New Member Interview: CIP, CDD

Transcription

1 New Member Interview: CIP, CDD and Legal Issues by Gettechnical Inc. 1 Instructor Deborah L Crawford Deborah Crawford is the President of Gettechnical Inc., a Virginia based training company. She specializes in the deposit side of the financial institution and is an instructor on IRAs, BSA, Deposit Regulations and opening account procedures. She was formerly with Hibernia National Bank (now Capital One) and has a bachelor s and Masters degrees from Louisiana State University. She has 27 years of combined teaching and banking experience. If you have any questions just them to gettechnical@msn.com or call us at The material used in this text has been drawn from sources believed to be reliable. Every effort has been made to assure the accuracy of the material; however, the accuracy of this information is not guaranteed. The laws are often changed without prior notice from the government. The publisher and the editor are not engaging in the practice of law or accounting. We are not responsible for the actions of your company's employees. 2 1

2 Tasks of the New Account interview 3 We have come up with 18 tasks that have to be accomplished during the new account interview. Included are: Customer Identification Programs (CIP), Customer Due Diligence (CDD), Identity Theft Red Flags, OFAC, Regulation CC Holds and state law. The federal umbrella now sits over account opening compliance. 4 2

3 1 IS IT AN ACCOUNT AND IS IT A CUSTOMER AS COVERED BY CIP? 2 GATHERING THE INFORMATION 3 VERIFYING THE CUSTOMER THROUGH DOCUMENTS 4 VERIFYING THE CUSTOMER THROUGH NONDOCUMENTS 5 WHAT TO DO IF WE CANNOT VERIFY IDENTITY 6 CIP RECORDKEEPING 7 COMPARISON WITH GOVERNMENT LISTS 8 CIP CUSTOMER NOTICE IN LOBBY 9 RELIANCE ON ANOTHER FINANCIAL INSTITUTION AND THIRD PARTIES 10 CUSTOMER DUE DILIGENCE 11 ENHANCED DUE DILIGENCE 12 OFAC 13 IDENTITY THEFT INTERNET GAMBLING PLACING A REG CC HOLD 16 ASSIGN RISK Withholding Scripting the conversation 5 In the regulation, information is required before you open the account. You may verify your member through documents and nondocuments in a reasonable time after you open the account. 6 3

4 Some financial institutions allow a period of time to the member to bring in all the paperwork. This can be 10, 20, or 30 days or so depending on your policy. You still have to get the information before the account is opened. 7 We will then add to this big picture for CDD, OFAC, FACT Act, BSA, and other regulatory issues. 8 4

5 At this time there is no 326 Government List but it is still in the CIP regulation. We currently run members through Office of Foreign Assets and Control list. All of this data on the member is gathered and retained under our CIP recordkeeping requirements and a CIP notice is put in the lobby of the financial institution

6 Under CIP Regulation The CIP portion of the New Account Interview only applies to those who mean the definition of member/customer and account. Under CIP regulation, if the member/customer does not meet the definition then you do not have to do Tasks 1 9. You still have to worry about OFAC, Customer Due Diligence, Identity Theft and others. 11 Is it an account... or a member/customer? 12 6

7 CIP Definitions 13 Three definitions are critical in the Customer Identification Program to determine who is covered and who is not. These are the definition of the member/customer, financial institution and the account. If it is not a member/customer and it is not an account then full Customer Identification Program (CIP) does not have to be run. 14 7

8 In the Law: Account Account means a formal banking relationship established to provide or engage in services, dealings, or other financial transactions including a deposit account, a transaction or asset account, a credit account, or other extension of credit. Account also includes a relationship established to provide a safety deposit box or other safekeeping services, or cash management, custodian, and trust services. 15 The definition has a list of what is included. The definition also has a list of what is excluded such as sales of money orders, wires, etc. These already have recordkeeping requirements. 16 8

9 Also, the definition excludes any accounts acquired through merger, acquisition, purchase of assets, or assumption of liabilities from any third party. These transfers are not initiated by the member/customer and therefore do not constitute an account. 17 The definition excluded accounts of employee benefit plans since these come generally from payroll deductions and are not high risk for money laundering and terrorism. 18 9

10 IN THE LAW: BANK Bank means a. A bank, as that term is defined in Chapter X, that is subject to regulation by a Federal functional regulator; and b. A credit union, private bank, and trust company, as set forth in Chapter X, that does not have a Federal functional regulator. 19 Foreign branches of US banks are not covered in the rule

11 CIP must be a part of a financial institution's BSA compliance program. Therefore it will apply through such a financial institution's U.S. operations (including subsidiaries) in the same way as the BSA compliance program requirement. However, all subsidiaries that are in compliance with a separately applicable, industry specific rule implementing section 326 will be deemed to be in compliance with this rule 21 In the Law: Customer A person that opens a new account; and An individual who opens a new account for: An individual who lacks legal capacity, such as a minor; or An entity that is not a legal person, such as a civic club

