Financial institutions are wrestling with the stringent identification and verification standards of the USA PATRIOT Act. The need to screen customers and transactions against growing lists of known or suspected terrorists is straining recordkeeping and IT resources.
Under the law, banks are required to accurately verify the identity of foreign nationals, who often carry either non-standardized, easily-forged identification documents from other countries, or U.S.-issued documents that fail to indicate country of origin. In an October report to Congress, the Treasury noted several challenges involved with customer identification programs at financial institutions. (See banktech.com eNEWS article, "Treasury Passes Buck to INS, Homeland Security," 10/31/02.)
Banks are also required to retain copies of the identification documents received during account opening. "Maintaining a copy of a driver's license doesn't sound too bad unless you have over 15 million customers," said Don Temple, industry expert at Mantas, based in Fairfax, Va., and a former special agent with the IRS.
The provisions especially rankle community banks.
"They're concerned about losing that community bank feel, and intruding on their customers' privacy," said Mary Ritley, product marketing manager at Ceyoniq, Herndon, Va.
At a minimum, U.S. citizens will be asked to provide name, address, taxpayer ID and date of birth. Foreign nationals can substitute a passport number, alien identification card or other government-issued document in lieu of a taxpayer ID. Banks are not currently required to elicit the customer's occupation, although that information is requested when filing a suspicious activity report.
The verification process is complicated by the need to keep track of frequent changes in address and other personal information. "The banks, once they have the conflicting information, have to articulate and document how they verified the information," said Temple. "It's going to bog down the account opening process to some degree."
The proposed account opening regulations apply to commercial customers as well. Companies are required to provide names of signatories to their accounts, so that their banks can screen them against lists of known or suspected terrorists. A large company like General Motors might have thousands of people who can sign checks, said Larry Christensen, vice president of international trade content at Vastera, Dulles, Va. "Many of the banks wonder whether that's worth it."
It's also difficult for banks to know their customers' customers. Since financial institutions are prohibited from dealing with terrorists or terrorist organizations, they've begun to exert pressure on their corporate customers to perform enhanced due diligence.
"As one enforcement lawyer for a very large bank said to a corporate customer's lawyers, 'If you don't screen, we will,'" said Christensen. "Banks must have compliance programs in place to assure that, under the rules issued by OFAC Office of Foreign Assets Control, they in no way deal with a blacklisted party."
Once a bank determines that a corporate customer has sold products or services to a blacklisted entity, it's required by law to freeze any payment, said Christensen. "Then, the bank reports that transaction to the Treasury, including all of the parties to the transactions."
Although the bank itself wouldn't incur any penalties, it would be disconcerting to discover that a commercial customer has been issued a warrant for records involving a transaction with a blacklisted entity. In the worst case, violators can be barred from conducting international business.
Of an estimated 9,345 blacklisted parties (according to Vastera), only 927 are distinct terrorist organizations (793 of which were added following the terrorist attacks of September 11).
"The terrorists are only one relatively small category of the blacklist. There are also fronts to governments like Libya, Iraq, Iran and Cuba, and specially-designated narcotics traffickers," said Christensen.
Multiple lists of terrorists, prepared by the U.S. and other countries as well as the United Nations, need to be reconciled.
"Most of the differences are simply based on administrative challenges," said Christensen.
Still, scrupulous checking of the Office of Foreign Assets Control lists is helping to tip the scales in the war against terror. An OFAC alert led a joint investigative task force last year to serve a warrant on Infocom, an Internet service provider in Richardson, Texas. One of the owners of Infocom, it turned out, was the chairman of the Holy Land Foundation, an Islamic charity that's been identified as a front for the Hamas terrorist organization.
"The task force found documents indicating that computers and telecom equipment had been exported to an armed terrorist organization, and similar goods ready for export," said Christensen, who spent 11 years with the Department of Commerce.
On Sept. 6, 2001, the Department of Commerce's Office of Export Enforcement quickly denied export privileges to Infocom, which had shipped goods to Libya and Syria through a freight forwarder in Malta. Even after that, a small trade arbiter reported that one of the company's owners was still trying to flout the law.