Federal Deposit
Insurance Corporation

Concern #1: Paperwork Burden:

Section 3501 of the Paperwork Reduction Act of 1995 states the purposes of that law. Among several
purposes listed are the following:

  "minimize the paperwork burden for individuals, small businesses, educational and nonprofit
    institutions ,Federal contractors, State, local and tribal governments, and other persons
    resulting from the collection of information by or for the Federal Government. "

    ''ensure the greatest possible public benefit from and maximize the utility of information
    created, collected, maintained, used, shared and disseminated by or for the Federal
    Government."

  "ensure that information technology is acquired, used, and managed to improve performance
   of agency missions, including the reduction of information collection burdens on the public."

It is evident to us that the writers of the proposed Customer Identification regulations under the USA Patriot Act missed the mark in regard the spirit of the Paperwork Reduction Act. The writers of the proposed USA Patriot regulation assert that the paperwork will be minimal (section VI, "Paperwork Reduction Act"):

   "Treasury and the Agencies believe that little burden is associated with the recordkeeping
    requirements outlined in the proposed section 103.121 (b) (2), because such recordkeeping
    is a usual and customary business practice. In addition, banks already must keep similar records
    to comply with existing regulations in 31 CFR part 103 (see e.g., 31 CFR 103.34, requiring records
    for each deposit or share account opened.) "

We respectfully but adamantly disagree. 31 CFR 103.34 ("Additional records to be made and obtained
by banks") requires banks to obtain and retain data, such as taxpayer identification number. It requires
us to retain originals or images of documents we create or process, such as signature cards, account
statements,and checks or drafts against deposits. Nowhere does this regulation require banks to retain
copies of documents created outside the bank, such as driver's licenses.

The Recordkeeping section (103.121(b)(3) of the proposed regulation sets forth the following:

  "Where a bank relies upon a document to verify identity, the bank must maintain a copy
   of the  document that the bank relied on that clearly evidences the type of document and
   any identifying information it may contain." "The bank must retain all of these records for
   five years after the date the account is closed. "

We find this requirement staggeringly burdensome and unnecessary. Exchange Bank currently maintains 180,000 open and closed customer records on our main computer system. If this requirement had been in place since the beginning of time, we would now have 180,000 additional and separate pieces of paper filed and maintained on separate retention schedules. We would house these documents solely for the government, on the off chance that an investigator from government or law enforcement needed to see a picture of any one of our customer's identifying documents. We presume that, under the Right to Financial Privacy Act, the government would need to subpoena is required, government agencies do not feel the the effort is worth the information. In these cases, then, we would be housing the documents for absolutely no reason.

We support the goal of requiring valid, authenticated identification of customers. We do not dispute the need to positively identify the customer, not only for our own purposes but also for national security, and to retain the knowledge of how he/she was identified. We currently do just that. For each customer, Exchange Bank keeps an identity record on our automated Customer Information File, a key element in our main computer system. Each customer record indicates, among various other things, forms of identification. What we strenuously object to is the required retention of that information in paper format, or perhaps even in a digitized image of the original paper. The potential benefit to the nation of maintaining a copy of the document is far exceeded by our expected record-keeping costs.

The regulation writers attempt to address this issue. In Section V. of the proposed regulations ("Regulatory Flexibility Act"), the following is set forth:

  "The recordkeeping requirements similarly may impose some costs on banks, if, for example,
   some of the information that must be maintained as a consequence of implementing customer
   identification programs is not already retained. Treasury and the Agencies believe that the compliance
   burden, if any, is minimized for banks, including small banks, because the proposed regulation
   vests a bank with the discretion to design and implement appropriate recordkeeping procedures,
   including allowing banks to maintain electronic records in lieu of (or in combination with) paper
   records."
   
Again, we respectfully but forcefully disagree with this conclusion. Maintaining a "copy of the document"
used to identify customers will be costly, whether in paper or digital format. Whole systems and procedures requiring capital outlay will be needed to implement this requirement. Recordation of the
identifying information on existing databases (which we already do) is far different than keeping and
retaining a "copy of the document."

Concern #2:  Clear Conflict with Regulation B:

In the Recordkeeping requirements of the proposed regulation [103.121(b)(3)], the following is set forth:

  "Treasury and the Agencies emphasize that the collection and retention of information about
   a customer, such as on individual's race or sex, as an ancillary part of collecting identifying
   information do not relieve a bank from its obligations to comply with anti-discrimination laws or
   regulations, such as the prohibition in the Equal Credit Opportunity Act against discrimination
   in any aspect of a credit transaction on the basis of race, color, religion, national origin,
   sex, or marital status, age, or other prohibited classifications. "

The fact that this verbiage appears in the proposed regulation strikes us as clear acknowledgement by the regulation writers of the direct conflict between FRB Regulation B and the USA Patriot regulations. Banks will indeed have trouble reconciling these differences in attempting to comply with both.

FRB Regulation B section 202.5 prohibits creditors from collecting any information from applicants regarding marital status, sex, race, color, or national origin, among other prohibitions. In our experience, bank examiners clearly regard the photocopying of driver's licenses or other photo ID as a direct violation of this part of Regulation B. Yet the Recordkeeping section of the proposed regulation requires banks to obtain and photocopy such identification for all customers (including loan applicants, whether or not they become borrowers) and to retain it over the life of the loan, plus five years.

From where we sit, we see that we will automatically be in violation of either one regulation or the other.
We strongly urge you to reconcile this conflict now, and not leave it to the courts. If the reconciliation
is to be achieved by modifying either this, new regulation or Regulation B, so be it.

Other Comments:

Part III of the joint press release states that Treasury and the Agencies invite comment on all aspects of this rulemaking". Several suggested items for comment are listed. Exchange Bank chooses to comment on two of these:

Item #4: "Ways that banks can comply with the requirement that a bank obtain both the address of an individual's residence, and, if different, the individual's mailing address in situations involving individuals who lack a permanent address. "  Exchange Bank will have no problem whatsoever with this requirement. By policy, all our customers must tell us their street address when they open an account. Banks can comply with the requirement by adopting a similar policy. If the customer chooses, bank correspondence may be sent to a separate mailing address. Our computer system easily handles multiple addresses for
each individual and for each deposit account.

Item #6: "Whether the propose regulation will subject banks to conflicting State laws. Treasury and the Agencies request that the commenters cite and describe any potential conflicting State laws." There is currently a spate of Privacy and Anti-Identity Theft legislation, either already passed into law or being considered, in the California legislature. One such law (California Civil Code 1798.85) prohibits banks from disseminating Social Security numbers in any form, except as required by existing state and federal law. We have been advised by legal counsel that there is no conflict between this law and other law, such as the Joint Marketing Agreement provisions of the federal Gramm-Leach-Bliley law. Therefore, we see no immediate cause for concern in regard to the USA Patriot regulations. However, to the extent that you legally are able within the regulations, it might be helpful for banks for you to specify that the federal requirements supercede any conflicting state laws.

Again, we thank you for the opportunity to comment.