FDIC Federal Register Citations

Executive Secretary, Attention: Comments/ OES
Federal Deposit Insurance Corporation
550 17th Street, N.W.
Washington, DC 20429

Dear Sir or Madam:

Branch Banking and Trust Company appreciates the opportunity to comment on the notice of proposed rulemaking to implement Section 326 of the PATRIOT Act. The comments included should be considered to represent all the affiliated companies of BB&T Corporation, a financial holding company, which meet the definition of a covered financial institution.

BB&T supports the federal government's efforts to combat money laundering and related activities that help finance global terrorism and commends the Treasury Department (Treasury) and other federal regulatory agencies involved for drafting rules pursuant to section 326 of the Patriot Act that establish a reasonable framework for obtaining, verifying and retaining customer identifying information.
BB&T is concerned that the proposal lacks a clear and definitive process, that compliance with certain aspects of the Proposed Rule is not feasible, and that adoption of the rule as proposed will not provide the desired results.

Implementation Date

Final regulations implementing section 326 will be effective on or before October 25, 2002, and will apply with respect to all accounts established after this date. Based upon the proposed definitions and recordkeeping requirements, it is not reasonable to expect BB&T to be able to comply with the all of the provisions by this date.

As a large, regional financial holding company, BB&T has over 1,200 branches and various affiliates that will be affected by the rule. In order to be in compliance with the final rule, policies and procedures will have to be revised, systems will have to be modified, and personnel will have to be trained. For a financial institution the size of BB&T, this could not be accomplished in a short period of time. Since the comment period ends September 6th, the final rule is unlikely to be published until days before October 25th.
We recommend consideration be given to a twelve month phase in period to allow sufficient time for the policy and procedure revisions, system modifications, and the training to be conducted.

The Broad Definitions in the Proposal

The proposed definition of " account" and "customer" need to be further refined. As proposed, these definitions are very broad and seem to cover relationships and entities not intended by Congress.

An account is defined in the proposal as "each formal banking or business relationship established to provide ongoing services, dealings, or other financial transactions." While the preamble makes it clear that only "ongoing" services, dealings, or financial transactions are covered, the definition remains vague regarding what constitutes "formal" and "ongoing." For example, BB&T, as a courtesy to certain business customers, agrees to cash payroll checks not drawn on BB&T. Employees of the business may come in every week to cash their check but have no other relationship with BB&T. Does this constitute an ongoing service? If this constitutes an account under the proposal, then the customer's name, address, and social security number would have to be obtained, and the customer's name would have to be verified against the government lists. The requirement to maintain such records, especially in a documentary process, would soon make storage unmanageable. Further, while it is normal industry practice to obtain valid identification, it is not normal to obtain other information. We recommend the final rule more clearly describe the types of services, dealings, and financial transactions covered. Our concern is not whether we would have to identify the customer, but whether we would be required to keep records of the method used to verify the identity of a customer in informal situations such as the one described, and whether we would be required to collect a TIN or other identifying number.

Similarly, we would ask for clarification of the definition of a formal banking or business relationship. Specifically, we recommend that the rule clarify whether formal, by definition, means a formal agreement; usually one reduced to writing or its equivalent. If so, would a relationship not defined as formal automatically be excluded from the definition of account? For example, in the situation above, since there is no formal relationship between the employee who cashes the payroll check and BB&T, then there would be no account, and we would not be required to maintain records of the method used to verify the identify of the customer, or to collect the TIN.

We find that including all signatories in the definition of customer is overly broad and would create undue recordkeeping burdens. For example, many business accounts have several signatories, and these signatories could change frequently. We need practical guidance that limits how many of these signers we would be required to verify, and how long the records would have to be maintained. If, as proposed, we would be required to keep records for five years after the account closes, storage could become a real issue, especially for a business account that maintained an account for 20 or 30 years, had numerous signers, and those signers changed with any frequency.

We find that verification of all signers in a business relationship is impractical in many cases. For example, many businesses have company credit or debit cards assigned to various employees, or grant certain employees access to online banking accounts or authority to initiate wire transfers. These employees may not have signed on the company's signature card, or come to a branch to make these arrangements. We recommend that the rule clarify, in situations where a business has granted signatory authority to an employee or other person, and the bank is unaware that authority has been granted, then the bank would be under no obligation to verify the identity of such signatory.

In many business loan transactions, and certain retail loans, the bank may require one or more guarantors. We recommend the final rule address when, if ever, such guarantors should be considered signatories for purposes of section 326. We do not believe that a guarantor that had no beneficial interest in the proceeds should be subject to the identification and verification requirements.

We recommend that the final rule more clearly define those types of persons not considered customers. As written, the regulation appears to define a large number of people not historically considered as customers by banks. Accordingly, we do not have automated records for these persons. For example, card merchants, mortgage brokers, or automobile dealers may not have a deposit or credit account with us, but would have a formal banking relationship for which we provide ongoing services or financial transactions. We currently have corporate procedures to identify these businesses, but no procedures to identify each signatory, and no automated records. To be able to search our files quickly and efficiently in response to a regulatory request, these files would have to be automated.

