Risk Assessment Challenge: How Much Risk is "Reasonable and Practicable?"
The financial industry has been instructed to determine the true identity of its customers, as far as is reasonable and practicable. This last phrase has already raised the ire of some congressional members in Washington, who have asked for a 6 month deferral of the PATRIOT Act's Section 326 effective date of October 1, 2003 in order to fully investigate the use of consular-identification cards. House Judiciary Committee chairman Jim Sensenbrenner (R-WI) has questioned the effectiveness of the new customer identification (CIP) rule. He claims it makes it easier for customers to open accounts without proper identification.
The objection evidently is being raised in part because of the ability of the banks and credit unions to incorporate risk factors into their CIP. If U.S. government issued photo identification is not available, the financial institution may write into its CIP what identification documents are acceptable by merit of being reasonable and practicable. By assessing and defining acceptable risk factors, the financial institution may then open the account.
No Government ID Available
In many cases, such as the elderly or those belonging to Amish or Mennonite communities, U.S. government issued ID is not available. In other cases, photo identity cards are available, but they may be those issued by consulates in the United States by Mexico and many European consulates. According to Sensenbrenner there are "?reports by federal law enforcement officers that certain nations' consular identification processes are susceptible to fraud and abuse." He went on to state that false identification cards would make comparison of customers against lists of terrorists "worthless." He has threatened that if the regulation is allowed to take effect "without substantial revision," that it was likely the House Judiciary Committee "will direct its attention to immediate legislation."
In the meantime, financial institutions in the United States have been given their marching orders. Simply stated, four risk factors must be taken into consideration: types of accounts, methods of opening, types of identifying information and the characteristics of the financial institution. (Characteristics are defined as size, location, type of business and type of customers.)
There are levels of risk factors that will have to be considered. Obviously those financial institutions which serve non-U.S. persons will have more risk. Accounts opened in other than a face-to-face setting will also carry more risk than those opened in person. There will be less identifying information available for a sole proprietorship than for a corporation. If the financial institution uses mortgage brokers, or car dealers who originate loans for it, they will be expected to follow the CIP as the bank's or credit union's agent, but the financial institution still has the final responsibility for their observance of the regulation requirements. Those who design and implement the CIP must be fully aware that verifying borrower identity has been elevated from a "policy" to "legal requirement."
Risk assessment will play a major role in the CIP, requiring much research and many decisions before including reasonable and practicable solutions in the changes and additions to the Bank Secrecy Act policy that must be approved by the Board of Directors.
Copyright © 2003 Bankers' Hotline. Originally appeared in Bankers' Hotline, Vol. 13, No. 4, 6/24
First published on 06/24/2003