Customer Identification Program
Under Section 326 of the Patriot Act, banks must have a customer identification program or CIP. Although CIP guidelines went into effect in May 2003, banks had until October 1, 2003 to implement their own programs. Many banks already had ID verification procedures in place but they didn't require as many identifiers as the Patriot Act now requires. This gave banks time to modify their existing identification programs.
Banks must use several documents to verify customers' identification. Identification information includes the customer's name, date of birth, address and ID number. For U.S. citizens, the identification number is their taxpayer ID number, which is their Social Security number. For non-citizens, it is the number of a government issued document such as a passport, alien identification number or other government issued document with a photo and a number and country of issuance. Businesses may use their employer identification number (EIN) as their identifier for the business. CIPs vary from bank to bank, but banks may also require a driver's license or other form of photo identification for individuals or articles of incorporation, government issued business license, partnership agreement or trust instrument for businesses.
The Financial Crimes Enforcement Network gives several examples of who qualifies as a customer. Someone who applies for a loan that is denied is not considered a customer, because he did not receive any banking services. When a person with power-of-attorney opens an account for a competent person, the competent person whose name is on the account is still considered the customer. If a person does not have the capacity to act for himself, then the individual holding power-of-attorney is the customer. Someone who has an existing account at the bank, but then opens a new account, is not subject to the CIP rules. A person who has an existing account with an affiliate bank is subject to the rules.
Record Keeping Requirements
Banks are required to keep a record of the identification documents used for verification. Originally, when the Patriot Act was signed in October 2001, the legislation required banks to keep photocopies of the documents. That rule was changed with the final CIP rules in May 2003, and now banks are required to keep only a written record of the documents used to verify identification. Banks must record the name of the document, date it was issued and expiration date in their records. Banks must keep the information for five years after the account is closed. In the case of credit cards, banks should keep the information for five years after the account is closed or becomes dormant. Banks also must keep a record identifying an agent for any legal issues related to a foreign bank account with a corresponding account in the United States. This helps facilitate the government's ability to seize any illegal funds.
Banks also have to determine whether a person opening a new account appears on a list of known or suspected terrorists or terrorist groups. The Office of Foreign Assets Control provides a list known as "314A," which includes people suspected of terrorism or money laundering. The Patriot Act does not outline specific guidelines, besides checking the list, to determine if a person is involved in any terrorism, but it still holds banks responsible. Because of this, banks may ask about other accounts linked to a person, the nature of a person's business, employer information, income information, tax status, source of funds and a person's investment objective. If a bank suspects a person of suspicious activity, it is not allowed to tell the customer that she triggered an investigation.