Home
home
 
 
CBA Publications
Latest Banking News
California Banker
Federal PAC Fundraising Guide
Community Banker
Compensation Survey
Corp Governance Bulletins
Grassroots Update
Legislative Summary
Monday Courier
Regulatory Compliance Bulletins
BOLI Resources
   
 

CBA Publications >> CBA Regulatory Compliance Bulletin >> Vol 2003 No.05
May 6, 2003

Vol 2003 No. 05 May 6, 2003

Summary of Section 326 Rules

The long-awaited customer identification program (CIP) regulations were issued on April 30, in a form that responds to concerns expressed by the banking industry, including CBA. The USA PATRIOT Act-based regulation is intended to help prevent international money laundering and the financing of terrorism.

Section 326 of the Act requires financial institutions to: (1) implement procedures to verify the identity of persons seeking to open an account; (2) maintain identification records, including name, address, and other information; and (3) determine whether the person appears on any lists of known or suspected terrorists or terrorist organizations. The CIP is to be a part of the bank's Bank Secrecy Act (BSA) compliance program.

Definitions

Account. The definition of account focuses on ongoing relationships with a customer, similar to how "customer" is defined under the federal privacy regulation. An account includes deposit accounts, extensions of credit, safety deposit box services, cash management, custodian, and trust services. "One-off" services, such as check-cashing, wire transfers, and money order purchases are not accounts. But note that other identity verification provisions of the BSA apply to most of those transactions.

An account does not include business relationships involving the bank's own operations or premises even if they are ongoing. Also excluded are accounts that a bank acquires through an acquisition, merger, purchase of assets, or assumption of liabilities from a third party. The agencies note, however, that this exception does not affect any existing BSA regulations that may dictate appropriate due diligence procedures in connection with acquired accounts. Banks will be expected to implement reasonable procedures to detect money laundering in any account, however acquired.

Also excluded are accounts opened for the purpose of participating in ERISA employee benefit plans, under the rationale that these accounts are funded pursuant to employment plans that must comply with federal regulations that already impose various requirements regarding the funding and withdrawal of funds.

Bank. Bank refers to the definition in 31 CFR 103.11, which generally is an agent, agency, branch or office of specified financial institutions within the United States.

Customer. Customer refers to a person who opens a new account, which includes all joint accountholders. A customer does not include other signatories such as officers in a corporate account. However, as noted below, a bank may be required to take additional steps to verify the identity of a customer that is not an individual by seeking information about individuals with authority or control over the account, including signatories. (See, Additional verification for certain customers, below).

Unlike the proposal, a customer does not include someone who seeks information about an account but does not apply, or who applies for a loan that is denied.

Where an account is opened for a minor, the customer is the one who opens the account on the minor's behalf. If the account is opened for an informal group with a common interest, such as a club account, the customer is the individual who opens the account.

As to a trust account, the bank must verify the identity of the named accountholder, but not the beneficiaries. Similarly, the bank would verify the identity of the named accountholder of brokered deposits, and not the individual sub-account holders. However, a bank may be obligated, based on its risk assessment procedures, to seek information about individuals with ownership or control over such accounts.

A customer does not include another bank, governmental entities and instrumentalities, and most listed companies, but only to the extent of domestic operations.

Generally, a bank has no obligation to verify the identity of existing bank customers. An existing customer who applies for a new account is not a covered customer if the bank has a reasonable belief that it knows the true identity of the person. The proposed rule would have required a bank to treat the existing customer as someone applying for a new account unless the bank had previously verified the customer's identity in accordance with the CIP rules, and continues to have a reasonable belief that it knows the customer' true identity.

Note that, since a foreign branch of a U.S. bank is not a bank under this rule, a customer of a bank's foreign branch is not a person who has an existing account with the bank, and thus is subject to the full CIP verification procedures when opening a new account in the U.S.

