VIA E-MAIL TO firstname.lastname@example.org
September 6, 2002
Board of Governors of the
Federal Reserve System
20th Street and Constitution Ave., NW
Washington DC 20551
Attention: Docket No. R-1127
Office of the Comptroller of the Currency|
250 E Street, SW.
Public Information Room
Mail Stop 1-5
Washington, DC 20219
Attention: Docket No. 02-11
Re: Office of the Comptroller of the Currency and Federal Reserve Board, Customer Identification Programs for Banks, Savings Associations, and Credit Unions, 12 CFR Parts 21, 208, and 211; RIN 1506-AA31
Re: Securities and Exchange Commission and FinCEN; Customer Identification Programs for Broker-Dealers and Mutual Funds; File Nos. S7-25-02, S7-26-02; RINs 1506-AA32, AA33.
Ladies and Gentlemen:
ABN AMRO North America, Inc. ("AANA") appreciates the opportunity to comment on the proposed rules issued by the Department of the Treasury's Financial Crimes Enforcement Network ("FinCEN"), the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, the National Credit Union Administration, and the Securities and Exchange Commission (collectively, "Proposed Rules"), addressing customer identification programs ("CIPs"), as authorized by Section 326 of the USA PATRIOT Act ("Act").
AANA is an indirect subsidiary of ABN AMRO Bank N.V. ("Bank"), which is headquartered in Amsterdam, the Netherlands. The Bank has over $519 billion in assets, approximately 111,000 employees and a network of approximately 3,500 offices in over 60 countries. The Bank maintains several branches, agencies, and offices in the United States.
AANA is a financial holding company headquartered in Chicago, Illinois. AANA owns LaSalle Bank National Association, located in Chicago, Illinois, and Standard Federal Bank National Association, located in Troy, Michigan. These banks maintain over 400 offices in Illinois, Michigan, and Indiana. ABN AMRO Financial Services, Inc., is a wholly owned financial subsidiary of LaSalle Bank National Association. ABN AMRO Mortgage Group, Inc., is subsidiary of Standard Federal Bank National Association.
AANA strongly supports the coordinated global effort, as strengthened by the Act, to combat money laundering and to curtail the financing of terrorist activities.
AANA submits the following comments and requests for clarification regarding the Proposed Rules:
While the Proposed Rules state that they are risk-based, they should be consistent with other proposed rules recently issued to implement different sections of the Act, and should more predominately focus on a risk-based approach, permitting each financial institution to use discretion in making risk assessments based on the factors listed in each of the Proposed Rules. Risk assessment should be the cornerstone in determining CIP identification, verification and record retention procedures. Institutions vary considerably in size, customer base, location, and to a certain extent, products and services offered. Minimum verification and record retention requirements are not practical or economically feasible across an institution's entire customer base. For example, using a risk-based approach, verification procedures for a mass retail banking customer base would be different than procedures for a commercial customer base, which would be different from a private banking customer base.
In order to achieve the goal of deterring and preventing terrorism and money laundering, by the most efficient and reasonable use of resources available, each institution should be able and required to create a CIP that permits it to form a reasonable belief that it knows the identity of each of its customers. AANA encourages the Treasury and the federal functional regulators to issue rules that require institutions to use risk-based Bank Secrecy Act and Anti-Money Laundering programs, but only suggest, rather than require, use of the minimum listed requirements. This will permit institutions to conduct minimum, necessary identification procedures on low risk customers, while focusing more extensive efforts on identifying new and higher risk customers. However, if the Treasury issues final rules with mandatory minimum identification requirements, the rule definitions should be clearer and narrower and certain elements of the requirements should be further defined, as outlined below.
Definition of Customer
Limit the Definition
The definition of customer in the banking Proposed Rule is "a person seeking to open a new account." As currently drafted, the definition is vague as to who is a customer and as to when the identification requirements are triggered. Considering that this definition is taken directly from the Act, the banking Proposed Rule should narrowly define "seeking to open a new account" as a person who actually opens a new account. The definition should not include persons inquiring about or applying for a new account, if the account is not opened. This approach would exclude situations in which a person subsequently withdraws an application or the institution denies an application. The Proposed Rule's record retention requirements appear to support AANA's recommendation as that section refers to retaining records for an account (five years) after the account is closed. Also, account is defined as a "formal banking or business relationship established to provide ongoing services, dealings, or other financial transactions."
It also does not make economic sense, uphold privacy considerations, or further the Act's goals, to obtain and store identifying information on every person who considers but does not actually open an account, obtain a loan, or use banking services. (Of course, under the Suspicious Activity Reporting Rules, if the institution suspects that a person has attempted to commit a federal crime against or through the institution, it must file a SAR and maintain supporting documents.)
AANA recommends that the banking Proposed Rule define customer only as a person who establishes an account.
