Federal Deposit
Insurance Corporation

Financial Crimes Enforcement Network 
Section 326 Rule Comments
P.O. Box 39
Vienna, Virginia 22183

Dear Sir or Madam:

The Financial Services Roundtable ("the Roundtable") appreciates the opportunity to comment on the proposed customer identification rules issued under section 326 of the USA PATRIOT Act ("Patriot Act"). The Roundtable is a national association that represents 100 of the largest integrated financial services companies providing banking, securities, insurance, and other financial products and services to American consumers and businesses.

The Roundtable strongly supports the federal government's efforts to combat money laundering and related activities that help finance global terrorism and commends the Treasury Department ("Treasury") and the other federal regulatory agencies¹ involved for drafting rules pursuant to section 326 of the Patriot Act that establish a reasonable framework for obtaining, verifying and retaining customer identifying information.

The Roundtable has long urged Treasury and the other agencies to apply a risk-based approach in various money laundering contexts and firmly believes that such an approach is the most effective way to allocate resources in our anti-money laundering efforts. The Roundtable is pleased that Treasury has acknowledged that financial institutions' customer identification efforts must be risk based. Unfortunately, the proposed rules abandon the risk-based approach in a number of areas. Most importantly, the requirement that financial institutions apply undifferentiated customer identification procedures to all signatories on all accounts imposes an extraordinary burden on financial institutions and does not permit them to direct their resources to those customers that pose a heightened risk of money laundering. Broad-based requirements create a significant potential for diluted efforts that ultimately do not meet the goals of the Patriot Act to combat effectively money laundering and terrorist financing.

The Roundtable applauds the efforts of Treasury and the agencies to devise a uniform set of rules that apply to all financial industry participants. Without such uniformity, customers of financial institutions may engage in regulatory arbitrage, seeking to open accounts with firms that customers perceive to have less robust customer identification requirements. The Roundtable suggests below certain revisions to the rules that would enhance their uniform application to all covered financial institutions.

The Roundtable also believes that the rules should (a) more broadly permit financial institutions to share the customer identification and verification duties with other financial institutions, so as to avoid each institution having to undertake duplicative customer identification efforts, and (b) clarify and reduce some of the burdensome recordkeeping requirements.

In addition, the Roundtable urges Treasury to give financial institutions a minimum of six months after publication of the final rules to put in place their customer identification programs. As explained below, a transition period will be necessary to permit financial institutions to make the significant technology, systems, procedural, and training changes necessary to comply with the new rules. To this end, the Roundtable believes that Treasury has significantly under-estimated the burden and compliance costs of the new rules and, thus, has not appreciated the amount of time and resources needed to establish and implement the required customer identification programs.

1. Key Definitions

A. "Account"

The Roundtable supports Treasury's decision to define the term "account" in the bank customer identification rules as a "formal" banking or business relationship established to provide "ongoing" services, dealings or other financial transactions. That definition, as Treasury clarifies in the preamble to the bank rules, is not intended to apply to infrequent transactions such as an occasional purchase of a money order or wire transfer.

The definition of "account" in the other proposed rules, however, does not appear to incorporate this necessary concept of providing "ongoing" services. As such, isolated and one-time transactions may be captured by the definition used in the securities and futures rules, although clearly no account relationship has been established.

The Roundtable urges Treasury to adopt the bank rules' definition and to apply it uniformly in all of the customer identification rules. In the Roundtable's view, isolated transactions (regardless of the type of financial institution involved) should not be subject to the requirements of these rules. Inclusion of such transactions in the "account" definition could create significant compliance issues for firms without advancing the customer identification objectives of section 326 of the Patriot Act.

The Roundtable also urges Treasury to clarify further that the definition of account applies to transactional relationships and does not extend to other, non-transactional contexts such as safe deposit boxes. Such non-transactional relationships are not traditionally considered "accounts" and do not pose money laundering risks.

