Question & Answer
Question: We're one of the banks that continues to maintain the $3,000 log, even though it isn't required. We collect information on the payee of the check as well as the purchaser. We also collect information on the purchaser if that person is buying the check for someone else, such as an employer, etc., as well as the originator of the purchase. Our auditor is becoming concerned that collecting all this information may get us in trouble in light of the recent spate of legislation regarding privacy. Do you think there is a problem in us collecting this information on payees and third parties? Do other financial institutions collect this much?
Answer: The purpose of the Privacy Act is aimed more at the dissemination of information, not the collection of it. It is meant to control how information is used for marketing, or given or sold to third parties.
There is no direct requirement in the Bank Secrecy Act that the payee be identified by the drawee bank...however, common sense tells you that if the information becomes necessary, when the check comes in to you to be paid, it can be traced and all that information ultimately available.
Collecting information such as you do is a common practice both in financial institutions and in organizations that sell money orders. Many financial institutions look for patterns in payee information to discern suspicious activity. This is also a common practice among non-financial institutions for the same purpose.
If you wanted to check a final place before making your decision on whether to change your practice, you might want to check with your regulator - each of the agencies has "translated" the privacy law their own way. If they object to you gathering information on third parties, you'll want to change.
Copyright © 2000 Bankers' Hotline. Originally appeared in Bankers' Hotline, Vol. 10, No. 11, 11/00
First published on 11/01/2000