Bridger Insight
Interested? Call 1-877-922-5757 ChoicePoint
Section 326: A Course of Action

Part 1 - An Overview of CIP
Ramie Blakeman, former Legal & Compliance Director

Introduction
If you have had a chance to read through the final rule for Section 326 of the USA Patriot Act you will undoubtedly note that it is not as burdensome as it had been in the proposal stage. Financial institutions are now left with a requirement to develop a risk-based approach to a Customer Identification Program (CIP).

To assist you with understanding this, I have broken out the discussion of Section 326 into a series of short articles, the first focusing on an overview of a CIP. The second part will detail the core components within a CIP: customer identification, verification (both documentary and non-documentary), record keeping, customer notice, and data list screening (this is not OFAC screening) and what to look for in solutions or tools to assist you.

Who is affected?
In its conception Section 326 was very broad in regard to industries included and proposed guidelines/requirements. In final form, with an October 1, 2003 deadline, those immediately affected are:
  • Banks
  • Credit Unions
  • Futures Commission Merchants
  • Futures Introducing Merchants
  • Mutual Funds
  • Thrifts
  • Trusts
  • Securities Dealers
Regulators are finalizing their specific guidance, so please check with them on their requirements and the section’s application to your industry.

The focus: a risk-based CIP
The goal of what was finalized allows for taking many current Know Your Customer (KYC) and Due Diligence procedures already in place at most institutions and cross-applying them to Section 326. Start your review of Section 326 compliance by doing an inventory of what you’re currently doing for anti-fraud measures, and the tools used in that capacity. You may find that you can easily repackage these for your CIP practices.

Being able to cross-apply these measures leads to the crux of Section 326: develop your CIP based on risk. They are looking for scrutiny to be applied in varying levels depending upon the amount of risk involved in not knowing your customer’s identity at the opening of an account. In other words, how comfortable are you that you know who this customer is and are they who they say they are?

Key Terms
Unearthing meaning from this risk-based language lies partly within the definitions of the following key terms in the final rule:

Account
A formal relationship to provide or engage in services, dealings or other financial transactions:

Includes:

  • Cash management
  • Credit accounts and other extensions
  • Custodian services
  • Transaction or asset account,
  • Trust services

Excludes:

  • A product or service without a “formal” relationship, i.e. check cashing, wire transfer, sale of a money order
  • Acquired accounts via acquisition, merger, asset purchases, liability assumption
Customer
A person opening a new account and an individual who opens a new account for one who lacks legal capacity (i.e. a minor) or an entity that is not a legal person (i.e. a civic group)

Excludes:

  • A person with an existing account, provided you reasonable know their identity
  • Other domestic operated financial institutions, government agencies or publicly traded companies

Bank
Banks subject to federal regulations and their subsidiaries; state-regulated credit unions, private banks, trust companies; and US offices of foreign banks (not foreign branches of US banks)

Assessment
After relying on these definitions as a foundation to assess who and what must be covered in a risk-based CIP you should next look to a fundamental question: How risky are your products and services? In answering this, you should evaluate:

  • the size of your institution
  • locations of business
  • customer base
  • types of accounts
  • methods of account opening
  • types of identifying information available to you from the customer
You may find that using an interactive question and answer process with your products will assist you in crafting your CIP. One question based on the bullet list above would be: Can customers apply to open an account solely through the web? If yes, it is then feasible that you could have no idea who you are communicating with on the other end. So, how will you go about gathering their identity and then verifying it?

After this assessment, you are ready to move on to the second part in this series: learning what identifying information can be used, how to verify that identity, how to notify your customers of this new process and how long to retain your various records. This will develop the main body of your CIP, which you can then integrate into a larger anti-money laundering program. Remember, spelling it all out for your regulator in your policies and procedures is always better than being general.

Don’t forget that as your CIP will be a function of and addendum to your BSA policies, it will need approval from your Board of Directors.
Privacy At ChoicePoint
PrivacyTerms of UseSite Map
Home Solutions Industry Solutions Resources Company Client Services SolutionsFree TrialIdentity VerificationRegulatory ComplianceEnhanced Due Diligence ResourcesFaq'sFree Services CompanyAbout UsPress ReleasesClientsSuccess StoriesPartnershipsEmploymentContact Us