Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank



Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations




FDIC Federal Register Citations

August 29, 2002

RE: Customer Identification Program Regulation
Docket No. R-1127

Dear Sirs:

First State Bank is a community bank with assets of around $125 million.  We are located in the Texas Panhandle and currently serve three local communitites. Following are areas that I would like to see addressed:

Definitions

Account - This definition essentially tracks the statute. It would be helpful if it provided more clarification of the types of activities that can constitute an account. For example, does the term "account" also include a stored value card issued by a bank, an electronic benefit account, a mortgage loan, safe deposit box, or a trust account? It would appear each of these are banking or business relationship involving financial transactions. However, the safe deposit box relationship is a landlord/tenant one. If all of these are indeed "accounts", please consider adding them to the list of examples. Presumably, the list in the statute is not exclusive but illustrative. However, this needs to be clarified.

Customer - Because this term is defined to include any signatory, does that mean it would also include a person acting under a power of attorney or a deputy or designated signor listed for a safe deposit box? There are many situations in which a non-owner may have signing authority.

Identity Verification Procedures - Chapter 277 of the Texas Finance Code actually deals with business checking accounts in Texas and provides some interesting requirements that might also be considered. This particular bill was enacted because of complaints from merchants who received hot checks from businesses. When they attempted to collect on the check, the merchant discovered that the address on the check was a drop box rather than a real physical address. Furthermore, the name might be an assumed name rather than the legal name of the party. In response to that, a chapter was added to the Texas Finance Code requiring business checking accounts to provide the name of the business owner, the physical address of the business, the home address of the business owner, and the drivers license of the business owner or personal identification card number. For corporations, the bank must obtain a copy of the business's certificate of incorporate or a comparable document and an assumed name certificate, if any. 

Based on this experience in Texas, I would suggest that banks should obtain not only the name, but also clarify whether it is an assumed name. If it is in fact an assumed name, the bank should obtain a copy of the assumed name (or d/b/a) certificate and determine the legal name of the person or entity. Furthermore, the regulation should be clear that the address for the principal place of business should be a physical address, not just a drop box. If the principal place of business is in fact a drop box, then the bank should obtain the physical address of a principal of the company.

Verification - one of the problems that has developed in Texas is a limitation found in the Texas Motor Vehicle Code, which prohibits the use of drivers license magnetic stripe information except for "government" purposes. IBAT believes that verifying identification for purposes of the Bank Secrecy Act or preparation of suspicious activity reports is a "government purpose" since it is required by law. However, the Attorney General disagrees. Meanwhile, financial institutions are not permitted to determine whether or not a drivers license is in fact valid by comparing the information on the magnetic stripe to the information on the front of the card. This facilitates the use of forged drivers licenses in Texas and makes verification of identity difficult. We believe that the requirements of a CIP should satisfy the "government purpose" required by Texas law for use of the drivers license magnetic stripe and allow institutions to verify whether drivers licenses are indeed valid through this simple mechanism. It would be helpful if this point was addressed in the regulation or the preamble to the regulation. 

In addition, because of our long border with Mexico, there are many resident aliens from Mexico living in Texas, as well as Mexican citizens who regularly cross the border for a variety of regular business  transactions. Some banks have begun a practice of using the matricula consular card plus an additional method of identification such as a Mexican voter registration card. It would be helpful if this issue were addressed in either commentary or the regulation due to the prevalence of Mexican nationals in various communities through the United States. 

It would also be helpful if other methods of identification were discussed. For example, some entities use utility bills that are addressed to the same physical address and name of the person seeking the account as a method of verifying identity and location. Library cards are some times used as well. Either commentary or discussion of this sort of technique would be beneficial. 

Another issue of concern is which address to use for persons who are temporarily in a location. For example, some cities have large numbers of college students. Should the bank require the college student to use their local address or their "permanent address"? The same issue comes up for temporary workers such as oil field workers who are in a location working on a project of a given period of time, but then will be moving. Texas, like Florida, also has large numbers of "snow birds" who spend the winter in the South. Should the bank require both a permanent address and a temporary address? 

