September 6, 2002
Office of the Comptroller of the Currency
Re: Joint Notice of Proposed Rulemaking for USA PATRIOT ACT Section 326 Customer
As a leader in the financial services industry, Wachovia Corporation1 ("Wachovia") welcomes the opportunity to join with the United States Department of the Treasury and other federal regulatory agencies (collectively, "the agencies") and with the financial industry in reaching the goals set by Congress in the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001.
We applaud and are committed to these efforts to prevent and detect terrorist financing, money laundering, and other illegal activity.
Wachovia is working with a number of peer institutions and trade and professional associations2 to develop effective USA PATRIOT Act approaches. Also, we have participated in the development of some trade association comments upon this proposed regulation.
Wachovia particularly appreciates the risk-based approach that the agencies have used to ensure that the USA PATRIOT Act's security goals are achieved, while also meeting the Act's "reasonable" and "practical" standards.
However, like many in the financial industry, Wachovia is greatly concerned about the mandatory compliance date of the final regulation. To design and implement effective Customer Identification Programs ("CIPs"), institutions must:
Therefore, we recommend a mandatory compliance date that is at least one year, and if possible, two years from the date that the final regulation is published.
Wachovia believes that the agencies have considerably underestimated the burden of compliance costs and efforts required to implement robust CIPs for identification, verification, record retention, and customer notification. For example: (1) Large companies like Wachovia may need to train as many as 40,000 account-opening customer contact staff in diverse areas -financial centers, call centers, mortgage offices, brokerage units and others- in addition to their support staff in verification and other departments. (2) If the requirement to retain copies of identification documents is retained in the final regulation, Wachovia may need to enhance the capabilities of its current document scanning/retention system to handle the additional volume.
Also, the industry faces significant technology challenges, and the bigger a financial institution is, the more technology-dependent it is. Among those challenges are:
Besides urging at least one-year lead-time for implementation, Wachovia -- like most of the industry -- is especially concerned about:
Wachovia thinks that several other areas of the proposed Bank Rule regulation warrant revision and/or clarification, as do the related regulations proposed for the securities and commodities industries.
Our comments on specific sections of the proposed rules are detailed below.
Wachovia supports the decision to define the term "account" in the Bank Rules as a "formal" banking or business relationship established to provide "ongoing" services, dealings or other financial transactions. As defined by Treasury in the preamble to the Bank Rules, it is not intended to apply to infrequent transactions such as an occasional purchase of a money order or wire transfer.
In the other proposed rules, however, the term "Account" does not reflect the inclusion of "formal relationships" or "ongoing services". This could cause some persons to infer that one-time transactions may be included in the definition used in the other rules.
We join our peers and industry groups in urging Treasury to apply the definition of the Bank Rules' to all proposed customer identification rules. Identification requirements of one-off transactions would not further the CIP objectives of this section of the Act.
The definition of "Customer" also varies in each of the proposed rules. The term in the Broker Dealer, Future Commission Merchants and Introducing Brokers, and Mutual Funds rules addresses any person who opens a new account with a covered institution, and includes any person who is granted authority to effect transactions with respect to an account. On the other hand, the Bank Rules defines the term to address any person "seeking" to open a new account, and includes any signatory on an account (either at account opening or added subsequently).
Wachovia recommends Treasury define the term "Customer" to apply only to persons that actually open accounts (e.g. in the lending arena this will include funded lines and loans, and will not include those that are just approved). We also urge Treasury to reconsider the definition's inclusion of "signatories" -all individuals with authority to sign for or act on behalf of a business, pension plan, trust fund, and others.
Many corporations and other businesses have numerous authorized signers who have no influence upon business policies or strategies -- they may be merely paying business bills or handling internal accounting. Thus, they pose very low or no money laundering/terrorist financing risk. Procuring and retaining identification information from these signatories will be complicated, particularly if they are in multiple locations. Also, the majority of these entities have legal lives spanning a significant amount of time, and therefore some corporate accounts may include hundreds of authorized signers during their life span.
We submit that identification, verification, and record retention for long periods of time on such entities' signatories would do little, if anything, to enhance the Act's anti money laundering and terrorist financing objectives.
These same issues also arise when transacting with US correspondent banks and other financial institutions. One example where this is evident is on the receipt of SWIFT and tested messages coming unsigned - but clearly originating with an authorized party- from correspondent banks.
For personal accounts, authorized signers are added for many reasons -for example, individuals add close family members or trusted friends, for assistance in case of illness. Financial institutions should be able to rely on the representations of the account owner in such circumstances.
Similarly, another type of "signatory" who should be eliminated from coverage as a "customer" is a person with power of attorney ("POA"): Since the account owner has authorized such a person to conduct business on his or her behalf, banks should be able to rely upon that authorization and appropriate POA documents, without incurring the documentation, verification and record retention burden.
Wachovia also requests clarification from Treasury that beneficiaries or trust escrow accounts and participants in retirement plans are not "Customers" for purpose of the final rules. In many of these situations, the industry will be unable to engage their CIPs with respect to the beneficiaries and plan participants. Adequate due diligence on the entity establishing the trust, escrow account or retirement plan will better address the objectives of the rule.
Wachovia understands the rules as requiring financial institutions to maintain records of (a) the identifying information provided by the customer at the time of account opening and any subsequent additions; (b) the methods used to verify a customer's identification; (c) a copy of any document relied upon to verify identity, (d) results of any additional measures undertaken to verify identity and (e) the resolution of any discrepancy regarding the procured information. The retention period is five years after the date that an account is closed.