12 Customer Does Not Include: 23 A financial institution regulated by a Federal functional regulator or a bank regulated by a state bank regulator; 24 12

13 A person described in Chapter X; (Phase I Exemptions on Currency Transaction Reports are also exempt from CIP) 25 A person that has an existing account with the credit union, provided that the credit union has a reasonable belief that it knows the true identity of the person. (To do this you had to grandfather existing member/customers in your policy)

14 Identification Ask each member/customer for a U.S. taxpayer identification number (social security number, employer identification number, or individual taxpayer identification number). If a member cannot provide one, the financial institution may then accept alternative forms of identification. 27 Verification of identification will not be required for existing members of a financial institution if the financial institution has a reasonable belief that it knows the identity of the member. The definition does not include Phase I exemptions government entities, business traded on the stock exchanges, their subsidiaries, financial institutions 28 14

15 The definition a person that opens a new account would not require the financial institution to look through trust, escrow, or similar accounts to verify the identities of beneficiaries and instead would only require the financial institution to identify the named account holder. In the case of brokered deposits, the customer will be the broker that opens the deposit account. 29 The rule provides that customer means an individual who opens a new account for (1) an individual who lacks legal capacity, such as a minor; or (2) an entity that is not a legal person, such as a civic club

16 The rule took out signatories as customers but stated on risk based assessment of a new account, a financial institution may need to take additional steps to verify the identity of the customer by seeking information about individuals with ownership or control over the account in order to identify the customer. You will have to address situations when you will take additional steps to verify the identity of the customer. 31 CIP has many exemptions on businesses but this only applies to their domestic operations 32 16

17 You have to determine when CIP is required

18 Summary: Information Required Name (As it appears on Primary Identification) Date of birth, if individual Residential or business address of member/cust omer or next of kin or contact individual Identification Number (US Person versus Non Us Person*) 35 To open an account for a nonresident alien. CIP says ITIN, Passport or other such number. W 8BEN instructions requires an ITIN on an interest bearing account

19 Worksheet On Information: Personal New Existing CIP PROFILE PERSONAL ACCOUNTS COMPLETE CIP PROFILE FOR EACH OWNER OR FIDUCIARY ON ACCOUNT (SOME CREDIT UNIONS MAY REQUIRE ONE ON EVERY SIGNER) MEMBER NAME (AS IT APPEARS ON PRIMARY APPLICATION) PHYSICAL ADDRESS DATE OF BIRTH SSN OR ITIN, PASSPORT NUMBER, OR OTHER IDENTIFICATION NUMBER

20 Verification Through Documents Within a reasonable time after opening the account, we need to get the required documents for opening the account. Many financial institutions get documents before we open the account but some give a 10, 20, or 30 day grace period. If your financial institution does this, then you will have to make sure to have a good follow up system in place. If the member/customer does not bring in the documents, then you will have to close the accounts. This will be discussed in more detail in the following sections. 39 On personal accounts, most financial institutions get two forms of identification: a primary ID and a secondary ID that backs up the primary form of ID

21 Primary identification includes most of these components and is issued by the government: Picture Description Address Signature 41 Secondary A secondary identification backs up the primary and it will be missing some of these components. These would be things like birth certificates, voter s registration cards, social security cards, and many more 42 21

22 The financial institution will establish the types of identification that are acceptable and how many forms of identification are required. Once this is established then you will have to follow your acceptable list for identifying the member/customer. 43 It has always been due diligence to require two forms of identification such as one primary and a secondary piece of identification to prevent fraud and money laundering at new accounts. It would seem prudent to identify in your policy what types of identification your financial institution will accept

23 45 Verification Through Nondocuments Your financial institution will also require some nondocumentary verification. This can range from third party vendors who run the names and check for SSN match and bad check records, to simple things such as sending a thank you note which verifies address

24 Recognizing that some accounts are opened by telephone, by mail, and over the Internet, the CIP rules asked that you take that into consideration when writing your policy. 47 You must address the situation where you will open an account for someone not appearing at your financial institution

25 Types of nondocumentary verification include: Check systems, telecheck, credit reports Customer telephone call Letter of welcome Site visit Previous financial institution reference Verification of employment whitepages.com google.com Secretary of State online at filings.htm

26 Lack of Verification The CIP must include procedures for responding to circumstances in which the financial institution cannot form a reasonable belief that it knows the true identity of a member/customer. 51 These procedures should describe: When the financial institution should not open an account; The terms under which a member/customer may use an account while the financial institution attempts to verify the member/customer s identity; When the financial institution should close an account, after attempts to verify a member/customer s identity have failed; and When the financial institution should file a Suspicious Activity Report in accordance with applicable law and regulation

27 Closing an Account 53 Stick to your policy It is generally much easier to get information before the account is opened than after. If you stick to your policy on identification prior to opening account then it is easier on your financial institution in the long run

