Please post any or all of your comment letter here so others can get ideas about what to say and how to say it. Feel free to cleanse identifying information and post anonymously if you think it appropriate, but remember your comment will be public information once it is filed.

Those using this resource should make their comments reflect their own perspective and analysis - please do not cut and paste verbiage developed by others into your comment. Communications that reflect the character of a form letter are justifiably given much less weight.

As a suggested point of etiquette, please preface any future BOL postings complaining about CIP with, “Hi, my name is [whatever] and I wrote a comment letter.”

Background: Many regular BOL participants have expressed concern over Treasury’s Notice of Inquiry and the potential that CIP regulations will be revised to require retaining copies of identification. Comments can be filed electronically on Treasury's web site , but must be filed prior to July 31.

Footnote 4 in the Notice of Inquiry notes the list of things financial institutions complained about in encouraging Treasury to eliminate the original requirement to copy identification. While it might seem pointless to raise them again, it appears to be necessary since the Notice of Inquiry indicates you should comment “…even if such views have been expressed previously in connection with the proposed rulemakings.” Thus, do not hesitate to repeat criticisms you raised earlier.

Also, do not hesitate to add new criticisms. For example, Andy posted a letter from the American Association of Motor Vehicle Administrators in a recent thread that indicates currently existing security features would make some copies illegible. The expected proliferation of such security measures makes this a totally worthless exercise. Point that out.

On a personal note, I am not opposed to banks choosing to copy identification when they believe it is necessary and they have appropriate safeguards in place. I am opposed to forcing banks to do so when, in many cases, it will be of absolutely no value.

Section 326 Notice of Inquiry: Recordkeeping

This is a response to Treasury’s Notice of Inquiry on requiring financial institutions to photocopy identification used to verify customer identity, thus revising final regulations issued under section 326 of the USA PATRIOT Act. As it appears the rulemaking process is being redirected by a single member of Congress, I am sending copies of this comment to my own representatives.

My perspective is that of an individual who has provided Bank Secrecy Act training to bankers and regulatory personnel since 1986. In the time since proposed regulations were issued under Section 326 of the USA PATRIOT Act, I have conducted dozens of live programs, telephone seminars and web casts on Customer Identification Programs (CIP’s). They were attended by thousands of financial institution personnel. While noting that I spoke to them, it is more germane that I listened to them. Specifically, I listened to their comments on copying identification.

Under current regulations, financial institutions are not required to make copies of identification. They are only required to retain “a description” of any document used to verify customer identity.

Most of the approximately 500 comment letters on the proposed regulation voiced objections to copying identification. Those objections are cataloged in the Notice of Inquiry that requests relevant comments. There is no point in reiterating them here. Although those agencies holding subject matter expertise and charged by Congress with issuing interpretive regulations found them persuasive, those whose efforts generated this Notice of Inquiry clearly did not.

In any case, it is accurate to summarize those comments as indicating a requirement to keep copies of identification would impose significant operational burdens on many financial institutions. Requiring commenters to state their objections a second time or simply ignoring them altogether by revising the regulation reduces the comment process to a farce.

As the purpose of the regulation is the prevention of money laundering and terrorist financing in U.S. financial institutions, those encouraging this Inquiry must believe that “a copy” rather than “a description” of identification provides incremental value. There is no practical or logical basis for such a conclusion. Thus, I believe financial institutions should not be required to make photocopies of identification:
• at all times or
• in specific instances.

If a revised regulation tracks the third option mentioned, requiring financial institutions to evaluate copying as a risk based element of their CIP, it would imbed a logic fault. While copying identification is a preferred internal control for some financial institutions, there simply is no mitigation of risk of the bank’s being used for illegal purposes attributable to the practice.

First, the current regulation does not require that financial institutions obtain any documentary evidence of identity. Depending on the type of account being opened and the method used to open it, customers are able to establish new accounts without providing documentary identification. A requirement to copy identification will not affect accounts opened in these circumstances – there is no identification to copy. So, the requirement will not affect all new accounts opened. (Just as water seeks the path of least resistance, if being required to keep copies of identification is seen as relatively burdensome, financial institutions will simply shift to alternative methods for verifying identity.)

Second, the identification requirements affect all “persons,” individuals and non individuals. A requirement to copy identification cannot be issued in a vacuum on the assumption that it only applies to individuals. For example, a financial institution might obtain a driver’s license from an individual. However, from a corporation, it might require a certified copy of articles of incorporation as evidence of identity. (In the case or the corporation, the regulation does not require financial institutions to obtain identification from account signatories; only the identity of the corporation must be verified.) Thus, a requirement that a financial institution retain copies of identification would apply to trust agreements, articles of incorporation, court orders, business licenses, etc. – virtually any document it accepts as proof of the customer’s existence.

