Federal Deposit
Insurance Corporation

Attn: USA PATRIOT Act Section 326 Comments

We are a $400 million bank with 7 offices. Our business focus includes retail, commercial, trust, credit card & loans servicing over 39,000 accounts with our customers. We appreciate this opportunity to comment on the proposed regulation implementing Section 326 of the USA PATRIOT Act, "Customer Identification Programs for Banks and Savings Associations."

You ask for comment as to whether the proposed definition of "account" is appropriate. The current proposal defines "account" based on its statutory definition used in section 311 of the Act, "a formal banking or business relationship established to provide regular services dealings and other financial transactions; and includes a demand deposit, savings deposit or other transaction or asset account and a credit account or other extension of credit." It's unclear in the definition provided whether "account" would include ongoing relationships such as safe deposit or safekeeping services. The definition of "asset account" is also unclear. Does "asset account" include insurance or investment services, lock-box or cash management services, or trust services offered through the bank's trust department? Please provide additional guidance on the definition of "asset account." In addition, while the proposal is clear that "account" is not intended to cover infrequent transactions such as the occasional purchase of a money order or wire transfer, is it expected that a "relationship" is established if the same person repeatedly uses those otherwise "occasional" services? For example, would a person who repeatedly and regularly purchases money orders be considered to have an "account" since the bank is regularly providing financial services and/or transactions for that person? We request more guidance and clarification of the definition of account and suggest that the regulation expressly exempts certain types of accounts or transactions where it will not be expected to document and verify identification of persons using those accounts or transactions.

We would also request additional clarification of the term "customer." The current definition at Section 103.121(a)(3) provides that any person seeking to open an account or be added as a signor to an account at a bank, on or after the effective date of the final rule, will be a "customer" regardless of whether that person already has an account at the bank. The regulation does provide that a bank need not verify the identity of an existing customer seeking to open a new account or be added as a signor to an additional account, if the bank previously verified the customer's identity in accordance with their procedures and has reasonable belief to know the true identity of the customer. What is not clear is if an additional signor, who is not known to the bank, is added to an existing account that was in place prior this legislation and not subject the bank's CIP, does the bank at that time need to verify the identity of all the signors on the account or just the new signor? Another issue with Non-Profit accounts, ie; church accounts, when signors change very frequently. Will we be required to obtain and maintain verifying information on all signors throughout the life of the account and five years after closing? What about children and/or minors that do not have a government issued picture identification? How will we be expected to verify their identity?

Section 103.121 requires verification of identification through documents or non-documentary methods. Our current account opening procedures require individuals to provide government-issued photo identification, such as a state drivers license, state identification card, state or federal employee identification cards or U.S. passports. While we review the identification provided and record the information as part of account opening procedures, we do not routinely retain photocopies of such identification. Our current account opening procedures require evidence of legal status for commercial entities, such as copies of corporate resolutions, company authorizations or certificates of existence as issued by the Secretary of State. (However, we do not require individual identification of officers or authorized signers who are designated to conduct business on behalf of the commercial entity). (While we may review and record identification of officers or authorized signers designated to conduct business on behalf of the commercial entities, we do not retain copies of such identification). The additional requirement to obtain identification and retain records of such identification on signatories for commercial and other non-personal accounts will add substantial time to account opening, as well as substantial costs to retain such records. We feel that the bank's responsibility is to verify the existence of the commercial entity. If the entity is registered to do business in our state, in addition to collecting the corporate resolution etc. , we also verify their existence on the Secretary of State's website. If the entity is registered in a different state, we should be referred where to go to get that information in the same fashion. It should be the responsibility of the commercial entity to verify the identity of it's officers and/or signors. They should in turn provide documentation to the bank that they have done so. If banks are required to collect this information and it is not available as in the case of a commercial account in which there can be multiple signors, it is bad business to turn these types of accounts away for these types of technicalities. The current proposed rules will add several minutes per account to obtain and retain identification for non-personal accounts; and additional space, equipment, etc., that may be required to adequately store the new records (whether in original paper copy format or imaged, filmed or other electronic retrieval system). We anticipate resistance from signatories on commercial and other non-personal accounts when requiring, copying and verifying identification for each.

