Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank



Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations




FDIC Federal Register Citations


August 27, 2002


Executive Secretary
ATTN: Comments/OES
Federal Deposit Insurance Corporation
550 17th Street, N.W.
Washington, D. C. 20429

Dear Mr. Secretary:

Thank you for the opportunity to comment on the proposed rules on Customer
Identification Programs for Banks, Savings Associations and Credit Unions,
12 CFR Part 326 [Docket No. R-1127].

Chartered in 1825, Liberty Bank is the oldest mutual savings bank in
Connecticut. Liberty Bank is headquartered in Middletown, Connecticut, has
$2.0 billion in assets and serves more than 170,000 individuals and business
customers throughout our 33 community banking offices in central, eastern
and shoreline Connecticut. With its 545 employees, Liberty Bank is
committed to complying with the letter and spirit of all rules and
regulations.

In the proposed rules, specific comments were requested. Those have been
specifically addressed. In addition, Liberty Bank reviewed the entire
proposed regulations and felt it would be in everyone's best interest to
comment on those other elements as well.

SPECIFIC COMMENTS

In particular, comments were solicited as to if the definition of an account
is appropriate and whether other examples of accounts should be added to the
regulatory text. In our opinion, the definition of an account is too broad
and should specify clearly the account types affected by the proposed rules
and within the Bank Secrecy Act. As noted in the proposal, an account means
"each formal banking or business relationship to provide ongoing services,
dealings or other financial transactions." Applying the definition as
written leaves far too much leeway for interpretation and blurs the intent
of the purpose of these rules. Hence, it is recommended the definition of
an account be changed to read as follows:

The term account means an account at a bank involving the receipt or
disbursal of funds with the bank including all consumer and business deposit
and loan accounts.

This definition would clarify the accounts covered by the proposed rule.
As for other definitions within the proposed rules, there is concern over
the definition of a customer. In the proposed rules, the definition of a
customer will include any signatory on the account, such as any individual
with signing authority over a corporate account, regardless of when the
signatory is added to the account. This definition would require financial
institutions to obtain and record how the individual was identified, as well
as require financial institutions to develop appropriate procedures.
Requiring all signatories on an account to be identified is not practical in
instances where a signatory resides out of state, and does not have the
ability to be authenticated by visual observation. This scenario would
arise in instances where larger corporate accounts that may be publicly
traded are headquartered in another state; yet have facilities operating
within another state. For example a retail corporation, who has an outlet
store here in Connecticut, may have their parent company headquartered in
New York State. The relationship is not with the signatory, but with the
corporate entity, (i.e.: the customer). Secondly, it is impractical to
obtain appropriate identification for such a relationship, as these funds
are normally swept out of the bank daily, not by written check. In
addition, the signatory on the account is technically not a customer of the
financial institution, as there is no individual relationship with that
person. The signatory is acting as a conduit for execution of transactions
on behalf of the corporate customer. Lastly, the proposed definition
conflicts with the definition within Part 332-Privacy of Consumer Financial
Information.

As noted in the Frequently Asked Questions dated December 2001, a customer
is "...neither a business nor an individual who obtains a financial product
or service for business purposes is a consumer or a customer under the
Privacy Rule." Should the proposed definition include a signatory as a
customer, and then the Bank's responsibilities under the Privacy provisions
would include the fact that we would be required to give:

* "All your customers initial privacy notices.

* Initial notices (or short form notices) to consumers who are not
your customers only if you intend to disclose nonpublic personal information
about those consumers to nonaffiliated third parties (unless an exception in
§§ 332.14 or 332.15 applies such that no initial notice is required prior to
the disclosure).

* Annual privacy notices to your customers as long as they remain your
customers."

* Consequently, it is impractical for a financial institution to
provide up-front and annual Privacy Notices to these individuals, as they
are clearly not considered a customer and are not afforded the same
protections as an individual that has an ongoing relationship with the Bank.
In addition, the Privacy Provisions clearly do not apply to businesses.
Should business customers not be included in the final regulations, then the
definition of an account would need to be revised accordingly.

* Considering the issues identified, it is recommended that the
requirement for identification of signatories pertain only to consumer
accounts.

* OTHER COMMENTS

* Section 103.121(b)(2)(ii)(B) Non-Documentary Verification

* Within Section 103.121(b)(2)(ii)(B) Non-Documentary Verification, it
is acknowledged there may be other forms and methods to verify and identify
an individual as well as the proprietor of a business relationship.
However, applying different methodologies to the example noted above, it
would be appreciated if suggested forms of identification were provided
within the regulations [emphasis added]. In addition, it would also be
appreciated if other methods of customer verification included within the
text of the final regulations [emphasis added]. This would be helpful
especially to demonstrate a bank's due diligence to examiners, as well as
establish a uniform method for compliance.

