Q: What sort of identification procedures are required
in complying with Section 326 of the USA PATRIOT Act?
A: The Department of the Treasury and the federal regulatory agencies
have adopted final rules to apply Section 326 of the Patriot Act.
The Rule was effective June 9, 2003, and every bank must be in compliance
by October 1, 2003. We cannot fully discuss the requirements in
this space, but in a nutshell, Section 326 requires financial institutions
- which includes commercial and community banks, savings associations,
credit unions, private banks, and trust companies – to establish
minimum procedures for identity verification when new customers
and others open accounts.
Generally, an "account" is defined as a formal arrangement
established to provide ongoing services, which would include traditional
types of accounts such as a checking, share drafts, CDs, and loans
or other extensions of credit. The law does not apply to products
and services where a formal banking relationship is not established
with a person, such as check cashing, purchase of a money order,
travelers check or a wire transfer. The final rule defines a “customer”
as a “person that opens a new account.” For example,
in the case of a trust account, the “customer” would
be the trust. For purposes of the rule, a bank will not be required
to look through trust, escrow, or similar accounts to verify the
identities of beneficiaries, but will only be required to verify
the identity of the named account holder. The final rule excludes
from the definition of “customer” a person that has
an existing account with the bank, provided that the bank has a
reasonable belief that it knows the true identity of the person.
The final rule requires that each financial institution must develop
a Customer Identification Program (CIP), with four minimum requirements:
Identity verification procedures, verification record-keeping, comparison
with government lists, and notice to customers. You asked about
identity verification.
A. Identity Verification Procedures: (1) The customer
must provide certain identifying information: Name; Date
of Birth; Residential or business street address (an
Army or Fleet Post Office box number or residential address of next
of kin or other contact may be substituted); Identification Number.
For non-individuals (entities like corporations), a CIP must require
the following minimum identifying information: Name; Principal
place of business; local office, or other physical location;
Identification Number.
|
|
The appropriate
“Identification Number” is determined by an institution’s
CIP and will depend upon whether the customer is from the United States.
For U.S. customers (both individuals and entities) a CIP should require
a Taxpayer ID Number, such as a Social Security Number, Individual
Taxpayer ID Number, or Employer Identification Number.
(2) The financial institution must verify the accuracy of the information
provided. As with all aspects of a CIP, identity verification procedures
should be risk-based. What procedures are adequate will vary depending
upon the account types offered, whether the account is opened face-to-face
or electronically, and the type of identifying information available.
Basically, the financial institution must be able to form a “reasonable
belief” that it knows the true identity of the customer.
B. Customer Verification: Next, a CIP should chart
customer verification procedures. In other words, once a financial
institution obtains the customer’s identifying information,
it must verify the information received. Procedures should be risk-based
and implemented within a reasonable time after the account is opened.
A CIP should specify what type of documents and what type of non-documentary
methods the financial institution will use. To verify the identity
of an individual, a CIP may look to unexpired government-issued identification
evidencing nationality or residence and bearing a photograph or similar
safeguard. The Joint Final Rule specifically includes driver’s
licenses and passports as documents that would meet this definition.
While the new rule does not require financial institutions to determine
whether a document has been validly issued, the apparent authenticity
of a document will affect whether the bank can form a “reasonable
belief” that it knows the customer’s true identity. If
a document show obvious indications of fraud, financial institutions
should remember their usual obligations to report suspected identity
theft and other suspicious activity under other Bank Secrecy Act provisions.
For identification of non-individuals, a CIP may look to documents
evidencing the existence of the entity, such as registered articles
of incorporation, a government-issued business license, partnership
agreement or trust instrument. Again, the point is that the financial
institution must be able to form a reasonable belief that it
|