Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Federal Register Publications

FDIC Federal Register Citations



Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations




FDIC Federal Register Citations

September 3, 2002

Executive Secretary Attention: Comments/OES
Federal Deposit Insurance Corporation
550 17th Street, N. W.
Washington, DC 20429

Re: Proposed Customer Identification Programs for Banks, Savings Associations, and Credit Unions under Section 326 of the U.S.A. Patriot Act

Dear Sir:

I am writing to you on behalf of the Eastern Massachusetts Compliance Network, an association of 88 community bank compliance professionals, including compliance officers, attorneys and compliance auditors. We appreciate the opportunity to comment on the proposed regulation implementing Section 326 of the U.S.A. Patriot Act.

In general, we are pleased that the proposal allows for some flexibility in establishing a Customer Identification Program, as the customer base and the process of identifying customers will vary from bank to bank based on each bank's geographic location, size and the nature of its business.
In analyzing the proposal, however, we have several concerns that we believe may cause difficulty in the implementation and subsequently, in regulatory examinations. We are seeking additional guidance and we offer suggestions for modifications in the final rule.

Definitions

The proposal provides for alternative I.D. verification methods for customers who are not "U.S. persons". The definition of a "U.S. person" at Sec. 103.121(a)(6) of the proposed regulation is a "U.S. citizen". This definition differs from the definition of a "U.S. person" that appears on IRS Form W-9, which is signed by the customer at account opening to certify the customer's tax identification number. The W-9 Form requires such certification of "U.S. citizens (including resident aliens)." Both definitions must be unO--t„ocl. by account opening personnel. We suggest that these definitions be made consistent to avoid the inevitable confusion the disparity will present at account opening.

Identity Verification

Under Section 103.121(b)(2) of the proposed regulation, a "...bank need not verify the identifying information of an existing customer seeking to open a new account, or who becomes a signatory on an account, if the bank (1) previously verified the customer's identity in accordance with procedures consistent with this regulation..." Because previously, banks have not been required to maintain copies of identifying documents or records of alternate means of verifying I.D., compliance with this portion of the regulation would require banks to re-verify the I.D. on existing customers who seek to open new accounts, and who, in many cases have been doing business with the bank for many years. We suggest that the verification provision not be applicable to existing customers. Alternatively, we suggest that for existing customers, banks be permitted to rely on notations on the account opening documents that evidence compliance with the bank's standard identification procedures.

We anticipate that verifying the identity of all signatories to an account will present practical obstacles as well as customer service complaints. Large companies often authorize numerous individuals as account signers, and those signers change from time to time. We suggest that the verification requirement as to mere "signers" be struck, or, alternatively, that banks be allowed to place the burden for verifying the identity of business and government entity account signers on those customers through their deposit agreements.

The proposal allows a bank to open an account for a person other than an individual that has applied for, but not yet received, an employer identification number, as long as the bank obtains a copy of the application from the customer and obtains the EIN within a reasonable time. Our experience has been that many new businesses, trusts and estate fiduciaries obtain EINs not by filing a paper application, but rather, by calling the IRS' Tele-TIN line. In that case, the IRS will provide the caller with a confirmatory letter within 30 days, but the customer will not have a copy of an application to provide to the bank. We suggest that banks be permitted to continue to accept the statement of customers other than individuals that they have applied for an EIN, as long as the bank has a system in place to monitor such accounts to ensure the receipt of the EIN within a reasonable time.

Identity Verification: Non-U.S. Persons

For non-U. S. persons, Sec 103.121(b)(2)(i) of the proposal requires the bank to obtain one or more of the following: taxpayer identification number, passport number and country of issuance, alien ident'Ication card number, or another government-issued document. But, according to Sec. 103.121(b)(2)(ii)(B), "if the bank is not familiar with the documents presented," it can use non-documentary verification methods. Banks have been given little guidance on valid foreign identity documents and valid INS-issued and
State Department-issued documents, and many, are therefore unfamiliar with the documents that may be presented. Consequently, the bank would need to rely on non-documentary methods for identifying non-citizens. However, aliens (particularly those without tax identification numbers) generally have little or no credit history or third party source history, making such non-documentary verification methods impractical. We would welcome the assistance of Treasury in providing banks with the resources to better recognize and understand the government-issued documentation a legal alien should be able to present at account opening.

Non-Documentary Verification

We are pleased that the proposal recognizes that accounts may not always be opened face-to-face with the applicant, and that it provides for identity verification through non-documentary methods. Several examples of non-documentary methods are provided in the proposal. However, we would appreciate more guidance. For example, if references from other financial institutions may be used, would the bank's own prior experience with the customer also be considered appropriate? As to a minor, would a verbal confirmation of identity by a parent or guardian suffice? These methods would be consistent with a fundamental principle of the proposed regulation - that the institution be able to form a reasonable belief that it knows the true identity of a customer.

