I agree with rlcarey and cite the following:
http://files.ots.treas.gov/25175.pdf (OTS CEO Letter # 175 issued 5/9/2003 and attached 68 Fed. Reg. 25090 which includes regulatory staff guidance)
"The board of director’s responsibility to oversee bank compliance with section 326 of the Act is a part of a board’s conventional supervisory BSA compliance responsibilities that cannot be delegated to bank management. Therefore, a bank’s board of directors must be responsible for approving a CIP described in detail sufficient for the board to determine that (1) the bank’s CIP contains the minimum requirements of this final rule; and (2) the bank’s identity verification procedures are designed to enable the bank to form a reasonable belief that it knows the true identity of the customer. Nevertheless, responsibility for the development, implementation, and day-to-day administration of the CIP may be delegated to bank management."
In my opinion the words "in detail sufficient for the board" are key. However, is stating in the policy that you perform "documentary verification obtaining two forms of approved (meaning acceptable as listed in procedures developed by the bank's BSA officer) unexpired identification documents, one of which must be a government issued ID with photo" sufficient, or does the board need to see and approve the list of types of ID deemed acceptable by the bank?
Any insight would be much appreciated. Thanks.