B. "Customer"

The term "customer" is given a two-part definition in each of the proposed rules. First, the term is defined in the mutual fund, broker-dealer and futures rules to include any person who opens a new account with a covered financial institution. In the bank rules, the term is defined slightly differently to include anyone who is "seeking" to open a new account. Second, in the mutual fund, broker-dealer and futures rules, the term includes any person who is granted authority to effect transactions with respect to an account; in the bank rules, the term includes any signatory on an account (either when the account is opened or added subsequently).

1. Application to Persons Who Do Not Oven Accounts

The Roundtable requests that Treasury make clear that the first part of the definition -- in the bank rule and elsewhere -- applies only to persons who actually open new accounts. The Roundtable believes, from reading the preamble to the bank customer identification rules, that Treasury did not intend to include as "customers" those persons merely seeking information on an account or other persons who apply for but then do not actually open new accounts (either because they change their minds or because the financial institution denies their application). To avoid confusion and uncertainty, the Roundtable suggests that the definition of "customer" in the text of the bank rules be revised to be the same as is in the other rules.

2. Application to Signatories on Corporate and Institutional Accounts

More importantly, the Roundtable strongly urges Treasury to reconsider the second half of the "customer" definition used in each of the rules. As drafted, this part of the definition would include as "customers" all individuals who have authority to sign for or act on behalf of an account, including accounts held by corporations, institutions, pension plans, and other well-known and well-established entities. Many financial institutions have a large number of corporate and institutional customers that each have numerous accounts, each in turn with numerous authorized signatories whose ranks regularly change as personnel are hired, fired, transferred, promoted, and resign. One Roundtable member reports that it has a large corporate customer that has numerous accounts with the financial institution and that customer has designated over 1,000 authorized users on its accounts.

Obtaining personal information about each of the individuals given authority to effect transactions on an account throughout the life of a corporate or institutional account relationship would be extremely burdensome for the financial institutions involved. In addition to the burden associated with the sheer volume of signatories, few options are available for obtaining and verifying a signatory's information. First, signatories are often named by accountholders and rarely, if ever, directly contact the relevant financial institution during the account opening/application process. Accordingly; financial institutions obtain little, if any, information from the signatory; what little information they do receive usually comes from an administrator within the organization. Thus, unlike actual accountholders who provide most of the initial identifying information in the application process, signatories/authorized users, provide little or none. Given so little information, it is far more difficult for institutions to obtain the requisite identification and verification information for these individuals. In addition, the Fair Credit Reporting Act prohibits institutions from obtaining credit reports about these persons (to verify their identification) absent their consent. Without a credit report and without direct contact with the signatory, a financial institution would be forced to rely other far more expensive and time-consuming ways to identify and then verify the identity of the tens of thousands of signatories who would be covered by the proposed rule.

Of course, taking on this additional burden would be necessary - and well worthwhile - if doing so advanced the goals of fighting money laundering. It is, however, difficult to understand the value of getting personal information (such as date of birth) from each of the thousands of affected employees who may be authorized to sign on or effect trades through a firm or entity account. This is particularly so because the corporate and institutional accountholders themselves typically have every incentive to ensure (and, in fact, do take careful steps to ensure) that their accounts are properly handled and are not used for illicit purposes by employees.

In addition, obtaining personal information raises privacy issues for the signatories and the risk of identity theft. Corporate employees would rightly view the gathering of the personal information required by the proposal as a needless invasion of personal privacy.

The Roundtable submits that the signatory requirement - to the extent that it applies to well-known corporations and institutions - does little (if anything) to achieve the Patriot Act's goals. In fact, it is the largest corporate and institutional customers of financial institutions that have the most signatories on their numerous and active accounts. Thus, it is these accounts that will pose the greatest compliance burden on financial institutions - as financial institutions try to track down personal information on each of the persons authorized to sign or effect transactions on these accounts. Yet, it is also these accounts (established for large, publicly traded corporations; for governmental entities and agencies; and for well-known universities and institutions) that pose the least risk of money laundering or other illicit activities.

The Roundtable believes that Treasury's goal in proposing this definition of "customer" is to ensure that nefarious individuals do not hide behind corporate forms and other legal shells. The Roundtable suggests that Treasury's rule should be aimed more precisely at entities and individuals that pose a meaningful risk of illicit activities and, at the same time, avoid placing burdens on relationships with well-known entities and their employees that pose a negligible risk of money laundering.

