Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:27 AM
Vivian Wagner
Vivian Wagner
Connect Directly

PATRIOT Act Customer ID Deadline Nears

Deadline pressures eased by flexibility incorporated into USA PATRIOT Act guidelines for financial institutions.

To comply with the USA PATRIOT Act, banks across the country will soon be required to develop and implement customer identification programs in an effort to thwart terrorists and money launderers.

By October 1 banks and other financial institutions must meet the customer ID requirements set by the Act. However, the requirements for these institutions are flexible, allowing each institution to develop a customer identification program tailored to its particular customer base.

"We give the banks a lot of flexibility for designing programs that work for their banks," said Daniel P. Stipano, deputy chief counsel with the Office of the Comptroller of the Currency in Washington, D.C.

Three Steps to Compliance

The customer identification requirements involve three key activities: identity verification, record keeping, and consulting and cross-checking lists of terrorists issued by the federal government.

Identity verification requires banks to obtain, for each customer, a name, address, date of birth, and ID number-such as a tax ID number, Social Security number or passport number. Banks must then verify this information, either through documents (if the customer meets with the bank face-to-face) or through such means as checking a credit report or a public database.

The second step, record keeping, requires banks to keep several types of records for new accounts, including identifying information; a description of any documents used for identity verification; and a record of any non-documentary verification. The retention period for these records varies according to the kind of accounts and records involved.

The third requirement is checking government lists for suspected terrorists. The regulation also requires banks to follow any directives that the government issues with these lists.

For the most part, according to the OCC's Stipano, banks already practice many of these steps and the regulation simply ensures that institutions are as thorough as possible in their security and identity verification procedures. "I think that to a large extent this memorializes what banks already do, and that by memorializing and giving legal affect to bank practices in this area ... we'll have a more level playing field," said Stipano. "We've established a baseline for all institutions, and they all operate on the same baseline. It makes it more difficult to use banks for illicit purposes."

Flexible Regulations

The requirements under this regulation are flexible for a reason, according to Stipano, as they allow for new technologies and the prevention of new threats, without having to rewrite the regulation. Under the regulation, banks have the freedom to design customer identification programs that meet their needs and take into account any new threats or new technologies.

"We wrote this regulation in such a flexible way that it won't need to be revised," stated Stipano. "But it's important that banks keep their customer identification programs up-to-date."

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.