Federal Deposit
Insurance Corporation

FinCEN
Section 326 Bank Rule Comments
P. O. Box 39
Vienna, Virginia 22183

Subject: Customer Identification Programs for Banks, Savings Associations, and Credit Unions (67 Federal Register 48290 7/23/02)

Dear Sir/Madam:

The Massachusetts Bankers Association, which represents more than 230 commercial, savings, co-operative banks and savings and loan associations with over $400 billion in assets, appreciates the opportunity to comment on the above referenced joint notice of proposed rulemaking. The proposed rule seeks to implement section 326 of the USA PATRIOT Act, which mandates the promulgation of regulations that set forth minimum standards for financial institutions to verify the identity of any person who applies to open an account.

Section 326 of the Act requires the creation of reasonable procedures to (1) verify the identity of any person seeking to open an account, to the extent reasonable and practical; (2) maintain records of the information used to verify the person's identity, including name, address, and other identifying information used to verify the person's identity; and determine whether the person appears on any list of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency.

The Association appreciates the Agencies' challenge of drafting regulations that achieve the objectives of the USA PATRIOT Act without overly burdening the financial institutions which must comply with the rules. The Association believes that the risk-based approach is a positive aspect of the Proposal and is appropriate given the wide diversity of size, geographical locations and markets served by financial institutions.

When Congress enacted the Act, it was envisioned that financial institutions would employ "reasonable and practical" methods to verify the identity of bank customers. For the majority of new accounts, the identification and verification procedures do not present a problem. Our objections relate to aspects of the proposed requirements that either create significant cost and operational burdens for financial institutions or do not meet the "reasonable and practical" test. Our comments regarding the proposed rules are as follows:

General Comments

While we appreciate the flexibility permitted by the proposed regulations, our members have numerous questions about how the rules would apply in certain instances where accounts are not opened on bank premises such as on-line banking, third party marketing of credit cards, or other situations not involving face-to-face contact with customers. In addition, many institutions rely primarily on government-issued photo identification and have concerns about how individual examiners will view an institution's customer identification program regarding non-documented forms of identification for customers, especially those for non-citizens without traditional forms of identification. We strongly urge the Agencies to develop clear guidance that addresses these issues and the due diligence required to ensure the accuracy of the documents or information presented at account opening. Without such guidance, many institutions may deny accounts to persons without a valid form of identification issued by a government agency.

Institutions are particularly challenged by the October 26, 2002 effective date of the final regulations. There are many operational and procedural issues that need to be addressed, system changes and staff training required by institutions to comply with the rules. We ask that the effective date be deferred, at minimum by 180 days.

Definitions

As defined by Section 103.121(a) (1) of the proposal, an "account" is a formal banking or business relationship established to provide ongoing services, dealings or other financial transactions. The proposal states that the definition does not apply to one-time transactions such as the occasional purchase of money orders or a wire transfer. In the final rules, we request that the Agencies provide additional examples and guidance on whether the definition would apply to periodic check cashing for non-customers.

The proposal defines "customer" as any person seeking to open a new account, a signatory on the account at the time the account is opened, and any new signatory added thereafter. The definition would cover existing customers seeking to open a new account at a financial institution.

Customer Identification Requirements

Under the proposal, the identification and verification requirements would apply not only to persons (individuals, corporations, trusts etc.) seeking to open an account but signatories to an account as well. Coverage of signatories in some instances will be extremely problematic since many business accounts have multiple signatories in multiple locations throughout the country. Only individuals who will be conducting transactions at the bank should be covered.

Likewise, the application of the rule for joint accounts will be challenging for individuals not present at the time the account is opened. In some instances, institutions may not be able to verify the identity of the signatories for an extended period of time because their reluctance to submit personal information via mail or facsimile.

The final rule should allow institutions more flexibility with existing customers, particularly when the institution has a reasonable belief that the identity of the customer is known. Community banks that have a strong knowledge of its customers and community often are certain of the identity of some of their existing customers. These financial institutions are concerned about the possible backlash from long time customers who now will be required to provide proof of their identity when they wish to open a new account at the same institution. The rules should provide a limited exception for senior officers to approve new accounts when they are reasonably sure of the identity of an existing customer and are confident that the customer represents an extremely low risk based on their prior experience with the customer.

The proposed rule provides that at minimum, a bank must obtain from each customer the following information prior to opening an account or adding a signatory to an account: name, address; for individuals, date of birth; and an identification number. The Proposal provides a limited exception for new businesses that may need access to banking services, pending assignment of an employer identification number (E.I.N.) from the Internal Revenue Service. The same may hold true for individuals that have applied for but not received a taxpayer identification number (T.I.N.). Issuance of social security numbers may take up to 60 days. For this reason, the Association requests that a limited exception extend to individuals.

