Federal Deposit
Insurance Corporation

Re: Proposed Rule on Customer Identification Programs for Banks, Savings Associations and Credit Unions

Ladies and Gentlemen:

The York Clearing House Association L. L. C. (the "Clearing House"), ¹ joined by the Bankers' Association for Finance and Trade, ² appreciates the opportunity to comment on the joint notice of proposed rulemaking issued by the Department of the Treasury,  the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Office of Thrift Supervision and the National Credit Union Administration (collectively, the "Agencies") to implement Section 326 of the USA PATRIOT ACT (the "Act") ³ for banks, savings associations and credit unions (the "Bank Rule"). 67 Fed. Reg. 48,290 (July 23, 2002). Simultaneously with the Bank Rule, the relevant federal functional regulators also issued for public comment proposed rules to implement Section 326 of the Act for (i) certain banks that do not have federal functional regulators (67 Fed. Reg. at 48, 299); (ii) broker dealers (67 Fed. Reg. at 48,306); (iii) mutual funds (67 Fed. Reg. at 48,318); and (iv) futures commission merchants and introducing brokers (67 Fed. Reg. at 48,328) (collectively with the Bank Rule, the "Proposed Rules").

The Clearing House is committed to assisting the Government's efforts to detect and prevent money laundering and the financing of terrorism. We strongly agree with the fundamental principle of the Bank Rule that an effective customer identification program (a "CIP") is an essential element of a bank's overall due diligence program and will assist the Government in its efforts. We also agree with the Agencies' risk-based approach in the Bank Rule that provides for a CIP in each case that is appropriate given the bank's size, location and type of business. 67 Fed. Reg. at 48,292.

The Clearing House believes, however, that this risk-based approach should encompass not only the type of bank and its business, but also the type of customer and account, in order to be most feasible and effective and to most enhance the ability of financial institutions to combat money laundering and terrorist financing.⁴ We also believe that the risk-based approach should recognize the ability of a bank to rely, in appropriate circumstances, upon its customers rather than being required to identify and verify the identity of its customers' customers or employees or family members. We are also concerned that certain aspects of the customer identification and verification requirements would promote reliance on mechanical compliance that would not enhance the quality of our member banks' customer identification procedures or significantly reduce any actual risk of money laundering. We address many of our comments to those aspects of the Proposed Rules.

Our comments on the Bank Rule will focus on the following nine issues of primary significance: (i) focus on the bank's accountholder in the specific context of signatories and intermediaries; (ii) uniformity among the Proposed Rules; (iii) foreign branches; (iv) timing of implementation of the Proposed Rules; (v) identification verification procedures for existing customers; (vi) record retention; (vii) verification of the existence of corporations and trusts through documents; (viii) publication of an inventory of government lists; and (ix) the requirement to obtain two customer addresses.

I. Focus on the Accountholder

As the Clearing House has stressed in prior comment letters on rules proposed under the Act, a fundamental element of a risk-based approach is reliance, in appropriate circumstances, on the bank's own customer, i. e., the accountholder. We believe it is equally important in the context of the Bank Rule for banks to be able to rely on their customers to identify and verify the identity of other persons, such as employees, who may have the ability to access the account. Under a risk-based approach, a bank would be responsible for evaluating when such reliance on its customer would be reasonable and appropriate. We urge, therefore, that the Bank Rule be amended to adopt this risk-based approach in two key areas: (i) the inclusion of signatories in the definition of customer; and (ii) the treatment of intermediaries. 

   A. The Inclusion of Signatories on Accounts

Under the Bank Rule, the definition of "customer" includes the individual or legal entity opening the account and any "signatory" on the account. By way of example, it refers to an individual with signing authority over a corporate account. 67 Fed. Reg. at 48,292. The Bank Rule does not define the term "signatory", which leads to the potential for the rule's CIP requirement to have an extraordinarily broad scope. For corporate accounts, including correspondent accounts of other financial institutions and accounts of government agencies or municipalities, it could include large numbers of administrative personnel with signing authority on the account. For credit or charge card accounts it could include any authorized user on the account. In the case of corporate credit or charge cards, this could include every employee to whom a corporate card is issued.

The Clearing House respectfully submits that the blanket inclusion of all signatories in the definition of "customer" is inappropriate and unnecessary for an effective anti-money laundering program. We believe that the definition of "customer" for purposes of customer identification and verification should be limited to the individual or entity opening the account, unless under a risk-based approach a bank determines that the CIP should be applied to other persons. For example, it may be appropriate under a bank's risk-based approach for a bank to apply its CIP to persons controlling a private banking account or controlling persons of a closely held corporation.