Third, the real issue is does a copy, as opposed to a description, add value to the process?

Presumably, verifying identity provides a means to locate those using financial institutions for illegal activity. Conversely, verifying identity also works as a deterrent. Knowing they will have to identify themselves, illegal actors will be reluctant to use U.S. financial institutions for illegal ends. Those observations are based on two assumptions 1) that individuals using financial institution accounts for illegal purposes use their real identities and 2) that business entities are readily traceable to the individuals involved. Neither assumption is supportable.

An individual can purchase false identification at venues ranging from a flea market to the Internet. Whether the individual’s purpose is buying liquor while underage, writing bad checks or attacking the infrastructure of the United States, their total investment is probably less than $75.

If an individual provides valid identification, it is the information, not the driver’s license that provides a trail back to the perpetrator. A copy does not provide any additional information – it is surplusage.

Current regulations require the financial institution to retain information including the individual’s:
• name,
• DOB,
• address and
• identifying number
as well as the “description” of the document, specifically the:
• type of document
• place of issuance,
• date of issuance and
• expiration date.

If an individual provides fraudulent identification, all of the above information is worthless. Even if it is retained in the financial institution’s records, it provides no relevant information. Yet, if the financial institution had been required to make a photocopy as ingeniously considered here, the additional information the financial institution would have is the unknown person’s:
• height,
• weight (I lied about mine and assume fraudsters would too),
• eye color and
• photograph about ¾” square.

If the account is opened in person, that photograph supposedly matches the person’s physical appearance at that time. If the account is not opened in person, it is unlikely that the photograph or physcial characteristics recited on the fraudulent ID bear any physical resemblance to the person involved.

Even assuming that a photograph on the driver’s license is of portrait quality and that the perpetrator did not alter his appearance prior to having it taken, is doubtful that law enforcement personnel can demonstrate that a black & white photocopy of a color photograph less than one inch square would be of measurable assistance to an investigation. (Those who believe otherwise should conduct some empirical research: ask your branch bank to make a copy of your driver’s license and see if the resulting image is someone your mother would recognize.)

Even if copying did add value, financial institutions would be keeping thousands of copies on the outside chance that one of them might be requested by law enforcement. Of those copies requested, a minute percentage would be in connection with suspected money laundering or terrorist financing.

The true fallacy in using financial institutions for law enforcement purposes is that no cost justification is ever required – it is painless for regulators to mandate that financial institutions perform tasks law enforcement could never cost justify if the same activity were within their own budgeting process.

Those who would use a business entity for illegal purposes are not even put to the trouble of obtaining a false identity. They can establish a real entity much more easily. A corporation whose sole purpose is the conduct of illegal activity can be established in any state for a few hundred dollars. The original incorporators may have fraudulent individual identification, but it is certainly not necessary that they use it to set up the corporation – most corporations are established by mail. The corporation will be “real,” but its incorporators and principals will be unknown.

If the business is a “creature of statute;” e.g. corporation, LLC, limited partnership etc. and properly organized under state law, there is simply no reason for the financial institution to maintain copies. Documents for a bona fide corporation will be available at the Secretary of State’s Office in perpetuity. As the regulation does not require financial institutions to identify signatories on an entity’s accounts and states do not generally require identification from those establishing corporations, the “identity trail” ends at the Secretary of State’s office. A financial institution’s retention of a copy of the documents will not change that.

If identification offered is valid, a copy is simply not necessary. If identification offered is fraudulent, a copy simply does not provide any useful information.

Only unbounded naiveté can support a belief that the current requirements of this regulation will be an impediment to those wanting to use the U.S. banking system for illegal purposes. Requiring financial institutions to keep “a copy” rather than “a description” of the identification received is not cost justifiable and does not reduce deficiencies engrained in this statute and regulation.

Ken,
Is there some reason you are not commenting on the issue of foreign identification?
This is actully more of an issue for us because of the tremendous political pressure being placed on banks in my area. I am commenting on both issues, but this foreign ID is a sticky situation, and I would like some input on how others are commenting on that. It seems as if we are caught between a rock and a hard place - if we don't say what we believe we may get stuck doing something that we so not beleive is right, but if we do say something we are apt to have public interest groups with signage in the lobby of the main office demanding to see the president! (It is my understanding that these letters are a matter of public record - right?)
Thanks,
BC

Bear,
As you know, the Notice requires that comments on photocopying ID and acceptance of foreign identification be filed separately. I did file one on the latter, but am not certain it would be of much help to others - it did not focus on the Matricula. Basically, it says they left the banks an impossible task on accepting any foreign identification to verify identity. My tone in that one might be less than respectful, so I am a bit reluctant to offer it as a sample for others to follow. Yet, if anyone begins a separate thread for collaborating on those comments by posting their letter, I will post mine when I get back in town on Friday.

