Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations |
|||
FDIC Federal Register Citations |
August 29, 2002
Office of the Comptroller of the Currency Board of Governors of the Federal Reserve System Federal Deposit Insurance Corporation Re: USA PATRIOT Act - Section 326 Thank you for the opportunity to comment on this very important proposal for the development of regulations to implement Section 326 of the USA PATRIOT Act. The Kansas Bankers Association is a nonprofit trade organization with 367 of the 371 Kansas banks as members. Our members are not only bankers, but they are also fellow Americans and as such are willing and ready to help identify those who are terrorists. It is in this spirit that we write this comment letter, not to oppose the implementation of Section 326 and the Customer Identification Program, but hopefully to make suggestions that will help to make the Act workable and meaningful in the heart of America's community banks. It is our understanding that the proposed regulations will require all banks to implement a Customer Identification Program (CIP). This program is to be incorporated into the bank's existing BSA Compliance Program and must be in writing and approved by the Board of Directors. The CIP itself will consist of procedures for banks to 1) verify the identity of any person seeking to open an account; 2) maintain records of the information used to verify the person's identity; and 3) determine whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the bank by any government agency. In organizing our letter, we will make comments on the minimum requirements for the implementation of the CIP through the three procedures listed above. Identity Verification Procedures. 1. Information required. Banks will be required to obtain certain information from each customer prior to opening an account or adding a signatory to an account. With regard to the definition of "customer", the proposal defines that as any person seeking to open a new account, including any signatory. In determining what is an "account", the regulation indicates that this term is not intended to cover infrequent transactions such as the occasional purchase of a money order or a wire transfer. Can we conclude that the definition of "account" would not include the person who comes into the bank on a regular basis to cash his or her paycheck? Many times, a person will come to the same bank every pay period merely because of convenience and the fact that the bank is close to his or her work. Although identification is checked, there is no "account" relationship established in the traditional sense of the word, and we would hope there would be no need to bring these people under the CIP umbrella. The definition of "customer" also includes corporations, partnerships and trusts and their signatories. While determining the EIN or TIN of such entities in other states is not an insurmountable task, it may be difficult to track down all the signatories on such entities. Perhaps there could be a narrowing of the rule for entities so that only the principal shareholders, partners or just the trustees would have to have an identification number on file. We would like some guidance on what identification number should be used in the case of informal entities such as an account opened to accept donations to a special cause (i.e., to help pay for an expensive operation in the community or to help a family after a house fire). These informal entities may or may not have an EIN. It would be our suggestion that the final regulations include guidance on what identification number a bank should obtain in those instances where there is no formal entity and no EIN for that entity. We would also like to see some guidance on the use of the matricula card and whether it can be a reliable source of establishing the identification of a non-US person. In many areas of our state, we welcome non-US persons who do not want to establish citizenship, but who work here as undocumented immigrants. Many of these individuals use the matricula card as their identification card to open bank accounts. Our banks really want to know whether these types of cards are acceptable as a reliable form of identification. 2. Verification. Banks will be required to have "risk-based" procedures in place for verifying the information that is obtained within a reasonable period of time after the account is opened. There will be many instances where a bank will develop a new account relationship with a customer they have had for many years. Imagine the reaction of the customer of 20-plus years when told that the bank must make a copy of the customer's driver's license to verify his or her identity at this time. We would request that the final regulation allow a bank to develop a procedure for verifying the identity of a customer with the personal knowledge of one or more bank employees as a form of non-documentary verification. Banks are frequently asked to open an account in the name of a child who does not yet have a picture identification card. While there are suggestions for various types of non-documentary verification, none of these seem to quite fit when the account owner is a minor child. We would like some guidance as to what would be acceptable verification in these cases. There will also be many instances where a corporate account has various signatories in various cities and/or states. What type of procedures will be sufficient for a bank who must verify all of these signatories? We would hope that the final rule would implement a risk-based approach to this issue that will not be extremely costly to our banks. There is also a general sense among bankers that many customers will not allow the bank to copy their drivers' licenses. Would it be possible for a bank employee to make a notation on the account application form that he or she checked the customer's drivers' license and that it appeared to be an accurate representation of the customer? That document obviously would be a part of the file. The Uniform Trust Code provides for a Certification of Trust whereby rather than requesting an entire copy of a trust agreement, banks could ask the trustee for a Certification of Trust form, whereby the trustee "certifies" that he or she is authorized to act on behalf of the trust. Will such a form be sufficient verification under this new regulation? What would be an adequate form of verification of the identity of an informal entity such as was discussed above? In those instances where a bank cannot obtain verification of identity through documentation, to what degree of detail must the bank procedures be written? In this situation, may a bank refuse to open the account? Many banks will not be willing to go to the expense of using a credit bureau inquiry to verify identity, and many customers may balk at being asked to provide a financial statement when opening a deposit account. We would also ask for clarification regarding the extent of the verification process. It is our understanding that once a bank has obtained and verified the identity of the customer through a document such as a driver's license, the regulation does not require the bank to take steps to determine whether the driver's license is validly issued. In other words, it is our understanding that a bank, absent obvious indications of fraud, has the right to rely on a government issued identification as verification of the customer's identity and will not have to undertake the expense of determining the true validity of each and every piece of identification. The proposal indicates that the bank would have a reasonable time to verify identities. We would like to see clarification of what a "reasonable time" would be in this instance. This would be especially important in the case of a transaction conducted by the telephone or the internet. Recordkeeping. Banks will be required to maintain all records involved with identification and verification for a period of five years after the date the account is closed. We would urge that a shorter time period be applied in the final rule. There is a shortage of space available to store files that are no longer active. Comparison with Government Lists. Banks will be required to establish procedures for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations provided to the bank by any Federal government agency. We would like the final regulation to list those Federal government agencies that provide acceptable lists and where banks can access those lists. Without this further guidance, banks will be wondering if the list they have is the correct list. Finally, we would request that the final regulation contain an example of what would be an adequate notice to bank customers that a bank could post in their lobby or on the internet. Again, an example would eliminate questions and doubt as to what specific language would suffice. Conclusion. In conclusion, we want to emphasize the fact that here in Kansas, as in many states, community banks are an integral part of their community. They know all of their customers and their customers know them. Rest assured that if a person that was unknown to the employees walked into one of these banks, the employees would make a point to find out who the person is and where he or she is from. We can appreciate that crafting regulations that would not seem overly burdensome to these institutions, yet would address the issues of national security is quite difficult. That is why we very much appreciate the fact that the intent of the agencies is to make the implementation of these regulations reasonable and practicable, and that each bank's CIP will be evaluated based on what is appropriate to the size of each banking institution. To that end, we hope that our comments will be useful in crafting the final regulation. Thank you for your time and attention. Sincerely, James S. Maag Kathleen Taylor Olsen |
Last Updated 09/05/2002 | regs@fdic.gov |