In regards to the USA PATRIOT Act CIP provisions: For addresses similar to a P.O. box, such as AIM Mail Services, Mailboxes Etc. (now The UPS Store), Pak Mail, Parcel Plus, PostalAnnex, PostNet and others that essentially compete with local post office services (by providing private mailboxes), do banks have any requirement to try to identify these types of addresses? Would we need to request an actual residential address? (In reading the rule and its preamble, these would be considered as business addresses and may constitute compliance. However, these could also be a means for bad people to open an account without providing a true physical address. These companies extend their business street address to customers and assign a box or suite number. The result is an address that cannot be distinguished unless it is listed on a fraud file somewhere.)
I am reviewing the final reg for the CIP and making adjustments to the program and procedure we compiled several months ago. At the end of the discussion of Section 103.121(b)(2)(iii) for Lack of Verification, the final reg indicates "...a bank must comply with other applicable laws and regulations, such as the adverse action provisions under ECOA and FCRA, when determining not to open an account because it cannot establish a reasonable belief that it knows the true identity of the customer." ECOA and FCRA deal with credit products, and I do not see how the current notices apply to denial because you cannot establish someone's identity. Even if you mark "Other" the notice portion refers to credit and I believe it would confuse the applicant. Any thoughts on this?
There are many new sofware products being offered today to assist in 'verfifying' the identity of new and/or existing bank customers (per proposed rules of the USA Patriot Act). These software packages search a number of various databases to get background and other 'verification' data. Some of the data bases that are 'searched' appear to be readily accessible general public record data bases, but others appear to be data bases that are not so accesssible by the general public. Is it permissible to have a customer sign a form which essentially says that the customer agrees that the bank can search for information to verify the customer's identity without specifically identifying the data bases being searched?