Patriot Act compliance for Finance and Commercial Loan Organizations

Patriot Act compliance for Finance and Commercial Loan Organizations

Patriot Act Compliance Charles Klingman,, US Treasury Dept. Present proposed regulations for Finance and Commercial Loan Companies Debra Ponce de Leon, Bank of America Capital Provide an overview of how a bank leasing subsidiary has interpreted and implemented compliance Kim Cartwright, Experian Present compliance solutions

US Treasury Regulations On October 26, 2001, the President signed into law the USA PATRIOT Act Initial compliance required for banks, savings associations, and credit unions; securities brokers and dealers; mutual funds; futures commission merchants and introducing brokers; and credit unions. Finance and Loan companies are required to comply by Summer of 2005

Proposed Regulations US Treasury has discretion to prescribe minimum standards Regulatory Authority Section 326 will mirror the regulations for banks US Treasury is committed to a compliance based on a level playing field What is definition of a finance and loan company? Does a captive finance company fall under the regs?

Regulations 326 and 352 will apply to Finance and Loan companies Section 326 directs the Department of the Treasury and the federal functional regulators to jointly issue regulations requiring financial institutions to establish minimum procedures for the identification and verification of customers who open new accounts. Section 352 requires the development of internal policies, procedures, and controls; the designation of a compliance officer; an ongoing employee training program and an independent audit function to test programs This presentation will focus on Section 326

The Practitioner s Point of View Debra Ponce de Leon

Customer Disclosure The Act requires each financial institution to provide notices to their customers that the financial institution is requesting information to verify their identities. This notice must generally describe the identification requirements of Section 326 and must be delivered in a manner (written or verbal) reasonably designed to ensure that customers are able to view the notice, or are otherwise given notice, before opening an account.

Collecting Information As part of any CIP, financial institutions must collect, at a minimum, the following information from customers prior to opening an account: customer s legal name; customer s address; date of birth (for individuals and sole proprietors only); and taxpayer identification number or a social security number (for a U.S. person or entity, as applicable), or passport number (and country of issuance), taxpayer identification number, or number (and country of issuance) from any other government-issued document that shows nationality and includes a photograph or similar safeguard (for a non-u.s. person or entity

Verifying Identity: As part of any CIP, financial institutions must verify the identity of the customer. Verification can be accomplished using documents, non-documentary methods, or a combination of both, and must enable financial institutions to form a reasonable belief that it knows the true identity of the customer. The verification procedure must be based on each financial institution s assessment of the relevant risks, including those presented by the various types of accounts maintained by the financial institution, the various methods of opening accounts provided by the financial institution, the various types of identifying information available, and the financial institution s size, location, and customer base.

Checking terrorist lists: Financial institutions must determine whether a customer appears on any list of known or suspected terrorists or terrorist organizations issued by a Federal government agency and designated as such by Treasury and Federal regulators.

Maintaining records: Institutions must maintain a record of all information obtained under a CIP. At a minimum, this record must include the following: All identifying information obtained about a customer (i.e., name, DOB, address, and TIN or other ID number); A description of any document relied on in verifying the identity y of the customer, including the type of document, identification number contained in the document, the place of issuance and, if any, the e date of issuance and expiration date; A description of the methods and the results of any non-documentary or supplemental measures undertaken to verify the identity of the customer; and A description of the resolution of any substantive discrepancy discovered when verifying the information obtained. Information must be retained for the duration of the relationship, and for a period of (a) with respect to the information listed under bullet t 1 above, five (5) years after the account is closed, and (b) with respect to the information listed under bullets 2-42 4 above, five (5) years after the record is made.

Reliance on other financial institutions: The final rule also contains a provision that permits, under certain limited circumstances, a financial institution to rely on another regulated U.S. financial institution to perform any part of the financial institution s CIP. For example, in the securities industry it is common to have an introducing broker who has opened an account for a customer conduct securities trades on behalf of the customer through a clearing broker. Under this regulation, the introducing broker is required to identify and verify the identity of their customers and the clearing broker can rely on that information without having to conduct a second redundant verification, provided certain criteria are met.

Customer Information Program Solutions Kim Cartwright Experian Experian and the Experian marks herein are service marks or registered trademarks of Experian

Agenda Review of Patriot Act How vendor solutions can help Questions

U.S. Patriot Act Three provisions of Act affect financial institutions Found in Title III, the International Money Laundering Abatement and Anti-terrorist terrorist Financing Act of 2001 Section 314: Cooperative efforts to deter money laundering Section 326: Verification of identification Section 352: Anti-money money- laundering programs

Section 326 What is it? Who does it apply to? Requirement for financial institutions to establish a Customer Identification Program (CIP) Document the CIP Have CIP approved by board Banks, savings associations, credit unions Securities brokerdealers Investment companies Futures merchants Incorporate CIP into BSA program Insurance companies

Customer Identification Program Establish procedures to verify identity of persons seeking to open an account Determine whether person appears on any lists of known or suspected terrorists issued by federal government Maintain records of information used to verify a customer Use risk-based procedures for verification Develop procedures for determining when not to open an account or close an existing account as a result of inability to verify identity Verify name, address, taxpayer ID, date of birth at a minimum

Verification Documentary Unexpired government-issued identification Non-documentary Encouraged even when documentary verification is provided Contact customer after account is opened Check references with other financial institutions Negative verification Positive verification Logical verification

Non-documentary solutions - logical and positive verification Experian and the Experian marks herein are service marks or registered trademarks of Experian

Verification types Type Method Sources Negative Positive Check information provided for association with known incidents of fraudulent behavior Compare information provided with a trusted third party source Compare against known fraud or bad check databases Consumer reporting agency Logical Analyze logical consistency between information provided Commercial verification products

Positive and logical verification Validate customer data against known sources Verify all identifying information Name Features Address, SSN, EIN, phone, DL validity Address SSN/EIN Name/address verification to other input elements Date of birth Phone number Driver s license High risk address and phone OFAC screening Verification score

Data Elements Telephone data, area code files Credit header - includes SSN and DOB data Address data - standardization, residential, deliverable address, change of address Social Security Administration verification database OFAC SDN list Business data - address, phone Driver s license data High risk address, phone

Validating and verifying information Element Validation Verification Address Deliverable Standardized Residential or business Match to full name/surname Phone number Social security number Drivers license Area code/format Prefix to zip Cell phone or pager Format Issued - includes state and years of issuance Deceased Format correct for state Residential or business Match to full name/surname and/or address Match to full name/surname and/or address Based on full SSN or last four Match to full name/surname and/or address Date of birth Full DOB or year only Match to input Comparison to SSN (if provided)

Government list comparison Reasonable procedure to determine whether customer appears on any list of known or suspected terrorists or terrorist organizations Applies only to lists circulated by federal government OFAC specially designated nationals Bureau of Industry and Security s Denied Persons

Selecting a solution Factors to consider Data quality Functionality Where does solution apply Cost Applicability across organization Ease of implementation

Questions Experian and the Experian marks herein are service marks or registered trademarks of Experian