Federal Deposit
Insurance Corporation

Via Facsimile and E-mail 

Regulation Comments 
Chief Counsel's Office
Office of Thrift Supervision 
1700 G Street, N.W. 
Washington, DC 20552 
Attention: No. 2002-27 

Executive Secretary 
Federal Deposit Insurance Corporation 
550 17th Street, N.W. 
Washington, DC 20429 
Attention: Comments/OES 

Financial Crimes Enforcement Network 
P.O. Box 39 
Vienna, VA 22183 
Attention: Section 326 Bank Rule Comments

Re: Customer Identification Programs for Banks, Savings Associations, and Credit Unions, 76 Fed. Reg. 48290 (July 23, 2002) 

Dear Sirs: 

Washington Mutual, Inc., the parent company of Washington Mutual Bank, FA, Washington Mutual Bank fsb and Washington Mutual Bank, appreciates this opportunity to comment on the above referenced joint proposed rule (the "Proposed Rule") implementing Section 326 of the USA PATRIOT Act of 2001. 

With a history dating back to 1889, Washington Mutual is a national financial services company that provides a diversified line of products and services to consumers and small-to mid-sized businesses. At June 30, 2002, Washington Mutual and its subsidiaries bad assets of $261.28 billion. The company currently operates more than 2,500 consumer banking, mortgage lending, commercial banking, consumer finance and financial services offices throughout the nation. 

We welcome the flexibility provided by the Proposed Rule, which allows each "bank" (which includes various types of financial institutions) to establish a Customer Identification program tailored to the bank's size, location and type of business. This flexibility also allows each bank to establish verification procedures based on the bank's assessment of the risks presented by the various types of accounts, account opening methods and identifying information available. To enhance both the flexibility of the Proposed Rule and its effectiveness in meeting the aims of Section 326 of the USA PATRIOT Act, we offer the following comments. 

Defnition of "Account." The definition provided in § 103.121(a)(1) of the Proposed Rule is keyed to the formal banking or business relationship established to provide ongoing services, dealings or other financial transactions. The preamble discussion indicates that this definition "is not intended to cover infrequent transactions such as the occasional purchase of a money order or a wire transfer." 67 Fed. Reg. 48290, 48291. We suggest that this exception be included in the text of the regulation itself and that the exception be revised to avoid such terms as "infrequent" and "occasional." These words imply that a bank must keep track of the number of such transactions and maintain identifying information on all individuals purchasing money orders or making wire transfers. This implication would significantly increase the recordkeeping requirements imposed on banks and would defeat the intent of the exception. Instead, § 103.121(a)(1) of the Proposed Rule should be revised by adding a statement that an "account" does not include `Isolated transactions." Also, the examples set forth in the regulation should be expanded to include not only the purchase of money orders or wire transfer services, but also the use of an ATM to withdraw cash from an account at another bank. The use of the term "isolated transactions" and the ATM example would make the Proposed Rule consistent with the exceptions from the term "customer relationship" in the regulations on the "Privacy of Consumer Financial Information" (12 C.F.R. §§ 332.3(1)(2) (FDIC) and 573.3(1)(2) (OTS)), with which banks have become familiar. 

Definition of "Customer." The definition in § 103.121(a)(3) includes, as a customer, any person "seeking to open a new account." The preamble attempts to clarify and limit this definition by stating that 

"transfers of accounts from one bank to another, that are not initiated by the customer, for example, as a result of a merger, acquisition, or purchase of assets or assumption of liabilities, fall outside the scope of section 326 and are not covered by the proposed regulation." 

67 Fed. Reg. 48290, 48292. We welcome the recognition that a bank may acquire accounts without having any prior contact with the customer at the time the account was established. We suggest that this type of exception be included in the text of the regulation. 