It is not current industry practice for banks to perform customer identification and verification procedures on signatories of corporations or authorized users on credit or charge cards. ⁵ Although bank systems may include names of signatories and authorized users on an account, they do not generally include fields for all other required customer identification information, such as street and mailing address, date of birth and social security number. The benefit to be gained by collecting this information does not, in our view, justify the cost and burden associated with the systems modifications required to include the information. Obtaining such information for all signatories would not appreciably reduce the actual risk of money laundering and in many cases would simply not be feasible.

In the case of accounts of financial institutions, other corporations, and government agencies or municipalities, there may be hundreds of persons with signing authority on the accounts. Those persons will change on a frequent basis as new employees are hired, terminated, promoted or resign. We respectfully submit that in the case of signatories on such accounts, the accountholder is in the best position to verify the identity of its employees. In addition, corporations, municipalities and agencies have a strong incentive to know and maintain control of the persons to whom they grant signing authority and, in many cases, employers are obligated by law to verify identity and employment eligibility and/ or citizenship information for all new employees. See, e. g., 8 U. S. C. § 1324a. This same reasoning applies to verification of the identity of authorized users on corporate credit and charge cards. In the case of corporate cards, the authorized users could include virtually hundreds or even thousands of employees of the corporation.

Authorized users on personal credit or charge cards may include a spouse or a dependent as a convenience to the cardholder. We respectfully submit that performing customer identification and verification on such persons would serve no substantive purpose. As a practical matter, in an automated marketplace, a credit card holder can allow any person to utilize his or her credit card by sharing relevant data with that person, whether or not such person is nominally an authorized signatory. Therefore, the focus on authorized users would not capture all potential users of a customer's card. A more useful way to address the perceived risk of money laundering through credit cards is through monitoring and investigation of card usage. Our member banks have extensive transaction monitoring systems in place for credit cards.

It should also be noted that in bank or corporate initiated wire transfers or automated clearing house transactions, the identities of signatories are often not relevant because most of these transactions are effected by authenticated computer messages and are not dependent on the identities of signatories. Often, for security reasons, the functions of entering and releasing funds transfer information are separated, i. e., one set of persons is authorized to enter data and another set of persons is authorized to release data electronically to the bank. Also, the identities of employees who are authorized to enter and/ or release payment orders change frequently without notice of such change to the bank.

B. Intermediated Accounts

As stated in the joint comment letter submitted by the Clearing House and ten other industry groups on the proposed rules implementing Section 312 of the Act (the "Joint Comment"), we believe that a key element of an effective risk-based anti-money laundering program is the ability of a financial institution to rely in appropriate circumstances on intermediaries.

The preamble to the Proposed Rule for futures commission merchants and introducing brokers (the "FCM Rule") specifically recognizes that principle with respect to intermediated accounts, such as omnibus accounts, accounts for commodity pools and other collective investment vehicles. Because a futures commission merchant or introducing broker may have little or no information about the identities and transaction activities of the underlying participants or beneficiaries of such accounts, the preamble to the FCM Rule provides that under the risk-based approach, in most cases, "it is expected that the focus of each futures commission merchant's and introducing broker's CIP will be the intermediary itself, and not the underlying participants or beneficiaries". 67 Fed. Reg. at 48,331. The focus of the CIP in those cases is on the risks associated with the intermediary, based on an evaluation of relevant factors, including:

the type of intermediary; its location; the statutory and regulatory regime that applies to a foreign intermediary (e. g., whether the jurisdiction complies with the European Union anti-money laundering directives or has been identified as non-cooperative by the Financial Action Task Force); the futures commission merchant's or introducing broker's historical experience with the intermediary; references from other financial institutions regarding the intermediary; and whether the intermediary is itself a [Bank Secrecy Act] financial institution required to have an anti-money laundering program. Id.

This approach is also recognized to a limited extent in the Proposed Rule for mutual funds (the "Mutual Fund Rule"). The preamble to the Mutual Fund Rule specifically states that "[ a] mutual fund's CIP does not have to include verification of individuals' identities whose transactions are conducted through an omnibus account". 67 Fed. Reg. at 48,321. The preamble recognizes that typically the mutual fund would have little or no identifying information about the individual customers represented in an omnibus account. Id. That information would typically be collected by the broker-dealer opening the account. In those situations, the Mutual Fund Rule specifically permits mutual funds to treat the broker-dealer as its customer for purposes of its CIP.

