Money Laundering, Terrorism & Financial Institutions
Published by Civic Research Institute,

USA PATRIOT Act Monitor News Release: Bank Customer ID Program Final Rule
5/2/2003 4:25:01 PM Eastern Daylight Time

Customer Identification Program Final Rules Issued for Banks
Prior MLT coverage pars.1.2-4[8], 2.1-7, 2.2-5

A joint final rule, 31 CFR 103.121, issued by Treasury (through FinCEN), the OCC, the Federal Reserve, the FDIC, the OTS, and the National Credit Union Administration under section 326 of the USA PATRIOT Act, requires banks, savings institutions, credit unions, trust companies, and private banks to implement procedures to verify the identity of persons seeking to open accounts, verify whether they appear on an terrorism list, and maintain certain records. Each banking supervisory agency is also amending its own regulations to cross-reference the final rule under the Bank Secrecy Act (BSA). The final rule, available on FinCEN's website,, will be effective 30 days after publication in the Federal Register, but each bank must comply with the final rule by October 1, 2003. The discrepancy between effective and implementation dates is designed to allow banks time to develop and implement a program, obtain board approval, train staff, reprint forms, and develop appropriate software.

The primary differences between the proposed and final rules are summarized in the preamble. Specifically, the final rule:

1. Excludes accounts that (1) a bank acquires through an acquisition, merger, purchase of assets, or assumption of liabilities from a third party, and (2) accounts opened for the purpose of participating in an employee benefit plan established pursuant to the Employee Retirement Income Security Act of 1974. It also specifically excludes wire transfers, check cashing, and the sale of travelers checks, and any other product or service that does not lead to a "formal banking relationship" from the scope of the rule.

2. Narrows the definition of "bank" to exclude a bank's foreign branches.

3. Defines "customer" as "a person that opens a new account" making clear that a person who does not receive banking services, such as a person whose deposit or loan application is denied, is not a customer. The definition of customer also excludes signatories from the definition of "customer." Moreover, the final rule excludes from the definition of "customer" a financial institution regulated by a federal functional regulator; a bank regulated by a state bank regulator; and governmental agencies and instrumentalities and companies that are publicly traded (i.e., entities described in [31 CFR 103.22(d)(2)(ii)-(iv)]). The final rule also excludes existing customers of the bank, provided that the bank has a reasonable belief that it knows the true identity of the person.

4. Clarifies that a bank must verify the customer's identity using the identifying information obtained. The proposed rule would have required the bank to verify all identifying information.

5. Eliminates the requirement that a bank keep copies of any document that it relied upon in order to verify the identity of the customer and substituting a requirement that a bank's records need include "a description" of any document that it relied upon in order to verify the identity of the customer. The final rule also clarifies that the records need only include "a description" of the methods and results of any measure undertaken to verify the identity of the customer, and of the resolution of any substantive discrepancy discovered when verifying the identifying information obtained, rather than any documents generated in connection with these measures.

6. Eliminates the requirement that a bank must obtain a physical and a mailing address from a customer opening an account. Under the final rule, the bank is only required to obtain a physical address.

7. Contains a new provision that permits a bank to rely on another financial institution to perform its CIP under certain conditions. This provision allows financial institutions that share a customer to share customer identification and verification obligations.

8. Contains a new exemption for credit card accounts from the requirement that a bank obtain identifying information from the customer prior to opening an account. In connection with credit card accounts, a bank is permitted to obtain identifying information from a third party source prior to extending credit.

9. Reduces the length of time that records must be kept. The final rule requires that identifying information be kept for five years after the date the account is closed (or for credit card accounts, five years after the account is closed or becomes dormant). All other records may be kept for five years after the account is opened.

10. Clarifies that the government will provide lists of known or suspected terrorists and terrorist organizations to banks. Banks will not be required to seek out this information. In addition, the rule now states that the bank may determine whether a customer appears on the list within a reasonable time after the account is opened, unless it is required to do so earlier by another Federal law, regulation, or directive.


< Back to News Releases List