In addition, this exception does not recognize other account relationships acquired by a bank without initial contact with a customer. For example, the exception does not address the wholesale lending operations of banks. In wholesale lending operations, loan applicants are initially customers of loan broken rather than customers of the bank. Rather than submitting an application directly to the bank, a loan applicant retains a broker, who represents the loan applicants in dealing with the bank. The loan broker assembles loan application packages, which typically contain relevant identifying information as well as credit, property and underwriting information, and submits the application to the bank on behalf of the loan applicants. The bank does not have the authority to supervise or control loan brokers who submit loan applications to it. Furthermore, these brokers are free to send applications to more than one bank and to other non-bank lenders. Thus, a customer may be seeking to open a mortgage loan account, but does not necessarily intend to obtain a mortgage loan from a particular bank Furthermore, the customer may have no contact with the bank at the time the application and the identifying information is collected. However, under the statement in the preamble quoted above, wholesale mortgage loans may not qualify for the exception. It is not clear whether a referral by a broker to a bank would be considered to be a "transfer of accounts" and whether the "transfer" would be considered to be initiated by the customer. Nonetheless, the wholesale loan operations of a bank present the same issues as any other purchase of loans with regard to a bank's ability to obtain identifying information. Therefore, we suggest that the exception to the definition of "customer" in § 13.121(a)(3) include individuals who are customers of a loan broker. 

Similarly, banks routinely open deposit accounts placed by deposit brokers. These "brokered deposits" may be issued in the name of the broker although the beneficial interest in the account is owned by a number of individuals. The identities of the beneficial owners need not be known to the bank. In fact, the FDIC recognizes that, for purposes of determining the deposit insurance coverage for such brokered deposits held in the name of a fiduciary, the identity of the beneficial owners do not have to be disclosed on the records of the bank. Instead, the identity of the beneficial owners may be determined "from records maintained, in good faith and in the regular course of business, by the depositor or by some person or entity that has undertaken to maintain such records for the depositor." 12 C.F.R. §330.5(b)(2). These brokered deposits are usually placed through the treasury department of a bank, rather than through a bank's branches. Therefore, a bank does not have an opportunity to obtain the information required by the Proposed Rule. Therefore, we suggest that the exception to the definition of "customer" in § 13.121(a)(3) include individuals who are customers of deposit brokers. 

Another situation requiring clarification is the treatment of an incomplete application by an individual seeking to establish an account. For example, in on-line banking, an individual may begin to provide information, stop and then continue at a later date or time. Similarly, a loan applicant may submit an incomplete application. It is unclear from the definition whether these individuals whose account-opening applications are "pending" would be considered to be customers under the Proposed Rule. If the individual never completes the -replication, would the bank nonetheless be required to maintain any identifying information submitted? If so, when would the account deemed to be "closed" under § 103.12(3)(ii) (which triggers a five year maintenance requirement)?¹

We suggest that the confusion over incomplete applications can be eliminated by revising both the definition of "customer" in the Proposed Rule and the information collection requirements of the Proposed Rule so that the Proposed Rule is similar to the regulations on Privacy of Consumer Financial Information (12 C.F.R. Part 332 (FDIC) and 573 (OTS)). In that regulation, a bank must provide the required initial notice to an individual no later than when the bank establishes a customer relationship. 12 C.F.R. §§ 332. (FDIC) and 573.4(a)(1) (OTS). By adopting a similar approach, the Proposed Rule would still accomplish the objective of requiring banks to obtain identifying information prior to an account being established. This change would avoid the appearance that the Proposed Rule requires such information to be maintained even if the account is never established.

Verification Requirement. We commend the Agencies for the flexibility provided by allowing a "reasonable time" after an account is established to verify the information obtained. We also agree that a bank should be allowed to avoid obtaining verifying information on an existing customer who opens an additional account. We suggest that this flexibility be expanded to permit a bank to avoid verification on are existing customer of an affiliate of the bank. 

In response to the request in the preamble of the Proposed Rule for information on identification and verification practices currently in use, we note that these practices vary based upon the type of account (deposit, consumer loan, mortgage loan, multi-family real estate loan or business loan). The variation in the practices, we believe, reflects the variation in risk presented by the type of account and the type of applicant. Our current risk based approach, we believe, is in keeping with the direction of the Proposed Regulation. 

