The following executive summary can help prepare your board for their role in approving your CIP.
Executive Summary
As a result of the USA PATRIOT Act, all financial institutions are required to develop a Customer Identification Program ("CIP") and incorporate the CIP into their Bank Secrecy Act compliance program. Board approval will be sought for our revised BSA compliance program. The purpose of this Executive Summary is to provide a heads-up on the subject.
[The pertinent section of the PATRIOT Act is Section 326. For that reason, you may hear this requirement referred to either as the CIP or Section 326 requirements.]
Goal of CIP:
The purpose of a CIP is to aid financial institutions in ascertaining the true identity of those with whom they do business. Doing so helps reduce fraud losses, combat identity theft, and aid the government in the fight against terrorism and money laundering.
How the goal is achieved:
Under a CIP, an institution must establish procedures for obtaining, verifying, and maintaining records of identifying information on "customers" opening "new accounts". The terms "customer" and "new account" have special definitions, as discussed below.
Standards for a CIP:
The identity verification procedures are supposed to be appropriate to our bank's size, location and type of business, and should be designed to allow us to form a reasonable belief as to the true identity of the customer. The Section 326 rules contain certain minimum specifications. We are free to have more stringent verification standards than the rules require.
Under the minimum specs, we must obtain from new customers:
the customer's legal name;
date of birth (on individuals);
an address;
an identification number. (On a U.S. Person, this must be a T.I.N.; on a non-U.S. person, it can be a T.I.N., E.I.N., or I.T.I.N., or a passport number, alien I.D. card number, or other number from a government-issued document that meets certain standards.)
Factors to consider:
The CIP must contain procedures that specify the identifying information the bank must obtain from each customer prior to opening an account and it should specify how we will go about verifying that information within a reasonable time after the account is opened. Our CIP should allow us to verify identity of each customer to the extent reasonable and practicable, based upon our assessment of certain risks. Risk factors to be considered include:
types of accounts;
methods of opening accounts;
types of identifying information;
our bank's size, location, type of business, type of customer base.
Who is affected:
All financial institutions are bound by this requirement. The customer identity verification requirements are aimed at "new" customers, and generally only apply to those with whom we are establishing an ongoing relationship, and not to those persons who are merely purchasing cashier's checks, cashing checks, or otherwise occasionally using our services.
The term "account" includes safe depositor renters, CD purchasers, holders of deposit accounts of all types, borrowers, credit card customers, trust customers, those who use the bank's investment services, and those who utilize our cash management services.
We will not need to take further action as to "existing" customers, so long as we have a reasonable belief that we know the true identity of those customers.
Obtaining and Verifying Information:
The rule requires, at a minimum, that we obtain a name, address, date of birth (for individuals) and an identifying number for each new customer prior to opening an account (with slight differences for credit card accounts). In addition, we must take steps to verify the information within a reasonable time after the account has been opened.
Verification of identity information can be accomplished through documentary means (such as looking at a driver's license or other unexpired, government-issued picture ID), or through non-documentary means (such as authenticating the data through a credit report, sending a letter or making a call to the customer, checking other financial institution references). Our CIP will need to describe what type of information we will obtain and what types of verification we will use for various types of customers, various types of accounts, and various methods of opening accounts.
In terms of the level of detail necessary for a Customer Identification Program, it must have enough detail to allow the board to determine that (1) it contains the minimum requirements of CIP rule; and (2) the identity verification procedures are designed to enable the bank to form a reasonable belief that it knows the true identity of the customer.
The original version appeared in the April 2003 edition of the Oklahoma Bankers Association Compliance Informer.
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
