Federal Deposit
Insurance Corporation

FinCEN
Section 326 Bank Rule Comments 
Post Office Box 39
Vienna, VA 22183
Attention: Section 326 Bank Rule Comments

Office of the Comptroller of the Currency 
250 E Street, SW
Public Information Room, Mailstop 1-5 
Washington, DC 20219
Attention: Docket No. 02-11

Secretary
Board of Governors of the Federal Reserve System
20th Street & Constitution Avenue, NW 
Washington, DC 20551
Attention: Docket No. R-1127

Executive Secretary 
Attention: Comments/OES 
Federal Deposit Insurance Corporation 
550 17" Street, NW
Washington, DC 20429

Regulation Comments 
Chief Counsel's Office 
Office of Thrift Supervision 
1700 G Street, NW 
Washington, DC 20552 
Attention: No. 2002-27

Secretary of the Board
National Credit Union Administration 
1775 Duke Street
Alexandria, VA 22314-3428

Dear Sir or Madam:

This comment letter is submitted on behalf of the Consumer Bankers Association ("CBA")¹ in response to the joint notice of proposed rulemaking issued by the Department of Treasury, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the National Credit Union Administration (collectively "the Agencies"), implementing Section 326 of the USA PATRIOT Act with respect to banks ("Proposal"). We appreciate the opportunity to provide our comments on the Proposal. The financial services industry has been working closely with the Agencies to detect and prevent money laundering and the financing of terrorism. We strongly support the goals of the USA PATRIOT Act and appreciate the Agencies' efforts in developing these rules. We are submitting comments in the areas we believe will impose significant costs without achieving the all-important goals of the legislation.

In General

CBA supports the Agencies in their efforts to develop a final Rule ("the Rule") implementing the Proposal that accurately reflects Congress's intent in enacting Section 326. The congressional intent is reflected both in the plain language of Section 326 and in its legislative history. Specifically, Section 326 directs the Secretary of the Treasury to implement "reasonable" procedures to verify the identity of certain persons "to the extent reasonable and practicable." In explaining these requirements further, the House Financial Services Committee stated that the "regulations prescribed under [Section 326] ... impose requirements appropriate to the size, location, and type of business of an institution." H.R. Rep. No. 107-250, pt. 1, at 63 (2001). The Committee also stated its intent that the "procedures prescribed by Treasury make use of information currently obtained by most financial institutions in the account opening process. It is not the Committee's intent for the regulations to require verification procedures that are prohibitively expensive or impractical." Id.

This congressional intent is reflected in several statements included in the Proposal and its Supplementary Information. For example, Section 103.121(b)(1) of the Proposal requires a bank's Customer Identification Program ("CIP") to be "tailored to the bank's size, location and type of business." Furthermore, the Supplementary Information notes that the "basic information that banks would be required to obtain under [the Proposal] reflects the type of information that financial institutions currently obtain in the account-opening process." The Proposal also contains a number of requirements, however, that create ambiguity or that would require banks to change their account-opening and recordkeeping processes significantly. The following comments include suggestions for addressing those issues in a manner that would ensure adequate customer identification verification without creating the need for banks to absorb unreasonable costs and burdens.

Definition of "Customer"

The Proposal requires each bank to implement a written CIP that, among other things, includes procedures for verifying the identity of each "customer" to the extent reasonable and practicable. The term "customer" is defined as "any person seeking to open a new account" and "any signatory on the account at the time the account is opened, and any new signatory added thereafter." With respect to any person seeking to open a new account, the Supplementary Information makes it clear that the definition of a customer does not cover a person merely "seeking information about an account." This is an important clarification that should be maintained in the Rule. However, the Proposal is overbroad and needs to be narrowed. We do not believe that Congress intended to impose an intelligence-gathering function on the financial services industry, but rather to set up a system that would keep terrorists from using the financial system to subsidize their activities. As a result, we do not believe that it is necessary to require banks to verify the identity and to retain the verification information of persons who have not actually opened an account. Other proposed Section 326 regulations for securities broker-dealers, mutual funds and futures commission merchants all define a customer as "any person who opens a new account...." 67 Fed. Reg. 48317,48327,48337 (July 23, 2002). We respectfully request that the Rule apply only to customers who have opened an account.

