CIP - photo copy

According to an email from BankersOnline from 9.23, the ABA said that John Bryne "learned that the final version of the rules will not be released until the October deadline given by the PATRIOT Act. That means they will not take effect October 26th. At this time, it is not known how long financial institutions will be given to comply after the final rules are published." So why the mad rush now? Should'nt we wait until the final rules are announced?

I've heard both sides and the question is, does the law take effect whether or not a regulation is in place? Part two is, if there is no regulation in place, is there a tangible risk for noncompliance?

The uncertainty is rather scary for those of us who really hate waiting until the last minute. I created a CIP and trained our compliance officers on the PROPOSED program. They have taken this to their banks and are testing it. We find something to improve just about every day. They have such interesting situations that I need to ensure are covered. We have always tried to implement a little early so that we can 1) work out the bugs and 2) get everyone used to doing something different before it counts. Our banks don't like being written up for anything and seem to appreciate the chance to "play" before it is final. It will be much easier to adjust it later now that they are used to doing it now.

Gee Andy, wish I had the answers to those two questions, don't you? It's driving me crazy .....implement..don't implement.....that is the question!

I'm not worried about the regulators and compliance examination risk so much. They would be in a tough spot if they tried to examine us for something that they hadn't issued yet.

What's gnawing at me is the legal aspect. What if we get a subpoena at some point, requesting something that we should have done under the Patriot Act, but we didn't do because we didn't have the final rule yet? This is, after all, a law enforcement regulation.

I agree, but I don't recall that the act required the photocopying of documents. Most banks already require customers to provide them with a DL and record the number and perhaps year of expiration.

If you really read the requirements, there aren't a lot of NEW things - the new things are pains in the A, and perhaps require us to document our procedures better, but if they remove the DL component, change the recordkeeping timeframes and change the definition of an account, 3 big things but possible, our procedures get tightened, but not substantially changed.

So, I will still be able to provide law enforcement with the info they requested.

I agree with Michelle that the law is not nearly as defined as the proposal. I really feel that there is risk, but very minimal. It is almost not on the radar screen. I don't see law enforcement asking us for records. The biggest risk is that of checking all government lists. And when was the last time you had a valid hit? Rare.

I used to work with alot of reasonable examiners. The problem is their unreasonable superiors in the Regional Office. Many of these people have been out of the banking "real world" for a long time, and don't realize how these changes are received, by banking staff and by customers. I think I have my deposit personnel prepared for Oct 25th, but the lending department is another story. Particularly commerical lending. I have enough trouble getting the commercial loan officers to completely fill out an application!

Oops! I must have been away too long. That last anonymous was me.

How about this "new thing"? We open accounts for clients of an organization that performs debt counseling and debt consolidation. The clients live all over the U.S. The organization provides us with the client's information, such as TIN, DOB, name, address, etc., and the organization is contractually liable to us to ensure that they have verified the identity of these clients.
My feeling is that their contractual obligation to us does not alleviate our responsibility under the § 326 requirements, and that we should insist on copies of ID along with the other required information and do our own verifications. Right now we only perform Chex verifications, and have discovered fraud in the past. However, there are some concerns that if we ask for additional information, we may risk losing a profitable relationship. Do you think a clause in a contract relieves us of our Patriot Act responsibility? I do not – I feel that WE are opening the account, WE are establishing the relationship, and so WE are responsible.
What would you all do if confronted with this kind of situation?
Leslie

I agree. It is you who is ultimately responsible. Now, the guidelines you establish should be risk based and you decide what does and does not have to be in the file, within the allowable confines of 326.

If there was a penalty assessed after an exam, it wouldn't go to the other company. This is one of those "when you point your finger, there are 3 more pointed back at you" scenarios.

Leslie: Non face-to-face situations lend themselves to nondocumentary verification. You can collect basic information and enter it into an automated solution. The proposed regs specifically talk about using other methods for customers that are not physically present.

There are no actual requirements in the section 326 of the statute itself. There are minimum requirements for the regulations, but the section doesn't require that financial institutions do anything. The statute requires the Secretary of the Treasury to "prescribe regulations setting forth the minimum standards..." [Section 326(a)(1)(1)]

Until there is a final rule published and effective, there can be no violation of regulation. I don't see how we can violate the statute either, since it doesnt require us to do anything. IMHO, making changes to existing procedures is premature. I think planning for changes is a good idea, however.

AS to effective date, the statute literally says "Final regulations prescribed under this section shall take effect before the one-year period beginning on the date of enactment of the International Money Laundering Abatement and Financial Anti-Terrorism Act of 2001." [Section 326(a)(6)] Literally, the Treasury can (and probably must) make the final rule effective October 25, the last day before the expiration of the 1-year period from date of enactment.

However, "effective" is not necessarily "mandatory compliance." Treasury can delay the date we must comply with the new rules. The regulatory agencies delay mandatory compliance with rules all the time. Certainly, many of us included requirests for delays in the effective date of the rules. I think the indication is that there will be some delay.