FAQs on CIP
FinCEN and the bank regulatory agencies have issued answers to frequently asked questions about the CIP rule. The answers don't contain any surprises and demonstrate a great deal of common sense. The common denominator to the answers is that financial institutions should make an effort to carry out the purpose and spirit of the USA PATRIOT Act. The answers discourage minimal compliance.
Several lending questions have been resolved. The obligation to establish the customer's identity occurs when the bank enters into an enforceable agreement to provide a loan to the customer. In most states, this will be the commitment letter. Don't promise a loan until you know who the borrower is.
If you are originating loans through an agent such as a car dealer or mortgage broker, you must ensure that the agent performs your CIP. You are ultimately responsible for the identification. Don't simply sit back and take their word for it - audit the process and check the results.
Another touchy question has been who to identify when an individual opens an account with power-of-attorney. The answer depends on circumstances. The short version is that you must identify the owner of the account if they are competent, and the person holding the POA if the account owner is not competent.
Co-owners added to accounts become subject to the rule as they are added to the account. There is no sneaking in the back door. You need to know who everyone is that has ownership of or power over the account.
For deals involving multiple institutions, the common denominator comes down to responsibility. Any institution that extends credit or makes a credit decision must determine the borrower's true identity. The responsibility to determine identity may however be contracted for with other parties involved in the transaction. But the same standard applies - you need to be sure that it is happening in accordance with your program.
The same is true for customers of affiliates. Each institution needs to know the customer's identity to its satisfaction. It may not rely on the fact that the customer has a business relationship with an affiliate. As a practical matter, every institution and every new customer relationship becomes a fail-safe point at which the true identity is determined.
There is also a strong hint that, even if the USA PATRIOT Act is allowed to expire, CIP will not go away. In response to questions about existing customers, the agencies advise that you may have a reasonable belief if you can show that, prior to the CIP rules, you had comparable procedures in place. Sounds a lot like "enhanced due diligence."
In the context of due diligence, the agencies have made clear that you have an obligation to determine that identification documents offered are valid and that they are consistent with the identity the customer presents. There may be situations when you can accept an employment id - if you know the employer and the employer's procedures. But the bottom line is that what the customer offers to document identity must enable you to determine their true identity. The agencies also recommend that you use more than one identity document.Some other answers are good news. Rural route numbers are acceptable as addresses because they identify a location. But no tax id number means no account. And there is still no "government list" to check for CIP.
Keeping copies of identification documents remains a balancing act between dueling regulations. For purposes of CIP, you are encouraged to collect and keep copies of identification documents. But in the questions and answers, there is explicit acknowledgment that the CIP goals do not override information restrictions such as those imposed by ECOA. This may be further complicated when FACTA rules on recordkeeping are published. Credit reports are recognized as valuable in the process of identifying a customer. Keeping copies of the credit report may be restricted by rules issued under FACTA. Any record retention rules or changes should always be checked against your CIP policy to ensure consistency.
Copyright © 2004 Compliance Action. Originally appeared in Compliance Action, Vol. 8, No. 16, 1/04
First published on 01/01/2004