Identity Authentication Program Increases Profitability
Does your business handle in-store credit applications? Are you verifying the identifications of...
The Bank Secrecy Act or BSA requires a written Customer Identification Program (CIP) for client identification verification. Banks particularly must have a CIP that is appropriate for their size and the types of transactions they engage in. The CIP must be approved by the banks board of directors and its implementation, including customer identification verification is not only a matter of compliance but necessary for protecion from risk to the banks reputation.
The CIP must at least allow the bank to form a reasonable belief that it is satisfied of the true identity of the customer. The CIP must include procedures for opening an account including specific identifying information that the customer must present. It must also include a risk based procedure that is both reasonable and practical for customer identification verification. By conducting a risk assessment their products and customer base they can determine risks associated with:
An account, according to the BSA, is any account that creates a formal banking relationship. This includes deposit accounts, transactional or asset accounts, credit accounts or any other extension of credit as well as the relationship associated with a safe deposit box, cash management, and custodial or trust services.
For Banks an account does not include check cashing, funds transfers or the sale of a check or money order. Nor is the CIP required for accounts acquired from another banking institution through merger, asset purchases, acquisition or an assumption of liabilities. Also, identification verification is not necessary for an account opened to participate in an employee benefit plan opened under ERISA.
The CIP applies not only to accounts but to customers or a "customer:" A customer is a person or entity including an individual, a corporation, LLC an estate or a trust or any other entity recognized as a legal person who opens an account. A person does not include a person whose loan is denied or does not otherwise receive banking services. It is interesting to note that a customer does not include an existing customer so long as the bank is reasonably certain they know the identity of the customer.
The information required for identification verification, at a minimum must include:
Depending on the level of risk involved (based on its risk assessment) banks may require additional information above and beyond the minimum listed.
The bank must verify the identity of its customer within a reasonable time of opening the account. Identification verification must at a minimum verify the identifying information stated above. There are two methods for identification verification namely: Document Verification and Non Documentary Verification.
Each bank must have procedures and policies in place setting forth the minimum acceptable documentation. The primary documentary verification evidence is a government issued ID that is valid at the time of opening the account. The identification must prove the customer's nationality or residence and have a photograph. Typically we are talking about a driver's license, state ID or passport.
Because there are over 1000 different designs and formats of U.S. State IDs and Driver Licenses, and passports from over 150 countries in the world, electronic verification of these documents is essential to prevent fraud and mistakes. It makes better sense and is a best practice to NOT RELY ON EMPLOYEES to make judgment calls as to the validity of a particular piece of identification. Identity scanners are the best course particularly one that has an updated (and up-datable) data base to draw upon for identification verification.
Nevertheless, given the extent of fraud and identity theft banks are well placed to seek more than one document in order to from a reasonable belief that they know the identity of their customer.
For a person that is not individual, banks must obtain documents that show the legal existence of the entity. This includes corporations, LLCs, trusts and partnerships. The necessary documents include articles of incorporation, articles of organization, a partnership agreement or trust instrument.
Although banks are not required to use non documentary methods to verify a customer's identity if they do they must document the procedure for non-documentary verification in the same manner as they do for documentary verification as part of their CIP. Non-documentary methods include:
There are some situations in which non-documentary verification is the only way to be reasonably certain the bank knows the identity of its customer. These include:
For customers that are not an individual the bank must obtain documentary or non-documentary identification verification on those individuals that will have signing authority (*or other control) over the account.
A Bank CIP has to have written record keeping procedures which, at a minimum retain the identifying information for a period of five years. Again, this is an instance in which electronic identification verification is essential for record retention because it easily and digitally stores the information either on site or off site for access later when reporting.
Records required to be kept include:
There is also a requirement for comparing the identification verification information with government lists including anti-terror lists. Adequate customer notice must be given to the customer that the information will be used for that purpose. The language provided is probably familiar to most:
IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT — To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.
Nothing in the Rule relieves banks of their obligations under the BSA. However, they are allowed to contract with third parties for:
These third party relationships can be very important to banks that conduct a substantial amount of identification verification. Using technology to verify authenticity of documentary evidence and using third parties to store and maintain the documentary evidence is a cost effective way to comply with the BSA CIP requirements.
Young people who are under the drinking age have long looked to fake IDs to get around the law....