Application of Section 326 to Bank Fiduciary Activities

Our association also represents many banks that offer an extensive array of trust and investment services. In fact, Massachusetts banks hold 34 % of all trust assets held in banks in the United States, more trust assets under management and custody than any other state in the nation. We recognize that Section 326 and the proposed rule were developed focusing on traditional retail and commercial banking services. Fiduciary accounts, typically personal trusts, employee benefit trusts, and corporate trusts are regulated under substantially different state and federal laws and regulations. Since fiduciary accounts often involve numerous beneficiaries, many of whom do not currently receive a stream of income, a number of trust bankers have raised questions regarding just who are the "customers" whose identities must be verified. We believe that the final regulation should make it clear that only those beneficiaries who actually receive income from a fiduciary account should be deemed to be "customers".

Personal Trusts

Banks provide personal trust services in a variety of capacities, the most common being a revocable or irrevocable trust established by a grantor or settlor on behalf of one or more beneficiaries. These beneficiaries may include current beneficiaries (those receiving a stream of income), contingent beneficiaries, unborn children, and remaindermen. Trust departments may also provide fiduciary services in a testamentary capacity, such as executor of a decedent's estate, or upon appointment by a court, such as guardian of a minor child.

We fully concur with the recommendation of the American Bankers Association that for purposes of personal trust activities, the "customers" whose identities must be verified are the person or entity that created the trust, typically the settlor, and current beneficiaries. However, beneficiaries that do not currently receive a stream of income, such as contingent beneficiaries, unborn children and remaindermen, should not be deemed to be "customers" until such time as they begin receiving income. We believe that limiting the "customer" to the creator of the trust and current beneficiaries is reasonable and practicable; excluding contingent beneficiaries poses little risk of money laundering activities.

Retirement Accounts

Banks serve in various fiduciary capacities for retirement vehicles including employee benefit plans regulated under the Employee Retirement Income Security Act ("ERISA") as well as the several types of Individual Retirement Accounts. These retirement accounts are not intended to provide a stream of income to the plan participant or account owner, until the participant has retired. The Association believes that beneficiaries should not be deemed as customers.

Employee Benefit Trusts

Many of our banks serve in a number of capacities for various employee benefits plans regulated under ERISA, including as a trustee, recordkeeper or custodian for qualified employee benefit plans in which thousands of employees may participate. The ambiguous language in the proposed definition of customer raises the question of whether these plan participants would be deemed to be "customers" under the proposed rule.

We strongly believe that beneficiaries of employee benefit trusts should not be considered to be "customers." It would be extremely burdensome to verify the identities of thousands of plan participants, the vast majority of whom will not receive benefits for years. Limiting "customers" under the proposal to plan sponsors poses little risk of money laundering. As is the case with corporate bonds, plan sponsors are already subject to verification under the Bank Secrecy Act.

Individual Retirement Accounts

IRA accounts are established by individuals who would be deemed to be "customers" under the proposal. However, individuals often name beneficiaries for their IRAs. Such beneficiaries are the same as contingent beneficiaries under personal trusts and should not be considered "customers" because they are not eligible to receive any income stream until the owner dies.

Record Retention Requirements

The proposed rules require financial institutions to establish procedures for maintaining records and to maintain copies of any document that was relied upon to open an account for five years. These aspects of the proposal caused the most concern among our members, which consist of primarily small to mid-sized community banks. Although most verify the identity of individuals and record the documents used it is not customary to retain photocopies. This requirement is extraordinarily burdensome from both a cost and time perspective. Moreover, it is extremely inefficient. Documents used to verify customer identity include credit reports and corporate filings that can be lengthy and time consuming to copy. In addition, copies of driver's licenses will be of minimal benefit since new licenses are copy resistant and produce poor copies.

In order to comply, some institutions will need to install additional copiers or scanners at multiple locations to accommodate these provisions of the proposal. Also, for most institutions, retention of the documents will further tax the institution's storage facilities or system. The proposed rule would unjustifiably burden banks' resources and is not a reasonable requirement. The final rules should permit the notation of the documents used to verify the identity of a customer rather than mandate that financial institutions photocopy documentation used at the opening of an account.

The rules would apply to individuals "seeking" to open an account. Individuals who apply for bank services; i.e. a residential mortgage, home equity, or automobile loan are subsequently denied or withdraw their application would be covered by the proposed rules. The final rules should not require financial institutions to retain information on individuals or businesses that were denied or withdrew their request for bank services.

We would also add that the five-year record retention requirement is too excessive and expensive, and should be reduced to a maximum of two-years after an account is closed to correspond with other regulatory requirements.

Terrorist Identification

Financial institutions realize the important role that they play in helping to identify terrorists and eliminate money laundering. Under the Bank Secrecy Act, banks routinely rely on third party sources and OFAC lists to determine whether the names of individuals appear on the list published by the Office of Foreign Assets Control (OFAC). Our members have made two comments regarding this provision. First, it would be helpful if other government lists (i.e., FBI Control list) were automated similar to the OFAC list. Second, since the control list is supposed to be confidential within a bank or financial institution, it is impractical to suggest that a single individual screen Federal Bureau of Investigation (FBI) Control List. We would recommend that the Agencies encourage the FBI to distribute the Control List to third party vendors that perform screening for banks.