Like others in the industry, and as expressed in trade association comment letters, Wachovia is greatly concerned about the requirement to keep copies of documents used to verify identity.
Also, Wachovia requests clarification or assistance on several other issues.
Wachovia requests Treasury to clarify:
Wachovia requests guidance as to Treasury's requirement to document searches and other non-documentary steps taken, especially when searches do not produce negative information. A considerable part of the industry relies on third-party service providers to conduct due diligence on procured identification. Requiring the retention of the actual (physical) documents procured from public databases (e.g. internet websites) and/or third parties (e.g. consumer reporting agencies) would represent a major burden on personnel, budget, procedures, and technology while limiting the advancement of the goal of the Act.
Wachovia suggests that Treasury clarify that the records retention requirements apply only to the information included in the institution's system(s) of record. For example, most in the industry allow customers to open certain types of accounts via the Internet. To accomplish this, a front-end web interface, which is generally presented in the form of an online account application, allows the industry to capture much information, including identification data used for verification purposes. It is standard practice that this information is transferred, in many cases automatically, to a "system of record" where it resides throughout the life of the account.
Many in the industry enjoy a relationship with third parties where the latter act on behalf of the institution. One example where this is evident is the financial institution providing a credit card product that is actually underwritten and serviced by another. We urge Treasury to clarify that the verification and recordkeeping responsibility lies with the third party acting on behalf of the financial institution.
Wachovia appreciates Treasury's recognition of the federal and state fair lending law implications of collection and retention of identification data containing such things as race, ethnicity, and gender. However, the language in the proposal preamble (bottom right column, p. 48294, Federal Register/Vol.67, No.141/Tuesday, July23, 2002) was not sufficient, we believe, to resolve industry confusion on this subject. Therefore, we request further discussion/clarification of Equal Credit Opportunity Act/Regulation B and Fair Housing Act implications by Treasury and/or the Board of Governors of the Federal Reserve.
Also, we are concerned about responsibility for record retention when loan accounts are opened through third parties. Details follow in the Identification and Verification Requirements section below.
Finally, on many loans, notaries public perform documentary ID verification at loan closing. Typically this is in addition to non-documentary verification that has occurred during the loan qualifying/underwriting process. Wachovia believes such verification by a notary should be sufficient to negate the need for copies of the ID documents.
3. IDENTIFICATION AND VERIFICATION REQUIREMENTS
Financial institutions frequently obtain loan accounts through third parties such as mortgage brokers or automobile dealers. While non-documentary ID verification can be used for many customers (for example via credit bureaus, for U.S. citizens and others with credit histories), verification for other persons through documentary methods presents special difficulties. Wachovia requests guidance on the third parties' and the lender's responsibility for obtaining customer identification and performing verification for such accounts. And, if documentary methods must be used to verify ID, as noted above in "2. Recordkeeping," we are concerned about our ability to obtain copies from the third parties; we wish clarification on their and the lender's responsibilities in this area.
Wachovia wishes to bring to Treasury's attention the commercial lending arena. Commercial portfolios typically include credit lines and loans that are periodically renewed or modified. Some of these may go through an "auto-renewal" process, where an account is run through a decision engine that uses custom behavioral models. The proposed requirement to obtain verification for existing customers opening new accounts if previous due diligence was not done in accordance with Section 326 would significantly impede the efficiency of bank processes and have an adverse impact on renewal customers, to whom the money has already been lent and who are paying as agreed. We respectfully request that banks be allowed to rely on previous due diligence and risk management procedures for loan renewals and modifications.
Wachovia urges Treasury to reconsider the proposed requirements for verification of identifying information for existing customers opening new accounts. The proposed rules will present an undue burden to the industry and to an already established and known customer.
Wachovia supports the decision that the Mutual Fund Rules list certain documents suitable for verification as follows: "For example, documentary verification could include obtaining a driver's license or passport from a natural person or articles of incorporation from a company."
The other proposed rules, however, list the suitable documents for persons that are not individuals as "suitable documents would be ones showing the existence of the entity, `such as' registered articles of incorporation, a government-issued business license, a partnership agreement, or a trust instrument."
We urge Treasury to broaden the reference to the list of suitable documents in the Mutual Fund Rules to all other proposed customer identification rules. This will allow inclusion of other types of documents (e.g. certificate of trust, legal opinion), which may also verify the existence of the entity.
4. CUSTOMER NOTICE
We request that Treasury clarify that where joint accountholders are concerned, this rule will follow the precedents previously set by Federal Reserve Regulations B and Z, where one notice suffices for all.
Treasury notes in its preamble (left column, p. 48295, Federal Register/Vol. 67, No. 141/Tuesday, July 23, 2002) that banks may satisfy the notice requirements by general notification, via lobby notices or any other form of written or oral notice. Wachovia recommends that Treasury provide model language for the customer notice. Doing so will ensure a higher degree of compliance by the industry.
As noted above, financial institutions frequently obtain loan accounts through third parties such as mortgage brokers or automobile dealers. Related to the guidance requested above on responsibility for customer identification, verification, and record retention, we also request guidance on responsibility for customer notice in such transactions.
We believe that successful implementation can be achieved by taking into account the strategic points outlined above as well as in the trade and professional association response. We appreciate the opportunity to comment on this Proposal. Should you wish to discuss any elements of this letter further, please call me at (704) 383-5559.
William B. Langley
cc: via electronic mail
cc: via fax at 202-395-3888