We agree fully with the approach described in the preamble to the FCM Rule, and we believe it should be applied to each of the Proposed Rules. The same reasons for utilizing this approach in the FCM Rule applies to depository and other financial institutions. Assuming that a financial institution has conducted appropriate due diligence on the intermediary, and has determined that the intermediary has satisfied relevant criteria, such as the factors described in the FCM Rule, we believe it would be unfruitful and unnecessary to attempt to replicate the customer identification process that has already been conducted by the intermediary on its own customer base. In addition, in many cases, such customer identification would, as a practical matter, be ineffective or even impossible.

II. Uniformity Among the Proposed Rules

The preamble to the Bank Rule states that "all of the participating agencies intend the effect of the [Proposed Rules] to be uniform throughout the financial services industry". 67 Fed. Reg. at 48,291. The Clearing House strongly endorses this objective. We are concerned, however, that in some significant respects, the Agencies' objective of uniformity is not achieved. In particular, our concern extends to (i) reliance on affiliates or service providers; (ii) the definition of "customer"; (iii) the definition of "account"; and (iv) the scope of the verification requirement.

A. Reliance on Affiliates or Service Providers 

The Mutual Fund Rule explicitly permits a mutual fund to delegate contractually the implementation and operation of its CIP to another affiliated or unaffiliated service provider, such as a transfer agent. 67 Fed. Reg. at 48,321. This delegation authority is also recognized in the FCM Rule and the Proposed Rule for broker-dealers (the "Broker-Dealer Rule") by allowing those institutions to realize efficiencies by dividing up the CIP requirements with regard to shared accounts. 67 Fed. Reg. at 48,308 (Broker-Dealer Rule); 67 Fed. Reg. at 48,332 (FCM Rule). In each case, however, the financial institution would have appropriate responsibility for compliance with the requirements in the Proposed Rule with respect to the institution's customers. Accordingly, the financial institution would be obligated to assess whether the other firm can be relied upon to fulfill its customer identification responsibilities, and must cease such reliance if it is no longer justified.

The FCM Rule is instructive in this regard. The preamble suggests that, in cases involving shared responsibility between executing and clearing futures commission merchants, an executing futures commission merchant could obtain from the clearing futures commission merchant "either as part of a give-up agreement or on a transaction-by-transaction basis, a certification that the latter has performed the required customer identification or verification functions." 67 Fed. Reg. at 48,332, fn. 10. This approach is a practical one and is consistent with developing industry practice. As noted in the Joint Comment, the Clearing House would be willing to work with other industry groups to develop a standard attestation that could serve this purpose. ⁶

V. Identity Verification Procedures for Existing Customers

According to the Bank Rule, a bank need not verify the identifying information of an existing customer seeking to open a new account, or who becomes a signatory on an account, if the bank (i) previously verified the customer's identity in accordance with procedures consistent with the Bank Rule; and (ii) continues to have a reasonable belief that it knows the true identity of the customer. 67 Fed. Reg. at 48,299. As written, this exception would virtually never be applicable because banks have not been following all the particulars of the Bank Rule.

We believe that banks should be permitted to take a risk-based approach to customer identification and verification for existing customers. Banks have sophisticated systems and controls in place that enable them to monitor on a risk-focused basis the account activity of their existing customers. Where such monitoring indicates that additional steps should be taken to verify an existing customer's identity, banks will perform their customer identification and verification procedures. Absent such concerns, a bank should only be required to perform its identification and verification procedures on a prospective basis with regard to new customers with whom it has no prior history.

VI. Record Retention

The Bank Rule requires banks to maintain records of the resolution of any discrepancy in the identifying information obtained from the customer. 67 Fed. Reg. at 48,299. The Clearing House believes that such a requirement would be burdensome and unnecessary. Once a bank has conducted the necessary identity verification according to its CIP and accepted a customer, a record of the documentation used to verify a customer's identity, or a record of the non-documentary verification method used to verify the customer's identity, as applicable, should be sufficient proof of the successful resolution of any discrepancy that may have existed at the time of account opening. If the Agencies require the retention of discrepancy information, we believe that only information relating to material discrepancies should be retained. For example, typographical errors or minor mistakes, such as a missing number from a phone number, should not have to be recorded. This would be consistent with the risk-based approach of the Bank Rule.

The Bank Rule also provides that a bank is required to maintain a copy of any document that was relied upon for verification of a customer's identity that clearly evidences the type of document and any identification number it contains. 67 Fed. Reg. at 48,299. Therefore, if a bank relies on government-issued identification bearing a photograph to verify a customer's identity, the bank may be required to maintain a copy of such photo identification. As most of our member banks store information electronically, a requirement to maintain a copy of photo identification, which is not as readily transferable to electronic format as other information, is very burdensome and may raise privacy issues and create an undue risk of liability for the banks. The Clearing House urges the Agencies to consider allowing banks the flexibility to make a determination, based on their own risk-assessment, whether to retain copies of photo identification.