To meet its objectives, the Roundtable urges Treasury to take a risk-based approach to the signatory requirement so that financial institutions would not have to obtain information on individuals with signatory or trading authority over accounts maintained by publicly traded corporations and other institutions identified by and known to the financial institution (e.g., accredited universities; pension funds; retirement plans; and federal, state, or municipal governments and governmental agencies). A financial institution would, however, have to `look through' an entity if the institution was unable to identify that entity or if the institution otherwise believed that the entity presented a heightened risk of money laundering (e.g., a personal investment company or a company located or incorporated in a jurisdiction identified as non-cooperative in the fight against money laundering). This approach would more effectively combat money laundering by allocating valuable anti-money laundering resources on higher-risk entities.

3. Application to Trust. Escrow and Similar Account Arrangements

The Roundtable also requests that Treasury clarify that account beneficiaries (e.g., for trusts and escrow accounts) and participants in retirement plans are not "customers" for purposes of the rules. Beneficiaries of trusts and escrow accounts may, in certain circumstances, have authority over accounts - sometimes for a temporary period as an account is being closed. Similarly, participants in retirement plans may have the option to self-direct their plan assets, which authority, under the rule's literal reading, could make these participants "customers."

In many of these situations, however, financial institutions do not have the ability to perform customer identification procedures with respect to beneficiaries and plan participants. For example, a person may be named as a beneficiary of a trust when he or she is an infant and may, 18 years later, have authority to effect trades through the trust account. It makes no sense for a financial institution to have to ask for identification information from a beneficiary at the creation of the trust (at which time the beneficiary may not yet be born or may not have any identification information). It also makes little sense for a financial institution to have to ask for identification information from a beneficiary when funds are due. Financial institutions are often contractually bound by trust and other documents to pay a beneficiary or otherwise comport with a beneficiary's direction. It would be untenable for financial institutions to withhold funds because they lack appropriate information from a beneficiary

Given the minimal money laundering risks that these types of accounts pose, financial institutions should not have to `look through' trusts, escrow accounts, and retirement plans to identify beneficiaries and plan participants so long as financial institutions perform adequate due diligence on the entity or person establishing the trust, escrow account, or retirement plan.

2. Approval of the Customer Identification Proms

The Roundtable agrees that customer identification programs should be approved at a senior level in a financial institution. The Roundtable asks that Treasury clarify that the senior governing body must only approve the core elements of an institution's customer identification program, that is, the policies that form the central aspects of the program. As is typical for most institutions, the board or other governing body would then leave to management the task of implementing the policies and putting in place the necessary procedural details.

2. Identification Information Required

The Roundtable urges Treasury to make clear that financial institutions may open accounts for customers who lack all of the "minimum" identification information noted in the proposed rule. There may be situations in which customers may lack certain of the "minimum" information required and, yet, the financial institution may be well positioned to identify that customer and the legitimacy of the customer's funds. As long as a financial institution has formed a reasonable belief that it knows the true identity of its customer, the institution should not be prohibited from opening an account for that customer.

In addition, the required minimum information may present problems - particularly for foreign businesses and enterprises. Such firms may not possess the tax identification numbers or other government-issued documentation mandated by the proposed rule.

4. Reliance on Other Financial Institutions

The broker-dealer and futures rules provide, quite helpfully, that when futures commission merchants, securities firms, and other covered institutions share account relationships, the two firms may allocate customer identification responsibilities; the two firms need not duplicate their identification efforts. The Roundtable strongly supports the decision to authorize the allocation of customer identification efforts among entities that work together in servicing an account. The Roundtable particularly applauds the acknowledgement in the mutual fund rule that the customer identification process may be "best performed by personnel of... [an] affiliated or unaffiliated service provider."

These decisions are based on common sense: some entities are better positioned than others to perform customer identification tasks and, when a task has been performed by one institution, there is no reason for another institution to perform the same task with respect to the same customer.- Although the proposed rules incorporate this common sense approach, they do so inconsistently. Unlike the proposed securities and futures rules, the proposed rules for banks do not appear to authorize the contractual delegation of customer identification responsibilities. In the Roundtable's view, there is no reason to preclude banks or any other financial institutions from allocating customer identification responsibilities by contract.

