Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:32 AM
Connect Directly

USA PATRIOT Act Compliance Requires Top-Down Approach, Regulators Say

Diversified global financial institutions such as Citigroup implement enterprise-wide policies to satisfy regulatory entities including the SEC, NASD, the Federal Reserve, and the OCC.

For a diversified global financial institution such as Citigroup, USA PATRIOT Act compliance means finding a way to implement an enterprise-wide policy that satisfies regulatory entities including the SEC, NASD, the Federal Reserve, and the OCC.

Regulators expect USA PATRIOT Act compliance to "come from the very top," according to Pamela J. Johnson, senior anti-money laundering coordinator, division of banking supervision and regulation for the Board of Governors of the Federal Reserve System.

The latest Treasury rulings mean that banks have to meet several common standards with regard to customer identification programs, while also addressing the specifics of the various businesses within banking. "I can put in one customer identification program at the top, and I can have different procedures to implement the program in different businesses and look at the nuances in the rules to make sure that I can cover specific things," said Richard Small, global anti-money laundering director of Citigroup. "For the most part, what we need to do is very similar."

But certain channels require new procedures to handle the gray areas. For example, consider a person who comes into a branch about once per week to cash checks, but does not have a checking or savings account with the bank. Going forward, banks may prove less willing to provide regular services without establishing a formal relationship. "At some point we're saying you either have to become a customer, or stop the business," said Small. "Why would this person not open an account, and am I comfortable doing this type of business without doing the due diligence I would do if I opened them an account?"

On the corporate side, Citigroup is making efforts to determine which types of entities require the most scrutiny. "We are actually looking at risk-ranking some 400 various types of businesses to get a better idea of how to look at risk scoring for the type of business," said Small.

However banks make judgment calls across their organizational footprints, it's evident that they will have to document both their actions and their decision-making processes. "That's what I like about this rule - it requires you to write everything down," said Johnson. "There has to be some paper trail."

Mr. Small and Ms. Johnson spoke at Web seminar hosted by LexisNexis.

This article originally appeared in Bank Systems & Technology eNEWS,a weekly e-mail newsletter. To order a free subscription, click

Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.