Finally, it would be helpful if the regulators spoke to the usefulness of using verification techniques such as checking location on the U.S. Postal Service zip code site. How much reliance can be placed on this? If it is indeed a good method of verifying a recognizable address, then it might be helpful to identify this approach either in commentary or the regulation. 

The regulation provides that a bank need not verify the information about an existing customer seeking to open a new account or who becomes a signatory on an account if the bank previously verified the customer's identity in accordance with the procedures consistent with this section, and continues to have a reasonable belief that it knows the true identity of the customer. Additional clarity would be helpful in this area as every institution has thousands of existing accounts with identities verified in accordance with the "know your customer" requirements of prior law. The requirement that the bank continue to have "reasonable belief" that it knows the "true identity" of the customer is rather subjective. Further explanation of this in the preamble or comments would be helpful. Furthermore, perhaps a better test would be that the bank has not been put on notice that the identity
is suspect would be more reasonable until these new requirements go into effect. In other words, for accounts in existence on October 26, banks should be held to a slightly different standard - a lack of affirmative notice of deficiency in the identity processes. 

Recent news articles have made clear that government documents relied on by banks are some times counterfeit. We have discussed the dilemma with Texas drivers licenses above. However, social security cards and resident alien "green cards" are equally subject to counterfeiting and fraud. Community banks simply do not have access to technology or other resources that would assist them in identifying fraudulent documents. It would be extremely helpful if the appropriate federal agencies would establish effective mechanisms whereby an institution could verify the validity of a social security number or passport or resident alien card through some reasonable process. 

The regulations go on to provide that a bank may verify through non-documentary processes including obtaining a financial statement on a customer. Clarification would be helpful as to how a financial statement itself would constitute verification of identity. Furthermore, it would be helpful if guidance were provided on the privacy implications of obtaining the financial statement. 

There was no guidance in the regulation with regard to opening accounts on the Internet. Many banks, including even small community banks, now have transactional capability over the Internet and can and do open customer accounts using the World Wide Web. Guidance would be helpful as to appropriate identification methods that would be acceptable for an Internet based account. 

While these comments may seem to request a certain degree of specificity and detail rather than generalities and flexibility, for the community bank with limited resources, specific recommendations can be extremely beneficial to assure better compliance with the regulations. 

Auditing Processes 

A good compliance program will of necessity include appropriate training and internal auditing processes. Some recommendations regarding audit methodology to be followed as part of the internal review would be beneficial. 

Bank Secrecy Act - Regulations 31 CFR 103.34 

There is a proposed repeal of this section. As general counsel for IBAT, I frequently have received phone calls from banks asking whether this exemption applies in a given case. It is an extremely common question in Texas again because there are frequently non-resident aliens who live along the border and maintain accounts in Texas banks. Clarity one way or the other would be extremely beneficial. While "foolish consistency may be the hobgoblin of little minds", reasonable consistency definitely makes life easier for a beleaguered compliance officer. 

Record keeping

The record keeping requirements make it clear that records may not be used to violate the Equal Credit Opportunity Act. It would be helpful if some additional clarification were provided in this regard. Even an observation that copying and retaining drivers license information is not per se a violation of the Equal Credit Opportunity Act unless a loan officer obtains a copy of that information in evaluating a loan would be helpful. 

Effective Date 

Under the USA PATRIOT Act, this regulation should become effective October 26, 2002. However, given the number of existing accounts that are affected by the verification process, it would be beneficial to provide a more reasonable period of time for complete implementation of the regulation, particularly with regard to existing accounts. 

Thank you for this opportunity to comment.

Sincerely,

Kayla Carpenter
Vice President

Last Updated 08/30/2002 regs@fdic.gov

Skip Footer back to content