* For example, should a financial institution request an out-of-state
business signatory to provide a photo-copy of their identification to the
financial institution, there is no certainty that the provided photo-copy is
in fact that person, or, as eluded to later within the proposal, fraudulent.

* Section 103.121(b)(3) Recordkeeping

* Addressing the recordkeeping requirements as proposed in Section
103.121(b)(3) Recordkeeping, it is stated that each financial institution
"must maintain a copy of the document that the bank relied on that clearly
evidences the type of document and any identifying information it may
contain." This proposal presents two major concerns that would
substantially affect operations and potentially raise additional compliance
concerns relating to all Fair Lending Laws, in particular the Equal Credit
Opportunity Act.

* Relative to the impact on operations, the requirement to retain
documentation relied upon exists only to the extent that the identifying
information needs to be reviewed and documented, not actually maintained, as
noted in the proposed rule. Specifically, Section 103.34(b)(1) states that
"each bank shall retain" ... "each document granting signature authority
over each deposit or share account, including any notations, if such are
normally made, of specific identifying information verifying the identity of
the signer (such as a driver's license number or credit card number)."
Consequently, if every bank was now required to retain a copy of each
identifying document, they would need to modify every account opening
process as well as invest in appropriate technology to allow branch and
lending personnel, to somehow image the identifying documents presented.
This becomes impractical and is "not usual and customary" as many mortgage
loan originators, for example, currently meet customers in the privacy of
their existing residence. Hence, there would not be a means (unless
technology is purchased) to secure the appropriate customer identifying
copies. Furthermore, in an effort to comply with the proposed record
retention requirements, banks and other financial institutions would need to
invest in an image storage system of sizeable magnitude to be able to store,
retrieve and add to the database with ease. A system suitable to the asset
size of Liberty Bank with a network of 33 Community Banking Offices and a
outside mortgage origination, commercial lending and commercial real estate
staff totaling 26, can be estimated to cost between $200,000 and $750,000,
including annual maintenance fees. This estimated cost does not include the
cost of the storage media, for example, CDs.

* Of larger concern, is the disparity between the proposed record
keeping requirements and the rules within Section 202.5(c) and (d) of the
Equal Credit Opportunity Act. Currently within the Equal Credit Opportunity
Act, there are clear guidelines as to what type of information a financial
institution is allowed to ask for, and what information currently is
prohibited from being requested of a credit applicant. Specifically, the
Equal Credit Opportunity act states:

* "202.5(d)(3). Sex. A creditor shall not inquire about the sex of
an applicant. An applicant may be requested to designate a title on an
application form (such as Ms., Miss, Mr., or Mrs.) if the form discloses
that the designation of a title is optional. An application form shall
otherwise use only terms that are neutral as to sex.

* "202.5(d)(5). Race, color, religion, national origin. A creditor
shall not inquire about the race, color, religion, or national origin of an
applicant or any other person in connection with a credit transaction. A
creditor may inquire about an applicant's permanent residence and
immigration status."

* As you can see, the requirement to maintain a copy of the
identification used to verify a customers' identity is not in harmony with
existing regulations. Hence the requirement to "maintain a copy of the
document the bank relied on that clearly evidences the type of document and
any identifying information it may contain" is inconsistent and currently
not allowed [emphasis added]. Not only is there the inconsistency between
the Equal Credit Opportunity Act and the proposed rules, but also regarding
each Bank's responsibility to comply with the other anti-discrimination laws
will be difficult to demonstrate to an examiner or public interest group
alike. Instead, each examiner will interpret, as they see fit, a financial
institutions anti-discrimination practices.

* Further responding to the "usual and customary" statement in the
proposed rules, is the concept of having to "record the methods and result
of any additional measures undertaken to verify the identity of the
customer," along with the requirement to "record the resolution of any
discrepancy in the identifying information obtained." These are not current
practices employed by Liberty Bank, and would substantially affect our
operations and the manner in which we do business, ultimately increasing
costs.

* As you can see, complying with this particular section of the
proposed regulation is onerous and costly. Hence, we respectfully request
the requirements of Section 103.121(b)(3) Recordkeeping be removed.