All comment letters become public information on receipt.

Quote:

---

The true fallacy in using financial institutions for law enforcement
purposes is that no cost justification is ever required – it is
painless for regulators to mandate that financial institutions
perform tasks law enforcement could never cost justify if the
same activity were within their own budgeting process.

---

Huah!

I wrote a comment letter. I don't remember the exact wording but I commented on the fact that drivers license copies are not allowed in some states and that some state drivers license have security features that render a copy illegible, thus making the copies worthless.

Can I also say that the ABA e-mail this morning pointed out that only 150 financial institutions have responded to the call for comments. We've got to make our voices heard, as there is an organized campaign to get the regulation reopened.

This is the main part of our letter dealing with the copying of identification:

The Department of the Treasury has requested comment on three key questions regarding the retention of copies made of documents presented for identification, such as driver’s licenses. We would like to take the opportunity to address the questions as they are set out in the publishing of the Notice of Inquiry.

“Should the regulations require financial institutions to make and maintain a photocopy of identification documents upon which the financial institution relies to verify identity in all cases?”

The regulations should not be amended to include this requirement. Several states prohibit the copying of driver’s licenses and other states have included security measures in such documents to preclude useable copies being made. We are also extremely concerned that the retention of such documents will give rise to an increase in identity theft.

If the regulation were modified to include this requirement, an institution our size would be faced with two monumental challenges, significant increases in expenses and record storage. Accounts aren't always initiated in a bank lobby. For example, in most of our markets the Trust Administrator goes to the customer to set up the account. This is especially true when dealing with the elderly who do not drive, have limited movement capabilities or live in a rural community that would be some distance from a branch. To require the photocopying of identification documents would necessitate providing some type of portable copy machine or fax for each Trust Administrator. The alternatives would be to make arrangements for the individual to be transported to the nearest branch location to complete the account set up process, or simply not pursue these individuals as clients. Any of these scenarios would have an impact on the Trust Department's fee revenue and expenses.

Storing copies of these records was a major concern expressed in the initial comment period for the regulation, and it is still very valid. We have grave concerns about obtaining and maintaining such copies and realize that such a requirement will mean a substantial increase in our cost of doing business. In addition, we would need clarification about how examiners will view the maintenance of such copies in light of the Equal Credit Opportunity Act, and what will be required for remote applications, such as credit card accounts. These are customers that are rarely, if ever, seen in person, and requiring them to submit a copy of their driver’s license is fairly impractical.

“Should the regulations identify specific instances in which photocopies of documents relied upon must be made and maintained?”

The regulation as printed on May 9, 2003, gave the financial institutions the opportunity to make decisions about their Customer Identification Program based on risk. To specify instances in which photocopies must be made and maintained, the business decision has instead been pulled away from the business it ultimately affects. By nature, financial institutions are extremely aware of risk and conduct their business in a way to minimize it. We already apply many customer identification safeguards to protect our customers as well as our stability. In this light, we feel it unnecessary to issue specific instances in which photocopies must be made and maintained.

“Should the regulations provide guidance to financial institutions concerning risk factors indicating when photocopying identification documents relied upon may be appropriate?”

It is always helpful to receive guidance from the regulators. We only ask that if this approach is adopted, that it be viewed as guidance only and not as a requirement. If such guidance ever became a requirement, we would ask that notification be published in the Federal Register so we can assure compliance.

Thank you for the opportunity to comment on this issue.

_______________________________________
Opinions expressed here are my own and not necessarily my employers.

Midwest- You have excellent points. Can you estimate costs? This kind of input can be very persuasive. I always tried to guesstimate startup costs plus annual recurring costs. Our trade associations can take these numbers and scale them up to to represent the whole industry.

That's a good point. We have not estimated costs, because just the idea of our $13 billion dollar shop having to accomodate such a change is pretty overwhelming. I'll have to see what we can come up with, but I don't know if I'll have time to add it to the letter I wrote or not.

_______________________
Opinions expressed are my own and not necessarily my employer's.

We submitted our comments today, and I did add, on the issue of photocopying identification, we also included the point that if the photocopier breaks down, are we required to discontinue opening accounts until it's fixed or we get another one? This should be a concern even if your shop currently copies identification. If Uncle Sam now requires such action and your small branch with only one copier goes down, what will you do? Do you really want to turn someone away because your copier is broken, especially when they're likely to just hop down to another bank?

I didn't add this to our letter, so if someone wants to take it and submit it, that would be great. Some states allow for driver's license renewals in six year intervals. (Missouri is one of those states.) Will our customers look like the pictures? Highly unlikely, especially if you consider a young driver, getting her license at 16 and doesn't have to renew until she's 22, or people who change their appearance for reasons other than fraud, like weight gain or loss, those who are more "folically challenged" than they were when their license was initially obtained, etc.

