Treasury and the federal financial regulatory agencies have issued final rules establishing minimum standards for identifying and verifying the identity of new bank customers. The final rule for banks includes many changes advocated by ICBA to reduce burden but still meet the congressional mandate under section 326 of the USA PATRIOT Act.
The new rules require banks and other financial institutions to develop written customer identification procedures. The procedures must enable the bank to form a reasonable belief it knows the true identity of the customer. Each bank's program should be risk-based, and appropriate relative to the bank's size, location and activities — a parameter ICBA successfully persuaded Congress to include in the statute and which ICBA has emphasized as an important element for all USA PATRIOT Act regulations.
Generally, new accountholders will have to provide their name, address, taxpayer identification number and, for individuals, date of birth. The final rule allows banks to open accounts for customers that have applied for, but not yet received, a taxpayer identification number, as recommended by the ICBA. For existing customers that open new accounts, the rules do not require additional identification as long as the bank has a reasonable basis to identify the customer.
Banks do not have to verify the identity of customers that are financial institutions or governmental entities. More significantly, for other customers banks will not have to verify the identity of every signatory to an account, a change strongly urged by ICBA. Rather, the identification procedures will apply to the individual opening the account. For example, if a parent opens a UGMA account for a minor, the parent will be considered the customer and appropriate identification procedures must be carried out for the parent.
The bank's customer identification program must describe the steps the bank will take to verify the information provided by the customer. Verification can be both documentary and non-documentary, such as through review of a credit report. The ICBA persuaded the regulators not to require banks to keep photocopies of documents used to verify identity, which would be unduly burdensome, although banks may do so at their option. The bank's records must, however, include a detailed description of the document(s) used to verify identity, such as type, ID number, date and place of issuance, expiration date, etc. Records of customer identification information must be retained for five years after an account is closed, but at ICBA's urging, records of how a customer's identity was verified need only be retained for five years from the time of verification.
A new provision in the final rule allows banks to rely on identification information and verification provided by another financial institution. The customer identification program must specify what transactions the customer may engage in while verification is pending and what steps to take if identity cannot be verified (such as closing the account). The bank's board must approve the program, but board approval can be part of the board's annual review of the bank's overall anti-money laundering program.
Similar rules were issued for mutual funds, broker-dealers and futures merchants. Compliance with the new rule is mandatory by October 1, 2003.