The definition of a customer also includes a "signatory." The Supplemental Information provides an example of a signatory as "an individual with signing authority over a corporate account." We do not believe that the term "signatory" is well-defined in the context of credit card or other similar credit arrangements. Without further clarification, use of the term is likely to create confusion for creditors offering such arrangements. Under existing practice, the "customer" is the "account holder" and in this context is the person who is contractually liable on the account, even if there are other authorized users or signers who have the right to use the account to obtain credit, but who have no obligation to repay. It is the account holder who is the party to the underlying credit agreement, is responsible for repaying all extensions of credit made through the account, is responsible for complying with all account terms, and to whom billing statements are sent during each billing cycle. It is also the account holder who is the subject of the creditor's initial and ongoing credit underwriting processes. We urge the Agencies to make it clear in the Rule that, with respect to credit card and other similar arrangements offered by a bank, the term "signatory" means each person who is liable on the account. If the requirement is retained, we suggest that the Rule permit banks to determine what activities constitute "seeking to open an account." Creditors, in large part to address existing regulatory requirements, including those under the Equal Credit Opportunity Act ("ECOA"), have already established procedures to deal with individuals who submit an application for credit.

Definition of "Account"

The Proposal defines an "account" to be "each formal banking or business relationship established to provide ongoing services, dealings, or other financial transactions." As examples, the Proposal notes that "a deposit account, a transaction or asset account, and a credit account or other extension of credit would each constitute an account." CBA commends the Agencies for making it clear that the definition of "account" includes only those relationships that involve "ongoing services, dealings, or other financial transactions." This is an important clarification that is consistent with other similar regulatory provisions, such as the definition of a "customer" in the regulations implementing Title V, Subtitle A of the Gramm-Leach-Bliley Act. We urge that this portion of the definition be retained in the Rule.

The Supplementary Information also includes a helpful clarification that the definition of account does not "cover infrequent transactions such as the occasional purchase of a money order or a wire transfer." This clarification should be included in the Supplementary Information to the Rule. In addition, we urge that you include additional guidance on this issue when the Rule is adopted. Specifically, it would be helpful if the Rule clarified that non-reloadable stored value cards are not accounts for purposes of Section 326. These cards are analogous to a money order in that the card is purchased in a single transaction and the bank has no subsequent dealings with the purchaser. We also note that because these types of cards commonly are sold at retail locations without the involvement of bank personnel, it would be impractical to perform the type of procedures required under the Proposal.

Required Information and Verification

The Proposal provides guidance regarding the steps a bank must take in obtaining identification information from a customer and verifying that information. For U.S. persons, the Proposal states that a bank must obtain the customer's name, date of birth, residential (and mailing, if different) address, and a taxpayer identification number (i. e. a social security number for an individual or an EIN [Employer Identification Number] for U.S. corporations and other non-individuals). This information must be obtained prior to opening, or adding a signatory to, an account. We urge you to consider the addition of flexibility regarding obtaining this information. In particular, there may be circumstances where it is difficult or ill-advised to require customers to provide detailed information prior to an account being opened. For example, customers have been consistently advised to ensure that they do not provide personal identification information in response to telemarketing calls. This advice is intended to help customers protect themselves against identity theft and other fraud. In order to address this issue, it would be important for the Rule to clarify that a bank has an obligation to obtain appropriate identification information within a reasonable time after the account is opened. This approach would be consistent with the requirement in the Proposal that the verification must be completed within a reasonable time period after the account is opened.

