One aspect of the PATRIOT act relevant to banks and other financial institutions is Anti-Money Laundering, which seeks to verify a customer's identity in order to reduce money laundering through illegitimate businesses and accounts and funding for terrorist activities. KYC requirements, also referred to as Know Your Customer, is also a set of policies intended to verify a prospective customer's identity before allowing them to open accounts or conduct other business. Unlike AML, however, KYC works to verify a customer's identity to prevent fraud.
So how do these rules impact your business? The PATRIOT Act states that institutions must use what they call "reasonable" measures to identify customers to ensure legitimacy. "Reasonable" can mean many things to many different institutions, and the open-ended nature of the term makes the whole rule seem too ambiguous for practical terms.
Fortunately, there are a set of minimum requirements for financial institutions and other relevant organizations outlined in the Bank Secrecy Act/Anti-Money Laundering Examination Manual, which are listed in more detail below.
Banks and other organizations must, of course, collect a prospective customer's name before they can open an account. The customer must present documentation that proves their legal name, which is most often a driver's license or voter ID card.
Another required data point to confirm a person's identity is their date of birth. This can also be validated with a driver's license, birth certificate, and passport.
An updated address is another essential component for identity verification when opening bank accounts or doing business with customers. Because addresses can change frequently, many institutions can confirm addresses by using a driver's license or passport if they are up-to-date, or the customer can provide mail from approved organizations that display their new address.
ID number usually refers to a taxpayer identification number, which is often the same as a U.S. Citizen's Social Security Number. An ID number can also be an Individual Taxpayer Identification Number, which is issued by the IRS for non-citizens and those without a Social Security Number.
Depending upon which actions a customer is trying to take with a bank, you may need to collect even more information and proof of verification documents. Banks may choose to take further steps for verification simply to reduce the odds of opening accounts for those with fake documents, or to further safeguard against money laundering schemes.
Nobody wants to get slapped with penalties or chastised by the federal government, but that's exactly what can happen if your organization fails to comply with CIP or KYC requirements. When it comes to penalties, some organizations have been charged thousands of dollars for not properly adhering to CIP policies and procedures.
Some fines and penalties can cost banks $10,000, while others can be $100,000 or even up to $1.4 million for certain offences. If your institution doesn't correctly follow multiple policies and procedures, you can lose several millions of dollars in penalties.
For example, the National Association of Federally-Insured Credit Unions reports that U.S. Bank violated several regulations from 2011 to 2015. The company allowed people who weren't verified customers to transfer currencies through a money transmitter and didn't ask for enough proof of verification beforehand. Additionally, U.S. Bank failed to report thousands of suspicious transactions, and the company filed numerous inaccurate Currency Transaction Reports (CTRs). The Financial Crimes Enforcement Network (FinCEN) penalized U.S. Bank $185 million for these violations, while the Office of the Controller of Currency (OOC) fined the company $75 million.
Smaller credit unions may not be charged quite that much in penalties, especially if the violations are on a far smaller scale. Even still, sizable penalties are often enough to shut down banks and credit unions for good with no shot at recovering.
If your financial institution keeps strict records and collects the proper verification information from each and every customer, your organization shouldn't have to worry about getting penalized for failing to put a proper CIP in place. Even still, it's an excellent idea to take further measures to ensure that your organization's CIP properly adheres to the minimum guidelines.
One of the best ways to ensure that you are staying compliant is to perform regular self-audits. This may involve digging into your data to ensure that proper verification measures were taken in the past and will continue to be moving forward. It's also helpful to run staff members through mock questioning about verification policies and procedures, so they can feel more confident about their grasp on CIP compliance. This can help your employees better understand what is expected of them, and it can help everyone be prepared in case you face a CIP compliance audit.
For many small credit unions and financial institutions, the best solution is to rely on a third party for CIP compliance. Third parties that specialize in customer verification have a deeper understanding of what is required for CIP compliance, and they constantly work to stay up-to-date with new additions to rules and regulations. Although a third party can't realistically handle every CIP task for you, they can at least take some of the pressure off you and your staff, and they can be there to back you up in case of an audit.
Now that you have a more thorough understanding of what is required of organizations like yours to verify customers' identity, it's time to discuss how you can actually go about doing so to remain legally compliant. There are several legitimate methods of verification, though requirements may vary depending upon your own company's unique set of circumstances.
The best and easiest forms of verification for customers and institutions are government-issued photo IDs, such as driver's licenses and passports. Both of these documents provide a whole host of information, including many of the above requirements, though some additional documentation may be required depending upon the type of account or business being done. Most organizations prefer to have more than one document presented at a time anyway, as this can help reduce the odds of approving an account for someone with counterfeit documentation.
Institutions often break up verification into three categories, each of which can be verified with a different combination of documents:
Most banks allow people to open accounts or take out loans in person, giving customers an opportunity to provide these verification documents at a bank branch. Other banks may allow customers to open accounts or take out loans online, and they may use software or a partner that allows customers to upload copies of these documents to a website to prove their identity.
No matter which method(s) your bank allows, it is essential that you collect the above information to ensure the people you serve are indeed who they say they are.
It's no secret that the world of banking and finance is complex and often overwhelming, especially when it comes to meeting legal requirements. The good news is that you don't have to face it alone.
Cotribute is a digital platform that helps banks and other financial institutions grow their membership base and improve the customer digital experience. With our online platform, gathering the proper information to adhere to KYC and CIP requirements has never been easier.
Customers can input their information and upload the proper documentation without needing someone in your company to guide them, potentially saving your company thousands of dollars in labor costs. Plus, we can help keep all of that data organized and secure.
If you're ready to learn more about Cotribute and how we can help your financial institution, please contact us today!