By August J. Ober, Attorney
With the passage of the Patriot Act in 2001, which amended FACTA and the Bank Secrecy Act by extension, financial institutions were required to develop a written Customer Identification Program (CIP). The Patriot Act requires that the CIP be integrated into the institutions Bank Secrecy Act and Anti-Money Laundering safeguards. Our credit union clients, of course, fall within the definition of “financial institutions” and thus are bound by the Patriot Act.
The CIP must set forth procedures and guidelines that would allow the credit union to form a “reasonable belief” as to the identity of the members they serve. The legislative intent was aimed at stifling identity theft and in turn terrorism.
So the million dollar question remains, “What allows the credit union to form “reasonable belief?”
The spirit of the requirement indicates that the totality of the circumstances can establish a “reasonable belief.” This begins with the opening of the account, where a credit union must obtain the following minimum information: member’s name, date of birth, address, and social security number. This initial information may be obtained solely based on the application the customer completes. However, best practices dictates that the credit union verify this information. Note that verification is not strictly required if a pre-established risk analysis so determines.
When verification is sought, it is usually achieved by traditional means such as the production of a Driver’s License, Government issued ID, Passport, Social Security Card, and/or Birth Certificate.
It is acknowledged however, that traditional forms of identification may not always be available. In these instances, a credit union may choose to verify through other means. For example, a credit union may compare information with other creditors, credit reporting agencies, or with public records such as property deeds or voters registrations. It has even been said that some financial institutions opened accounts using information verified by criminal mug shots, automobile titles, and even a rental agreement for a boat slip.
In the end, credit unions are only required to verify enough information to form a “reasonable belief” as to their members’ identity. If this sounds subjective, it is. As mentioned, traditional identification is not mandatory but clearly is the most reliable means of verification. A credit union should think twice before it creates a situation where it must defend its practices after inaccurately identifying a member through shoddy verification.
The credit union is best protected by establishing strict, clear, concise protocols to verify information when traditional identification is both available and unavailable; and alternatively define when a “reasonable belief” can not be formed. If a credit union stringently follows their own established procedures, then their subjective “reasonable belief” should stand up to scrutiny.