Federal Deposit
Insurance Corporation

RE: Proposed Customer Identification Programs under section 326 of the U.S.A. Patriot Act

To Whom It May Concern:

We are a $220 million bank with 5 offices located in central Massachusetts. We are a community bank who takes pride in "knowing our customers" while making sure we take precautions at account opening to ensure our customers are who they say they are, while still providing fast, efficient, friendly customer service. We appreciate the opportunity to comment on the proposed regulation implementing section 326 of the U.S.A. Patriot Act.

With regard to the proposed rules, we would like to offer the following comments:

Definition of Customer

Section 103.121 (a) (3) defines a customer to mean "any person seeking to open a new account." We feel this definition is too broad, in that it requires the same identification requirements for those persons with whom we actually establish a relationship, as well as for those who seek to establish a relationship (ex. loan applicant). It is our opinion that requesting identification from individuals who have not yet initiated an account or loan relationship is burdensome given the record retention involved.

Another part of the definition of customer proposes that a "customer" is any signatory on an account. Many larger corporations have signatories who reside out of state. We request further guidance on how to identify these signatories according to the proposed record keeping requirements. Will it be acceptable to obtain a notarized copy of a form of identification? Also, please provide guidance on other situations when a signatory is not an account owner (ex. Power of Attorney or Guardianship).

Record keeping

Section 103.121(b)(3)(i)(B) of the proposed rule requires banks to keep a copy of any document used when verifying identity. Traditionally banks have not retained copies of the documents relied upon. Instead banks have recorded identifying information on signature cards and account agreements. Such information includes; identification used, identification number, taxpayer identification number and expiration date (if applicable). Our customer service representatives are also required, by policy, to verify customer identity by such means as calling a 3rd party credit verification provider, employment verification, sending out welcome letters to verify the validity of the address given at account opening, etc. All of this is to try to combat the issue of check/new account fraud, which runs rampant in our part of the country. All of this information is kept as part of the permanent record on either the signature card or the account agreement. We feel that requiring banks to establish new procedures to retain "copies" of such records is unnecessary and costly. It would place an enormous strain on an already overburdened records management process. Additionally, customers are accustomed to providing identification at the time of account opening and expect some level of verification. To inform them that we must photocopy their identification and keep it on file will no doubt, at a minimum, cause unease with customers, especially given the increasing issue of identity theft. We feel that appropriate notations of the identifying documents on the bank's account opening records is sufficient for the purposes intended without increasing the costs and the amount of paperwork.

Identification

In section 103.121 (b)(2)(ii)(B) Non-documentary verification, it is understood that there are other forms and ways to verify and identify an individual as well a business relationship. It would be beneficial if suggested forms of identification were provided within the regulation. Also, there should be some flexibility allowed with existing customers who are well known to the Bank. As community bankers, we work and live near our customers. The final regulation should stipulate how we would go about verifying the identity of a minor, is the parent or guardian's confirmation sufficient?

Also, the identity verification procedures section states that a bank need not verify the identifying information of an existing customer seeking to open an account IF the bank previously identified the customer with procedures consistent with this regulation AND the bank continues to believe that it has a reasonable belief that it knows the true identity of the customer. Regulators have required banks to have some form of controls/procedures in place to identify their customers for a number of years. The identity verification requirements should be more flexible when opening an account for an existing bank customer. Requesting ID from a well-known, existing customer places the bank in a potential negative view in the eyes of the customer. One thought is to have an "affidavit of identity" as verification of identity for existing customers whom bank employees have known either personally or professionally for years.

Comparison with Government Lists

103.21(b) (3) requires banks to have "reasonable procedures" to determine whether the customer appears on any list of known or suspected terrorists or terrorist organizations provided by the any federal government agency. It would be beneficial if the agencies more clearly defined which specific government lists must be checked. This will help ensure that banks have designed their compliance programs to include all lists we are expected to review. It is also suggested that the Treasury Department and the bank regulatory agencies encourage the F.B.I to authorize the disbursement of the control list to the service providers that perform OFAC screening for banks.

Customer Notice

103.121 (b) (5) requires that a bank's CIP include procedures for providing bank customers with adequate notice that it will request information to verify their identity. We urge the agencies to adopt a model lobby disclosure for use in all institutions to provide consistency among banks and reduce confusion by customers over varying forms and languages contained in notices. Also, establishing model language prevents the chance that individual examiners would impose their personal opinion as to a notice's adequacy.

Effective Date

The proposed regulation establishes unrealistic timeframes for compliance with all of the proposed requirements of this specific regulation. The comment period doesn't end until September 6, 2002 and the final rule becomes effective October 25, 2002. It is unreasonable to believe that banks will be able to implement a formal CIP considering the final rule will not be issued until after September 6th. Given the requirement that the CIP must be written, board approved, new procedures put into effect and staff trained, we are requesting a mandatory compliance date of April 25, 2003 at the earliest.

Thank you for the opportunity to comment on this important proposed regulation. We appreciate your consideration of our comments and suggestions.

Sincerely,
Pamela L. LeBlanc
AVP/Compliance Officer
Bay State Savings Bank
Worcester, Massachusetts