To comply with the USA PATRIOT Act, banks across the country will soon be required to develop and implement customer identification programs in an effort to thwart terrorists and money launderers.
By October 1 banks and other financial institutions must meet the customer ID requirements set by the Act. However, the requirements for these institutions are flexible, allowing each institution to develop a customer identification program tailored to its particular customer base.
"We give the banks a lot of flexibility for designing programs that work for their banks," said Daniel P. Stipano, deputy chief counsel with the Office of the Comptroller of the Currency in Washington, D.C.
Three Steps to Compliance
The customer identification requirements involve three key activities: identity verification, record keeping, and consulting and cross-checking lists of terrorists issued by the federal government.
Identity verification requires banks to obtain, for each customer, a name, address, date of birth, and ID number-such as a tax ID number, Social Security number or passport number. Banks must then verify this information, either through documents (if the customer meets with the bank face-to-face) or through such means as checking a credit report or a public database.
The second step, record keeping, requires banks to keep several types of records for new accounts, including identifying information; a description of any documents used for identity verification; and a record of any non-documentary verification. The retention period for these records varies according to the kind of accounts and records involved.
The third requirement is checking government lists for suspected terrorists. The regulation also requires banks to follow any directives that the government issues with these lists.
For the most part, according to the OCC's Stipano, banks already practice many of these steps and the regulation simply ensures that institutions are as thorough as possible in their security and identity verification procedures. "I think that to a large extent this memorializes what banks already do, and that by memorializing and giving legal affect to bank practices in this area ... we'll have a more level playing field," said Stipano. "We've established a baseline for all institutions, and they all operate on the same baseline. It makes it more difficult to use banks for illicit purposes."
The requirements under this regulation are flexible for a reason, according to Stipano, as they allow for new technologies and the prevention of new threats, without having to rewrite the regulation. Under the regulation, banks have the freedom to design customer identification programs that meet their needs and take into account any new threats or new technologies.
"We wrote this regulation in such a flexible way that it won't need to be revised," stated Stipano. "But it's important that banks keep their customer identification programs up-to-date."