The definition should exclude those situations in which the bank is acting as an agent for its parent holding company, such as commercial paper transactions. There is no account established, but there may be commercial customers for which ongoing financial transactions have been conducted. We believe the risk of using these transactions in money laundering or the financing of terrorist activity is minimal, and should therefore be excluded from the definition.

We recommend that the final rule differentiate between customer, signatory, and beneficiary. We believe there may be situations in which the bank could be subject to criticism for not verifying a beneficiary. We do not believe it is reasonable or practical to verify the identity of beneficiaries of an account, and therefore ask that the final rule provide a specific exclusion.

Since an existing customer seeking to open a new account after the effective date of section 326 will be subject to the identification and verification procedures, we recommend the final rule include types of transactions not considered a new account. For example, a credit line increase on an existing account may occur automatically or may occur after a limited application process. In some cases, the customer may sign a new note, but the note number in the bank's records may not change. We recommend the definition of new account be more clearly defined.

The proposal defines a customer as "any person seeking to open a new account." Taken literally, this definition implies that the verification and recordkeeping provisions would apply even if no account were opened. Like most banks, BB&T's recordkeeping system is not designed to retain such information. Denied loan applications are currently maintained in accordance with various lending regulations, but there are no comparable regulations for denied deposit applications. Modifying our system to accommodate these additional records would be costly with little or no value added towards accomplishing the goals of the Patriot Act. Likewise, attempting to verify the identification of each signatory on denied deposit and credit applications would be costly, and in many cases futile as the potential customer loses their incentive to provide information if the account is denied. In addition, the proposed regulations governing other financial institutions such as broker dealers do not contain this language. For these reasons, and to promote consistency, we recommend the final rule clarify that the identification and verification procedures apply only if an account was opened.

Once a customer has been verified, there is no obligation in the proposal to reverify that person. We recommend the regulation address situations in which the bank would be required to reverify persons opening accounts other than new accounts. For example, a minor that opened an account with a parent or legal guardian may come into the bank at age 30 to open a new account. In a multistate branch network, a customer could open an account in one state, relocate, and subsequently open another account in a different state. The identification type and number will more than likely change. In both cases, the customer was originally verified according to section 326, but circumstances would have changed sufficiently to require reverification.

Similarly, BB&T requests that Treasury allow banks within the same holding company to consider a customer verified by one bank in accordance with Section 326 verified for all banks within the same holding company.

As written, the proposal exempts transfers of accounts, such as merged accounts, from the scope of section 326. It is unclear whether these accounts are exempt from all aspects of section 326, including the recordkeeping requirements. We recommend clarification of the type of records to be maintained, and the retention period of those records in merger situations. Are these accounts exempt from all of the requirements in section 326, or only the verification procedures? Banks may develop different verification procedures and therefore would have different records. For example, if one bank relies on a documentary process and maintains copies of government-issued identification, but is purchased by a bank that uses a non-documentary approach, would the purchasing bank be required to maintain copies of the identification for five years after the account closes or five years after the merger?

The Identification and Verification Process

The type of information to be required under the proposal depends on whether or not the person is a U.S. citizen or U.S. entity. For non-citizens, among the list of acceptable information to be obtained in lieu of a U.S. taxpayer identification number is "a government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard." In a documentary process, an "unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard" is considered an acceptable document for verification. This seems to imply that the same document would be used for identification and verification. In this process, there is a greater requirement for identification and verification for U.S. citizens than non-citizens.

Since the requirements for U.S. citizens and non-citizens are different, it is unclear what responsibility the bank has to make this determination. A non-citizen could have a driver's license and SSN; therefore the bank would have no way of determining the customer's citizenship without asking the customer directly. We suggest the final rule clarify the bank's requirement to determine citizenship.

The proposal provides guidance in regard to some of the documents that would be acceptable in a documentary process to verify U.S. persons that are not individuals. We would appreciate some general guidance on the type of documents acceptable for foreign entities.

Banks frequently open accounts for entities such as a bowling league, class reunion, or Sunday school class, or a fund for victims of a tragedy. These types of accounts are set up in the name of the entity, since the entity is the owner of the funds. However, there is rarely a TIN established. We recognize our obligation to know the individuals involved, but recommend a limited exception be granted for the information required for the entity.

In a documentary process, the proposed rule requires a bank to maintain copies of the documents used to verify a person's identity. We find this overly burdensome. While we typically require this information from prospective customers, we do not currently make copies of the identifying documents. As a regional bank, we open thousands of deposit accounts alone each day. For each account opened, we would have to maintain a copy of the document used, for example a driver's license. If we are to verify each signatory on an account, this could create several thousand new pieces of paper each day for the deposit accounts only. Storage of these records could soon become unmanageable. Even if the documents were imaged, the copy itself may not be clear enough to image. If the copier itself were to break down, then we would be unable to open accounts under a documentary process until it was repaired. To purchase back-up copiers for each of our 1,200 branches could become quite costly; even with a second copier, there is no guaranty both would be in working order at all times.

