Do I Know You? The Broad Scope of Banking Identification Requirements
By: KAREN L. GRANDSTRAND & KARLA L. REYERSON
September 2006
Since the 2001 issuance of Executive Order 13224 and passage of the USA Patriot Act, regulatory agencies have raised the bar on financial institutions knowing their customers, service providers, and even employees.
CIP Requirements
The Patriot Act ’s Customer Identification Program (“CIP”) requirements apply to all financial institution customers that open new accounts. An “account” for CIP purposes includes any formal banking relationship with an individual or business, such as deposit accounts, all types of lending transactions (credit cards, home loans, indirect lending, etc.), safe deposit box leases, cash management services, and trust administration services.
For any of these relationships, the CIP regulations require that institutions provide a disclosure to the customer, obtain information about the customer, verify the customer’s identity, check that identity against OFAC’s list of Specially Designated Nationals (“SDNs”), and retain records of the process used. All of these procedures must be clearly set forth in the institution’s CIP process documentation.
The regulations are flexible enough to allow institutions to customize their CIP practices for different types of accounts. For example, if applicants for credit cards are allowed to apply online or by mail, institutions may provide the CIP disclosure on their website or in mailed information. Institutions may also create special procedures for indirect lending situations, such as putting the CIP disclosure on the application rather than relying on the third party to provide it.
The CIP regulations also expand the types of documentation that may be used to identify the customer. For example, credit reports and real estate appraisals may be used to determine whether an applicant has provided accurate information regarding the applicant’s identity.
Executive Order 13224 Applies Everywhere
Though perhaps less talked about than the USA Patriot Act, Executive Order 13224 contains important provisions with stiff penalties for noncompliance.
The Order prohibits a U.S. individual or entity from entering into a transaction or conducting business with anyone on the SDN list or from participating in a transaction involving an SDN’s property or interest in property. This includes cashing checks, providing ACH or wire transfer services, or providing any other service for listed parties. The corporate penalties for doing business with a listed person can be as high as $500,000.
Financial institutions need procedures in place for checking whether the government’s SDN list includes any person or entity with which they do business, turning away anyone they discover to be on the list, and reporting their findings and activities with SDNs as required. Institutions should be familiar with these requirements and document their response procedures.
In addition, institutions must check the identities of any internal parties with whom they interact. This means verifying the identities of employees, vendors, partners, service providers, and anyone else with whom the financial institution has a business relationship. Language may also be added to agreements and contracts wherein the other party affirms having no ties to terrorist organizations or illegal activities.
The SDN list changes frequently, which means that institutions periodically need to verify that they are not transacting business with a listed party. A party who was not on the list last month may be listed today, and those who were blocked in the past may now be off the list.
It is important to remember that Executive Order 13224 applies to all U.S. persons and entities, not just financial institutions. This means that everyone from the paper boy to the president of a major corporation needs to avoid doing business with anyone on the SDN list. Financial institutions should be aware that their front line position in the war against funding terrorism could mean they will be held to a high compliance standard.