The definition should exclude existing customers. It does not make economic sense, or further the Act's goals, to require an institution to go through the exercise and expense of re-identifying under CIP requirements, the thousands or potentially millions of customers who have had long term or otherwise established relationships with an institution, and who open a new account or are added as a signer to another account.
Business Account Signers
The definition of customer in the Proposed Rules should exclude business account signers. The business is the institution's customer and the institution should identify and verify, to the extent reasonable and practicable, the registration of the business. Inclusion of commercial signers is unduly burdensome and cost prohibitive. It is also not feasible for all businesses, especially larger businesses with tens or hundreds of account signers that change over time. The same logic applies to trust and banking relationships with public corporations and other governmental entities.
Specifically regarding the broker-dealer Proposed Rule, customer is defined as "any person who is granted authority to effect transactions with respect to an account with a broker-dealer." In contrast, NASD Rule 3110(c)(1)(D) requires broker-dealers to simply maintain the names of any persons authorized to transact on behalf of the business. Accordingly, AANA seeks clarification in the broker-dealer Proposed Rule that identifying information is not required for authorized traders on business accounts.
Wholesale Mortgage Customers
The definition, as written, is extremely troublesome for institutions that engage in wholesale mortgage lending. It is unclear at what point a mortgage loan applicant becomes a customer of the wholesale lending institution. Mortgage brokers typically submit prospective borrower applications to multiple wholesale lending institutions. It is unknown at the time of application with the broker which institution will become the lender for the transaction. At times, for a variety of reasons, the loan may never be funded by any institution. (However, the institution is already required to maintain certain documents under Federal Reserve Regulation C, Home Mortgage Disclosure Act). It is unclear to what extent a wholesale lender can rely on the brokers with whom it does business to identify and verify loan applicants. It is also unclear as to whether a wholesale lender is required to contact a customer for certain information after the loan is closed and funded, if a broker does not accurately complete the identification and verification steps.
Dealer to Dealer Transactions
The Proposed Rules do not address bank and brokerage firm dealer to dealer transactions. Dealer to dealer transactions occur using facilities like the Depository Trust Company ("DTC"). Banks and brokerage counterparties that are members of DTC effect settlement of securities transactions through book entry. These transactions may occur Delivery Versus Payment, in which the movement of cash and securities is simultaneous and electronic. The counterparty from which
the security is purchased (for example, 3,000 shares of a corporate bond purchased by a bank from a brokerage firm) does not fit and should not fall within the definition of customer. An account is not maintained at either institution, but an account is maintained by both institutions at the depository to which they both belong. Inclusion of dealer to dealer transactions would be overly burdensome, impractical and outside the scope and intent of Section 326 of the Act. We request clarification in the final rules that these types of transactions are excepted from coverage.
It would be extremely burdensome to require an institution to verify the identifying information on tens or potentially hundreds of authorized signers on business accounts. Moreover, the account signers may be constantly changing. The focus of the Proposed Rules should be reasonably and practicably designed to know the identity of the customer, the business.
Partnership and Trust Agreements
AANA strongly recommends against requiring or suggesting that institutions retain copies of customer trust and partnership agreements. Financial institutions do not want to be deemed to have knowledge of the terms of those agreements, thus permitting disputes within the business customer itself or between the customer and a third party to potentially result in lawsuits against the institutions. Moreover, there is no way for the institution to obtain objective verification, such as through a third party, that the trust or partnership agreement is authentic, complete, or the most current version.
Partial Face-to-Face Account Opening
The Proposed Rules contemplate individuals seeking to open accounts in-person and in non-face-to-face, or non-documentary verification situations (for example, via telephone or the Internet). Commonly, not all account applicants are present at account opening. We request clarification that account applicants not present at the account opening may be treated under the institution's non-documentary verification methods. Subjecting account applicants not present at the account opening to any other verification methods would be impractical and burdensome, to both institutions and the applicants.
AANA opposes any mandatory requirement to maintain, for each customer, a copy of the document used by the institution as part of the identification verification process. The costs of making and retaining copies of millions of documents would be extremely burdensome with probably minimal return. A risk-based approach would be in line with the Act's goals and should be applied. Furthermore, the Act only requires retention of identifying information, and not copies of identification documents. We urge the federal functional regulators to withdraw the requirement to retain identification copies for all customers and allow institutions to assess in which circumstances this would be reasonable and practical. This approach would comply with the Act and provide institutions the ability to control costs.
To comply with the Proposed Rules, institutions will need to purchase high quality copiers as ordinary paper copies lose quality over extended periods, ink runs and the paper may adhere to other file documents. From a practical standpoint, large, multi-branch institutions would have no other choice but to retain these copies in an electronic form. Institutions would also be required to purchase high quality scanners for all branches. A regulatory requirement to retain these copies for all customers is not within the scope of a risk-based approach to customer identification and verification. Again, the set-up and maintenance costs of this equipment would be unduly burdensome.
