Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank



Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations




FDIC Federal Register Citations


August 20, 2002

Executive Secretary
Attention: Comments/OES
Federal Deposit Insurance Corporation
550 17th Street, N. W.
Washington, DC 20429

RE: Joint Notice of Proposed Rulemaking 12 CFR Part 326

Dear Sirs:
I am writing to you on behalf of Florence Savings Bank, an FDIC-insured state nonmember bank located in Florence, Massachusetts, with assets of approximately $638 million as of July 31, 2002, for the purpose of commenting on the Joint Notice of Proposed Rulemaking, also referred to as 12 CFR Part 326, relating to Customer Identification Programs for Banks.

In commenting on the proposed rule, we recognize that the USA Patriot Act mandates the primary elements of the rule. We also recognize and appreciate the efforts of the Agencies to propose rules that provide a degree of flexibility by permitting banks to establish "risk based" procedures in the design of their Customer Identification Programs. Banks have traditionally practiced much of what is contained in the proposed rule. However, the following elements of the proposal continue to be of concern to us.

1. Recordkeeping

§ 103.121(b)(3)(i)(B) of the proposed rule requires that the bank keep a copy of any document relied on when verifying identity through documents. Banks traditionally have not retained copies of documents identifying customers for a variety of reasons, including regulatory concerns that the practice may be considered a basis for discrimination. Traditionally banks have made notations in their records of the source, type and number of the identifying document. However, to require banks to establish new workflows and additional recordkeeping systems would be significantly burdensome and costly.
Additionally, customers are accustomed to showing their identification when opening new accounts, but are likely to become concerned and untrusting when their identifying documents are copied and retained without their consent. In recent years, customers have grown particularly sensitive and protective of the use and treatment of their tax ID numbers, particularly in light of the increase in identity theft.
In short, we believe this requirement goes a step too far, and that appropriate notations of the identifying document on the bank's primary account records adequately serves the purpose intended, without significantly increasing costs or paperwork. It also honors the concerns customers may have regarding a business retaining copies of their identifying records.

2. Minimum Identifying Information and Joint Accounts

§ 103.121(b)(2) of the proposed rule requires procedures for verifying the identity of each customer, to the extent reasonable and practicable, and further requires banks to obtain minimum specific identifying information for each customer prior to opening an account. Frequently, a customer will come to the bank alone to open a joint deposit account. Often times the customer who is present does not have the absent joint owner's tax ID number, and is simply adding the joint owner's name in the event of the primary owner's death. Experience has shown that full identification of the primary owner of the account mitigates risks relating to identifying and obtaining the tax ID number for the absent joint owner of the account. Would the Agencies consider "risk based" procedures relating to the minimum identifying information obtained prior to opening an account?

3. Existing Customers

§ 103.121(b)(2)(ii) states that "A bank need not verify the information about an existing customer seeking to open a new account or who becomes a signatory on an account, if the bank previously verified the customer's identity in accordance with procedures consistent with this section, and continues to have a reasonable belief that it knows the true identity of the customer". The Agencies indicate that "The proposal requires a bank to exercise reasonable efforts to ascertain the identity of each customer". Is it the Agencies' expectation that banks go back and review existing bank records to assure consistency, or do the Agencies expect banks to comply with the rule on a prospective basis? The term "procedures consistent with this section" may be subject to interpretation. For example, if the bank did not obtain a copy of a document used to identify a customer who has an existing account, but the bank did indicate the identifying document verified when opening the account, would this be considered "consistent" with the procedures required in this section?

4. Definition of "Account"

The term "account" means a formal banking or business relationship established to provide ongoing services, dealings, or other financial transactions. Examples provided include loan and deposit accounts. Examples excluded are an occasional purchase of a money order or a wire transfer. Would the term include transactions in connection with the lease of a safe deposit box? Would it include the act of employing bank personnel? Also, please explain the rule as it relates to securities and/or insurance sales activities conducted on bank premises by a joint employee.

5. Exemptions

We encourage the Agencies to incorporate the addition of exemptions contained in § 103.34(a)(3), which would exempt certain accounts, such as student school savings accounts, from the bank's Customer Identification Program, as many of the identification and verification procedures customarily used by banks are not applicable to these customers.

6. Lack of Verification

§ 103.121(b)(2)(iii) indicates that procedures are required for the bank to respond to circumstances when it cannot form a reasonable belief that it knows the true identity of a customer, including when an account should not be opened, conditions under which a customer may conduct transactions while a customer's identity is being verified, at what point an account should be closed after failed attempts to identify a customer, and determining whether a SAR should be filed. Is there any expectation on the part of the Agencies that banks keep records of customers' requests to open an account in instances where the bank has determined that an account should not be opened?

7. Comparison With Government Lists

§103.121(b)(3) requires the bank to have "reasonable procedures" for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations provided to the bank by any federal government agency. Some banks may currently rely upon agreements with consumer reporting agencies to provide this comparison upon the bank's inquiry or request for a consumer report. The bank is subsequently notified only if there is a match. Do the Agencies have expectations as to the timing of the comparison, and the proof of comparison regardless of whether there is a match, or are these matters discretionary? Additionally, it would be of value if the Agencies defined more clearly the term "any list" of
known or suspected terrorist organizations. This would help to ensure that banks have designed their
compliance programs to take into consideration all lists they are expected to review, and help to minimize confusion and ensure information does not fall through the cracks.

8. Customer Notice

We would suggest the Agencies provide "model language" that would meet signage and/or notice
requirements so banks explain the requirements consistently, as we feel consistency is important to customers.

9. Effective Date of Final Rules

The Agencies have indicated that the final rule is effective by October 25, 2002.
Certain provisions of the proposed rule, such as the recordkeeping requirements noted above, requirements to obtain alternative mailing addresses, etc. may require banks to
redesign forms, computer systems and workflow procedures. Banks will need
sufficient time to fine tune policies, procedures, records and recordkeeping systems.
We hope the Agencies would consider the impact on banks and allocate sufficient
time to prepare for compliance with the final rules. We would estimate a reasonable time
period would be six months from the date the final rules are adopted.

Thank you for the opportunity to comment on the proposed rule pertaining to Customer Identification Programs for Banks.

Sincerely,
Margaret M. Murray
Vice President
Florence Savings Bank
Florence, MA

 

Last Updated 08/26/2002 regs@fdic.gov

Skip Footer back to content