The Clearing House believes that the compliance burden of a requirement to retain a copy of photo identification outweighs any potential benefit. Photo identification is most useful when an individual presents such photo identification at account opening and the bank officer is able to physically compare it to the likeness of the person opening the account in order to verify such person's identity. If the bank officer records all of the relevant information from the customer's photo identification, such record would constitute a reliable indicator from an audit standpoint that the customer had in fact produced a government-issued identification bearing a photograph and that the customer's identity had in fact been verified.

VII. Verification of the Existence of Corporations and Trusts through Documents

The Bank Rule requires a bank's CIP to contain procedures describing when the bank will verify a customer's identity through documents and setting forth the documents that the bank will use for this purpose. 67 Fed. Reg. at 48,299. For corporations, partnerships, trusts and other persons that are not individuals, "these may include documents showing the existence of the entity, such as registered articles of incorporation, a government-issued business license, partnership agreement, or trust agreement". Id.

The meaning of "registered articles of incorporation" in this context is unclear. The Clearing House respectfully requests that the Agencies clarify this reference to allow banks, in appropriate circumstances and based on their own risk-assessment, to obtain articles of incorporation certified by an appropriate officer of the corporation or a good standing certificate or certified copy of the articles of incorporation from a corporation's chartering jurisdiction. In the case of non-public companies, banks may also determine, on a risk-focused basis, to rely on a third party information source, such as the directories published by the International Organization of Securities Commissions.

The Clearing House banks also believe that a trust instrument may not be the document that most effectively demonstrates the continued existence of a trust. Many banks do not obtain copies of trust instruments, particularly when they are not expected to comply with the requirements of the trust (because of the limited nature of the services they are performing). Also, in many instances, settlors and beneficiaries of trusts prefer not to disclose all of the provisions of a trust. We recommend that the Agencies consider allowing banks to rely on a certification by the trustee, or an appropriate legal opinion, rather than a copy of the trust instrument, to verify the existence of the trust. We note that the legislatures in certain States, such as California, have enacted statutory provisions providing that third parties may rely upon a certification by the trustee as to the trust's existence and general powers.

VIII. Publication of Inventory of Government Lists

The Bank Rule requires that a bank's CIP include procedures for determining whether a customer appears on any list of known or suspected terrorists or terrorist organizations provided to the bank by any federal agency. 67 Fed. Reg. at 48,299. The Clearing House respectfully urges the Agencies to clarify which Government lists, in addition to the Control List and the List of Specially Designated Nationals and Blocked Persons maintained by the U. S. Office of Foreign Assets Control, banks are expected to utilize for this purpose. Publication of an inventory of such lists in one central location, such as one of the Agencies' websites, would be very useful and reduce confusion.

IX. Requirement to Obtain Two Customer Addresses

The Proposed Rules would require financial institutions to obtain a residence street address for individuals and a principal place of business address for entities, and a mailing address for each, if different. Currently, banks generally only obtain one address, which may be one of the above. The proposed requirement to obtain two addresses in the event the mailing address differs from the residence or business address may require substantial procedural and systems changes because many application forms and systems do not provide fields for two addresses. Rather than requiring two addresses in those cases, the Clearing House urges the Agencies to include in the final rule a requirement that the customer provide a street address. For individuals, the address could be their residence or business street address; for entities, the street address could be for the principal place of business, local office or other physical location.

                                                      * * *

The Clearing House appreciates the opportunity to comment on the Bank Rule, and would be pleased to discuss any of the points made in this letter in more detail. Should you have any questions, please contact Norman Nelson, General Counsel of the Clearing House, at (212) 612-9205.

_______________________________________

¹ The member banks of the Clearing House are: Bank of America, National Association; The Bank of New York; Bank One, National Association; Citibank, N. A.; Deutsche Bank Trust Company Americas; Fleet National Bank; HSBC Bank USA; JPMorgan Chase Bank; LaSalle Bank National Association; Wachovia Bank, National Association and Wells Fargo Bank, National Association. Members of the Clearing House's affiliate, The Clearing House Interbank Payments Company L. L. C., that participated in the preparation of this letter and support its views are American Express Bank Ltd. and UBS AG, U. S. branches.

² The Bankers' Association for Finance and Trade has, since 1921, been the spokesperson for the international interests of the U. S. commercial banking industry.

³ Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001 (Pub. L. No. 107-56).

⁴ If it is intended that the reference to "type of business" encompass types of customers and accounts, that should be made explicit in the Bank Rule.