Federal Deposit
Insurance Corporation

Financial Crimes Enforcement Network 
Department of the Treasury
P.O. Box 39 Vienna, VA 22183

Secretary
Federal Reserve System
20th and Constitution Avenue, N.W. 
Washington, D.C. 20551
(Docket No. R-1019)

Office of the Comptroller of the Currency 
250 E Street SW
Public Information Room, Mailstop 1-5 
Washington, DC 20219
Attention: Docket No. 02-11

Executive Secretary
Federal Deposit Insurance Corporation 
550 17th Street, N.W.
Washington, DC 20429 
Attention: Comments/OES

Regulation Comments 
Chief Counsel's Office 
Office of Thrift Supervision 
1700 G Street, NW 
Washington, DC 20552 
Attention: No. 2002-27

Dear Sir/Madam:

Re: CIP proposal/USA PATRIOT Act

Dear Sir/Madam:

The California Bankers Association ("CBA") is grateful for this opportunity to provide comments on the interagency proposed rule that implements section 326 of Title III of the USA PATRIOT Act ("Act"). CBA is a nonprofit professional association incorporated in California, and represents virtually all of the commercial banks and savings institutions in the state.

CBA and its member banks support the fight against terrorism and recognize the important role that financial institutions play in the effort. We generally support agencies' approach to establish flexible rules that account for the differences in size and complexity of the institutions that must comply with the new rules. It is CBA's hope, through this letter, to help fashion the proposal in a manner that accomplishes the legitimate goals of the Act but without imposing unnecessary burdens on financial institutions.

Because the proposal would broadly affect banks and their operations, it would be extremely helpful for the agencies to include, along with the final rule, a set of questions and answers. For example, what are banks' responsibilities when it is not the originator but, rather, an assignee or purchaser of a loan or pool of loans? If a customer is referred to an affiliate or subsidiary, is re-identifying necessary? Also, we urge the agencies to treat as a guiding principle the congressional mandate that the identification requirements be "reasonable and practicable."

Account. The proposed definition of "account," which is taken from the Act, generally reflects traditional notions of an ongoing relationship between a customer and a bank. The final rule should unequivocably exclude "one off" customers like non-customer purchasers of cashiers checks. Nevertheless, it would be helpful to provide guidance on how the definition would apply to persons other than the primary accountholder. Because of the additional requirements proposed, including the retention of an extensive amount of records, CBA urges the agencies to construe the term, account, narrowly and tailor the requirements in accordance with the risks presented.

For example, a bank should have the discretion not to obtain identifying information on a hundred authorized signors to a fortune 500 company account. Banks should be allowed to rely on the due diligence performed by the corporation to obtain and verify the identities of its own administrative personnel when authorizing those employees to be signatories on the corporation's bank account. Moreover, signors on corporate accounts change frequently.

As to existing customers, a bank need not verify identifying information with the caveat that the bank previously verified the customer's identity in accordance with procedures consistent with the proposed rule. This requirement could become a gargantuan task and, we believe, unnecessary, given that the customers, by definition, already have an existing relationship with the bank.

Many banks presently do not routinely collect information on all persons associated with an account. For example, banks typically obtain a TIN only from the primary account holder. If the account is non-interest bearing (requiring no tax reporting), banks would attempt to obtain a TIN, but would not necessarily terminate the relationship if a TIN is not provided. We urge the agencies to minimize banks' duties in connection with persons with whom a bank does not have a direct financial relationship, such as a loan guarantor, trust beneficiary, and employee benefit plan participant. Each of these persons could be construed as having a formal business relationship with the bank in order to obtain ongoing services.

The proposed rule would require banks to rewrite policies and procedures, conduct training, and implement expensive programming changes in order to capture and manage the additional data. We believe that the additional burdens of collecting and storing information on persons peripherally associated with an account do not justify the negligible benefit, if any, they might bring in fighting terrorism. Moreover, requiring individuals who have only marginal relationships with a bank to submit identifying information would raise privacy concerns to new heights.

CBA is also very concerned about the proposal to include coverage of persons "applying" or "seeking" to open an account even where a person does not ultimately obtain a banking service. Banks certainly do and should take reasonable steps to identify their own accountholders, but to apply onerous standards relating to noncustomers is simply unwarranted and overreaching. Again, any marginal benefit such information may provide is outweighed by the burden of keeping the information available for long periods.

Recordkeeping. The proposal to retain a copy of identification presented by the customer for five years after the account closes is excessive, particularly in light of the expansive coverage of the proposal. Many banks presently do not retain a copy of identification. Therefore, they must create a process to capture images, store them, and ultimately, destroy them. Measures must be taken to train employees, and to ensure the privacy of customers. We do not believe a retention requirement is warranted since law enforcement agencies already have access to the agencies that issue identification. And if the identification is false, then its value is questionable. Any concern that banks will not review customer identification unless they retain a copy is without foundation because reviewing identification is not only standard practice but it is in banks' best interest to do so to mitigate fraud. We urge a rule that limits the retention requirement to information taken on an application, and the retention period should be limited to two years, which is consistent with other retention requirements.

CBA is also concerned that retention of picture identification leaves banks with heightened exposure for claims of discrimination. Bank employees have long had training to expunge any records in files that indicate a person's race (government monitoring information excepted). Such practices not only reduce the risks of discrimination, but also provide the salutary effect of shielding banks from unwarranted discrimination claims.

Effective date. While the statute requires final regulations to be issued by October 26, we urge the agencies not to require compliance until a reasonable time after issuance. Since many of the changes will require systems development, training, policy and procedure changes, etc., substantial lead time for compliance is warranted.

CBA appreciates this opportunity to provide comments on behalf of its bank members in California. If you have any questions, I would be happy to help address them.

Sincerely,