Franklin-based Benjamin Franklin Savings Bank is the among the banks that have found compliance with the USA Patriot Act’s rules easier than some expected.
Two months after the Oct. 1 deadline for banks to comply with the rules of the USA Patriot Act, Bay State banks are reporting that all systems are go and no major technological or customer service issues have occurred.
The biggest hurdle – complying with Section 326: the Customer Identification Program – has proved to be less stressful than anticipated, according to one banking analyst.
Jim Values, an identity fraud expert with LexisNexis’ Risk Management Division and a former Federal Bureau of Investigation agent with more than 27 years of experience fighting white-collar crime and international money laundering, said banks are easing their way into the new program, which requires that all financial institutions verify the identities of individuals opening new accounts.
“[Banks] had pretty good notice that this was coming, so they had time to prepare. Banks need a written policy on the Customer Identification Program and most all [banks] have been going through this process and getting things approved by the [bank] board,” said Values.
“The second challenge was to provide notice to their customers,” he added. “Banks used a variety of means including verbal, signs in branches, postings on Web sites, messages in monthly statements and trained their own employees as to what the new process would be. The bigger challenge is that [banks] now have to be able to document the identity of the customer and file it for five years.”
Section 326 of the act, which specifically governs account-opening identification verification procedures, was amended and reissued by the U.S. Department of the Treasury on April 30 and required all institutions to comply by Oct. 1.
Each bank is required to implement a written Customer Identification Program appropriate for its size and type of business that includes risk-based procedures for verifying the identity of each customer, making and maintaining records of information obtained, determining whether customers appear on any lists of known or suspected terrorists or terrorist organizations and providing bank customers with adequate notice, before opening accounts, that information will be requested to verify their identities.
Michael Piemonte, vice president of risk management and compliance at Franklin-based Benjamin Franklin Savings Bank, said the Treasury Department’s amended plan is very “pro-bank” and allows banks more flexibility to design the CIP relevant to the bank needs.
“The plan is very risk-based and more flexible. We implanted the Customer Identification Program and submitted our program to the board, to comply with regulations and current bank procedures,” said Piemonte. “All in all, we’ve implemented all sides, and we will be audited against what we’ve set as policies and procedures.”
‘Significant Effect’
Piemonte said there are still some pending issues that the bank is waiting to work out, including the Treasury Department’s customer list that has yet to be distributed to banks. That list would have names of those involved in fraud or terrorist activities.
“The remaining open issue is the public lists [of customers] … if the Treasury Department keeps the list private between banks, the bank will have automated screening issues and manual issues that we will have to comply with,” said Piemonte. “I think the final regulations were very flexible and very adaptable for the bank. The test will be when the regulators come in and we have an outside audit firm to look at us.”
At some banks, a program similar to the CIP already had been instituted and those banks have combined their in-house policies with the Treasury Department’s requirements.
“We had been working with a ‘Know Your Customer’ policy, so we incorporated some of the new parts of the Customer Identification Program with what we currently have,” said Andrea White, senior vice president at Commonwealth National Bank in Worcester. “I think overall, banks have always been pretty good with identifying customers, and we’ve been on top of bank fraud for many years. It hasn’t been much of a change for us, as we’ve been identifying customers all along so we didn’t have to really implement any big changes.”
Some financial institutions, however, had a slightly more difficult time instituting CIP rules into their day-to-day business.
Credit unions, which offer services to consumers who most often work or live in a specific area covered by the credit union, had to adjust to a new set of rules that were uncommon among many credit unions.
“It took a long time to finalize these regulations, given the new ground that everyone has to contend with in the new world we’re operating in, and credit unions want to make sure they are complying, but also not wasting any [time and money] in terms of compliance initiatives,” said Robert Kimmett, senior vice president of public relations and marketing at the Massachusetts Credit Union League. “We’ve been working as a league with the national groups to make sure we have the most up-to-date information. There is a certain amount of relief in that we are getting to a point where we understand the requirements.”
Values maintains that the smaller banks will have a more difficult time transitioning the new requirements into bank practice, because bigger banks store files electronically and they have had “adequate time to get prepared.”
“The bigger challenge is for the smaller and mid-sized institutions who don’t have the sophisticated systems and they are now facing a storage and retrieval problem,” he said.
Values said that regardless of when or how banks implement the CIP rules and requirements into bank procedures, the real benefit will be with the customer.
“The significant effect of this will be the extra step to protect the consumer against identity fraud. All banks now have a process in place to identify who you say you are,” said Values. “This will be like anything else – there will be changes and adjustments needed to move forward, but it’s important to make sure [banks] have a program in place.”
