Federal Deposit
Insurance Corporation

Re: Comments on Proposed Rule: Customer Identification Programs for Banks

Dear Executive Secretary:

We appreciate the opportunity to comment on the proposed rule for the Customer Identification Program ("CIP"). For the most part, we feel that the proposed rule is consistent with our existing procedures for identifying customers. We would like to request clarification of some of the proposed definitions and requirements. In general, we would like to recommend that as much as possible the final rule contain examples to address the scope of various provisions. When possible, we have offered suggestions on how the final rule could address our concerns.

In addition, there are some significant proposed new requirements that we feel would create an unnecessary and potentially major burden on banks without providing any benefit in the effort to prevent and detect money laundering and terrorist financing. We feel it is important to bring these to your attention and have discussed these in detail below.

By way of background, First Hawaiian Bank has 56 branches throughout Hawaii, 3 in Guam and 2 in the Commonwealth of the Northern Mariana Islands. We offer a full range of financial services to both retail and commercial customers, including large national customers. Because of our unique geographic location, we deal with thousands of non-resident alien customers as well as a number of foreign nationals and foreign-organized entities. We have consistently maintained and followed procedures to identify our customers and have not experienced problems with money laundering that could have been avoided by additional customer identification procedures.

A. Clarifications. We would like to request the following clarifications to various items contained in the proposed rule:

1. Definition of "customer." We have some specific questions on whether certain categories are to be considered "customers" covered by our CIP. For example, we are interested in a clarification for situations where we do not have contact with the customer and no opportunity to identify the customer prior to entering into the relationship. This would include situations where we only service the product (such as mortgage servicing we do for our affiliate), indirect auto loans and student loans (where the customer is never present at the bank), and brokered mortgage loans.

It does not appear to us that the proposed rule requires us to monitor the identification practices of third parties. In these types of third-party situations, we would not be in a position to simply close these types of accounts if we had to conduct an after-the-fact identity verification. We feel it would be useful for the final rule to recognize that banks engage in certain activities without the ability to identify the customer before the relationship is established, and must occasionally be permitted to rely on third parties.

In addition, we question whether a person who has no access to the account would be considered a "customer." For example, a guarantor on a loan who has no ability to access the funds is not somebody we normally identify prior to establishing the loan. Similarly, participants in an employee benefit plan where the bank is the trustee or administrator are not permitted to conduct transactions other than receiving benefit checks. Focusing on the goal of preventing and detecting money laundering seems to suggest that when a person does not have the ability to conduct financial transactions, the person should not be considered a customer.

Similarly, when we have denied opening an account and do not establish a relationship, the applicant should not be considered a "customer." For example, if we deny a loan application based on a poor credit history, it does not seem worthwhile to go through the exercise of verifying the identity of a person who will not have an account opened. We would request that the final regulation recognize that identity verification is only necessary when an account relationship will be established.

Without question, the most troublesome aspect of the definition of "customer" is the inclusion of signers on business accounts. In fact, we feel this proposed requirement presents the most major change to our existing procedures out of everything in the proposed rule. We assume that the proposed rule means that a "signer" could be an employee who has a corporate credit card (even though the borrower for purposes of the loan is the employer), or an employee who is authorized to send wire transfers (even though the employee may not be an authorized signer on the company's checking account), etc.

Although we have always identified the accountholder (i.e. the employer in the above examples), it has never been our practice to identify the employees who are given authority to conduct transactions. A risk-based approach should be adopted that permits banks to make determinations about when identifying the signers would be a valuable procedure. For example, we have several large corporate customers who have had account relationships with our bank for many years. We are comfortable that our long-standing customers have controls in place to determine which employees should be permitted to access their funds.

We feel that we should be able to rely on the controls our customers use to entrust their financial transactions to specific employees, rather than rigidly require an identification process that would not seem to have a discernible impact on detecting or preventing money laundering. We would also like to point out that the proposed requirement will be particularly problematic for our national customers, because it is often the case that these customers have numerous signers who do not live in Hawaii.

2. Definition of "account." We feel the final rule would be improved if it contains clarification on what types of financial services are considered an "account." For example, are trust services (such as when the bank is trustee for a revocable living trust) considered an "account"? Is a safe deposit box an "account"? Is establishing a cash management service or using our internet banking service considered an "account"? If an existing time deposit renews, is the renewed deposit a different "account"?

