Thread Options
|
Tools
|
#77995 - 05/02/03 08:38 PM
Re: Section 326 Final
|
Diamond Poster
Joined: Jan 2003
Posts: 1,454
metsuretsu
|
_________________________
I have many opinions; some are good, some are bad, and some don't contradict.
|
Return to Top
|
|
|
|
#77996 - 05/02/03 08:44 PM
Re: Section 326 Final
|
10K Club
Joined: Oct 2000
Posts: 27,750
On the Net
|
You will not have to re-verify customers opening subsequent accounts. Being risk based you can also assume the long term customer who banks with you now and whose parents banked with you, etc. are who they are. So we don't have to go back on all existing customers either.
_________________________
AndyZ CRCM My opinions are not necessarily my employers. R+R-R=R+R Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell
|
Return to Top
|
|
|
|
#77998 - 05/02/03 09:12 PM
Re: Section 326 Final
|
100 Club
Joined: Oct 2002
Posts: 204
Arkansas
|
Quote:
Let me piggy back off of Andy (that should put all sorts of pictures in your mind ). You are not required to verify the ID. The ID verifies what they have already told you (name, address, DOB, etc.). This is probably one of the biggest misunderstandings of the CIP rules.
So, I can tell all the vendors calling me about their I.D. software to quit calling?
I know the software is not required but could be quite useful in reducing risk.
Last edited by Lewis; 05/02/03 09:17 PM.
|
Return to Top
|
|
|
|
#77999 - 05/02/03 09:18 PM
Re: Section 326 Final
|
Diamond Poster
Joined: Jun 2001
Posts: 1,373
Lido Deck
|
Maybe it's just me, and it's late on a Friday afternoon and I've hit the wall on reading 326. But was I the only one to get a good laugh on page 74 where it states that "Treasury, the OCC, and OTS have determined that the final rule is not a 'significant regulatory action' "?
_________________________
--A bad day at sea is better than a good day at work.
|
Return to Top
|
|
|
|
#78001 - 05/02/03 09:30 PM
Re: Section 326 Final
|
Anonymous
Unregistered
|
My favorite comment that me laugh was that several comments were received from companies engaged in the sale of technology that could be used to identify and verify customers. Some of these commenters urged that the rules REQUIRE (emphasis mine) banks to authenticate any documents obtained to verify the identity of customers through the use of automated document authentication technology.
Yeah, I bet! Is that a little self serving or what?
|
Return to Top
|
|
|
|
#78002 - 05/02/03 10:14 PM
Re: Section 326 Final
|
Platinum Poster
Joined: Jan 2003
Posts: 580
|
Quote:
This is probably one of the biggest misunderstandings of the CIP rules.
David: That's interesting - we were informed by FDIC examiners that ID would have to be checked each time a new loan (existing loan customer) was granted. It's been kind of a joke around here and I'm happy to see that it's was one of whose things that go around from nothing to an issue and back to nothing. Thanks.
|
Return to Top
|
|
|
|
#78003 - 05/02/03 10:32 PM
Re: Section 326 Final
|
Diamond Poster
Joined: Feb 2003
Posts: 2,362
Colorado
|
What am I missing? How does obtaining a financial statement from an entity prove identity? It's listed as an example of non-documentary verification. Maybe they mean an audited financial statement?
_________________________
Opinions are mine and not necessarily my employer's.
|
Return to Top
|
|
|
|
#78004 - 05/02/03 11:06 PM
Re: Section 326 Final
|
10K Club
Joined: Oct 2000
Posts: 27,750
On the Net
|
If you also had a CBR or D&B and it ties back to the financials, that is supporting data. I think many things will tie together in the risk based programs.
_________________________
AndyZ CRCM My opinions are not necessarily my employers. R+R-R=R+R Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell
|
Return to Top
|
|
|
|
#78005 - 05/03/03 07:17 PM
Re: Section 326 Final
|
Junior Member
Joined: Jan 2003
Posts: 35
Charlotte, NC USA
|
If you want an attorney's perspective on Section 326, here's a link to an 8-page white paper sponsored by ATTUS Technologies.
|
Return to Top
|
|
|
|
#78006 - 05/03/03 08:29 PM
Re: Section 326 Final
|
Junior Member
Joined: Jan 2003
Posts: 35
Charlotte, NC USA
|
Quote:
You will not have to re-verify customers opening subsequent accounts. Being risk based you can also assume the long term customer who banks with you now and whose parents banked with you, etc. are who they are. So we don't have to go back on all existing customers either.
Andy,
This may have already been mentioned above, but it's my understanding that when an existing customer opens a new account or takes out a new loan, the bank does not have to verify the customer's identity, "provided that the bank has a reasonable belief that it knows the identity of the person" (page 20).
In this case, would long-time personal knowledge of an individual's identity satisfy the "reasonable belief standard" or would it be considered too subjective by the examiners?