Financial institution. The definition of financial institution refers to 31 U.S.C. 5312(a)(2) and (c)(1) of the BSA, which is more expansive than 31 CFR 103.11, and includes entities such as futures commission merchants and introducing brokers.

U.S. Person and non-U.S. person. The rule requires different forms of identification from a "U.S. person" and one who is not. A U.S. person is an individual who is a U.S. citizen, or an entity established under the laws of a state or the U.S. A "non-U.S. person" is a person who does not satisfy either of these criteria. In practice, however, banks would not have to verify the citizenship status of prospective customers. A tax identification number is an acceptable form of identification whether the person is a U.S. person or not (see below).

Elements of a CIP

The rule permits flexibility for implementing a CIP program appropriate for a bank's size and business focus, but it must include certain minimum elements. The final rule does not require the bank's board of directors to approve the CIP because a bank's BSA compliance program must already be approved by the board (except that, until credit unions, private banks, and trust companies without a federal functional regulator are subject to an anti-money laundering laws, their CIPs must be approved by their boards of directors).

However, in the preamble to the rule, the agencies state that they regard the creation of a CIP to be a material change to the bank's BSA compliance program that will require board approval. Thus, a bank's board must be responsible for approving a CIP described in sufficient detail for the board to determine that (1) the CIP contains the minimum requirements; and (2) the identity verification procedures are designed to enable the bank to form a reasonable belief that it knows the true identity of the customer.

Identity verification procedures. The CIP must include risk-based procedures for customer verification. Different procedures may be applied depending on relevant risks, including those presented by the types of accounts maintained by the bank, the various methods of opening accounts, the types of identifying information available, the bank's size, location, and type of business or customer base. A bank is not free to create different procedures based on the fact that certain customers are known to bank personnel, because of the risk of manipulation. Note that other elements of the CIP, such as the recordkeeping procedures, may not vary depending on risk factors.

The CIP must contain procedures for opening an account that specify the identifying information that will be obtained from each customer. At minimum, each of the following must be obtained from the customer prior to opening an account:

  • name;

  • date of birth (for an individual);

  • address

  • identification number (taxpayer identification number), or (if not a U.S. person) passport number and country of issuance, alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard. With respect to a foreign business that does not have an identification number, the bank must request alternative government-issued documentation certifying the existence of the business. There will be no further guidelines endorsing or prohibiting acceptance of particular types of documentation issued by foreign governments.

As to individuals, the bank is required to obtain a physical address, not a mailing address, in order to make the information more helpful for law enforcement agencies. As to military personnel who may not be able to provide a physical address, a bank may obtain an Army Post Office or Fleet Post Office box number, or the residential or business street address of next of kin or of another contact individual.

The CIP may include procedures for opening an account for a customer who is in the process of applying for a TIN. The procedures would include confirmation that the application had been filed before the customer opens the account, and a requirement that the bank obtain the TIN from the customer within a reasonable period of time after the account has been opened.

Because credit card accounts are often opened without face to face contact, a credit card issuer may obtain identifying information from an applicant for a credit card account from a third-party source, such as a credit reporting agency, prior to extending credit to a customer.

Customer verification. The CIP must set forth procedures to verify customer identification within a reasonable time after the account is opened, and prescribe what documentation is required, and when non-documentary methods, or a combination of both methods, will be used. This requirement is intended to prompt each bank to conduct its own risk-based analysis of the types of documents it believes will enable it to know the true identity of its customers.

Documentary evidence. Acceptable documents included in the rule include, for individuals, a driver's license, passport, or other government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard. Acceptable documents for non-individuals (i.e., corporation, partnership, or trust) include certified articles of incorporation, business license, partnership agreement, or trust instrument. A bank may use other documents as long as they allow the bank to verify a customer's identity.

The rule does not dictate how many forms of identification are required. But in the preamble to the rule, the agencies encourage banks to obtain more than one type of documentary verification, and to use a variety of methods to verify the identity of a customer, especially when the bank does not have the ability to examine original documents. A bank has no obligation to determine that documents presented are properly issued, except that the bank must take into consideration any document that shows obvious indications of fraud.

