Greenberg Traurig, LLP



GT Alert

USA PATRIOT Act - Long-Awaited Final Customer Identification Regulations That Apply to Banks, Broker Dealers, Trust Companies, Mutual Funds and Other Financial Institutions

May 2003
By Carl Fornaris, Greenberg Traurig, Miami Office

Click for information on Adobe Acrobat.  View or download the PDF version of this Alert here.

On April 30, 2003, the United States Department of the Treasury, the Financial Crimes Enforcement Network and seven other federal financial services regulatory agencies issued final regulations that require banks, savings associations, broker dealers, trust companies, credit unions, mutual funds, futures commission merchants and futures introducing brokers to adopt written customer identification programs (“CIPs”) that will require these institutions to: (1) verify the identity of any person seeking to open an account; (2) maintain records of the information used to verify identity; and (3) consult government known or suspected terrorist lists to determine whether the customer appears on any such list.

Carl A. Fornaris
"Legal and compliance departments of financial institutions nationwide should carefully review their CIPs to ensure that those CIPs, at a minimum, contain all of the requirements published in the final CIP regulations."

Financial institutions have until October 1, 2003 to come into compliance with these final regulations, which implement the CIP requirements of Section 326 of the landmark USA PATRIOT Act. Especially after October 1, all financial institutions should expect their federal banking agency examiners or self-regulatory organization examiners, as the case may be, to specifically request to see a copy of the institution’s AML program to examine compliance with the CIP final regulations. Legal and compliance departments of financial institutions nationwide should update their existing CIPs to ensure that those CIPs, at a minimum, contain all of the requirements published in the final CIP regulations.

Below is a summary outline of the final CIP regulations:

  1. Covered Customers
    1. Under the final regulations, identification must be verified for:
      1. individuals that are new customers of the institution;
      2. legal entities that are new customers of the institution;
      3. each person named on a joint account; and
      4. the deposit broker (not each subaccount) in the case of brokered deposits.
    2. Under the final regulations, financial institutions do not have to verify identity for:
      1. an existing customer;
      2. another financial institution regulated in the United States; or
      3. signatories on a corporate account.
  2. Covered Accounts
    1. The institution must verify identity for customers that want to open a new “account.” An “account” broadly means a “formal relationship” with a bank or broker dealer to conduct banking business or effect securities transactions, such as:
      1. a deposit account;
      2. a credit or loan account;
      3. a securities account;
      4. a cash management account; and
      5. a safety deposit box service.
    2. An “account” does not include services or products that lack a “formal relationship”:
      1. check-cashing;
      2. wire transfers;
      3. money order or certified check sales; and
      4. accounts acquired from a merger or acquisition.
  3. CIP – Minimum Requirements
    Each financial institution must implement a written CIP appropriate for its size and risk profile that is incorporated into the institution’s overall written anti-money laundering (“AML”) program.
    1. Identity Information Gathering
      Prior to opening a new account with a covered customer, the institution must obtain, at a minimum:
      1. name;
      2. date of birth;
      3. residential or work address for individuals, or physical location address for legal entities;
      4. a TIN for U.S. citizens or legal entities organized under state law;
      5. for lawful permanent residents or non-immigrants, a TIN, passport number and country of issuance, alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photo; and
      6. for non-U.S. legal entities with no TIN, a government-issued certificate of existence or good standing.
    2. Identity Verification Procedures
      1. Risk-Based Procedures
        Institutions opening a new account must be able to form a “reasonable belief” – an objective standard – that it knows the identity of each new customer. CIP identity verification procedures must be risk-based to take into account the institution’s size, customer base, location and the like. In other words, there is no “one size fits all” approach to achieving compliance, but examiners will specifically assess the efficacy of the institution’s CIP against its risk profile.
      2. Verify Identity Within “Reasonable Time”
        Institutions must verify identification “within a reasonable time after the account is opened.
      3. Documentary and Non-Documentary Verification
        The CIP must describe when an institution will use documents, documentary methods or both.
        1. Documentary verification must be described in CIP and may include:
          1. for individuals, an unexpired, photo-bearing, government-issued identification evidencing nationality or residence (e.g., driver license or passport); or
          2. for legal entities, certified articles of incorporation, certificate of good standing, business license, partnership agreement, or trust instrument.
        2. Non-documentary verification must be described in CIP and may include:
          1. contacting a customer after opening an account; or
          2. comparing customer identification information against credit reports, public databases such as real property records and financial statements.
      4. Enhanced Due Diligence for Corporate Customers
        The CIP must address situations where, based on risk assessment of a new corporate account (e.g., corporate account from FATF jurisdiction) whose identity cannot be verified through documentary or non-documentary methods, the institution will obtain information about “individuals” with “authority or control” over an account, including signatories, in order to verify customer’s identity. According to the final regulation, this verification procedure applies “only” where the institution cannot verify the customer’s true identity through documentary or non-documentary methods.
      5. Failure to Verify Identification.
        Where an institution cannot form a reasonable belief that it knows the true identity of the customer, CIP procedures “should” describe:
        • when the institution should not open the account;
        • the terms under which a customer can use an account while the institution continues to verify identity;
        • when the institution should close the account after identification efforts have failed; and
        • when the institution should file a SAR.
    3. Recordkeeping Obligations
      1. What Must Be Retained?
        • all identifying information obtained before opening the account (e.g., name, address, DOB, TIN);
        • a description of any document relied upon noting the type of document, any identification number contained in the document, place of issuance, date of issuance and expiration date;
        • a description of any non-documentary methods used;
        • a description of the resolution of any substantive discrepancies discovered when verifying the identifying information; and
        • descriptions of the foregoing are sufficient; photocopies of the source document do not need to be retained.
      2. How Long Must Records Be Retained?
        • all identifying information obtained before opening the account (e.g., name, address, DOB, TIN) must be retained five years after the date of account closure.
        • descriptions of documentary and non-documentary verification must be retained five years after the date the record is made.
        • Electronic record-keeping is permissible. For broker dealers, electronic records must be preserved in non-rewritable and non-erasable format. See SEC Release No. 34-47806 (May 7, 2003).
    4. Government List Comparison Requirement
      1. What Lists?
        After the account is opened and identification is verified, a financial institution’s CIP must include procedures for determining whether the customer’s name appears on any list of known or suspected terrorists or terrorist organizations issued by any federal government agency (e.g., OFAC, FBI lists).
        Institutions will receive separate guidance regarding the lists that must be consulted.
      2. When?
        The comparison must be made “within a reasonable period of time after the account is opened,” or earlier if required by applicable federal law.
    5. Customer Notice Requirement
      1. Financial institutions must notify their customers, before opening an account, either in writing or verbally, that the institution is requesting information to verify their identities.
      2. Notice may be furnished in writing or verbally.
      3. Notice may be posted in lobby, on Website, on an account application.
      4. Sample notice:
        “To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.”

Should you have any questions regarding this Alert, please do not hesitate to contact Carl Fornaris at 305-579-0626 or any of the individuals listed on the following page.


© 2003 Greenberg Traurig

Additional Information:

For more information, please review our Corporate & Securities Practice description, or feel free to contact one of our attorneys.

This GT ALERT is issued for general purposes only and is not intended to be construed or used as legal advice. Greenberg Traurig attorneys provide practical, result-oriented strategies and solutions tailored to meet our clients’ individual legal needs. The Firm’s responsive approach to client service often cuts across legal subject matter, applying the right experience and resources to provide cost-effective solutions.