VIA E-MAIL TO email@example.com
The Schwab Building
101 Montgomery Street
San Francisco, CA 94104
September 6, 2002
Via E-Mail to "firstname.lastname@example.org"
Financial Crimes Enforcement Network
Section 326 Broker-Dealer Rule Comments
P.O. Box 39
Vienna, VA 22183-1618
Via E-Mail to "email@example.com"
Securities and Exchange Commission
450 Fifth Street, N.W.
Washington, D.C. 20549-0609
Re: Proposed Rule to Implement Patriot Act Section 326
Customer Identification Program for Broker-Dealers
SEC File No. S7-25-02
Dear Sir or Madam:
The Charles Schwab Corporation ("Schwab") appreciates the opportunity to comment on the proposed rule issued jointly by the Department of the Treasury and the Securities and Exchange Commission under Section 326 of the USA PATRIOT Act (the "Patriot Act"). Schwab is a financial holding company, as defined in the Gramm-Leach-Bliley Act, serving broker-dealer clients through its Charles Schwab & Co., Inc. ("CS & Co."), Schwab Capital Markets L.P. and CyberTrader, Inc. subsidiaries, and bank clients through U.S. Trust Corporation and its depository subsidiaries. Because Schwab currently has approximately eight million active customer accounts and opens hundreds of thousands of new accounts each year, the proposed rule is of significant importance to us and our customers.
Schwab strongly supports the goals of the Patriot Act and is committed to having a rigorous anti-money laundering program in place, including policies and procedures for identifying and verifying our customers. To this end, we support the proposed rule as generally providing firms with a reasonable and risk-based framework for establishing customer identification programs and meeting their Patriot Act obligations. In particular, we are pleased that the rule endorses the use of non-documentary methods for verifying customers. We have been using non-documentary verification methods, such as database checks, for a number of years, and believe they represent the most effective means by which firms can efficiently process large numbers of account openings and accommodate the many customers who prefer the convenience of opening accounts by mail or through electronic channels.
We do, however, have a number of comments and recommendations on certain aspects of the proposed rule, including the treatment of intermediary and shared accounts, the need to verify authorized transactors, and the ability of affiliated companies to rely on each other's verification of common customers. We also have some suggestions for clarifying certain provisions of the rule and harmonizing it with the rule proposals for other types of financial institutions. In addition, we concur with the comments and recommendations made by both the SIA and the Financial Services Roundtable.
A. Intermediary Accounts
We agree with the SIA that the same risk-based approach to intermediary relationships found in the proposed rules for mutual funds and futures commission merchants should be extended to broker-dealers. CS & Co., like all broker-dealers, maintains accounts for various types of intermediaries acting on behalf of third parties, such as other broker-dealers, banks, mutual funds, pension funds, retirement plans, and investment advisory firms. Most such intermediaries are regulated entities and many are themselves subject to the Patriot Act or similar anti-money laundering laws. Assuming we have conducted the appropriate risk-based assessment of the intermediary and verified its identity, we believe we should be permitted to treat the intermediary as our customer and should not have to look through it to identify or verify its clients.
We recognize, of course, that we do have Patriot Act obligations with respect to intermediary accounts. Indeed, we fully support Treasury's requirement, articulated in the mutual fund and futures industry context, that we must assess the risks associated with different types of intermediaries based upon an evaluation of relevant factors. In addition, we would appropriately monitor activity in such accounts and respond to any red flags that may arise in the course of the relationship. Similarly, as discussed below, in cases where we actually carry accounts on our books for the intermediary's clients, our comments go solely to the customer identification and verification process. Just as with other customer accounts carried on our books, we would subject the introduced accounts to appropriate monitoring for suspicious transactions and to any applicable risk-based due diligence requirements.
In appropriate cases, we believe it would be reasonable for a broker-dealer that carries accounts on its books for an intermediary's clients to rely, in whole or in part, on the intermediary to identify and verify the clients. Perhaps the most compelling case involves accounts maintained for participants in qualified retirement plans and other types of employer-sponsored plans. In providing brokerage services to sponsors of qualified retirement plans, our client is the plan. However, we often carry individual accounts or subaccounts for each plan participant. Similarly, in providing stock option and stock purchase plan services to publicly traded companies, while our client relationship is with the employer, we normally carry accounts in the name of each employee and receive certain identifying information about the employee from the employer.1 In both cases, the accounts are funded primarily from payroll withholdings or withdrawals or from employer contributions, which significantly minimizes the risk that such accounts are being used by participants for money laundering or other illegal purposes. Under these circumstances, and given the substantial burden that participant verification would entail,2 we think it is appropriate that the plan sponsor, and not the individual participants, be considered our customer for purposes of Section 326.3 In both cases, of course, we would conduct appropriate due diligence on the plan sponsor and verify its identity as required by the proposed rule.
