We are opening an increasing number of CDs and MMDAs via the internet. Our procedure for verifying the identity of individuals and businesses opening accounts is adequate, however, we're seeing more requests from businesses, some of which several States away. We perceive this as an increase in our level of risk, therefore, we're going to enhance our CIP with respect to business accounts to include obtaining a credit report on the principal(s) of the business. At application, we would require the principal provide written authorization to request a report. A review of the FTC Staff Opinion Letters indicates that, provided the principal gives written consent, this practice would be ok. It seems too easy; are we missing something?

In addition to the viewing the principal's credit history, the main objective of obtaining a report is to determine if the principal is or has been the victim of identity theft or subject to any other red flag issues.

That will work as long as it complies with your CRA contract.