Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank



Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations




FDIC Federal Register Citations

September 6, 2002

Financial Crimes Enforcement Network
Section 326 Bank Rule Comments
P.O. Box 39
Vienna, VA 22183

Ladies and Gentlemen:

The American Bankers Association appreciates this opportunity to comment on the notice of proposed rulemaking to implement Section 326 of the U.S.A. Patriot Act (PL 107-56). As is pointed out in the notice, the Secretary of the Treasury is required to prescribe, jointly with a number of financial services agencies, a regulation that, among other things, "requires financial institutions to implement reasonable procedures to verify the identity of any person seeking to open an account, to the extent reasonable and practicable."

ABA supports the law's general precepts as an excellent means of limiting the ability of terrorists and other criminals to access the banking system. The Association, however, urges the Treasury to maintain both the spirit of this congressional directive and the intent of the law by adjusting the proposed rule in the following ways:

· Including all financial institution providers under Section 326;
· Clarifying that the definition of "account" covers financial relationships established in writing or its equivalent;
· Ensuring that "customers" are not those that simply "seek" to open an account;
· Eliminating the requirement that additional "signatories" to an account be considered "customers" for Section 326 purposes;
· Reducing the recordkeeping requirement to two years;
· Permitting financial institutions to record the identifying information at account opening rather than photocopy government issued documents; and
· Allowing financial institutions to implement the final regulations by October 2003

The ABA brings together all categories of banking institutions to best represent the interests of this rapidly changing industry. Its membership -- which includes community, regional and money center banks and holding companies, as well as savings associations, trust companies and savings banks -- makes ABA the largest banking trade association in the country.

Section 326 (Customer Identification Programs for Banks, Savings Associations and Credit Unions) requires the Treasury Department to issue regulations to set forth standards for financial institutions to follow in the identification and verification of customers during the account opening process. The law requires that the regulation, at a minimum, direct each covered financial institution to:

· Verify the identity of any person seeking to open an account to the extent reasonable and practicable;

· Maintain records of the information used to verify a person's identity, including name, address, and other identifying information; and

· Consult lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency to determine whether a person seeking to open an account appears on any such list. (emphasis supplied)

When the House Financial Services Committee passed the measure that eventually became Section 326, it made clear its intent that the regulations not over burden the financial sector. It directed the Treasury to "make use of information currently obtained by most financial institutions in the account opening process." 1 It went on to indicate that it "is not the Committee's intent for the regulations to require verification procedures that are prohibitively expensive or impractical." Thus, it is important to note that ABA members are already covered by Bank Secrecy Act examination procedures that include the requirement for account opening policies. Any new responsibilities created under this regulation must remain consistent with current information gathering policies.2

Overview of the Proposed Rule

The ABA commends the Treasury Department and the financial regulatory agencies for recognizing that the only reasonable and effective means of implementing these requirements is by directing the institutions to adopt "risk-based" procedures that take into consideration the great variety of types of accounts that banks maintain, the different methods of opening accounts, and the type of identifying information available. It is also important that the overall regulatory charge to institutions be that the verification procedures "must enable the bank to form a reasonable belief that it knows the true identity of the customer."

ABA must point out the lack of coverage at this time for many of the other financial institutions that are also included in 31 U.S.C. 5312 (a) (2) and subject to Section 326. Identifying a customer should be mandated for all financial institutions and should not be delayed simply because it may be difficult to craft appropriate rules. In fact, the notice does point out that all of the agencies that participated in this rulemaking "intend the effect of the rules to be uniform throughout the financial services industry." 3 ABA urges the Treasury to announce immediately that all institutions that provide similar types of financial services and are not covered under this series of rulemakings will be the subject of another notice within a specific period of time.

The Association's specific comments and suggestions follow.

