I'm doing an audit and ran across this. On new customer loans we're not getting a primary and secondary identification as defined in our CIP policy. Primary being a copy of their DL and secondary a copy of their SS card.

Does anyone else require a copy of DL on their new customer loans? I've read the FAQ: Final CIP Rule that it says "a bank should be mindful that it must not improperly use any document containing a picture of an individual, such as a driver's license, in connection with any aspect of a credit transaction." So, I'm not sure if that means we should or should not be getting a photo ID. It is not part of their loan paperwork, it's scanned to their CIF anyway.

Thoughts?

yes, we require photo ID for new borrowers the same as we do for new depositors. We also scan to CIF.

The FAQ only prohibits improper use of photo id (such as discriminating based on race). Using it to verify identity to satisfy CIP requirements is proper.

If the new loan customer does not have a deposit account (which we STRONGLY suggest) the closer is required to check the government issued photo ID and document on the application. We use the credit bureau report as the 2nd form of identification for loan customers only.
However, most loan customers are existing deposit customers and photo ID is imaged into our CIF files.

Footnote 49 in the Exam manual both refers to the Q & A and mirrors its content:

A bank may keep photocopies of identifying documents that it uses to verify a customer’s identity; however, the CIP regulation does not require it. A bank’s verification procedures should be risk-based and, in certain situations, keeping copies of identifying documents may be warranted. In addition, a bank may have procedures to keep copies of the documents for other purposes, for example, to facilitate investigating potential fraud. However, if a bank does choose to retain photocopies of identifying documents, it should ensure that these photocopies are physically secured to adequately protect against possible identity theft. (These documents should be retained in accordance with the general recordkeeping requirements in 31 CFR 103.38.) Nonetheless, a bank should be mindful that it must not improperly use any documents containing a picture of an individual, such as a driver’s license, in connection with any aspect of a credit transaction.

Any criticism offered in an audit should properly reflect these concerns; i.e. the simple fact that ID is being copied is not an adequate basis for criticism.