In addition, as stated above, CS & Co. maintains accounts for clients of independent registered investment advisors, many of whom are introduced to us by the advisor. In most cases, the advisor has the primary relationship with the customer, collects all necessary information for opening the account, including customer identification information, and submits the completed and signed account application on the client's behalf. CS & Co. then subjects the accounts to various database verification checks. Subject to our conducting appropriate due diligence on the advisor, we believe the proposed rule should be flexible enough to allow us to rely on the advisor to obtain the relevant identification information about the client and submit it to us, and to rely on representations from the advisor that it has conducted due diligence on its clients (for example, to meet suitability obligations) as part of our verification process. In other words, we believe we should be able to take such representations into consideration in determining whether we have a reasonable basis for believing that we know the client's true identity.
B. Verification of Authorized Transactors
The proposed rule defines "customer" to include any person who is granted authority to effect transactions with respect to an account maintained with a broker-dealer. As a result, broker-dealers will be required to obtain personal identifying information from, and verify the identity of, any person authorized to give trading, investment, deposit or withdrawal instructions on an account. We believe this requirement is overly broad when applied to various types of accounts.
First, participants in qualified retirement plans and other employer-sponsored plans often have the authority to direct how the funds in their accounts are invested. Under a literal reading of the customer definition, this authority could require us to verify each such participant's identity. Again, given the minimal risks of money laundering and the significant burden of verifying all plan participants, we believe that such participants should not be considered persons with authority to effect transactions for purposes of the proposed rule.
Second, CS & Co. maintains accounts for customers who are clients of independent registered investment advisors. In order for their advisors to manage their portfolios, these customers give the advisors power of attorney to effect transactions in their accounts. For compliance purposes, CS & Co. conducts due diligence on the advisory firm and collects certain information about the employees who are authorized to act on its behalf. However, it does not currently ask for all of the information the proposed rule would require, nor does it verify the employees' identities. Especially given that investment advisors and investment advisor representatives are regulated either by the Commission or the states, we believe it should sufficient for us to conduct due diligence on the advisory firm without having to also verify the identities of the advisory firm's employees.
Finally, we agree with the SIA that it normally should not be necessary to obtain personal information from and verify the identities of personnel who act on behalf of certain types of entities, such as corporations, financial services companies, retirement plans, mutual funds, and other pooled investment companies. In all such cases, we obtain the names of the authorized persons from a trusted source at the entity. Requiring us to also obtain personal information, such home addresses and social security numbers, and verify the individuals' identities would be burdensome for us and the entities and intrusive for the individuals. In most cases, the concerns underlying the Patriot Act's customer verification provisions can adequately be addressed by verifying the identity of the entity.
We concur with other commenters who have recommended a risk-based approach to determining when it is appropriate or necessary to verify the identities of individuals who can act on behalf of an entity. Under this approach, whether a broker-dealer needs to verify the identities of authorized transactors would turn on its risk-based assessment of a variety of factors, such as the type of entity, its location, its reputation, whether it is regulated, the type of business it engages in, and the type of account and services the broker-dealer will be providing. This approach eliminates the overbreadth and burden of the proposed rule's blanket approach, while still providing assurance that appropriate verification will be performed where the risks of money laundering or other illegal activity require it.
On a related note, we urge Treasury and the Commission to accept the ICI's recommendation that mutual funds not be required to verify the identities of broker-dealer personnel who are authorized to effect transactions in the broker-dealer's omnibus accounts. CS & Co. maintains omnibus accounts, as well as broker-controlled subaccounts, with hundreds of mutual funds on behalf of its customers who buy and sell shares of such funds. On all such accounts, CS & Co. is the shareholder of record, and numerous of its employees are authorized to provide instructions to the funds with respect to the accounts. If the mutual fund customer identification rule is adopted as proposed, our employees will be required to provide hundreds of funds with personal information about themselves. This is unnecessary since mutual funds should be able to rely on the fact that we have already screened and identified our employees as required by Commission and self-regulatory organization rules.
C. Shared Accounts
The proposed rule allows clearing and introducing brokers that share a common customer to allocate between themselves the responsibility for verifying the customer's identity. We agree with the SIA that the rule should be expanded to allow allocation in other shared account situations, such as prime brokerage arrangements. Just as with clearing arrangements, allowing the prime and executing brokers to allocate responsibility for verifying the common customer would avoid unnecessary duplication of effort while still providing adequate assurance that customer verification obligations will be met.
We also believe it would be appropriate to allow allocation of customer verification responsibilities where firms share a relationship with the same customer under a wrap or managed account program. In general, these programs are normally sponsored by a broker-dealer that custodies the customer's assets and provides execution services. Other financial services companies, most often registered investment advisors and banks, participate in the program by providing investment management services to the customer. In most cases, the investment managers do not custody assets or facilitate the movement of funds; they simply manage portions of the customer's portfolio. When more than one of the firms involved in the program is subject to Section 326, we believe it makes little sense to require each one to independently verify the customer's identity. Instead, for example, the firm with the closest relationship with the customer might assume this responsibility, with the other firms relying on a representation or certification that it has done so.4 The latter, of course, would be responsible for ensuring that their reliance was, and remained, reasonable.