Furthermore, where one financial institution has confirmed that another has obtained and verified information in accordance with an applicable customer identification rule, the proposed rules should authorize reliance on that information whether or not there is formal contractual allocation of customer identification responsibilities. In these circumstances, the rules should not require duplication of efforts. Thus, for example, when a broker-dealer knows that a customer has an account with a U.S. bank and has confirmed (by means of an oral or written reference from the bank, through receipt of an introductory letter from the bank, or through other similar means) that the bank has performed its customer identification responsibilities, the broker-dealer should be permitted to rely on the bank's compliance rather than duplicating efforts. Similarly, the rules should make clear that financial institutions that purchase or service assets (e.g., mortgages) from another financial institution may rely on the seller's representations regarding customer identification and not be required to engage in duplicative efforts.

In addition, the rules should permit broad reliance on identification by an affiliate. For example, when a customer has opened an account with a broker-dealer, the broker-dealer's affiliated bank should be allowed to rely on the fact that the necessary identification steps have been performed by its affiliate (likely according to a customer. identification program that is identical to the one in place at the bank). It makes little sense for both affiliates to ask the customer to provide identical information, to have to take the same verification steps, and then be subject to duplicative recordkeeping requirements.

5. Recordkeeping Requirements

Treasury's rules set forth certain recordkeeping procedures that must be included in customer identification programs. In general, the rules require financial institutions to maintain records of (1) identifying information provided by the customer; (2) the documentary and non-documentary methods used to verify a customer's identification; and (3) the resolution of any discrepancy in the identification information obtained. Financial institutions must retain such information and records for five years after the date that an account is closed.

The Roundtable agrees that it is reasonable to require financial institutions to maintain identifying information supplied by a customer for the life of the customer's account plus five years provided that customer is defined more narrowly, as set forth above.²  The Roundtable understands and acknowledges that such identifying information may be important for law enforcement. Such information may be kept with other account opening documentation and information that institutions ordinarily retain for the life of an account.

The Roundtable suggests, however, that it is not reasonable to require financial institutions to retain verification documentation and discrepancy resolution information for the required time period. The requirement to keep safe -- for the life of an account plus five years --all information regarding databases that have been searched or other verification due diligence steps that were taken, in the Roundtable's view, goes beyond what is necessary to advance legitimate anti-money laundering objectives.

The Roundtable submits that as long as identification information is verified and then maintained, there is little (if any) law enforcement value in retaining copies of aged records showing what verification steps were taken by an institution some time in the distant past. In addition, this aspect of the recordkeeping requirement is exceedingly burdensome for financial institutions because, contrary to Treasury's belief, such recordkeeping is decidedly not usual or customary in the industry. The Roundtable suggests that verification and discrepancy resolution records be retained for five years from the date of account opening. Such a time frame will better accord with industry standards and will give examiners and supervisory authorities ample opportunities to review records to test an institution's compliance with the rules, which is the real value of such records.

The Roundtable also wishes to note that there are significant legal risks associated with maintaining some of the required verification documentation. For example, many institutions expressly prohibit retention of copies of customer driver's licenses, passports, and social security cards because of concerns about customer privacy and identity theft. By keeping a copy of a driver's license or other photo ID, institutions also will be open to discrimination and Equal Credit Opportunity Act claims from customers who will allege that- credit was denied or other adverse action taken on the basis of their physical appearance. For these reasons, the Roundtable urges Treasury to require that institutions maintain only some notation in their files that proper verification steps were taken but not copies of actual documentation. To the extent that a notation alone will not suffice, institutions should be permitted to keep identifying numbers from passports and driver's licenses but not required to maintain actual copies of documents.

Finally, the Roundtable requests that Treasury clarify how firms are required to document searches and other non-documentary steps that may be taken to verify identification, particularly in the vast majority of cases when such searches will reveal no negative information. Treasury should clarify what records will suffice in such situations. Furthermore, in many instances, financial institutions may rely on third-party service providers to conduct the necessary verification steps. The Roundtable asks Treasury to make clear that financial institutions be permitted to use third parties to perform the necessary tasks and to maintain the required records.

