entities. Banks, broker-dealers and other covered financial institutions would, however, have to look past the legal entity that is the customer if the financial institution believed that the entity presented a heightened risk of money laundering (e.g., it was located or incorporated in a foreign jurisdiction identified as non-cooperative in the fight against money laundering). To the extent that minimum information is required from signatories for such entities, those minimum requirements should not require social security number or date of birth from signatories.

M&T Bank also requests that Treasury clarify that beneficiaries of trusts and escrow accounts and participants in employer-sponsored retirement plans are not "customers" for purposes of the rules. Beneficiaries of trusts and escrow accounts may, in certain circumstances, have authority over accounts - sometimes for a temporary period as an account is being closed. Similarly, participants in retirement plans may have the option to self-direct their plan assets, which authority, under the rule's literal reading, would make these participants "customers." In many of these situations, financial institutions will not have the ability to perform customer identification procedures with respect to beneficiaries and plan participants. For example, a person may be named as a beneficiary of a trust when he or she is an infant and may, 18 years later, have authority to effect trades through the trust account. It makes no sense for a financial institution to have to ask for identification information from a beneficiary at the creation of the trust (at which time the beneficiary may not have identification information) or to ask for information at a later point, when a beneficiary has authority to access the trust assets. Financial institutions should not, in these situations, have to 'look through' trusts, escrow accounts, and retirement plans to identify beneficiaries and plan participants so long as financial institutions perform adequate due diligence on the entity or person establishing the trust, escrow account or retirement plan.

M&T Bank requests that Treasury clarify whether parties involved in corporate or Industrial Development Agency bond transactions fall within the definition of "customer" for purposes of the rules. In these transactions, it is often not clear who the customer of the bank is. In IDA transactions, the IDA is a pass-through for the funding and has only minimal involvement after the issuance. In other cases, where public authorities are involved as the issuer of the bonds, the authority remains involved. Regardless of the level of activity that the issuer of the bonds may have after the initial issuance, it is not clear that there is any one party that is the "customer." The bank's role as trustee in such transactions is defined in the bond documents and in that capacity, the bank is arguably its own customer. Moreover, the specific duties and obligations of the parties in these transactions is different from one transaction to another.

Finally, M&T Bank requests that Treasury clarify that when the bank is appointed as an executor of a will or trustee of an inter-vivos trust, no other party involved (i.e., testator, settlor or beneficiary) falls within the definition of "customer" for purposes of the rules. In these kinds of transactions, it is likewise unclear who the customer of the bank is.

2. Reliance on Other Financial Institutions

The broker-dealer and futures rules provide, quite helpfully, that when futures commission merchants, securities firms and other covered institutions share account relationships, the two firms may allocate customer identification responsibilities; the two firms need not duplicate their identification efforts. M&T strongly supports the decision to authorize the allocation of customer identification efforts among entities that work together in servicing an account. M&T particularly applauds the acknowledgement in the mutual fund rule that the customer identification process may be "best performed by personnel of . . . [an] affiliated or unaffiliated service provider." These decisions are based on common sense: some entities are better positioned than others to perform customer identification tasks, and when a task has been performed by one institution, there is no reason for another institution to perform the same task with respect to the same customer.

Although the proposed rules incorporate this common sense, they do so inconsistently. Unlike the proposed securities and futures rules, the proposed rules for banks do not appear to authorize the contractual delegation of customer identification responsibilities. This is an inconsistency in the rules: there is no reason to preclude banks or any other financial institutions from allocating customer identification responsibilities by contract.

Furthermore, where one financial institution has confirmed that another has obtained and verified information in accordance with an applicable customer identification rule, the proposed rules should authorize reliance on that information whether or not there is formal contractual allocation of customer identification responsibilities. In these circumstances, the rules should not require duplication of efforts. Thus, for example, when a broker-dealer knows that a customer has an account with a U.S. bank and has confirmed (by means of an oral or written reference from the bank, through receipt of an introductory letter from the bank, or through other similar means) that the bank has performed its customer identification responsibilities, the broker-dealer should be permitted to rely on the bank's compliance rather than duplicating efforts.

In addition, the rules should permit broad reliance on identification by an affiliate for so long as there is no violation of the Fair Credit Reporting Act. For example, when a customer has opened an account with a broker-dealer, the broker-dealer's affiliated bank should be allowed to rely on the fact that the necessary identification steps have been performed by its affiliate (likely according to a customer identification program that is identical to the one in place at the bank). It makes little sense for both affiliates to ask the customer to provide identical information, to have to take the same verification steps, and then be subject to duplicative recordkeeping requirements.

3. Non-Documentary Verification Methods.

Section 103.121(b)(2)(ii)(B) which covers non-documentary verification methods states, "Other verification methods may include contacting a customer; independently verifying documentary information through credit bureaus…" M&T Bank requests that Treasury clarify what this means in light of the fact that the section deals with non-documentary methods of verification in the first place.

4. Recordkeeping Requirements

Treasury's rules set forth certain recordkeeping procedures that must be included in customer identification programs. In general, the rules require financial institutions to maintain records of (1) identifying information provided by the customer; (2) the documentary and non-documentary methods used to verify a customer's identification; and (3) the resolution of any discrepancy in the identification information obtained. Financial institutions must retain such information and records for five years after the date that an account is closed.

M&T has concerns with respect to the verification records that are required to be maintained. First, it is unclear how firms are required to document searches and other non-documentary steps that may be taken, particularly when such searches reveal no negative information. Treasury should clarify what records will suffice in such situations. Second, in many instances, financial institutions may rely on third-party service providers to conduct the necessary verification steps. M&T asks Treasury to make clear that financial institutions be permitted to use third parties to perform the necessary tasks and to maintain the required records.