1. Definitions (103.121):

Account--103.121 (a)(1):

ABA agrees that the proposed definition of "account" should not include "infrequent transactions such as the occasional purchase of a money order or a wire transfer." To ensure that the definition of "account" not cause confusion with regulatory examiners or institutions, we recommend that the section be amended to require that an account be defined as "each formal banking or business relationship established in writing or its equivalent to provide ongoing services, dealings, or other financial transactions."

Customer--103.121 (a)(3):

ABA urges the Treasury to consider several consequences of the definition of "customer" under proposed Section 103.121 (a)(3). The Treasury proposes that the term "customer" means "any person seeking to open an account." In addition, the supplementary information in the proposed rule indicates that the term will include "a person applying to open an account, but would not cover a person seeking information about an account, if the person does not actually open an account." These apparently inconsistent statements need to be reconciled. At what point should it be determined that a person seeking information becomes one seeking to open an account?

More importantly, however, ABA opposes defining a customer as any individual that "seeks" to open an account for a number of reasons. As will be explained below (under "Recordkeeping"), if the rule implementing Section 326 covers those who simply seek to open an account, banks will have to retain records on those for whom accounts were never opened. This outcome is not "reasonable and practicable" as directed by Congress and would add nothing to the public policy goal of verifying the identity of "customers" so as to assist in the prevention of terrorist financing. If an individual does not get access to a financial institution, there cannot be any terrorist financing activity.

Further, if the definition remains as proposed it would be different from that proposed for broker dealers and inconsistent with the regulatory intent expressed in footnote 3. Section 103.122 (a)(4), applicable to broker dealers, would only cover individuals that have opened an account. ABA recommends that the proposed section 103.121 (a) (3) defining bank "customers" be amended to ensure that only those who have accounts be considered customers.5

The proposed definition of "customer" also includes "any signatory on an account." Therefore, any individual with signing authority would be considered a "customer" under the rule. While the proposed rule to implement Section 326 would only cover new accounts and new signatories added to existing accounts, ABA believes that this section will result in extensive cost to the industry and would add little, if anything, to the overall goals expressed by Congress. In addition, signatories or authorized signers may not even be accountholders but actually customers of another financial institution. In those instances, customer identification and verification would have been performed at that institution.

Corporate Accounts

With respect to business accounts, the proposal would require financial institutions to verify the existence of the company through the use of documents such as "registered articles of incorporation, a government-issued business license" or other types of similar documents, just as is required currently under the Bank Secrecy Act. With respect to accounts not owned by one or more individuals, financial institutions currently rely on a certificate of authority for each signatory verifying that the person (typically an officer or director of the organization) is authorized to sign on behalf of the organization. Corporations often have numerous authorized signers that change constantly, and state and local governmental units often change signatories when election terms end.

Given the vast numbers of changes, it would be extremely costly and burdensome to verify the identities of authorized signers. The organization's identity will already have been verified, and the key issue with respect to signatories is that they are authorized to sign for the organization. The transactions processed through these accounts involve multiple authorizations, both through the public or private corporation and through the financial institution. The transactions processed by the financial institution are also subject to strict regulatory oversight and internal audits and controls, which are routinely tested by regulators, and internal and external auditors. Moreover, a fraudulent signer risks being caught through the company's internal and external auditing procedures. Thus, verifying the identities of signatories would impose great costs and burdens on financial institutions while adding little or nothing to the overall account verification.

In addition, verifying such signatories or authorized signers will be redundant for those signatories that are not accountholders with the account owner's bank, but instead are customers of other financial institutions that have already verified their identities.

ABA believes that as long as a company is publicly traded and/or has already provided the financial institution with proper and verifiable corporate documents, there should not be any additional Section 326 requirements. Any additional risks that come to the attention of the financial institution will certainly be addressed under the existing SAR requirements.

Government Accounts

ABA is also concerned that the proposed rule does not incorporate the same exemption for governmental authorities that is included in other Bank Secrecy Act rules. Banks provide numerous services to state and local governments, 6 such as handling payrolls and cash management, as well as serving in a fiduciary and agency capacities (corporate trustee, employee benefit plan trustee, paying agent, registrar, custodian, investment advisor, etc.). Governmental accounts are already subject to heavy scrutiny, and pose little risk of being used for money laundering purposes. Accordingly, ABA urges Treasury to amend the proposal to incorporate the existing Bank Secrecy Act exemption.