6. Notice

The Roundtable appreciates Treasury's efforts to establish a flexible notice requirement that allows institutions to notify customers that they are requesting identity information with a sign, or through oral, written or electronic means. To avoid customer confusion, avoid duplicative efforts and help minimize unnecessary litigation, the Roundtable requests that Treasury adopt uniform notice requirements for all institutions and provide model language for these notices.

7. Foreign Branches

As it has noted in previous comment letters regarding the other Patriot Act implementing regulations, the Roundtable strongly believes that foreign branches of U.S. financial institutions should not be subject to the full scope of U.S. anti-money laundering requirements. Application of the Patriot Act's requirements to foreign branches raises important policy and legal issues, which the Roundtable and others have discussed with Treasury staff at length in the past and which issues need not be repeated here.

The inclusion of foreign branches in the customer identification context raises particularly significant problems. Countries differ markedly in their level of privacy protection that they afford to individuals and institutions, and application of the proposed rules to foreign branches of U.S. financial institutions may well create irreconcilable regulatory conflicts between customer identification requirements and host-country laws. Accordingly, the Roundtable urges Treasury not to apply the customer identification requirements to foreign branches. To the extent that Treasury determines to do so, then, at the very least, Treasury should make clear that these rules apply only to the extent permitted by, and absent conflict with, host-country laws.

8. Effective Date and Costs

Finally, the Roundtable requests that Treasury give financial institutions a reasonable and realistic schedule to put into place and implement the required customer identification programs.

Drafting and implementing a customer identification program that-meets the rule's requirements will require numerous steps, each of which will take time to complete. First, whatever final rule is adopted by Treasury will need to be analyzed and, based on that analysis, a written program will have to be developed and approved by appropriate boards of directors (or similar bodies). Second, to implement the program, account opening documents and processes will need to be significantly revised. Third, systems, databases, and recordkeeping functionalities also will need to be changed or upgraded. Each of these changes will then need to be tested to ensure their proper functioning, which is a time-consuming process. Finally, after systems are revised, employees - both those with direct customer contact and administrative personnel who process new account forms and applications - will need to be trained.

It will simply be impossible for most institutions to accomplish these tasks by October 25, 2002, particularly given the likelihood that final rules will not be issued until days before this date. For many institutions, the task is monumental and is added on to the other anti-money laundering compliance efforts they are undertaking pursuant to other sections of the Patriot Act. For this reason, the Roundtable recommends a phased-in approach that will give institutions time to develop policies and procedures and then implement those policies over time.

In this regard, the Roundtable notes that Treasury has significantly underestimated the compliance burden associated with the new procedures. For example, in the broker-dealer proposal, Treasury and the Securities and Exchange Commission believe that establishing a compliance customer identification program will cost a broker-dealer only $2,244. The Roundtable submits that setting up a program - given the complexity of operations involved, range of services and products affected, and number of customers impacted - will be a far more expensive endeavor. Setting up a program will require significant compliance and in-house (and possibly outside) legal work. Also, business lines will need to be consulted, because whatever program is adopted will need to fit the different business lines affected.

To accomplish the various tasks set forth above, firms will require additional time from the date of a final rule. In prior rulemakings, Treasury has been willing to defer statutory compliance dates to give industry an opportunity to make the necessary operational and systems changes. We ask that Treasury do the same here and give all industry participants at least six months from the date of a final rule (which time frame may need to be longer, depending on the text of the final rule) to have in place their required customer identification programs.

The Roundtable greatly appreciates Treasury's consideration of these comments. If Treasury staff or other functional regulators involved have any questions regarding the Roundtable's views on the proposed rule, please do not hesitate to contact me at (202) 289-4322.

Sincerely,

Richard M. Whiting
The Financial Services Roundtable
805 Fifteenth Street, NW, Suite 600
Washington, DC   20005

¹  Each of the agencies and the Office of Management and Budget is receiving a copy of this letter