I have been posed with a record retention question regarding documentation that both a CIP and OFAC was completed on. These are internal procedures that our operations department have set up themselves and is above and beyond what I can find the regulation actually stating. Is there any guideline as to how long we need to keep such extra documentation?
Under our CIP Policy, a credit card may be accepted as a second form of ID. The new account reps have been making a photocopy of the credit card for the customer file, which is later scanned for retention. Is there a specific prohibition on obtaining a photocopy of an applicant's credit card and retaining the copy for CIP purposes? Could this be a privacy issue?
What is the CIP record retention period for mortgage loans that we sell and no longer service? Do we maintain the records five years after we sell the loan?
At our bank we have to do screen prints of when we do OFAC checks. How long do you advise that we hold these copies for?
What is the record retention for OFAC?
If a customer manipulates his SSN/TIN in an effort to hide a record on ChexSystems, does a SAR need to be filed? Would it matter if the SSN/TIN was corrected and the account kept?
OTHER SECURITY RESPONSIBILITIES
We've never had a match on OFAC or FinCen. We've had close ones but never an exact match. What is the record retention requirement for those reports that we've printed and reviewed to check the possible matches?
I work for a convience store which is registered as a MSB. Our banker told us we would need to write a policies and procedures. Could you help with a sample or example. Or would you know where I might find one? We currently cash checks and sell money orders.
One of the FACT Act's new requirements is that creditors dispose of information obtained in a credit report in a timely fashion.