Personal Accounts

For credit card and similar accounts, the proposal's requirement to verify multiple signatories presents similar difficulties. Credit card issuers have long employed various types of sophisticated fraud filters as a method to prevent fraud and determine abnormal use of a financial product that may indicate potential criminal activity. Therefore, the issuer will quickly discover any "misuse" of a credit card no matter how many signers have the ability to use the account. Adding a requirement to verify additional signers will not assist in fraud prevention.

In addition, it must be noted that credit card accounts are under the control of the account owner. For example, in a corporate setting, the company is in the best position to monitor employee transactions.7 For personal accounts, the owner of the account is ultimately responsible for the account. As with corporate accounts, user of the accounts may not be a customer of the institution. The costs associated with attempting to reach either individual or cooperate signatories in order to verify their identity is neither reasonable nor practicable.

ABA recommends that the final rule eliminate the requirement that signatories to an account be verified if there is no reason to suspect a possible violation of law. If such suspicions exist, of course a SAR would be filed.

2. Identity Verification Procedures (103.121 (b)(2))

The core of the Section 326 rule is the customer identification program (CIP) and how the institution verifies the identity of the customer. ABA believes that the key portion of this section is the fact that the risk-based procedures must be designed to assist the institution to "form a reasonable belief that it knows the true identity of the customer."8 Therefore, we are seeking clarification in a number of areas to ensure that these procedures are consistent with the above charge.

Under proposed section 103.121 (b)(2)(i), the bank's customer identification program must specify how the institution will verify information during the account opening process. The information that must be obtained from an individual is: name; address; date of birth; and an identification number. For U.S. persons, an identification number can be a social security number, individual taxpayer identification number, or employer identification number. The proposal then allows the institution to verify the identifying information through the use of documents or by some other means (e.g. contacting a customer after an account is opened or using information from a trusted third party source).9

There is some confusion surrounding the use of document verification. The proposal anticipates that banks will use document verification when conducting face-to-face transactions and permits the use of government-issued identification documents such as a driver's license or passport for such purposes. In order for this approach to be fully utilized by financial institutions, it is important that the final rule permit document verification even if an identification number such as a social security number no longer appears on the document. For example, many states now allow motorists to withhold their social security number from appearing on a driver's license. If an institution had to verify a customer's identity by viewing a license and by having to access a database to verify the social security number, the institution may decide to limit their CIP to non-document verification.10

Other issues related to verification methods will be addressed in the section on recordkeeping below. ABA urges the Treasury to continue its constructive approach toward flexibility by allowing each institution to decide how verification will be handled in all cases, even if that means an institution may never find a need to resort to document verification. In addition, for existing customers, institutions should be free to accept the original verification of a customer even if not performed in the exact same fashion as is directed in the new customer identification program.11

3. Recordkeeping (103.121 (b)(3))

A telling test as to whether the Treasury Department will truly be reasonable and practicable and consistent with the congressional directive is the manner in which records are required to be retained under the final regulation. ABA recommends that several areas need to be addressed here to ensure that these new requirements do not unnecessarily burden consumers and industry alike.

The five-year record retention requirement for documents after an account is closed will be excessive and costly. ABA urges the Treasury to limit the retention period to two years, which would parallel the regulations covering electronic funds transfers, consumer leasing, Truth in Lending and Truth in Savings, and would be one month less than the requirements contained in the Equal Credit Opportunity Act.

As for which are records covered under this section, ABA urges the Treasury to clarify that individuals who seek to open an account but who are declined, for whatever reason, not be considered customers. Therefore, no records with respect to these individuals should be required to be retained under the rule.