In addition, we have concerns over the Fair Lending implications of maintaining copies of documents that may result in the collection of prohibited information. The proposal attempts to add a safe harbor, but as written is not sufficient.

There are certain forms of acceptable identification, such as a military identification card or some state-issued driver's licenses that prohibit copying. In these situations, we would either have to refuse to accept otherwise acceptable identification, not open the account, or automatically go to a non-documentary process. For these reasons, we encourage Treasury to reconsider the requirement to make and maintain copies of government-issued identification, or to provide banks with a safe harbor from existing State and Federal law.

As an alternative, we recommend Treasury eliminate the requirement in the final rule to make and maintain copies of documents used in the verification process. The document number, the issuer, name and address, and any other identifying information could be retained in an automated format. This not only eliminates the cumbersome recordkeeping requirements associated with paper copies, but also puts bank in a better position to retrieve these records within 120 hours.

We recommend that Treasury clarify that a non-documentary process could be used instead of a documentary process, at the bank's option. The proposal, as written, does not prohibit a bank from choosing to rely entirely on a non-documentary process, but certain language in the preamble indicates that Treasury anticipated that a documentary process would be a first step and the non-documentary process would be a second, additional step.

In the preamble discussion of non-documentary verification processes, negative, logical, and positive verification procedures are described. Based on the language in this paragraph, it appears as though any one of the three processes would be an acceptable form of non-documentary verification. We suggest that Treasury review this language and ensure that it is consistent with other provisions of section 326. As written, it implies that a bank could open an account for a customer in a non-documentary process and rely solely on information from a negative database such as Chex Systems to verify the customer's identity, without obtaining a government issued identification. This does not seem to enable a bank to form a "reasonable belief " that it "knows the true identity of a customer." Use of a negative database such as Chex Systems does little more than provide information to a bank about that customer's previous negative experiences with another bank. We understand that Treasury is relying on banks to develop a risk-based approach. However, in order to avoid the overly burdensome requirements of a documentary process, and to keep costs low, if the regulation permits such a verification process as this, there will be many banks taking this approach. Is it possible for a bank to "form a reasonable belief" that it "knows the true identity of the customer" based solely on the use of negative verification?

In a non-documentary process, the recordkeeping requirements are not clear. The regulation should clarify what, if any, documentation would have to be maintained, if for example, a credit report was used to verify the individual's identity. The proposal reads "where a bank relies upon a document to verify identity, the bank must maintain a copy of the document that the bank relied on that clearly evidences the type of document and any identifying information it may contain." It is not clear from this language whether the rule is limiting this requirement to a document used in a documentary process, or whether this applies to a non-documentary process as well. It is also not clear whether this applies to items such as a driver's license, where a bank's CIP has established a non-documentary process and the driver's license was ancillary to the process.

Comparison with Government Lists

The requirement for a CIP to "include procedures for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations" is too vague. While the proposal does define some limits, in that the list must be provided by any federal government agency, there needs to be additional guidance as to the types of government agencies and lists to be searched.

Because a number of the names appearing on government lists of known or suspected terrorists are relatively common, many banks do not match the customer's name against these lists until after the account is opened. It is impractical to place a front line customer service representative in the position of determining whether the person seeking the account is a match or a false positive. In a credit transaction, the person taking the application could be put into a position of denying credit based on a potential (rather than actual) match, and subject the bank to allegations of violations of Regulation B. We recommend the final rule clarify that this match could be conducted within a reasonable time after the account is opened.

General

Many large banks will be unable to effectively comply with some of the provisions, such as searches against government lists, unless an automated system is employed. In fact, the regulatory analysis states "Treasury and the Agencies believe that all banks have access to a variety of resources, such as computer software packages, that enable them to check lists provided by the Federal government." Given the large number of service providers and computer systems available, will there be a regulatory standard for such products, or a safe harbor for banks if the bank relied on the information provided in good faith and conducted appropriate due diligence?

The proposal gives no direction on how financial institutions should handle third-party relationships with mortgage brokers or automobile dealers. Other regulations, such as Regulation Z and Regulation B, define the responsibilities of financial institutions and third parties when relying on a third party to collect regulatory information. We recommend Treasury include similar provisions in the final rule regarding responsibilities for the collection, verification, and comparison to government lists.

The preamble suggests that lobby notices or electronic notification would be adequate to satisfy the notification requirements. The proposed regulation only refers to "adequate notice." We believe this language is too vague and does not address proper notification in such situations as indirect lending. We recommend the final rule more clearly address customer notification when there is no face-to-face contact. We also recommend the final rule clarify that notification to one accountholder is considered notification to all, similar to provisions in other consumer regulations such as Regulation B and Regulation Z.

We appreciate Treasury's attempt to permit banks to establish a risk-based program based on their own products and services and location. We are concerned, however, with the vagaries of the regulatory language. It may not have been the intent of Treasury, but the issue of the verification method is open for interpretation. Without a well-defined identification and verification process, it is possible that financial institutions and examining agencies may have differing opinions of the reasonableness of the process.
BB&T appreciates consideration of these comments. Should there be any questions concerning any of these comments, please call either one of us.