The Act's goal of retaining identifying information can be met by alternative means. For example, institutions could record the identification information on the account application form or signature card.
We also urge the federal functional regulators to reduce the record retention period from five years to two years. A two-year period would be consistent with other record keeping requirements, such as Federal Reserve Regulations B (Equal Credit Opportunity Act), E (Electronic Fund Transfers Act) and Z (Truth in Lending Act). The current proposal is excessive and would force institutions to significantly expand storage capacity, resulting in additional costs.
While the Proposed Rules point out that retention of copies of driver's licenses, state ID cards, and passports will not violate Regulation B, the industry has been trained for many years not to include copies of these documents in loan files. In addition, several states currently prohibit the copying of driver's licenses. The heightened attention towards privacy suggests that customers are likely to be extremely sensitive to the copying of these documents. If this provision is included in the final rules, we urge the federal functional regulators to issue a clear statement that retention of these documents does not violate Regulation B.
Although the government believes that this proposal will reduce fraud and ID theft, the theft of sensitive customer financial information, which could include the ID photocopies, could potentially result in more ID theft. On April 25, 2002, the OCC issued Alert 2002-4 regarding Identity Theft and Embezzlement in Connection with Outside Parties. The OCC Alert warned that organized gangs are aggressively recruiting bank tellers, sometimes using coercion and threats of bodily harm, to steal from and defraud financial institutions. In light of this OCC Alert and the incidences of identity theft and fraud against financial institutions that are described in FinCEN's SAR Activity Reviews, AANA suggests that the Treasury and the federal functional regulators consider the potential extent to which maintaining photocopies and other identifying documentation of customers on record will strengthen both the desire and ability of organized gangs to defraud institutions and steal customer identifications documents.
Government-Issued Terrorist Lists
AANA anticipates that, as with OFAC compliance, it will need to use automated systems to compare new customer names with government-issued terrorist lists. Typically an account must be opened before an automated search on a customer name can occur. Therefore, the Proposed Rules should not require financial institutions to search government lists until an account is established or banking services are received. Further, such lists should be provided to the financial institutions in a single electronic format.
The requirement to provide all customers with notice of the institution's need to inspect identification documents seems excessive. However the flexibility provided in the Proposed Rules is very practical. We urge the federal functional regulators to provide model language and revise the Proposed Rules to provide that in situations where an application involves more than one applicant, notification to one satisfies the requirements of the notice section. We also urge clarification on the notice requirement in cases where applications are taken by non-affiliated third parties.
The Act mandates an effective date of October 25, 2002. We understand and agree with the government's concern for urgency and immediate action to prevent money laundering and terrorism. However, given the Proposed Rules' extensive requirements for the CIPs, full compliance by financial institutions by October 25th would be impractical and potentially impossible. Compliance is further complicated because, from AANA's perspective, a number of terms and requirements need to be clarified. We recommend that Treasury and federal functional regulators extend the effective date to establish a CIP to 90 days from publication of the final rules. Mandatory compliance with the full requirements of the final rules should take effect one year after the final rules are published.
The Proposed Rules provide that the bank's board of directors or committee, or a broker-dealer's or mutual fund's board, managing partners, trustees, or other governing body must approve the CIP. The Proposed Rules also state that the CIP contain procedures for obtaining and verifying customer identification. Submitting detailed procedures for customer identification to the board of directors for approval is unnecessary. From time to time, such procedures may change which would necessitate obtaining board approval on a regular basis for day-to-day activity. Further, Section 326 of the Act did not contain a provision for institutions to obtain board approval of customer identification and verification procedures. We suggest that board oversight of the institution's customer identification and verification process can be achieved at the policy making level, not the procedural level as contemplated by the Proposed Rules.
To fulfill the Act goals, the CIP requirements must apply to money transmitters.
Consumer Privacy v Proposed Rule 326
AANA strongly supports the goals of the Act and actions that will detect, identify, and prevent money laundering and terrorism. Prior to the tragic events of September 11, 2001, consumer privacy was the one of the overriding government concerns, as evidenced by the passing of the Gramm-Leach-Bliley Act and the implementing regulation, Federal Reserve Regulation P. AANA seeks a statement from Treasury and federal functional regulators on the effect of the Proposed Rules on customer privacy, as it did with comments regarding the impact on Federal Reserve Regulation B implementing the Equal Credit Opportunity Act.
Federal Reserve Regulation B
AANA requests clarification that the requirement in the Proposed Rules to resolve discrepancies in ID, particularly as applied to situations involving name changes resulting from marriage or divorce, is not inconsistent with Regulation B.
Again, AANA appreciates the opportunity to comment on the proposed rule. We hope that these comments will contribute to the goals set forth in the Bank Secrecy Act, as well as the USA PATRIOT Act.
Willie J. Miller, Jr.