August 12, 2002

Financial institutions will have to establish formal customer identification programs to comply with Section 326 of the USA PATRIOT Act, according to proposed new rules recently released by the U.S. Treasury.

However, the Treasury has stopped short of mandating exact requirements for a customer identification program, or CIP. Instead, each financial institution covered by the USA PATRIOT Act, including federal- and state-regulated banks, savings associations and credit unions, plus securities broker-dealers, mutual funds and futures brokers, will have to take "reasonable procedures" appropriate to their circumstances.

The "reasonable" test shows up in several places in the proposed rule. Firms must establish a CIP with "reasonable procedures" for customer identification, exercising "reasonable efforts" to form a "reasonable belief" that it knows the true identity of its customers, both old and new.

Once verified, a customer can continue to open accounts with the financial institution, as long as the bank continues to have a reasonable belief that it knows the customer's true identity. To do so, banks will have to ask U.S. citizens for their personal information and verify the data using "reasonable and practicable" means within a "reasonable period of time."

U.S. citizens will have to provide name, address, taxpayer ID number and date of birth, which typically suffices for checking one of the available public or private databases. Non-U.S. citizens will have to present one or more of the following: taxpayer ID number, passport, alien ID card, or other government-issued document bearing a photograph or "similar safeguard," i.e., a biometric identifier. Signatories on an account, including corporate accounts, also fall within the proposed rules.

The new regulations also mandate that firms check new customers' identifying information against lists of known and suspected terrorists provided by any Federal government agency. Naturally, a match between a new customer and a name on the list must be reported immediately. But firms must also establish procedures for dealing with circumstances when they cannot ascertain a customer's identity, including guidelines for how to document such occurrences, when to file a suspicious activity report, and when to close a suspect account or keep it open at the behest of law enforcement officials.

ABOUT THE AUTHOR