September 6, 2002
Jonathan G. Katz
Re: Proposed Rule Requiring Customer Identification Programs for Mutual Funds; File No. S7-26-02
Dear Mr. Katz:
ChoicePoint Inc. ("ChoicePoint"), an information company located in Alpharetta, Georgia, appreciates the opportunity to comment on proposed rule 31 CFR Part 130.131, which would require investment companies to implement customer identification programs ("CIPs"). The proposed rule is required by Section 326 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 ("USA PATRIOT Act"). Because the proposed rule was jointly issued by the U.S. Securities and Exchange Commission ("SEC") and the U.S. Department of Treasury, we are also sending a copy of this letter to the Financial Crimes Enforcement Network ("FinCEN") division of the U.S. Department of Treasury.
We share the goals of the SEC, Department of Treasury and the entire federal government in finding effective, efficient ways to combat money laundering and the financing of terrorism. We agree that the proposed rule will play an important part of this effort. Ascertaining and verifying the true identity of investors is a critical component of any program designed to prevent persons from laundering money or using accounts at financial institutions to obtain securities and other investments that help finance terrorist and other illicit activities. ChoicePoint supports the proposed rule. In support of the proposed rule, we have a few recommendations that would strengthen the ability of financial institutions to verify, validate, and confirm the identities of their customers.
In summary, we recommend that:
ChoicePoint is a leading information company with a long history of developing products and services for federal and state government agencies to locate individuals, businesses, and assets and to authenticate individuals' identities. In addition to our government clients, we serve the pre-employment background screening needs of Fortune 1000 companies and the investigative needs of our nation's financial institutions large and small.
Rule 130.131(d) - Document Verification
Paragraph (d) of the proposed rule requires an investment company to establish procedures to verify the identity of customers based on the information about the customer obtained pursuant to the requirements in paragraph (c). As currently proposed, it would be acceptable for an investment company to simply verify customers' identities through documents, including "an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard."
One of the tragic lessons coming out of the September 11 terrorist attacks was how inadequate and unsecure government-issued identification cards can be as a sole means of identification and verification. In fact, since September 11, we have learned that some of the terrorists were in possession of state-issued identification documents without having the proper qualifications of such possession. In other words, it unfortunately seems remarkably easy for those with ill intent to obtain current government identification cards.
As currently proposed, the rule requires an investment company to check other sources of information to verify the identity of the customer only when an individual is unable to present an identification document or presents "unfamiliar documents." Unfortunately, this requirement, based on our business experience, will likely not significantly advance the goal of preventing persons engaging in money laundering or terrorist activities from investing in mutual funds and other financial products to fund their criminal activities. We therefore believe that, in the interests of enhanced public safety and security, it would be prudent for the rule to require an investment company to use information not supplied by the customer to verify the identity of the customer. Specifically, paragraph (d) should be revised to require the CIPs of investment companies to obtain information about customers, regardless of the nature of the documentation provided by the customer, from other sources not affiliated or otherwise related to the customer, including third party, private sector sources of that data.
Public and private sources of information about persons are readily available and can be accessed to verify the identity of customers. The information industry has made significant advances in the area of customer authentication in recent years. For example, the national credit bureaus and ChoicePoint have established web sites that give consumers access to very sensitive information about themselves including their credit reports, insurance underwriting information, and public records. We have developed processes by which the individual can be authenticated completely on-line with a high degree of confidence. For example, we can authenticate an individual simply by asking a series of questions derived from the individuals' public record and credit history and then scoring their responses to grant access.
Private sector sources have long been a key source of validation and verification of customers worldwide, including some of the highest profile agencies in the United States government. This type of solution is available to financial services for their CIP regime.
A non-documentation verification requirement would not be onerous or costly to the investment company. For example, batch processes are available to financial institutions to ensure that they are not inquiring on, and therefore doing business with, individuals who are on the Office of Foreign Asset Controls ("OFAC") Specially Designated Nationals lists. This process can be transparent to the investment company and will be very cost effective.
Rule 130.131(e) - Government Anti-Terrorist Lists
Paragraph (e) of the proposed rule references various lists that will be provided to the investment company by any Federal government agency and that need to be used in determining whether a customer is a known or suspected terrorist. We believe this language is unnecessarily confusing as it makes it seem that each financial institution must obtain its own list directly from the government agency and process its own list internally. A process such as this would be costly and inefficient for investment companies.
As described above, private sector solutions bring different advantages to financial institutions that can provide this service as effectively and for less than the institution could do for itself. We suggest that paragraph (e) of the rule be revised to reflect the ability of third-party private sector companies to provide this service for new and existing customers.
Thank you for the opportunity to share our concerns and comments regarding the proposed customer identification program rule implementing certain provisions of the USA PATRIOT Act. We support the intent of the Act and the proposed rule. In the ways described above, we believe that the proposed rule can be improved by recognizing the potentially important role of the private sector to provide authentication products and services.
cc: Department of Treasury (FinCEN Division)