I spent a few minutes searching this site and have not found an answer to my questions. Perhaps a few of you could help me.

In our small town, there are a handful of people who have committed crimes against our bank in the past or who are rumored to be involved in criminal activities. A few of these people are ex-employees. In some cases, information regarding the rumors come from credible sources.

We currently do not maintain a list of people that we will not do business with. Is it advisable to maintain such a list? What is your practice for maintaining a list of people? (These questions are not refering to the OFAC list that we maintain.)

Thanks for your help!

Dear Anonymous
We know who the bad guys are and provide any assistance to local authorities we can to curtail bad guy behavior

A financial institution can choose not to do business with whomever it wishes, so long as its reasons are not illegally discriminatory. (For example, ECOA would prohibit you from deciding you weren't going to accept loan applications from people of a certain age, race, etc.)

The biggest concern I would have about formulating a so-called Blacklist is the possibility an individual/business will claim defamation. For that reason, if you have a list, make sure it is described to your employees/directors in such a way that it does not imply these individuals did anything other than precisely what they did.

For example, the list could be described as consisting of those persons l) who had charged-off loans with your institution; 2) who had uncollectible unpaid fee balances or negative account balances; 3) who were abusive or rude to staff members or other customers;, or 4) are simply individuals/entities that you choose not to do business with at your discretion. (The latter category could include all kinds of folks, from the neighborhood flasher to a creep who used to work for your institution.)

Avoid comments or characterizations that would appear to accuse someone of criminal behavior (unless you can back it up with proof!) or cast them in a false light.

Make sure the list is disseminated in-house only, and only to those with a "need to know".

Really, isn't Chexsystems a form of blacklist?
As long as the information is based on reality, an internal list is not too different. I'm sure that many institutions leave comments on their systems when a loss is caused, and such comments are considered if the customer wants to re-open their account.
I would be very careful with rumors though.

Chex is not really a black list like the bank was talking about implementing.Chex simply reports info reported to them;they do not tell a bank to open or not open the account. Plenty of accounts are opened even though someone has a record on Chex.

Thanks for the info. We are aware of the ECOA rules.

Our list would be distributed to all CSRs and loan officers requiring the employee to obtain permission from senior management or the security officer before conducting business. All involved parties would be instructed on the confidential nature of the list and how to deal with persons attempting to open accounts. This list may also indicate that senior management has chosen not to conduct business with an individual. The reason why a person or company is on the list would not be included. A master list with detailed information would be maintained by the security officer and the internal auditor.

Just realize that although the master file will only be maintained by the internal auditor and the security officer, it still is available through the discovery process if someone sues you. Be careful what you put in it. Myself, I think you are treading on dangerous waters by maintain such documentation if it consists of anything more than cold hard documentable facts. No accusations, no rumors, no unproven theories.

I would think that if it is based on facts, I would rather really on uncovering it in the normal application investigation process. I have never heard of anything like this in the banking world before. I would really recommend that you consult legal counsel before you start developing your profiles.

I think Hollywood tried this in the 50's with limited success.

To all - What would your responses be if it was a "high risk" list verses a black list?

This is actually more common than you might think, particularly in the "big bank" world and even in the brokerage world. There are some people those financial institutions just do not want to do business with due to possible connections to organized crime - and they would tell the person that - it is just not worth the risk to do business with you; your reputation precedes you, we are not willing to take the reputation or other risk. Those names are on a well guarded list along with names of individuals who have already been asked to leave the bank, etc. I was personally involved with setting up a process for maintaining the list globally and we had to house the list in a European country to comply with their privacy/secrecy laws; I would need to call Europe for the exact information if I had a "hit" on the database so that I could comply with US laws such as FCRA. Many many attorneys in several countries were involved in setting up the process. The risk of keeping such a list was felt to be outweighed by the risk of doing business with the people on the list or the risk of looking stupid because we threw an individual out of the bank in one place and he came back in another door.

Thank you so much for your input. We do recognize the risk of having a list. But without a list, how do you prevent a previous undesirable customer from resurfacing? How do you block a transaction by a new undesirable customer wihtout keeping record?

It may seem hard to believe but our small town bank has security issues similar to a big bank. Our community has drug dealers, kiters, money launderers, embezzlers and others undesirables, whether rumored or reported as convicted. If we are aware that a certain officer from a competitor bank was convicted for bank fraud, why would we want to do business with that person?