The proposed section on recordkeeping sets forth procedures that must be included in a bank's customer identification program or CIP. Specifically, the rule directs banks to maintain a record of the identifying information provided by the customer. (Note: the statute only requires the regulation to include "records of the information used to verify a person's identity, including name, address, and other identifying information.")

The rule proposal goes on to point out that if a bank "relies upon a document to verify identity, the bank must maintain a copy of the document that the bank relied on that clearly evidences the type of document and any identifying information it may contain." The rule also instructs the bank to "record the methods and result of any additional measures undertaken to verify the identity:"

Finally, the bank must record "the resolution of any discrepancy in the identifying information obtained."

First, the ABA objects to the retention of copies of actual documents used to verify identity such as a government issued driver's license. Financial institution compliance officers have long been directed to not keep photocopies or images of driver's licenses in loan files.12 Even if the requirements of Section 326 now permit such activity, it is clear that consumers are uncomfortable with this type of record retention. In light of the increase in identity theft, it makes little sense to proliferate the types of documents that might be accessed by individuals intending to commit fraud. Requiring copies of government issued identification to be placed in files and kept for such an extraordinary period of time will do just that.

In addition, the statute does not mandate that copies of the actual document be retained, only that the information used to verify be retained. ABA urges that recording the fact that a driver's license or passport or some other similar document was reviewed by an account officer (or other relevant employee) along with the identifying information should be considered compliant with new section 103.121.

Next, the recording of any discrepancy in the identifying information obtained should be limited to only material changes to the information. For example, typographical errors or minor mistakes such as a missing number from a phone number should not have to be recorded. To be consistent with the risk-based nature of this rule, only serious mistakes should be noted in the files.

Finally, the use of non-documentary verification presents a number of questions related to record retention. ABA urges the Treasury to permit banks to retain a record of the type of verification used (e.g. public database) and who was responsible for reviewing the information as being in compliance with the record requirements under this section.

4. Customer Notice

The Customer Identification Program must also, according to the proposal, describe how notice will be communicated to the customer that information is being collected to verify an individual's identity. ABA appreciates the flexibility afforded the industry to communicate to the customer either in writing or orally. The industry would also benefit from some assistance on what constitutes acceptable notice language from the regulators. There should also be some consideration given to a government public relations effort in this area. We recognize the challenges that went into crafting the sample privacy notice language under Gramm-Leach-Bliley and offer to work with the government in this area. This may be an appropriate project for the Treasury Department's Bank Secrecy Act Advisory Board.

5. Other Issues

Application of Section 326 to Bank Fiduciary Activities

ABA recognizes that Section 326 and the proposed rule were designed with commercial banking operations in mind. Fiduciary accounts, typically personal trusts, corporate trusts, and employee benefit trusts, are, by contrast, regulated under totally separate state and federal laws and regulations.13 Because fiduciary accounts often involve numerous beneficiaries, many of whom do not currently receive a stream of income, trust bankers have raised questions concerning just who are the "customers" whose identities must be verified. ABA believes that only those beneficiaries that actually receive income from a fiduciary account should be deemed to be "customers" under the proposal.

Personal Trusts. Banks provide personal trust services in a variety of capacities, the most common being a revocable or irrevocable trust established by a grantor or settlor on behalf of one or more beneficiaries. These beneficiaries may include current beneficiaries (those receiving a stream of income), contingent beneficiaries, unborn children, and remaindermen. Trust departments may also provide fiduciary services in a testamentary capacity, such as executor of a decedent's estate, or upon appointment by a court, such as guardian of a minor child.

ABA believes that for purposes of personal trust activities, the "customers" whose identities must be verified are the person or entity that created the trust, typically the settlor, and current beneficiaries. However, beneficiaries that do not currently receive a stream of income, such as contingent beneficiaries, unborn children and remaindermen, should not be deemed to be "customers" until such time as they begin receiving income. ABA believes that limiting the "customer" to the creator of the trust and current beneficiaries is reasonable and practicable; excluding contingent beneficiaries poses little risk of money laundering activities.

