BREFFINI McGUIRE
Technology spending up
The October compliance deadline for the Customer Identification Program of the USA Patriot Act has banks engaged in new strategies for identifying old customers, and coping with the reality that new compliance initiatives may come with a hefty price tag.
Breffni McGuire, a senior analyst at Needham-based financial consulting firm TowerGroup, said bank spending on technology systems that keep such institutions in compliance with new regulations such as the USA Patriot Act has increased 15 percent since last year.
“Last year, technology spending for anti-money-laundering systems was around $62 million and that amount is going up at [a rate of] about 15 percent for this year. Most of the larger banks have either upgraded or contracted for new technology because of the USA Patriot Act and the effects of [the September 2001 terrorist attacks],” said McGuire. “There were enough new [amendments] in the Patriot Act that banks had to adjust their technology infrastructure. The Patriot Act changed the emphasis from strict compliance to proactive detection [of suspicious activity] … new technology really helped in [getting a better look at] customer and transaction activity.”
However, McGuire said that some banks are still waiting before making any changes or investments in an effort to “assess the severity of the proposed regulation” and identify what it will cost the bank.
“This is compliance and banks are feeling the expense – you’re not getting any new revenue out of this,” said McGuire.
Section 326 of the act, which specifically governs account-opening identification verification procedures, was amended and reissued by the U.S. Department of Treasury on April 30 and requires all institutions to comply by Oct. 1.
In a seminar hosted and sponsored by Lexis Nexis and the American Bankers Association, industry experts discussed the intricacies of the Customer Identification Program and offered banks advice in managing costs associated with additional technology needed for the CIP.
“[Banks] need to look to see what they already have in the existing procedures and incorporate the CIP into [bank] policy,” said Pamela J. Johnson, senior anti-money laundering coordinator at the Division of Banking Supervision and Regulation for the Board of Governors of the Federal Reserve System. “The CIP program has to be incorporated into the procedures and policies of the bank. Nothing in this rule dilutes or eliminates your existing responsibilities.”
John Byrne, senior counsel and compliance manager of regulatory and trust affairs for the ABA, said as the October compliance deadline approaches, banks should focus their efforts on educating their customers about the new regulations.
“Banks have to obtain information from customers to verify identification, must form a reasonable belief to prove the true form of the identity, maintain records of the information of the customer identification, and determine whether the customer appears on lists of known terrorists, which are not available yet,” said Byrne. “[Banks] have to know the nuances of all accounts and what the definition of a customer is – that helps to craft the customer identification program … and deal with opening up accounts and CIP for [bank customers].”
According to Richard Small, global anti-money laundering director of Citigroup, the CIP program will take the place of a bank’s “Get to Know Your Customer” program.
At Lowell-based Enterprise Bank & Trust, the $678 million institution projects the actual impact of complying with the CIP will be minimal because of the “Get to Know Your Customer” program currently in place when accounts are opened.
“We are currently in the process of developing the risk categories like improper or foreign identification and looking at alternative procedures to see what we have to do to adhere to retail and business clients,” said Michael Gallagher, director of Internal Audit and risk management officer at the bank. “Previously, we followed steps to make sure that customers were who they said they were, but we never really documented the process. The costs are training and coming up to speed … we are updating our disclosures, updating our Bank Secrecy Act procedures, and providing training for employees.”
‘Just Do It’
In a survey conducted by the ABA, the association found that regardless of the asset size, financial institutions are spending substantial funds on compliance largely for the salaries and benefits of the many people necessary to meet regulatory requirements.
“Costs for software, record keeping, communications, monitoring, consultants, lawyers – it all adds up,” said Peggy Wilson, director of corporate marketing communications for Minnesota-based Bankers Systems, about the survey results. “By far, ‘people costs’ are the most expensive. In spite of the banking industry’s reliance on automation, compliance is still largely based on people and human interaction.”
Asked which regulations were the most costly to implement, survey respondents said that the Bank Secrecy Act and anti-money laundering requirements were the most expensive, but must be funded adequately. Ath Power Consulting Corp. founder Frank Aloi said the CIP is directly associated with a bank’s Secrecy Act and anti-money laundering procedures, so 90 percent of the CIP program should already been in place.
“Institutions have until October to implement CIP, but a lot is already honed in with the existing bank plans. For corporate accounts it will be a new procedure, but the procedures are in place to a certain degree, and now they are simply more stringent on allowing leeway,” said Aloi. “This is not necessarily a major cost issue, but it is something [where] the compliance team goes back to and looks at what is going on now and how it is working. This is a good way to refocus the compliance team.”
Ath Power provides clients throughout New England, including Citizens Bank, Banknorth, Eastern Bank and Cambridge Savings Bank in Massachusetts, with market research, training and consulting services.
Glenna Hicks, senior vice president of Citizens Financial Group and director of the bank’s financial intelligence unit in Providence, R.I., said Citizens is on track with the Oct. 1 deadline and cost is not an issue to be concerned about.
“We’re feeling pretty good about compliance because we were 80 percent ready last year … we’ll be enhancing the new technology over time. That puts us ahead of the game in the long run,” said Hicks.
Aloi said it is the bank’s compliance officer’s job to make sure that the bank maintains compliancy with new regulations and legislation.
Each bank is required to implement a written Customer Identification Program appropriate for its size and type of business that includes risk-based procedures for verifying the identity of each customer, making and maintaining records of information obtained, determining whether customers appear on any lists of known or suspected terrorists or terrorist organizations, and providing bank customers with adequate notice, before opening accounts, that information will be requested to verify their identities.
Gallagher said Enterprise Bank sent employees to CIP training course in an effort to educate all areas of the bank on USA Patriot Act provisions and also formed a committee to address Patriot Act and CIP requirements.
“We found out that this doesn’t just affect the retail side of banking, and it turns out that the loans side is affected, as well,” said Gallagher. “We are developing procedures that will help to implement the program including customer notifications, bank requirements, disclosures and adding government tracking databases.”
Hicks said there is always a cost associated with new legislation requirements, but banks need to worry more about their customers and less about the costs associated with changing regulations.
“It’s hard to quantify the cost of new technology … it’s a requirement for us to continue to grow and we have a reasonable belief that we know our customers and we don’t have to run them through these hoops,” said Hicks. “Citizens obviously wants to remain compliant, so the money is not an issue – we need to get this done so let’s just do it.”
Melanie Nayer may be reached at mnayer@thewarrengroup.com.