Of particular concern is how to appropriately document and retain copies of identification received on dealer or broker transactions, where a third-party acts as intermediary between the bank and its customer, as for dealer-paper transactions or brokered loans. While the proposed regulation allows flexibility in bank procedures to obtain non-documentary verification of identification when accounts are not opened in face-to-face transactions, we suggest that includes the ability of the bank to contract with a third-party, such as a broker or dealer, to obtain, record, and verify such identification in order that the bank need not spend time or other resources to duplicate non-documentary identification already obtained.

Among the minimum identification requirements set out in the proposed regulation is to obtain a permanent residence address for individuals. It appears the intent of the regulation is to avoid usage of a Post Office box or other mailing address as the only identifying address of the customer. However, there are situations when customers do not have a permanent residential address, for example, retirees who have sold their residential property and now live in a motor home, traveling the country. As a general rule, these customers have only a PO box for an address, and it is rare that any other address is available. We suggest that exceptions be allowed for such situations, allowing only for mailing address as an identifier or allow the use of an additional means to locate the customer, i.e. next of kin, contact persons, etc.

Another minimum identification requirement is to verify individuals through the use of a government-issued photo identification. While the regulation allows for non-documentary verification when the bank is unable to rely on documents to verify identification, most non-documentary verification methods point to outside sources, such as a credit reporting agency, a reference from another financial institutions or public databases. As a small community bank, we know many of our customers personally, having lived and worked in the same community with them. Our employees attend church with our customers, send their children to the same schools, participate in community activities together, and shop at the same stores. We recommend the regulation allow for bank employees to provide a comment to the customer's file or an "Affidavit of Identity," attested to by a bank officer or employee, to serve as non-documentary verification of identification, particularly for customers who are personally and professionally known to us and pose literally no risk to the bank or nation in regard to money-laundering and terrorism funding.

The proposal set out the requirement that identification may be obtained, documented and verified only after disclosure to the customers. We urge the Agencies to adopt a model lobby disclosure for use in all institutions to provide consistency among all financial institutions and reduce confusion by customers over varying forms and language contained in notices. Although we do not agree that any disclosure should be required, we support the use of a lobby notice as the sole means for providing disclosure to customers. To do otherwise, for example written or oral notice prior to account opening, would just add to the time and expense of establishing new accounts.

We believe the Agencies have grossly underestimated the time and costs of the additional recordkeeping and disclosure burden the regulation will impose. For documentation purposes alone, we estimate an additional 15-30 minutes for each new account to copy and verify the identification documents provided. Based on our average number of new accounts annually, total additional hours for disclosure, documentation and recordkeeping will be costly. In addition, we will need to purchase new equipment for scanning, imaging, filming and storing all the newly required records. Our estimated training costs are as high as $100 based on an average of one additional training hour per employee.

The proposed regulation establishes unrealistic time frames within which financial institutions will be able to comply with the requirement to develop and implement a "Customer Identification Program" (CIP). Under the proposal, which is open for comment until September 6, 2002, the regulation is to become effective October 25, 2002. It is unreasonable to believe that banks will be able to implement a formal CIP in such short order, considering the final rule will not be issued until after the September 6 date. Given the requirement that the CIP be board-approved, the CIP would need to be added to the board agenda for approval. We will also need at least 90 days for developing, writing, implementing and approving the bank's CIP. Due to these time constraints, we urge a delayed mandatory compliance date, no earlier than April 25, 2003.

Thank you for the opportunity to comment on this important proposed regulation. We appreciate your consideration of our comments and suggestions. If you have questions related to this letter, you may contact