Corporate Trusts. Banks' corporate trust activities typically involve serving as a trustee for the issuer of municipal and corporate bonds under federal and state laws. In this capacity, the trustee is responsible for making disbursements of proceeds from the bonds and protecting the interests of the bondholders.

A very significant percentage of issuers that corporate trustees work with are municipal governments and their political subdivisions. (Elsewhere in this letter, ABA seeks an exemption from CIPs for governmental entities that is comparable to the current exemption for governmental entities in the Bank Secrecy Act.)

The second largest type of corporate trust involves acting as trustee on corporate bonds. This activity, regulated under the Trust Indenture Act and subject to strict regulatory oversight by the Securities and Exchange Commission, typically requires the corporate trust provider to hold minimal, if any, balances. The most significant financial transaction for most of these accounts is the periodic payment of principal and interest due on the bonds to the registered holders, most often the Depository Trust Company as custodian for bank and broker participants. Bank Secrecy Act rules govern the due diligence required by a corporate trust provider to accept an account of this type. In addition, the regulations of the Securities and Exchange Commission governing registration of the bonds provide further oversight.

In both of these situations, the corporate trust provider's connection is to the issuer rather than the beneficial owners of the bonds. Accordingly, ABA believes that the "customer" should be deemed to be the corporate entity issuing the bonds. As a practical matter, corporate trustees are not likely to know the names of the beneficial owners because the bonds are held in nominee name with a bank or broker custodian. It is, however, feasible to identify the entity issuing the bonds. Moreover, ABA believes that this vehicle would hardly be a mechanism through which criminals can engage in terrorist financing or money laundering.

Retirement Accounts. Banks service in various fiduciary capacities for retirement vehicles including employee benefit plans regulated under the Employee Retirement Income Security Act ("ERISA") as well as the several types of Individual Retirement Accounts. These retirement accounts are not intended to provide a stream of income to the plan participant or account owner, until the participant has retired.

Employee Benefit Trusts. Banks serve in a number of capacities for various employee benefits plans regulated under ERISA, including as trustee, recordkeeper or custodian for qualified employee benefit plans in which thousands of employees may participate. This raises the question of whether these plan participants would be deemed to be "customers" under the proposed rule.

ABA strongly believes that beneficiaries of employee benefit trusts should not be considered to be "customers." It would be extremely burdensome to verify the identities of thousands of plan participants, the vast majority of whom will not receive benefits for years. Limiting "customers" under the proposal to plan sponsors poses little risk of money laundering. As is the case with corporate bonds, plan sponsors are already subject to verification under the Bank Secrecy Act.

Individual Retirement Accounts. IRA accounts are established by individuals who would be deemed to be "customers" under the proposal. However, individuals often name beneficiaries for their IRAs. Such beneficiaries are the same as contingent beneficiaries under personal trusts and should not be considered "customers" because they are not eligible to receive any income stream until the owner dies.

ABA would be pleased to provide further details on fiduciary operations to Treasury if additional information is needed.

Effective Date

Our members are very concerned about the effective date of the final rule that is contained in the statute. With a comment period closing only weeks from October 25, it is impossible for the financial sector to effectively comply with a mandate that includes systems changes, employee training and printing costs. It is absolutely essential that institutions be provided a reasonable time to effect the necessary changes. The larger the company the more technology dependent it may be. Smaller institutions, understandably, have fewer staff to devote to changes in regulatory requirements, and develop appropriate procedures. Those institutions may outsource some of their compliance responsibilities and will need time to work with their service providers.

For example, in the case of bank fiduciary operations, trust departments typically comply with the Office of Foreign Assets Control (OFAC) and control list requirements by hand, rather than using computerized programs. In addition, even the majority of the automated systems do not yet have the control list data for matching purposes.

While the banking industry supports the verification requirements of Section 326, it will still take a significant amount of time develop CIP policies and procedures and implement the technological changes to make compliance "reasonable and practicable." As the industry grapples with how best to verify identifying information, it is important to note that much remains to be done to improve government- issued identification and the private sector's ability to provide efficient and cost-effective tools to verify the information under this rule.

