Federal Deposit
Insurance Corporation

September 5, 2002

Attention: Section 326 Bank Rules Comments

We are a medium sized community bank, about $310 Million in assets, with 13 offices in rural Southwestern Utah. I am writing to comment on the proposed rules for the Customer Information Program as proposed for Section 326.

First, I would like to comment on the timeliness, or rather the lack of advanced notice of the proposed regulations. The USA PATRIOT Act indicates these regulations are to be effective October 25, 2002. The law was signed by President Bush on October 26, 2001, but it took the agencies nearly nine months, until July 23, 2002, to issues proposed regulations. The comment period ends on September 6, 2002 and even if the agencies spend very little time reviewing and discussion the comments received, the best case scenario is that final regulations will be issued very close to their effective date. This will give us very little time to implement the regulatory requirements.

The conclusion reached in the proposal, that the new requirements have a minimal effect on small institutions, is obviously not true in our case. The regulations will greatly increase the amount of identification we must obtain. It will be necessary for us to write procedures, determine how the information can be stored, but still be available to all of our offices, and draft amendments to our existing BSA policy for the board to approve at a regularly scheduled meeting. We cannot complete any of those tasks until we see the final regulation. Having advance knowledge of exactly how much time we will have is important to our ability to perform the task well.

On consumer accounts, our current identification requirements consist of requiring a government issued photo ID for the primary signer of the account. We record the information from the ID, but do not retain a copy. We do not always collect all information on ancillary signers. On business or entity accounts, our documentation requirements relative to identification consist of requiring a copy of the articles of incorporation, partnership or sole proprietorship. Again, we require a photo ID for the primary signer of the account, but do not obtain identification from all signors on entity accounts. Our identification requirements on loans are similar. However, if the person is known to the bank employee, even though it is a new customer, the bank does not require identification. Living in a rural community, many of our employees know the people in the community and their families. We believe this gives us a competitive advantage over the larger banks because we can treat them as neighbors, and not just as another customer.

Customer Definition

The proposed rule defines "customer" to mean any person seeking to open a new account. We oppose the coverage for individuals "seeking" to open an account because of the recordkeeping nightmare it will be. We believe the rule should not require recordkeeping requirements for situations where an individual does not actually receive bank services. Rather the term "customer" should be defined as any person who has established a continuing relationship for one or more financial products or services.

Verification Requirement

In section b(2)(ii), the proposed rule states that a bank need not verify the information about an existing customer "…if the bank previously verified the customer's identity in accordance with the procedures consistent with this section…" We are concerned about this provision since in the past we have not used the procedures outlined in the rule to verify the identity of our customers. More clarification is needed on whether a bank would have to verify existing customers through documents or non-documentation verification methods where these methods were not employed in the past. This requirement seems to be too burdensome for the results that would be achieved through verifying existing customer's identities. What if the existing customer could not produce identifying information required by the rule? Would the bank have to be sure not to establish subsequent relationships without verifying the ID of the existing customer? Because of these questions, we recommend that this provision be eliminated from the rule and that the rule state that the bank need not verify the information about an existing customer if the bank continues to have a reasonable belief that it knows the true identity of the customer.

Recordkeeping

The proposed rule indicates that the bank will have to maintain a copy of any document used to verify the identity of a customer. We believe that the recordkeeping requirement will be the most burdensome part of the proposed rule. The main concern we have is the requirement to photo copy ID's such as drivers licenses. Our current procedure is to check the ID and make a note of the information listed on the ID. The rule should not have the requirement to photocopy ID, but should only require that the identification information be noted on the account documents maintained by the bank.

Customer Notice

The proposed rule states that the bank must provide customers with adequate notice that the bank is requesting information to verify their identity. The supplementary information suggests this may be accomplished by posting a sign in the bank's lobby or by providing any other form of written or oral notice. Oral disclosure would probably be the worst choice as it would be impossible to verify compliance, the wording of the disclosure would vary greatly between employees and it is the method most likely to generate a series of follow-up questions by the customer. A number of regulations require banks to post public notices on their premises. Generally, those requirements are very specific and compliance can be evaluated objectively. Thus, we would oppose any requirement to provide the disclosure orally, but would not object to posting a notice if sample language is provided by the agency.

Additional Burden

The estimated average annual burden for the recordkeeping requirements of the proposed rule is grossly understated. The supplementary information estimates this to be 10 hours. Just to give an indication of the increase burden on our bank, looking at our customer information file for the past 12 month, we established about 5,400 new customers. The additional burden required just to photocopy the ID will take at a minimum 1 minute per customer which translates to 90 additional hours. This is just for new customers. If we have to verify information for existing customers because we did not verify their ID properly when initially set up as commented above, we estimate the additional burden to be at least 5 times the amount for the first year.