A bank is not required to include procedures to open an account without documentation. Thus, if a bank establishes as a policy to open an account only with identifying documents, then its procedures should so state.

Nondocumentary evidence. The CIP must describe procedures for use of nondocumentary methods to verify identity, including contacting a customer, comparing customer-provided information with information obtained from another source (such as a consumer reporting agency or public database), checking references with other financial institutions, and obtaining a financial statement. These procedures must address situations where an individual is unable to present an acceptable form of identification or presents unfamiliar documents, where the account is opened without identifying documents, the customer does not appear in person, and other situations where there is heightened risk that the true identity of a customer is not verified through documents.

Additional verification for certain non-individual customers. The CIP must address the situation where an individual opens an account on behalf of an entity, and the standard documentary and non-documentary methods are insufficient to the establish identity of the entity. In such instances, the bank may have to obtain information about individuals with authority or control over the account, including signatories or, in the alternative, elect not to open the account, in which instance it need not take such additional measures.

Lack of verification. The CIP must include procedures addressing the situation when the bank cannot verify a customer's identification. These procedures should describe: (1) when the bank should not open an account; (2) the terms under which a customer may use an account while the bank attempts to verify the customer's identity; (3) when the bank should close an account, after attempts to verify a customer's identity have failed; and (4) when the bank should file a Suspicious Activity Report. The rule does not dictate any circumstances in which a bank must not open an account (other than under OFAC, etc.), and leaves that decision with the bank.

Commenters have expressed concerns that verification requires may prompt banks to refuse to open some accounts, giving rise to claims of discrimination. Despite requests to do so, the agencies decided they have no authority to create a safe harbor to shield banks from regulatory or customer liability for electing not to open an account or to close an account.

Recordkeeping. The CIP must include procedures for making and maintaining a record of all information obtained in verifying a customer's identity. In response to strong industry concerns, the rule does not require banks to keep copies of identifying documents. The following are required to be maintained:

  • (for 5 years) all identifying information (not the documents themselves) about a customer that is required to be obtained, namely, the name, DOB, address, TIN, etc. The 5-year period begins after the date the account is closed or, in the case of credit card accounts, five years after the account is closed or becomes dormant.

  • (for 5 years after the record is made) a description of any document that was relied on under the documentary verification procedures, noting the type of document, identification number (if any) it contains, place of issuance, and, if available, date of issuance expiration date.

  • (for 5 years after the record is made) a description of the methods and the results of the non-documentary verification procedures, and the additional verification procedures applicable to entities.

  • (for 5 years after the record is made) a description of the resolution of any substantive discrepancy discovered when verifying the identifying information obtained.

The agencies note in the preamble that, consistent with the Electronic Signatures in Global and National Commerce Act (E-SIGN Act), a bank may use electronic records to satisfy the requirements of this rule, as long as the requirements of the E-SIGN Act are also met.

Comparison with government lists. The CIP must include procedures for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations issued by any federal government agency and designated as such by Treasury. In response to industry concerns about the difficulty of obtaining all possible lists, the agencies will issue separate guidance regarding the lists that must be consulted. Commenters have asked for a single publication to be provided to banks in electronic format encompassing all relevant lists, or that such consolidated list be made available through a single website.

The CIP must require that banks make the determination within a reasonable period of time after the account is opened, or earlier if required by other federal law or regulation or pursuant to a federal directive issued in connection with the applicable list. The procedures must also require the bank to follow all federal directives issued in connection with such lists.

Customer notice. The CIP must include procedures for providing customers with notice that the bank is requesting information to verify their identities. The notice must generally describe the identification requirements, and be provided in a way that a customer can view or receive it before opening an account. Thus, depending on how the account is opened, a notice may be posted in the lobby or on a website, included on an application, or provided another way, including in oral form.

The following sample notice is provided:

IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT

To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver's license or other identifying documents.