Anyway, I feel myself starting to climb on the soap box and that is not my intent. There is just a little frustration here due to an ex-con resurfacing in a transaction with our bank. This makes for more work.

Again, thank you all for your input! Any other input is most welcome.

But without a specific instruction otherwise, an individual employee opening an account may go ahead and open the account or refuse to open an account for someone the bank has no problem with. Without a list would your procedure be "anyone YOU (an individual employee) thinks might be a bad guy". That seems pretty risky.

We regularly distribute a list of customers whose deposit accounts we charged off. Plus, the branch staff has the ability to look up the charged off accounts on the system. If one of these customers comes in for a new account (it happens more than one might expect,) the branch calls me or someone in operations to get a yay or nay on opening the account.

In a small community, why not have a senior official review all new accounts after the fact to see if one of these undesirables had opened? You can close the account if the senior person notices it the next day with almost no exposure. The list would not need to be distributed to the masses, just the individual who reviews the accounts. It shouldn't take more than 10-15 minutes (depending on volume); or
Don't most banks have a next day system verification process where backoffice checks to ensure name, SSN, address, type of account, etc are all correctly entered? Have the list there, again the exposure is extremely small and the list is contained..

[QUOTE]
Young CSR - hasn't been involved in the business dealings in the small town for 20 years. How is she or he supposed to know all the bad guys that the branch manager knows from years of experience?

---

That is why something like Chexsystems is used by so many banks. Report your experience and for some strange reason (strange in a small town) a bad actor shows up to open a new account, a system is in place to take care of the situation. The maintenance of an internal blacklist seems like a bit much, plus can it be mis-used or show up in the local newspaper?

Chex Systems isn't going to capture customers with charged off loans, etc. It covers a very small universe.

Ipso facto,

We are concerned with more than just a person who bounced a check. Sure, Chexsystems would be of help here . . . and we use it. But, if I'm not mistaken, Chexsystems will not identify many others that are a threat to the bank, like a convicted ex-insider, an employee fired for fraud but never convicted, or that businessman identified by one of your trusted employees (who use to work for him) as being involved in drug dealing.

By the way, this small town is not 30 people. If it were, I would agree with you. Our town has a mid-size university with a non-student population of 15k+. So, our staff does not know everyone. And as pointed out, one could not expect a 22 year old CSR to know a business man by sight.

Folks:

Great thread -- thanks for participating! I still like Mary Beth's answer the best because she lists categories that will likely survive scrutiny in court.

ChexSystems is a very effective tool -- as far as it goes. ChexSystems is "user-dependent", however. This means that the information you retrieve is only as good as the information that's been entered. Many institutions choose not to enter derogatory information for a variety of reasons -- and that information isn't available to you.

I've seen these lists in both small and large institutions. Properly entered and controlled, these lists make a great loss prevention tool. Retail stores rely upon these lists and -- regretably -- they often post them on the checkout stand. Mirroring this observation, I've also seen these lists posted on the panels at teller windows and under the glass desktop at the new accounts desk.

I encourage you to use these lists -- after reviewing the process with your institution's legal counsel.

I'm not sure if this is over the line. That is why I brought it up. I thought our bank has a right to do business with who we choose - as long as we do not illegally discriminate.

I would certainly not want the list to be made public. But, if we develop such a list, copies at the front line would not have the reasons for the name inclusion. The list would probably contain an indicator that should cause the staff person to call a number for clearance before conducting a transaction. A master list(s) would be maintained by an officer(s) under high security.


We thought about only placing people on the list that have actually harmed the bank in the past but realized that such a procedure is not being very proactive.

I'm curious. If you had a person who is conducting unusual deposit transactions that is a red flag for money laundering and that person now wants to open a HELOC, would you want this new account? Should this person be on the list? I probably would add the name to the list. (This has happened to us. Since that time, he has been arrested twice for drug dealing.)

If you had information from a trusted employee that the college crowd goes to a certain businessman for illegal drugs, would you want to open a safety deposit box for that person? Should this person be on this list? Perhaps, depending on your faith in the employee.

The goal of my original question was just to find out what others are doing to help us with our decision. Thanks Ipso and all of you for your comments and suggestions.