D. Reliance on Affiliate's Verification of Common Customers
Under the proposed rule, a broker-dealer is not required to verify a customer if it has previously verified the customer's identity pursuant to procedures consistent with the rule and continues to reasonably believe that it knows the customer's true identity. We support this provision, but agree with the SIA that it should be extended to customers whose identities have previously been verified by an affiliate of the broker-dealer pursuant to procedures consistent with the rule. Schwab, like many companies, has affiliates that separately provide banking, brokerage, and other related financial services to its customers. In order to receive these different services, our customers may be required to open an account at more than one of our affiliates, and we strive to make this process as seamless and convenient as possible for them. It would be extremely burdensome on both Schwab and our customers, and would serve no real anti-money laundering purpose, if each affiliate were required to verify the same customer.5
E. Other Comments
1. Retention of documents used to verify identity
Paragraph (h)(1)(i) of the proposed rule requires broker-dealers to make and retain a copy of any document relied on to verify a customer's identity. We believe this requirement will be unduly burdensome and expensive in practice. For example, if a broker-dealer decides to use a driver's license to verify identity in all face-to-face account openings, the proposed rule would require it to make and retain a copy of the license. This is not only a burden on branch personnel, but the costs of transmitting the copy to operations offices, transferring it to an appropriate storage format, and thereafter retaining it for the life of the account plus five years would be substantial. We believe that firms should instead be allowed to make a record of the driver's license number (or the number of any other identification document relied upon) and retain a record of the number. In our view, this should be sufficient to meet the recordkeeping purposes of Section 326, and is consistent with Congress' intent that the prescribed verification procedures make use of information currently obtained by financial institutions and not be prohibitively expensive or impractical.6
In the event this change is not made, paragraph (h)(1)(i) should be slightly clarified. As drafted, it requires copies to "accurately depict" the type of document and any identification number it contains. The same provision in the proposed rule for banks requires copies to "clearly evidence" the type of document and identification number, while the proposed rule for mutual funds requires the retention of copies "evidencing" the type of document and identification number. While all three rules may have the same effect in practice, we believe they should be harmonized so there is no question that the requirement is the same for all three types of financial institutions.
2. Identification numbers for non-U.S. entities
Paragraph (c)(1)(iv)(B) of the proposed rule requires broker-dealers to obtain from all non-U.S. persons either a taxpayer identification number, passport number and country of issuance, an alien identification card number, or the number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard. We are not sure whether any of these types of identification numbers are applicable to non-U.S. entities, as opposed to non-U.S. individuals. We agree with the SIA that it would be extremely helpful to receive further clarification as to what types of identification numbers might be available for non-U.S. entities.
3. Verification in non face-to-face account openings
Paragraph (d)(2) of the proposed rule states that a broker-dealer must use non-documentary verification methods when it does not meet face-to-face with a customer who is a natural person. Again, we agree with the SIA's request for clarification that this is not intended to be a complete ban on using documents to help verify identity in such situations, that is, that a broker-dealer is not prohibited from using documentary methods in conjunction with non-documentary methods.
4. Costs of Compliance
Although we do not contest the benefits of the proposed rule, we agree with the SIA that the costs have been significantly understated. Although we have existing procedures in place for collecting and verifying customer information, the proposed rule will nevertheless require us to make significant and costly systems changes and substantially expand the scope of the persons covered by our procedures. Moreover, non-documentary verification methodologies will likely take more time to complete and cost more than is estimated, particularly in the case of non-U.S. persons.
* * * * *
We appreciate the opportunity to provide comments on the proposed rule, and hope that Treasury and the Commission will find them helpful in promulgating an effective final rule. We look forward to continuing to work with both Treasury and the Commission on this important component of the fight against money laundering and terrorist financing activities.
Very truly yours,
W. Hardy Callcott
SVP General Counsel
Charles Schwab & Co., Inc.
1 Stock option accounts are used by employees to exercise stock options granted to them by their employer. Stock purchase plan accounts are used by employees to purchase shares of their employer's stock, usually through automatic payroll withdrawals.
2 Larger plans may often have thousands, if not tens of thousands, of participants.
3 This would be consistent with the approach taken in the proposed mutual fund rule and, as noted therein, the legislative history of the Patriot Act.
4 These types of arrangements demonstrate that the ability to allocate responsibilities in shared relationships should cover all financial institutions subject to Section 326. For example, our U.S. Trust affiliate, which is subject to the proposed rule for banks, participates in wrap programs where it provides investment advisory services to customers of unaffiliated broker-dealers. Although U.S. Trust and the sponsoring broker-dealer are subject to separate rules, we believe they should still be able to allocate their respective Section 326 obligations between them.
5 This is a different issue than the amount of due diligence that might need to be performed by an affiliate. For example, if a brokerage customer opens a higher-risk account at an affiliate of the broker-dealer, that affiliate may need to obtain additional information about the customer to satisfy its due diligence requirements. However, it should not have to reverify the customer's identity.
6 See H.R. Rep. 107-25, pt. 1, at 63 (2001). It is our understanding that most financial institutions that currently rely on driver's licenses to verify a customer's identity do not make and retain a copy of the license, but instead record and retain the license number.