We are concerned that one of the proscribed methods of verification set forth in § 103.121(b)(ii)(A)(1) of the Proposed Rule, namely the copying of photo identification such as a driver's license, might be criticized by the Agencies' Fair Lending examination and enforcement staff and might be in violation of some States' laws. We understand that such practices have been criticized in the past as possibly violating §§ 202.5 and 202.12 of Regulation B (12 C.F.R. §§ 202.5 and 202.12) as, in effect, constituting an inquiry as to, and maintaining records of, an applicant's sex, race, or color. Our concern is heightened by the statement in the preamble:

"Treasury and the Agencies emphasize that the collection and retention of information about a customer, such as an individual's race or sex, as an ancillary part of collecting identifying information do not relieve a bank from its obligation to comply with anti-discrimination laws or regulations. . . ."

67 Fed. Reg, 48290, 48294. Wye the actual use of such identifying information to discriminate must be guarded against, uve urge the Agencies to declare in the regulation that collection and retention of the information is not per se evidence of discrimination or a violation of Regulation B. Furthermore, in authorizing the collection of such photo-identification (as well as the collection of other identifying information), the regulation should clearly state that this regulation preempts any State law or constitution prohibiting the collection and maintenance of such information or deeming such practices to be per se evidence of violations of anti-discrimination laws and regulations.

Recordkeeping Requirement. We are concerned with the additional burden that the recordkeeping requirement will impose, particularly for banks that maintain records in digital form. For example, § 103.121(b)(3)(i)(B) of the Proposed Rule requires that a copy must be kept of a driver's license or other photo-identification used as verification under § 103.121(b)(2)(i)(A). There would be a significant increase in cost if, as a result of the Proposed Rule, we were required to digitize copies of photo-identification.

Also, under § 103.121(b)(4) of the Proposed Rule, records of identifying information, copies of documents, descriptions of verification methods and results, and records of bow discrepancies were resolved must be kept for five years from the date the account is closed. This is a huge increase over many current recordkeeping requirements. For example, under § 202.12(b) of Regulation B, copies of applications and other information must be keep for only 25 months (12 months for business credit) after the date that a creditor notifies an applicant of the action taken on an application. Assuming that a loan is funded (i. e., loan account is "opened") one month after the Regulation B notification, the Regulation B recordkeeping requirement means that the records must be kept for only 2 years after the loan account is opened. In the case of a 30-year mortgage loan, the Proposed Rule would increase the recordkeeping requirement from slightly more than 2 years after the loan account is opened (in the Regulation B example) to as much as 35 years after the loan account is opened (i.e., 5 years after the 30-year mortgage loan is paid and closed). Even assuming that the average life of a mortgage loan is 7 years, the Proposed Rule would increase the recordkeeping requirement from 2 years after the loan account is opened (in the Regulation B example) to 12 years after the loan account is opened (i.e., under the Proposed Rule 5 years after the loan has been repaid). 

In addition, the Proposed Rule does not address the effect of the sale or transfer of the account, along with account-related records. For example, when loans are sold without retaining the servicing of those loans, the records regarding the loan application are transferred to the purchaser or to another entity that services the loans. Similarly, when a branch is sold, records pertaining to the deposits domiciled in that branch are transferred to the purchaser. The Proposed Rule should be clarified to provide that a bank may transfer such records without retaining copies and by doing so will not violate the record retention requirement.

Effective Date. While we recognize that Treasury and the Agencies are under a statutorily mandated deadline to implement § 326 of the USA PATRIOT Act, we are concerned that the October 25, 2002 effective date will leave little time for banks to comply with the final. implementing regulations. We urge Treasury and the Agencies to issue final regulations as expeditiously as possible while addressing the concerns expressed in this and other comments on the Proposed Rule. We also urge the Agencies charged with supervision and enforcement of those rules to take into account the brief period between the issuance of the final rules and the effective date when examining for banks compliance.

We hope that Treasury and the Agencies will find these comments useful and would be pleased to discuss our views with members of their staff at their convenience.

Very truly yours,

John F. Robinson