Reliance on another financial institution. The CIP may include procedures specifying when a bank will rely on another financial institution (including an affiliate) to perform any procedures of the bank's CIP. The requirements are that (1) the other entity is a financial institution; (2) the customer has opened or is opening an account, or has established a similar relationship, with the other institution; (3) the institution is subject to federal anti-money laundering laws, as provided in 31 U.S.C. 5318(h), and is regulated by a federal functional regulator; (4) the institution enters into a contract requiring it to certify annually to the bank that it has implemented its anti-money laundering program, and that it, or its agent, will perform the specified requirements of the bank's CIP; and (5) the reliance is reasonable. As long as these conditions are met, the bank will not be held responsible for the other financial institution's failure to meet the bank's CIP responsibilities.

This provision is intended to accommodate those situations where a customer has multiple relationships with the bank and its affiliates or partners. It is not intended to affect banks' authority to rely on third party service providers and agents to perform services that include some or all elements of the bank's CIP procedures. Thus, for example, a bank is permitted to arrange for a car dealer or mortgage broker, acting as its agent in connection with a loan, to verify the identity of its customers. Similarly, a bank may rely on a third party data processor to maintain customer records. But unlike the reliance provision above, reliance on non-financial institution third parties and agents does not affect a bank's ultimate responsibility to comply with the rule. Unfortunately, this important clarification is not included in the rule itself, but only in the preamble.

Exemptions. The rule does not provide any exemptions from the CIP requirements, but the agencies do have the authority to exempt a bank or type of account.

Compliance date: Each bank must comply with this final rule by October 1, 2003.
For further information, contact:

OCC: Office of the Chief Counsel at (202) 874-3295.
Board: Enforcement and Special Investigations Sections at (202) 452-5235, (202) 728-5829, or (202) 452-2961.
FDIC: Special Activities Section, Division of Supervision and Consumer Protection, and Legal Division at (202) 898-3671.
OTS: Compliance Policy Division at (202) 906-6012.
Treasury: Office of the Chief Counsel (FinCEN) at (703) 905-3590; Office of the General Counsel (Treasury) at (202) 622-1927; or the Office of the Assistant General Counsel for Banking & Finance (Treasury) at (202) 622-0480.

Schuetz v. Banc One Mortg. Corp., 292 F.3d 1004 (9th Cir. 2002), Lane v. Residential Funding Corp., __ F.3d __ (9th Cir. 2003).
See Culpepper v. Irwin Mortg. Corp., 253 F.3d 1324 (11th Cir. 2001)
RESPA Statement of Policy 2001-1: Clarification of Statement of Policy 1999-1 Regarding Lender Payments to Mortgage Brokers, and Guidance Concerning Unearned Fees Under Section 8(b)

The information contained in this CBA Regulatory Compliance Bulletin is not intended to constitute, and should not be received as, legal advice.  Please consult with your counsel for more detailed information applicable to your institution.
   

CBA Regulatory Compliance Committee

Patricia A. Cantu (Chair), Mary Lou Bonkofsky, Janet Bonnefin, Lyndon Christensen, James Curtis, Vira Jo Denny, Michael Hood, Jeri Killian, Lynn Lawrence, Stuart J. Lehr, Garry Prosperi, Thomas E. McCullough, James Rockenbach, Christine Scott, Deborah Thoren-Peden, James Thvedt and Meg Troughton

Leland Chan, General Counsel
California Bankers Association 201 Mission Street Suite 2400 San Francisco California 94105-1839 
Tel (415) 284-6999ext. 214, Fax (415) 284-1521 
E-mail: lchan@calbankers.com

TEXT OF NEW RULE:

31 CFR Part 103
Administrative practice and procedure, Authority delegations (Government agencies), Banks, banking, Brokers, Currency, Foreign banking, Foreign currencies, Gambling, Investigations, Law enforcement, Penalties, Reporting and recordkeeping requirements, Securities.