3. Checking control list. We are aware that other commenters are raising questions about whether the control list distributed to us on a confidential basis is one of lists we need to check for customer identification purposes. We agree that clarification on this point is necessary, and that the final rule should explain how to maintain confidentiality of the control list while also distributing it bank-wide for identity verification purposes.

4. Non-U.S. non-individual documentation. The proposed rule does not adequately address the minimum requirements for verifying the identity of this category of customers.

B. Suggested modifications/deletions. We would like to suggest the following modifications and deletions, for the reasons explained below:

1. Delete the requirement to maintain a copy of the identification. For many years it has been our practice to note on the signature card for deposit accounts (at account opening) the type of identification reviewed and its expiration date. We feel this system has been reliable, and would rather expand that procedure to other types of accounts (i.e. loans) rather than retain photocopies of the identification relied on.

The requirement to retain a copy of the identification should be eliminated, for a variety of reasons. First, the graphics on various identification cards often cause very poor quality copies. It is also possible that certain types of identification may contain features intended to discourage making a copy.

In addition, we do not currently have an automated way to share a copy of a particular customer's identification between our branches and departments. Although the proposed rule would permit such a practice, this would only work if we had an automated system to share between our various geographic locations. As a practical matter, this means that each area of our bank that deals with the customer will be retaining copies until an automated method can be implemented. We have not investigated, but we assume such a system is likely to be fairly expensive to purchase, implement and maintain. And, until such a system is implemented, the cost of having various departments retain additional records is likely to be significant.

2. Delete the requirement for customer notice. We feel strongly that it is not necessary to notify customers that we obtain information to identify them. It has always been a routine matter for banks to request identifying information from customers, and we believe that customers already assume we are verifying their identity. A notice posted in a lobby to that effect will have little if no value to our customers. Although it may seem that the proposed rule offers flexibility to minimize this requirement, even posting lobby signs costs money and takes time. (We recently updated our Regulation CC lobby signs and the signage cost was approximately $20,000.)

3. Modify the reference to "occasional" transactions. The proposed rule indicates that the customer identification requirements only apply when there are "on-going" services being provided. Rather than leaving this open to interpretation, we recommend that a definite standard be used. For example, we think the most common occasional transaction is the purchase of monetary instruments. For this situation, we recommend modifying the current process contained in 31 CFR Section 103.29 so that there is a definite standard as to when customer identification is required.

The current record keeping requirements in Section 103.29 could be expanded to cover "established customers" who purchase monetary instruments using currency in amounts of $3,000-$10,000. Using "established customers" would include non-deposit account customers. Since our customer identification program will require verification of the identity of non-deposit customers at account opening, it seems unnecessary to collect the same information when a monetary instrument is purchased.

For non-established customers, the final rule could require that all (cash and non-cash) purchases of $3,000 and over be subject to the requirements of Section 103.29. This would also mean that a non-customer could purchase a monetary instrument under $3,000 without providing identification, but this is already considered a low-risk category that does not require record keeping.

There are other transactions that involve non-customers (such as currency exchange and the beneficiary of a letter of credit receiving proceeds). We would request that a more definite standard be adopted in the final rule to determine to what extent identity must be verified. We believe a definite standard will be much easier to implement than trying to have tellers discern whether a particular transaction is "occasional."

4. Exempt government and domestic financial institution accounts. In response to the question posed, we would recommend that accounts for governmental units and for domestic financial institutions be exempt from the customer identification requirements. Treasury has determined that it is permissible to exempt these entities from other Bank Secrecy Act requirements, which suggests that these types of accounts are already considered to be a very low risk (if any) for money laundering.

5. Reduce the retention period. The requirement to retain identification records for five years after the account is closed is excessive and should be reduced.

Lastly, we feel compelled to comment on the "estimated average annual burden for the record keeping requirements of the proposed rule per each financial institution respondent" being stated as 10 hours. We have already spent multiples of 10 hours in reviewing the proposed rule, assembling comments from our business units, and drafting and reviewing this comment letter. We can assure you that it will far exceed 10 hours at our institution to comply with the record keeping requirements of the proposed rule, even once all of the preparatory work has been finished.

Thank you again for the opportunity to comment. Please feel free to contact the undersigned at (808) 525-5111 if you would like to discuss any of our comments.