Mark
|
Return to Top
|
|
|
|
#78007 - 05/04/03 01:32 PM
Re: Section 326 Final
|
10K Club
Joined: Aug 2001
Posts: 21,939
Next to Harvey
|
Mark,
I am not short-stopping Andy's response, only pointing out that you've asked a difficult question. When they stress your policy is to be "risk based" it becomes impossible to assure that anything will be acceptable. While your bank's size, location, clientele, past experience etc. are theoretical factors in the determination, my perspective is that the two major variables will be the agency that examines you for compliance and the individual who conducts that examination on their behalf. Andy and I could have a knock-down-drag out argument over whether "long term personal knowledge" is enough. For example, should you specifically indicate the length of the term? Does a long term customer who has only rented a safe deposit box offer you the same level of comfort as to her identity as a major borrower? If you have known me personally for 10 years, but I only opened an account at your bank last month, does your personal knowledge even play a role or is it more about whether "the bank" knows me?
Andy, you take either side of the argument and I'll take the other, but I don't think we will find out who "won" until after Mark's next exam.
The supplementary information accompanying the final regulation points out that some banks, notably smaller banks, lobbied for an objective check list of requirements where compliance would be assured. Others argued for an entirely risk-based approach. As the final regulation eliminates requirements to copy ID's, identify signatories and consistently identify established customers, it's easy to identify the winners in the debate.
In the final analysis, it will not be whether your program is adequate, but whether your ability to defend your program is adequate.
Many dedicated compliance folks have waited for months to develop their programs. It's likely that many are pulling out all the stops do it "now." However, the agencies have indicated they will issue additional guidance and I would want to see it before I had my board approve anything. In addition, your bank has roughly six months to design, implement and test a program. That time is a tool, using it would be the smartest thing you can do.
I have to wonder: Do the people who hand out euphemisms in lieu of information plan to tell their mothers that they are taking a "risk based" approach in deciding whether to take her to lunch on Mothers' Day?
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.
|
Return to Top
|
|
|
|
#78012 - 05/04/03 10:35 PM
Re: Section 326 Final
|
Junior Member
Joined: Jan 2003
Posts: 35
Charlotte, NC USA
|
I guess the $64,000 question is: How can a bank establish a "reasonable belief" (that it knows the true identity of its existing customers) that is objective, cost-effective and defensible to examiners... while at the same time, not offend any long-term customers?
Perhaps one possible answer is that a bank’s CIP policy should, at the very minimum, require a baseline, social security number validation test for ALL new and existing customers. After all, the September 11th hijackers opened 35 bank accounts using bogus social security numbers that were not even questioned by bank officials.
The reason why I propose a baseline screening for ALL customers is that a risk-based approach for selecting which customer to screen is subject to a biased selection in the real world. The SSN validation test could be performed in the back office without confronting customers directly, without leaving a footprint on a credit report, and without incurring any online transaction charges. More importantly, a report of the test results could demonstrate one more step toward objective approach for defending a bank's assertion that it knows the true identity of their existing customers.
|
Return to Top
|
|
|
|
#78013 - 05/04/03 11:46 PM
Re: Section 326 Final
|
10K Club
Joined: Oct 2000
Posts: 27,750
On the Net
|
Doing a SSAN validation on EACH customer could be a very expensive proposition. I don't know what this would cost, but if it is .20 per SSAN, at 100,000 accounts that is $20,000. I see this as a low-risk for my banks at this point. Short of a more compelling reason, I would resist that.
_________________________
AndyZ CRCM My opinions are not necessarily my employers. R+R-R=R+R Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell
|
Return to Top
|
|
|
|
#78016 - 05/05/03 10:08 AM
Re: Section 326 Final
|
10K Club
Joined: Aug 2001
Posts: 21,939
Next to Harvey
|
Mark,
When they made this risk based they left room for your individual assessment of risk. There will be considerable variations in the decisions made by individual institutions.
If you feel the SSN validation is cost effective, one thing you might do to reduce the length of your comparative list is to eliminate the accounts where name/TIN comparisons have been verified by implication; i.e. the account is subject to information reporting and no IRS "B Notices" have been received. Examples would be long term accounts subject to 1099 and 1098 reporting. Alternatively, you might just assume that illegal actors would be unlikely to open an interest bearing account using a name/TIN combination they know to be invalid and focus only on relationships where there is no information reporting; e.g. safe deposit and DDA .
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.
|
Return to Top
|
|
|
|
#78017 - 05/05/03 02:26 PM
Re: Section 326 Final
|
100 Club
Joined: Nov 2000
Posts: 176
|
Mark, To put your postings in perspective, are you a vendor or a banker?
_________________________
...but I saved a lot on my auto insurance
|
Return to Top
|
|
|
|
|
|