Recordkeeping

Under Sec. 103.121(b)(2), each bank must have procedures for verifying the identity of a "customer." A "customer" is defined as anyone seeking to open a new account, including any signatory, not only those who actually do actually open a new account. The recordkeeping requirement at Sec. 102.121(b)(3) requires that records of the documents or method of identity verification be retained for "five years after the date the account is closed." This requirement presents several problems.

Most notably, the new recordkeeping requirement is extremely burdensome and presents additional risk to the bank that customers' privacy rights may be breached. As discussed previously, most banks now notate their method of identification on the signature card or other account opening documents. Only rarely is a photocopy made of the actual identity document. The proposed rule will place an enormous strain on already overburdened records management programs. Further, the same customers we are educating to avoid identity theft by controlling access to their account numbers, codes and identification documents are likely to voice concerns that their identity may be unnecessarily exposed to misappropriation as a result of the bank's new procedure.

A concern arises from the language of the recordkeeping provision. Whereas the bank is required to record the identification of each customer, the destruction date for the records of that identification is based on the closing of the account. The most practical method of compliance would have the bank retain the identification copies along with the account signature card. However, unless each customer is re-identified each time he or she opens a new account, the bank may be in violation of the regulation when it destroys the records once the initial account has been closed for more than five years. If physical records of identification must be retained, we suggest that the requirement be applicable only as to the initial account opened by each customer, and that banks be permitted to simply reference the initial verification on subsequent account opening documents.

Finally, the recordkeeping provision is unclear as to its timing. Records of customer identification must be retained "for five years after the date the account is closed." In lending parlance, a loan "closes" at the time the applicant signs the promissory note and supporting documentation and becomes a "borrower" on the books of the bank. Does the recordkeeping time clock begin to run for borrowers at the time the loan "closes" or at the time it is paid off? This provision seems to provide timing only as to deposit accounts and should be clarified as to other types of "accounts".

We find the recordkeeping requirement as to applicants who do not become customers of the bank to be unnecessarily burdensome. But if it is retained in the final rule, we would appreciate clarification as to how it should be applied for an applicant who does not become a borrower, a depositor, a securities or insurance customer when their application is rejected or withdrawn. In that case, should the five year recordkeeping time clock begin to run at the time of application or at the time the bank rejects, or the applicant withdraws the application?

Comparison With Government Lists

The proposed rule, under Sec. 103.121(b)(4), requires "procedures for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations ... by any bank agency." The proposed rule does not specify what lists the bank must consult, although we assume this includes the lists maintained by Treasury's Office of Foreign Assets Control (OFAC). We ask that the regulation specify the lists that must be consulted and make them readily available to banks and their third party screeners.

We presume that the requirement includes a screening against the FBI "Control List". Because this particular list is highly confidential, some bank service bureaus and other third party sources that provide screening for banks against the OFAC SDN List have reported that they have been unable to gain access to the Control List. Screening each new applicant to the bank against the Control List becomes unmanageable when only one person in each institution has been given access to the List, and the bank is unable to rely on its service bureau. We suggest that the Treasury Department and the bank regulatory agencies encourage the F.B.I. to authorize disbursement of the Control List to the to the major service
providers that perform OFAC screening for banks.

Customer Notice

Banks must provide notice to their customers that the bank is requesting information to verify their identity. We would appreciate model language for a lobby posting. More important, we would appreciate the assistance of Treasury and the agencies in publicizing the new requirements so that we may avoid customer resistance and possibly, a resulting loss of business.

Effective Date

The final regulation is to be effective by October 25, 2002. We recognize the legislative mandate for implementation of the regulation. But we are concerned that we will be unable to comply fully in the short period of time available between the issuance of the final rule and the effective date. The retention ofadditional documents will require banks to develop new records management processes. The development of a comprehensive CIP, and its presentation and approval by the bank's board, will require sufficient time to accomplish. We ask that the effective date of the regulation be deferred, or, at minimum, that compliance with the sections pertaining to recordkeeping and a board-approved CIP be delayed at least 180 days.

Sincerely,
Doris Waldman
Member and Past Chairperson,
Eastern Massachusetts Compliance Network
Senior Vice President,
Salem Five Cents Savings Bank

cc: Massachusetts Bankers Association
     John J. Byrne, Senior Counsel, American Bankers Association
Last Updated 09/06/2002 regs@fdic.gov

Last Updated: August 4, 2024