* Section 103.121(b)(4) Comparison with Government Lists

* Regarding the requirement to have "reasonable procedures for
determining whether the customer appears on any list of known or suspected
terrorists or terrorist organizations provided to the bank by any government
agency" is difficult at best. To our knowledge, the only lists available to
each financial institution are the Office of Foreign Assets and Control list
that is periodically updated, and those lists provided by our regulator, the
Federal Deposit Insurance Corporation.

* The probability of a financial institution locating every list
published by any government agency is like trying to find a needle in a
haystack. For example, some of the lists that have recently been brought to
our attention include:

  Worldwide Government Officials List United Nations Sanctions List
  OECD Tax Haven List Bank of England List
  Interpol Wanted Fugitives List The OFAC List
  World Bank Debarred List AUSTRAC List
  OCC Unauthorized Offshore Shell Banks List European Union List
  FATF Non-cooperative Countries (Money Laundering) List Bureau of Industry
  and Security (BIS) Denied Person List

In an effort to comply with this requirement, it is suggested that all
federally generated lists by any federal agency that publishes individuals
or business suspected of terrorism, terrorist activities or money laundering
be consolidated on one list, the OFAC list for example. This would ensure
that all individuals or entities are "scrubbed" against the accounts held at
each financial institution.

Section 103.121(b)(5) Customer Notice

As noted in the proposed rules, disclosure to all consumers relating to
their requirement to provide adequate identification is a solid idea. The
two suggestions noted within the proposal include posting a sign in the
lobby or providing customers with any other form of written or oral notice.
In the event of an electronically opened account, the proposal states that a
notice can be provided electronically.

Having considered this requirement, Liberty Bank believes the most effective
way to provide notice is by requiring financial institutions to post a sign
in each office where an account is opened. In the case of an account being
opened via the Internet, it is recommended that a disclosure be provided to
the consumer in an electronic format. The only suggestion relating to
accounts opened via the Internet is that clear guidance is provided as to
where and when such a disclosure must be given.

To ensure consistency amongst all financial institutions, while
communicating and assimilating the general public on the new verification of
identification requirements, Liberty Bank recommends that the regulatory
bodies provide model language for financial institutions to display, as a
number of regulations currently require banks to post public notices on
their premises. Establishing model language prevents the probability that
individual examiners would impose their personal opinion as to a notice's
adequacy, and reinforce to all consumers, wherever they purchase a financial
product, the requirements of identify verification.

In an effort to aid in the constructing of model language, the following is
suggested:
"In order to prevent the use of the U.S. banking system in any illegal
activity, federal regulations require all financial institutions to obtain,
verify, and record identification from all persons opening new accounts or
being added as signatories to existing accounts. This institution cannot
waive these requirements. - U.S. Treasury"

Supplementary Information -- (I) Background (A) Section 326 of the USA
PATRIOT ACT

Within the background of the Supplementary Information in the proposed
rules, it clearly states that all final regulations implementing section 326
must be effective by October 25, 2002. With the proposal issued on July 23,
and the comment period ending September 6, implementing the proposed
requirements as written will provide limited time for compliance. Even if
the review of comments by all regulatory bodies was minimal at best,
complying with the final rules will be that much more difficult, as the
release of the final regulations would be very close to their effective
date.

The conclusion reached in the proposal, that the new requirements have a
minimal effect on institutions, is an inaccurate assumption. The
regulations will substantially increase the amount of identification to be
obtained. Additionally, Liberty Bank needs to effectively determine how to
best comply with the final rules and determine how the information can be
stored, but still be available to all of our offices before we are able to
write procedures, and draft amendments to our existing BSA policy for the
Board to approve at a regularly scheduled meeting. Lastly, Liberty Bank
cannot complete any of those tasks until the final regulations are released.

So to best comply with the final regulations, Liberty Bank is suggesting
that the effective date for compliance with these new rules be nine months
to one year after being released. This should allow enough time to
effectively comply with the final rules.

Liberty Bank is grateful for the opportunity to provide comments on the
proposed Customer Information Programs for Banks, Savings Associations and
Credit Unions. We trust that you will honestly review and consider the
comments, recommendations and suggestions contained within this comment
letter. Should you have any questions relating to this letter, please
contact either of us by telephone or electronically. Robin may be reached
at 860.344.7243 or at rfujio@liberty-bank.com. I may be reached at
860.638.2990 or at mron@liberty-bank.com. Thank you in advance for your
considerations.

Sincerely
Robin Fujio
Ronald J. Manzi
Vice President - BSA/OFAC/AML Officer Compliance
Libery Bank
Middletown, CT

Last Updated 08/28/2002 regs@fdic.gov

Skip Footer back to content