Treasury's Financial Crimes Enforcement Network (FinCEN), working with the federal banking agencies, has issued additional guidance, in the form of frequently asked questions, on Customer Identification Programs (CIP) required by the USA PATRIOT Act.
The twenty-nine FAQs are designed to clarify issues as banks implement policies and procedures to identify and verify the identity of new account customers. For example, a customer is the person who opens an account, and does not include a loan applicant who is denied. If someone with a power-of-attorney opens an account on behalf of a competent individual, the principal, not the agent, is the customer. If the principal does not have legal capacity, the customer is the person holding the POA. Customers renewing a loan or CD are not "new" unless there has been a lag between closing an old account and opening a new one. While the rule requires banks to have a physical address for customers, the guidance explains that a rural mailbox number is acceptable.
Since verification is an important part of a CIP, banks have questioned to what extent the information provided by a customer must be verified. The guidance says not every element must be verified, but enough to ensure the bank has sufficient information to "form a reasonable belief it knows the true identify of the customer." The bank must retain information provided at the time the account was opened, so retaining only information provided later that updates a file (e.g., a change of address) will not meet the regulatory requirements.
As for checking new accountholders against terrorist lists, the guidance urges banks to adhere to OFAC requirements and restrictions, since no official terrorist list has yet been established. The regulatory agencies also stress that each bank's CIP must be risk-based, with additional steps taken to verify identify for high-risk accounts or customers and that a CIP is only one element of a bank's anti-money laundering program.