M&T agrees that it is reasonable to require financial institutions to record and retain identifying information supplied by a customer and evidence of its verification for the life of the customer's account plus five years (provided that customer is defined more narrowly, as set forth above)2. Such information may be kept with other account opening documentation and information that institutions ordinarily retain for the life of an account. Additionally, M&T would urge Treasury to clarify that it is not necessary to retain copies of identity verifying documents (or non-documentary methods) used during account opening but merely to record the information from those verifying documents (or non-documentary methods) as evidence that those documents (or non-documentary) were reviewed. M&T strongly believes that it is the actual review of the identity verifying documents (or non-documentary methods), and not their retention, that is the significant event for purposes of identifying a possible terrorist or money launderer. Moreover the fact that the information was recorded provides evidence of the fact that the verifying document or verifying method was actually reviewed rather than simply obtained. (An individual could photocopy a driver's license and attach it to an account opening form without ever actually looking at the driver's license - but that individual has to review the driver's license to transfer information from the driver's license onto the bank's records).

It is extremely burdensome for financial institutions to retain verification and discrepancy resolution information for the required time period. The requirement to keep safe -- for the life of an account plus five years -- all information regarding databases that have been searched or other verification due diligence steps that were taken is, in M&T's view, beyond what is necessary to advance legitimate anti-money laundering objectives. M&T submits that as long as identification information is recorded in a manner that reflects the documentary or non-documentary verification method used, there is little value in preserving copies of documents used to verify identity. In addition, this aspect of the recordkeeping requirement is exceedingly burdensome for financial institutions because, contrary to Treasury's belief, such recordkeeping is decidedly not usual or customary in the industry.

5. Duty to Provide Notice.

Section 103.121(b)(5) requires financial institutions to provide adequate notice that information to verify their identity will be required. In M&T's view, this is an unnecessary burden. Requiring financial institutions to advertise the effect of the regulation in addition to complying with the regulation by obtaining the information adds an additional, unnecessary compliance burden and attendant cost and expense. Customers will be well aware of the fact that the information is required at the time it is requested from them. If this section is aimed at disclosing to the customer the method of verification that the bank may use, then, M&T requests that Treasury clarify what notice that would be "adequate." In other words, is it sufficient to generally notify customers that the bank will verify information provided or alternatively is it necessary to tell the customer what means will be used to verify the information.

6. Effective Date and Costs

Finally, M&T requests that Treasury give financial institutions at least twelve months from the date of a final rule to put into place and implement the required customer identification programs. Drafting and implementing a customer identification program will require various steps, each of which will take time to complete. First, a written program will have to be developed and approved by appropriate boards of directors (or similar bodies). Second, to implement the program, account opening documents and processes likely will need to be revised. Employees - both those with direct customer contact and administrative personnel who process new account forms and applications - will need to be trained. Most importantly and what will likely take the most time is that computer systems will need to be reprogrammed to accept the newly required information and recordkeeping functionalities also will need to be changed.

In this regard, M&T notes that Treasury has significantly underestimated the compliance burden associated with the new procedures. For example, in the broker-dealer proposal, Treasury and the Securities and Exchange Commission believe that establishing a compliance customer identification program will cost a broker-dealer only $2,244. M&T submits that setting up a program - given the complexity of operations involved, range of services and products affected, and number of customers impacted - will be a far more expensive endeavor. Setting up a program will require significant compliance and in-house (and possibly outside) legal work. Also, business lines will need to be consulted, because whatever program is adopted will need to fit the different business lines affected.

To accomplish the various tasks set forth above, firms will require some additional time from the date of a final rule. In prior rulemakings, Treasury has been willing to defer statutory compliance dates to give industry an opportunity to make the necessary operational and systems changes. We ask that Treasury do the same here and give all industry participants twelve months from the date of a final rule to have in place and fully functioning their required customer identification programs.

M&T greatly appreciates Treasury's consideration of these comments. If Treasury staff or other functional regulators involved have any questions regarding M&T's views on the proposed rule, please do not hesitate to contact me at (202) 289-4322.

Sincerely,

John C. Krenitsky


1  Each of the agencies and the Office of Management and Budget is receiving a copy of this letter.

2  If customer is not defined more narrowly but continues to include all individuals, for example, who have authority to sign on a corporate account, M&T suggests that it is not reasonable to require financial institutions to maintain identification information with respect to such individuals for the life of the corporate account. A corporate account may be maintained for decades and hundreds of individuals may, at various times, have authority to sign on or direct transactions through that account.

cc: Securities and Exchange Commission
450 Fifth Street, NW
Washington, DC 20549-0609

Commodity Futures Trading Commission
Three Lafayette Centre
1155 21st Street, NW
Washington, DC 20581

Office of the Comptroller of the Currency
250 E. Street, SW
Public Information Room, Mailstop 1-5
Washington, DC 20219

Secretary
Board of Governors of the Federal Reserve System
20th Street and Constitution Ave., NW
Washington, DC 20551

Executive Secretary
Attention: Comments/OES
Federal Deposit Insurance Corp.
550 17th Street, NW
Washington, DC 20429

Regulation Comments
Chief Counsel's Office
Office of Thrift Supervision
1700 G Street, NW
Washington, DC 20552

National Credit Union Administration
1775 Duke Street
Alexandria, VA 22314-3428

Office of Information and Regulatory Affairs
Office of Management and Budget
Paperwork Reduction Project (1506)
Washington, DC 20503

Last Updated 09/05/2002 regs@fdic.gov

Skip Footer back to content