Don't forget to get those comments submitted!

We just filed our comment letters today, I think that a lot of banks have been trying to figure out what to say differently then what they said the first time. Here is our comment on the matricula card - short and sweet.....

The Bank generally supports the final customer identification rule, as it permits each bank to tailor its customer identification program to the specific risks posed to the institution. The rule allows each institution to determine which forms of foreign issued identification documents it will accept. We support this flexible approach and encourage Treasury to continue to let individual banks determine which documents will be acceptable. For example, the Bank will only accept the matricula consular card when it is presented with an IRS issued ITIN number.

Critics of the matricula consular and other foreign issued identification cards argue that bank personnel will have no way to discern or guarantee that an ID is legitimate, un-tampered with, or free from fraud. We would point out that these same weaknesses are prevalent in federal and state identification documents issued in the United States. Counterfeit drivers’ licenses and fraudulent “breeder documents” such as birth certificates and social security cards are readily available over the Internet and on the underground market.

We believe that each institution should evaluate the various forms of foreign issued identification documents and should decide whether to accept those documents based on the types of accounts opened by the bank, the various methods of opening accounts, the other types of identifying information available, and the bank’s size, location, and customer base. We strongly urge Treasury to leave the rule unchanged.

Just heard from a reliable source that 4000 comments have been received - 200 from the financial services industry and 3800(!) from special interest groups supporting the changes. UGH
Has everybody commented? Deadline is July 31!

The ABA is also asking that you copy your comments to:

Your regulator
Chairman Sensenbrenner - sensebrenner@mail.house.gov
Chairman Oxley - http://oxley.house.gov/contact.asp
Attorney General Ashcroft - AskDOJ@usdoj.gov
ABA, John Byrne - AskDOJ@usdoj.gov">AskDOJ@usdoj.gov
ABA, John Byrne -

Who are the special interest groups and are they commenting on the recordkeeping portion? I would be interested to know exactly who wants us to photocopy ID documents.

Andy,

The correct e-mail for Congressman Sensenbrenner is sensenbrenner@mail.house.gov. I just forwarded my comment letter to all on your list. Thanks.

We sent our comment letter today. Just thought I would put it out here in case anyone needs more ideas of what to include in their letter.

I am writing this letter in response to the Treasury’s “Notice of Inquiry” relating to the final regulations issued under Section 326 of the USA PATRIOT Act, which seeks comments on requiring financial institutions to photocopy identification used to verify customer identity.

Recordkeeping Requirements

We believe the retention of photocopies of identification documents relied upon to verify customer identity should remain at the Bank’s discretion. Imposing such a requirement would be burdensome for many financial institutions that do not have the ability to invest significant technology dollars to implement an efficient, electronic document storage system. The costs associated with maintaining a physical filing and storage system to ensure identification documents were retained for the required 5-year retention period would be a daunting task in and of itself. Financial institutions should be given the flexibility to make a risk-based decision as to whether photocopies of identification documents are necessary to validate their conclusions regarding customer identification.

In our opinion, the costs of retaining photocopies of identification documents outweighs the benefits that would be realized by having such information available. It is not certain that an actual “copy” of identification documents provides more valuable information than a “description” of the document used to verify a customer’s identity. We would argue that the majority of these documents would never be looked at again once the original identity verification procedures have been performed. Requiring financial institutions to maintain copies of such identification documents does not ensure a sound customer identification program. It is the procedures and efforts of bank personnel to “know the customer” that provide the true value in this process.

It is also relevant to point out that maintaining photocopies of original documents does not always provide useful information if the copies are not legible. For example, photocopies of driver’s licenses are often difficult to read and numerous states are adding additional security features that further render the copies illegible. In addition, if the documents provided were fake, as is the case in identity theft or fraud schemes, there would be no value in maintaining photocopies of the documents. Financial institutions would be keeping thousands of copies of identification documents that may not be useful or provide any relevant information in the event they would be requested by law enforcement for an investigation.

Requiring financial institutions to keep a photocopy of identification documents is not cost justifiable and does not provide substantially more value to law enforcement in achieving the underlying objectives of the USA PATRIOT Act, which is the prevention and detection of money laundering and terrorist financing activities.

Thank you for the opportunity to comment on this issue.

Has anyone heard any news on this issue yet?

The only rumor I heard was that this wouldn't be reviewed this year.

So, did anything become of this? What is the current state of affairs?

This is a long thread to re-read. Do you have to copy IDs, no, can you, in many cases yes, but some states prohibit it. Will examiners criticize you for it as a fair lending violation, they shouldn't based on comments from the agencies at the ABA conference a year ago, but who knows. They still have a disconnect in several areas but I haven't heard of issues recently.