Department of the Treasury

31 CFR Chapter I

Authority and Issuance
For the reasons set forth in the preamble, part 103 of title 31 of the Code of Federal Regulations is amended as follows:

PART 103-FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND FOREIGN TRANSACTIONS

1. The authority citation for part 103 is revised to read as follows:
Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 and 5316-5332; title III, secs. 312, 313, 314, 319, 326, 352, Pub L. 107-56, 115 Stat. 307. § 103.11 [Amended]
2. Section 103.11(j) is amended by removing "paragraph (q)" and adding "paragraph (hh)" in its place.
§ 103.34 [Amended}
3. Section 103.34 is amended as follows:
a. By amending the first sentence of paragraph (a)(1) to add the words "and" before October 1, 2003" after the words "May 31, 1978" and after the words "June 30, 1972";
b. By amending paragraph (b)(11) to add the words "as determined under section 6109 of the Internal Revenue Code of 1986" after the words "taxpayer identification number;" and
c. By amending paragraph (b)(12) to add the words "as determined under section 6109 of the Internal Revenue Code of 1986" after the words "taxpayer identification number."
2. Subpart I of part 103 is amended by adding new §103.121 to read as follows:
§ 103.121 Customer Identification Programs for banks, savings associations, credit unions, and certain non-Federally regulated banks.
(a) Definitions. For purposes of this section:
(1)(i) Account means a formal banking relationship established to provide or engage in services, dealings, or other financial transactions including a deposit account, a transaction or asset account, a credit account, or other extension of credit. Account also includes a relationship established to provide a safety deposit box or other safekeeping services, or cash management, custodian, and trust services.
(ii) Account does not include:
(A) A product or service where a formal banking relationship is not established with a person, such as check-cashing, wire transfer, or sale of a check or money order;
(B) An account that the bank acquires through an acquisition, merger, purchase of assets, or assumption of liabilities; or
(C) An account opened for the purpose of participating in an employee benefit plan established under the Employee Retirement Income Security Act of 1974.
(2) Bank means:
(i) A bank, as that term is defined in § 103.11(c), that is subject to regulation by a Federal functional regulator; and
(ii) A credit union, private bank, and trust company, as set forth in § 103.11(c), that does not have a Federal functional regulator.
(3) (i) Customer means:
(A) A person that opens a new account; and
(B) An individual who opens a new account for:
(1) An individual who lacks legal capacity, such as a minor; or
(2) An entity that is not a legal person, such as a civic club.
(ii) Customer does not include:
(A) A financial institution regulated by a Federal functional regulator or a bank regulated by a state bank regulator;
(B) A person described in § 103.22(d)(2)(ii)-(iv); or
(C) A person that has an existing account with the bank, provided that the bank has a reasonable belief that it knows the true identity of the person.
(4) Federal functional regulator is defined at § 103.120(a)(2).
(5) Financial institution is defined at 31 U.S.C. 5312(a)(2) and (c)(1).
(6) Taxpayer identification number is defined by section 6109 of the Internal Revenue Code of 1986 (26 U.S.C. 6109) and the Internal Revenue Service regulations implementing that section (e.g., social security number or employer identification number).
(7) U.S. person means:
(i) A United States citizen; or
(ii) A person other than an individual (such as a corporation, partnership, or trust), that is established or organized under the laws of a State or the United States.
(8) Non-U.S. person means a person that is not a U.S. person.
(b) Customer Identification Program: minimum requirements.
(1) In general. A bank must implement a written Customer Identification Program (CIP) appropriate for its size and type of business that, at a minimum, includes each of the requirements of paragraphs (b)(1) through (5) of this section. If a bank is required to have an anti-money laundering compliance program under the regulations implementing 31 U.S.C. 5318(h), 12 U.S.C. 1818(s), or 12 U.S.C. 1786(q)(1), then the CIP must be a part of the anti-money laundering compliance program. Until such time as credit unions, private banks, and trust companies without a Federal functional regulator are subject to such a program, their CIPs must be approved by their boards of directors.
(2) Identity verification procedures. The CIP must include risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable. The procedures must enable the bank to form a reasonable belief that it knows the true identity of each customer. These procedures must be based on the bank's assessment of the relevant risks, including those presented by the various types of accounts maintained by the bank, the various methods of opening accounts provided by the bank, the various types of identifying information available, and the bank's size, location, and customer base. At a minimum, these procedures must contain the elements described in this paragraph (b)(2).
(i) Customer information required. (A) In general. The CIP must contain procedures for opening an account that specify the identifying information that will be obtained from each customer. Except as permitted by paragraphs (b)(2)(i)(B) and (C) of this section, the bank must obtain, at a minimum, the following information from the customer prior to opening an account:
(1) Name;
(2) Date of birth, for an individual;
(3) Address, which shall be:
(i) For an individual, a residential or business street address;
(ii) For an individual who does not have a residential or business street address, an Army Post Office (APO) or Fleet Post Office (FPO) box number, or the residential or business street address of next of kin or of another contact individual; or
(iii) For a person other than an individual (such as a corporation, partnership, or trust), a principal place of business, local office, or other physical location; and
