Whose identity must you verify?

by Mary Beth Guard, BOL Guru

The CIP rules require institutions to have procedures to verify the identity of "customers" opening "accounts". To help you see at a glance what types of relationships fall within the scope of those definitions, use the chart below:

"Customer" opening "account" for purposes of the requirement to verify identity under CIP.

You ARE required to verify identity of: NOT a "customer" opening an "account" for purposes of the requirement to verify identity under CIP.

You are NOT required to verify identity of: A person (and that term includes entities, as well as individuals) who, for their own behalf:

• Opens a deposit account;
• Opens a transaction or asset account;
• Obtains a loan;
• Establishes a line of credit;
• Becomes a credit cardholder;
• Enters into a safekeeping arrangement;
• Rents a safe deposit box;
• Establishes a trust account;
• Utilizes cash management services;
• Utilizes investment services.

Special Notes:

In the case of a trust account, the "customer" is the trust itself.

In the case of brokered deposits, the "customer" is the broker.

If an account is opened for an individual who lacks legal capacity or for an entity that is not a legal person, the customer will be considered to be the individual who opens the account on behalf of the individual who lacks capacity or the entity that is not a formal legal entity.

• A financial institution regulated by a Federal functional regulator or a bank regulated by a state bank regulator;
• Government agencies and instrumentalities;
• A publicly traded company (as described in Section 103.22(d)(2)(ii)-(iv) of the BSA regulations);
• Someone who already has an existing account with the bank, so long as your bank has a reasonable belief that it knows the true identity of the person;
• Someone who cashes checks;
• Someone who makes wire transfers;
• Someone who purchases money orders or other monetary instruments;
• Someone who becomes the bank's customer when the bank acquires the account through merger, acquisition, purchase of assets, or assumption of liabilities;
• An account opened for the purpose of participating in an employee benefit plan established under ERISA;
• A mere signatory on an account (although there may be instances under a bank's CIP where the identity of a signatory may be verified in order to aid the bank in verifying the identity of the legal entity for whom the signatory signs).

Certain steps must be taken before an account is opened. Others must be taken within a reasonable time after the account is opened. This chart helps you keep the timing requirements straight.

Timing Requirements Prior to an account being opened, the bank must: Within a reasonable time after an account is opened, the bank must: For a customer who is an individual who is a U.S. person, obtain:

1. The individual's name - a legal name that can be verified;
2. The individual's date of birth;
3. The individual's address. (Typically, it should be a residential or business street address - to give law enforcement agencies the ability to contact the customer at a physical location.) If the person does not have a physical address or cannot readily provide one, acceptable alternatives include:
   An APO or FPO box number, if in the military; or
   The residential or business street address of next of kin; or
   The residential or business street address of another contact individual;
   
4. The individual's social security number. (There is an exception for credit card accounts. With such accounts, the bank may acquire the social security number from a trusted third party source before extending credit to the customer, rather than directly from the customer.)

For a customer who is an individual who is a NOT a U.S. person obtain:

1. The individual's name - a legal name that can be verified;
2. The individual's date of birth;
3. The individual's address;
4. An identifying number for the individual which, for a non-U.S. person could be:
   a social security number; or an I.T.I.N.; or
   a passport number and country of issuance;
   or an alien identification number; or the number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard. (There is an exception for credit card accounts. With such accounts, the bank may acquire the social security number from a trusted third party source before extending credit to the customer, rather than directly from the customer.)
   
   For a customer who is NOT an individual:
   
   1. The entity's name - a legal name that can be verified, including, perhaps, the name under which it does business;
   2. The entity's address. This should be the entity's principal place of business, local office, or other physical location;
   3. An identifying number for the individual which, for an entity which is a U.S. person would be a TIN; for an entity which is a non-U.S. person, if it does not have an identification number, you must request alternative government-issued documentation certifying the existence of the business or enterprise.
      
      Exception: Your procedures may allow you to open an account that has is awaiting a TIN if three conditions are met:
      a. They must have applied for, but not yet received, the TIN.
      b. You must confirm the application was filed before you open the account.
      c. You must obtain the TIN within a reasonable period of time after the account is opened.[You may wish to examine a coy of the application, but do not necessarily have to keep a copy.]
      Determine whether the customer appears on any list of known or suspected terrorists or terrorist organizations. [Note, this must be done earlier, if required by another Federal law or regulation or Federal directive issued in connection with the list.]
      
      Follow procedures to verify the identity of the customer.
      
      The verification of identity may be done in either of two different ways or via a combination of the two:
      
      1. verification through documents;
      2. verification through non-documentary methods.Verification through documents for an individual can include, for example, use of:
         
      3. unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver's license or passport.

      Verification through documents for an individual can include, for example, use of:
      

      • unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver's license or passport.

      Verification through documents for a person other than an individual (such as a corporation,, partnership, or trust) can include, for example, use of:
      

      • certified articles of incorporation, a government-issued business license, a partnership agreement, or trust instrument.

      Examples of methods of non-documentary verification:
      

      • contacting a customer;
      • independently verifying the customer's identity through comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source;
      • checking references with other financial institutions;
      • obtaining a financial statement.

      If an account is being opened by an entity and the bank cannot verify the customer's true identity using the normal documentary or nondocumentary methods, the bank may need to obtain information about individuals with authority or control over the account, including signatories, in order to verify the entity's identity.
      
      Dealing with "what if's":
      If, within a reasonable time after an account has already been opened, the bank determines that one or more of the following conditions exist, the bank must follow its CIP in determining whether to close the account or limit transactions:
      

      • the customer is unable to present an unexpired government issued identification document that has a picture or similar safeguard;
      • the customer presents identity documents that the bank is not familiar with;
      • the documents to verify identity are not obtained;
      • the identity documents bear obvious indications of fraud;
      • the bank is otherwise presented with circumstances that increase the risk the bank will be unable to verify the true identity of a customer through documents.

      Make a record that describes what you relied upon to verify the identity information.
      
      The original version appeared in the April 2003 edition of the Oklahoma Bankers Association Compliance Informer.
      
      First published on BankersOnline.com 9/8/03