Therefore, ABA urges the Treasury to consider a one year phased-in implementation period for all portions of this section. Keeping in mind that banks already have account opening procedures to comply with the Bank Secrecy Act and anti-money laundering programs, this time will afford us reasonable time needed to update any systems or polices that need to be upgraded.

Conclusion

The American Bankers Association strongly supports the goal of Section 326. Our members have worked closely with law enforcement and the banking agencies over the past year to address terrorist financing and will continue to do so. We believe that our recommendation will only strengthen our ability to assist the government.

Thank you for the opportunity to present our views. If you need additional information, please feel free to contact me at (202) 663-5029.

Sincerely,

John J. Byrne
Senior Counsel and Compliance


1  H. Rept 107-250, pg 63. The Committee also reiterated the fact that banks have account opening procedures in place when it added that "[c]urrent regulatory guidance instructs depository institutions to make reasonable efforts to determine the true identity of all customers requesting an institution's services."

2  ABA produced an "Industry Resource Guide" on the "Identification and Verification of Accountholders" in January 2002. The guide offers advice on how to address the myriad of account opening challenges but points out that the "current account opening procedures at the vast majority of institutions have not been subject to supervisory criticisms." The guide is available on www.aba.com

3 67 Fed. Reg. 48291 (July 23, 2002)

4   Financial institutions are also obligated to file "suspicious activity reports" if it is determined that an individual seeking to open an account was involved in possible criminal activity. (31 CFR 103.15)

5  ABA also recommends that "guarantors" to accounts not be considered "customers" as these individuals only supply risk-mitigating support for credit products.

6 A very significant percentage of issuers that corporate trustees work with are municipal governments and their political subdivisions, such as port authorities, water authorities, school systems, etc that are authorized by state or municipal law to raise funds for specific purposes. To assure that all types of political subdivisions are included in an exemption for governmental entities, ABA urges Treasury to incorporate the Federal Deposit Insurance Corporation's definition of "political subdivision" contained in 12 CFR § 330.15(d). That definition includes "drainage, irrigation, navigation, improvement, levee, sanitary, school or power districts, and bridge or port authorities and other special districts created by state statute or compacts between the states. It also includes any subdivision of a public unit mentioned in paragraphs (a)(2), (a)(3) and (a)(4) [state, county, municipality, political subdivision, District of Columbia and certain non-mainland jurisdictions] of this section or any principal department or such public unit: (1) the creation of which subdivision or department has been expressly authorized by the law of such public unit; (2) to which some functions of government have been delegated by such law; and (3) which is empowered to exercise exclusive control over funds for this exclusive use."

7   According to a recent GAO Report (GAO-02-070), "Most law enforcement officials we met with were unable to cite any specific cases of credit card-facilitated money laundering in U.S.-based financial institutions." See: Money Laundering: Extent of Money Laundering through Credit Cards is Unknown. (July 2002)

67 Fed. Reg. 48292 (July 23, 2002)

9  ABA appreciates the supplementary information in the proposal that states that an institution has the flexibility to determine how soon identity must be verified.

10  It should be noted that the departments of motor vehicles in each state obtain and verify the social security number for licensed motorists. Thus, even if the SSN does not appear on the license, the information has been verified by that government agency.

11 ABA also urges that it be made clear that an institution is required to verify all customer information only to the extent reasonable and practicable. Financial institutions should be able to open accounts when they meet the "reasonable belief" test as to the customer's identity. 

12  Several states already prohibit the photocopying of a driver's license without the permission of the Commissioner of Motor Vehicles (Virginia and North Carolina).

13  Detailed information on bank fiduciary activities may be found at 12 CFR Part 9 and the Comptroller of the Currency's Trust Examination Manuals.

Last Updated 09/06/2002 regs@fdic.gov

Skip Footer back to content