The Proposal also sets forth guidance regarding different verification methods that may be used depending on whether, for example, the customer is engaged in a face-to-face transaction with the bank or the customer is applying for an account from a remote location. In order to avoid confusion on this point, we urge you to make it clear that a customer who attempts to open an account in a "face-to-face" transaction with someone other than bank personnel is not engaging in a face-to-face transaction with the bank. For example, when an auto dealer assists a customer in obtaining an auto loan from a bank, the customer has no direct dealing with any employee of the bank as part of the application, and therefore should not be deemed to be involved in a face-to-face transaction with the bank.

The Proposal also requires banks to obtain a social security number for individuals and to verify that number, for example, through government-issued, unexpired identification. However, many states are now removing - some by law - social security numbers from state-issued documentation, such as drivers' licenses. At the federal level, legislation restricting the use of social security numbers is being given serious consideration. The result is that it will become more and more difficult to verify social security numbers. We ask that the Agencies provide more flexibility with respect to this and other verification requirements to the extent sources contemplated by the Agencies at the time of the final rulemaking are no longer available.

Required Record Retention

A bank would be mandated under the Proposal to keep certain records regarding its customers for a period of five years after the account is closed. We are concerned that this record retention period exceeds the standards currently used in the industry and, as a consequence, would require banks to incur significant costs to acquire additional storage capacity. In this regard, many banks have crafted their record retention programs to comply with existing federal laws, such as the Truth in Lending Act (requiring record retention for two years), the Electronic Fund Transfer Act (requiring record retention for two years), and ECOA (generally requiring record retention for 25 months, but only 12 months for business credit). We believe that a requirement to keep records for two years should provide the information necessary. At most, a five-year retention period-as in the Bank Secrecy Act regulations-should be substituted.

We also note that the types of records required by the Proposal appear to be more extensive than may be practicable. In particular, the Proposal appears to require that a bank maintain the following for each customer: the methods and result of any measures undertaken to verify the identity of the customer pursuant to the bank's non-documentary verification efforts, and the resolution of any discrepancy in the identifying information obtained. The Proposal also requires that banks include a record of the identifying information provided by the customer and relied upon, though the statute does not require this.

We do not believe that the retention of copies of actual documents is necessary. Financial companies' compliance officers have long been directed not to keep photocopies of drivers' licenses in files (and some states - Virginia and North Carolina - prohibit the photocopying of drivers' licenses without the permission of the Commissioner of Motor Vehicles). In view of the costs of developing and maintaining these records for hundreds of millions of customers, the concerns that growing numbers of customers have on the proliferation of information about them, and concerns with identity theft, we believe that this requirement creates rather than solves potential problems. Since the statute does not require that actual copies be retained, we ask that the fact that a driver's license, passport or other document was reviewed by an account officer or other relevant employee, along with the identifying information, be considered sufficient.

A more efficient alternative approach would be a requirement for each bank to have written procedures setting forth the methods to be undertaken to verify the customer's identity and resolve any discrepancies. Of course, each bank would be required to demonstrate that these procedures were applied in order to comply with the Rule.

Customer Notice

A bank is also required to provide its customers with adequate notice that the bank is requesting information to verify their identity. We appreciate that the Agencies have provided maximum flexibility with respect to delivering this notice. CBA urges the Agencies to retain this approach in the Rule.

Compliance Section 326 states that the Rule must be effective by October 25, 2002. CBA respectfully suggests that banks will not be able to comply with the Rule by this deadline. We urge the Agencies to allow banks an appropriate amount of time beyond October 25, 2002 to develop and implement a CIP that complies with the Rule. This additional time is necessary to develop a CIP and to make the necessary operational changes in order to implement it. Based on our consultations with our members, we believe that some banks may need up to 12 months from the date the Rule is published in order to be in compliance. Therefore, we urge the Agencies to provide banks the appropriate amount of time before compliance with the Rule is required.

We appreciate the opportunity to comment.