I just did a memo to our board from the ID Theft officer stating what we do when opeining new accounts, all the reviews and internal controls, procedures we use, results of the risk assements, policy review. has not been examined yet but our board approved of it.