(4) Identification number, which shall be:
(i) For a U.S. person, a taxpayer identification number; or
(ii) For a non-U.S. person, one or more of the following: a taxpayer identification number; passport number and country of issuance; alien identification card number; or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard.
Note to paragraph (b)(2)(i)(A)(4)(ii): When opening an account for a foreign business or enterprise that does not have an identification number, the bank must request alternative government- issued documentation certifying the existence of the business or enterprise.
(B) Exception for persons applying for a taxpayer identification number. Instead of obtaining a taxpayer identification number from a customer prior to opening the account, the CIP may include procedures for opening an account for a customer that has applied for, but has not received, a taxpayer identification number. In this case, the CIP must include procedures to confirm that the application was filed before the customer opens the account and to obtain the taxpayer identification number within a reasonable period of time after the account is opened.
(C) Credit card accounts. In connection with a customer who opens a credit card account, a bank may obtain the identifying information about a customer required under paragraph (b)(2)(i)(A) by acquiring it from a third-party source prior to extending credit to the customer.
(ii) Customer verification. The CIP must contain procedures for verifying the identity of the customer, using information obtained in accordance with paragraph (b)(2)(i) of this section, within a reasonable time after the account is opened. The procedures must describe when the bank will use documents, non-documentary methods, or a combination of both methods as described in this paragraph (b)(2)(ii).
(A) Verification through documents. For a bank relying on documents, the CIP must contain procedures that set forth the documents that the bank will use. These documents may include:
(1) For an individual, unexpired government- issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver's license or passport; and
(2) For a person other than an individual (such as a corporation, partnership, or trust), documents showing the existence of the entity, such as certified articles of incorporation, a government- issued business license, a partnership agreement, or trust instrument.
(B) Verification through non-documentary methods. For a bank relying on nondocumentary methods, the CIP must contain procedures that describe the nondocumentary methods the bank will use.
(1) These methods may include contacting a customer; independently verifying the customer's identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source; checking references with other financial institutions; and obtaining a financial statement.
(2) The bank's non-documentary procedures must address situations where an individual is unable to present an unexpired government-issued identification document that bears a photograph or similar safeguard; the bank is not familiar with the documents presented; the account is opened without obtaining documents; the customer opens the account without appearing in person at the bank; and where the bank is otherwise presented with circumstances that increase the risk that the bank will be unable to verify the true identity of a customer through documents.
(C) Additional verification for certain customers. The CIP must address situations where, based on the bank's risk assessment of a new account opened by a customer that is not an individual, the bank will obtain information about individuals with authority or control over such account, including signatories, in order to verify the customer's identity. This verification method applies only when the bank cannot verify the customer's true identity using the verification methods described in paragraphs (b)(2)(ii)(A) and (B) of this section.
(iii) Lack of verification. The CIP must include procedures for responding to circumstances in which the bank cannot form a reasonable belief that it knows the true identity of a customer. These procedures should describe:
(A) When the bank should not open an account;
(B) The terms under which a customer may use an account while the bank attempts to verify the customer's identity;
(C) When the bank should close an account, after attempts to verify a customer's identity have failed; and
(D) When the bank should file a Suspicious Activity Report in accordance with applicable law and regulation.
(3) Recordkeeping. The CIP must include procedures for making and maintaining a record of all information obtained under the procedures implementing paragraph (b) of
this section.
(i) Required records. At a minimum, the record must include:
(A) All identifying information about a customer obtained under paragraph (b)(2)(i) of this section;
(B) A description of any document that was relied on under paragraph (b)(2)(ii)(A) of this section noting the type of document, any identification number contained in the document, the place of issuance and, if any, the date of issuance and expiration date;
(C) A description of the methods and the results of any measures undertaken to verify the identity of the customer under paragraph (b)(2)(ii)(B) or (C) of this section; and
(D) A description of the resolution of any substantive discrepancy discovered when verifying the identifying information obtained.
(ii) Retention of records. The bank must retain the information in paragraph (b)(3)(i)(A) of this section for five years after the date the account is closed or, in the case of credit card accounts, five years after the account is closed or becomes dormant. The bank must retain the information in paragraphs (b)(3)(i)(B), (C), and (D) of this section for five years after the record is made.
(4) Comparison with government lists. The CIP must include procedures for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations issued by any Federal government agency and designated as such by Treasury in

consultation with the Federal functional regulators. The procedures must require the bank to make such a determination within a reasonable period of time after the account is opened, or earlier, if required by another Federal law or regulation or Federal directive issued in connection with the applicable list. The procedures must also require the bank to follow all Federal directives issued in connection with such lists.
(5)(i) Customer notice. The CIP must include procedures for providing bank customers with adequate notice that the bank is requesting information to verify their identities.
(ii) Adequate notice. Notice is adequate if the bank generally describes the identification requirements of this section and provides the notice in a manner reasonably designed to ensure that a customer is able to view the notice, or is otherwise given notice, before opening an account. For example, depending upon the manner in which the account is opened, a bank may post a notice in the lobby or on its website, include the notice on its account applications, or use any other form of written or oral notice.
(iii) Sample notice. If appropriate, a bank may use the following sample language to provide notice to its customers:
IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT
To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver's license or other identifying documents.
(6) Reliance on another financial

institution. The CIP may include procedures specifying when a bank will rely on the performance by another financial institution (including an affiliate) of any procedures of the bank's CIP, with respect to any customer of the bank that is opening, or has opened, an account or has established a similar formal banking or business relationship with the other financial institution to provide or engage in services, dealings, or other financial transactions, provided that:
(i) Such reliance is reasonable under the circumstances;
(ii) The other financial institution is subject to a rule implementing 31 U.S.C. 5318(h) and is regulated by a Federal functional regulator; and
(iii) The other financial institution enters into a contract requiring it to certify annually to the bank that it has implemented its anti-money laundering program, and that it will perform (or its agent will perform) the specified requirements of the bank's CIP.
(c) Exemptions. The appropriate Federal functional regulator, with the concurrence of the Secretary, may, by order or regulation, exempt any bank or type of account from the requirements of this section. The Federal functional regulator and the Secretary shall consider whether the exemption is consistent with the purposes of the Bank Secrecy Act and with safe and sound banking, and may consider other appropriate factors. The Secretary will make these determinations for any bank or type of account that is not subject to the authority of a Federal functional regulator.
(d) Other requirements unaffected. Nothing in this section relieves a bank of its obligation to comply with any other provision in this part, including provisions concerning information that must be obtained, verified, or maintained in connection with any account or transaction.

 

Return to top