28 If you took a risk based approach and allowed the member/customer a time frame to get all the information to you, and he or she failed to meet the time frame then you should notify them in writing preferable certified mail that within a stated time period the account will be closed. This varies depending on your financial institution and location. You probably want to notify them twice before the account is actually closed

29 At a minimum, the record must include: All identifying information about a member/customer A description of any document that was relied on under paragraph noting the type of document, any identification number contained in the document, the place of issuance and, if any, the date of issuance and expiration date; A description of the methods and the results of any measures undertaken to verify the identity of the member/customer ; and A description of the resolution of any substantive discrepancy discovered when verifying the identifying information obtained. 57 The financial institution must retain all the information for five years after the date the account is closed or, in the case of credit card accounts, five years after the account is closed or becomes dormant

30 59 The CIP must include procedures for determining whether the member/customer appears on any list of known or suspected terrorists or terrorist organizations issued by any Federal government agency and designated as such by Treasury in consultation with the Federal functional regulators

31 The procedures must require the financial institution to make such a determination within a reasonable period of time after the account is opened, or earlier, if required by another Federal law or regulation or Federal directive issued in connection with the applicable list

32 The CIP must include procedures for providing financial institution member/customers with adequate notice that the financial institution is requesting information to verify their identities. 63 Adequate Notice Notice is adequate if the financial institution generally describes the identification requirements of this section and provides the notice in a manner reasonably designed to ensure that a member/customer is able to view the notice, or is otherwise given notice, before opening an account

33 For example, depending upon the manner in which the account is opened, a financial institution may post a notice in the lobby or on its website, include the notice on its account applications, or use any other form of written or oral notice. 65 If appropriate, a financial institution may use the following sample language to provide notice to its member/customers: 66 33

34 IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver s license or other identifying documents

35 The CIP may include procedures specifying when a financial institution will rely on the performance by another financial institution (including an affiliate) of any procedures of the financial institution's CIP, with respect to any member/customer of the financial institution that is opening, or has opened, an account or has established a similar formal banking or business relationship with the other financial institution to provide or engage in services, dealings, or other financial transactions 69 Reliance on Another Financial Institution If you rely on another institution, the financial institution run its CIP and certifies to you that it has done so annually

36 Reliance on Third Parties If a third party such as a car dealership is making the loan or opening an account, then the car dealership runs the your financial institution's CIP

37 BSA EXAM ISSUES ON CUSTOMER DUE DILIGENCE 73 From the BSA Exam Manual: Assess the appropriateness and comprehensiveness of the financial institution's customer due diligence (CDD) policies, procedures, and processes for obtaining member/customer information and assess the value of this information in detecting, monitoring, and reporting suspicious activity

38 The cornerstone of a strong BSA/AML compliance program is the adoption and implementation of comprehensive CDD policies, procedures, and processes for all member/customers, particularly those that present a high risk for money laundering and terrorist financing. 75 The objective of CDD procedures should be to enable the financial institution to predict with relative certainty the types of transactions in which a member/customer is likely to engage

39 These procedures assist the financial institution in determining when transactions are potentially suspicious. The concept of CDD begins with verifying the member/customer s identity and assessing the risks associated with that member/customer. Procedures should also include enhanced CDD for high risk member/customers and ongoing due diligence of the member/customer base. 77 Effective CDD policies, procedures, and processes provide the critical framework that enables the financial institution to comply with regulatory requirements and to report suspicious activity

40 CDD policies, procedures, and processes are critical to the financial institution because they can aid in: Detecting and reporting unusual or suspicious transactions that potentially expose the financial institution to financial loss, increased expenses, or reputational risk. Avoiding criminal exposure from persons who use or attempt to use the financial institution's products and services for illicit purposes. Adhering to safe and sound banking practices

41 ASK MORE QUESTIONS FOR ENHANCED DUE DILIGENCE IF YOU BANK ANY OF THE FOLLOWING. LOOK AT WHAT THE EXAMINERS WILL BE LOOKING FOR EACH OF THESE GROUPS OF CUSTOMERS! 81 Purpose of the account. Source of funds and wealth. Beneficial owners of the accounts, if applicable. Customer s (or beneficial owner s) occupation or type of business. Financial statements. Banking references. Domicile Proximity of the member/customer s residence, place of employment, or place of business to the financial institution. Description of the member/customer s primary trade area and whether international transactions are expected to be routine. Description of the business operations, the anticipated volume of currency and total sales, and a list of major member/customers and suppliers. Explanations for changes in account activity

42 83 The Office of Foreign Assets Control (OFAC) is a division of the U.S. Treasury. OFAC s purpose is to enforce sanctions against foreign countries, their agents, terrorists or other threats against the United States national security

43 It is not just the countries but also individuals called Specially Designated Nationals also called a Blocked Person. We are required to block or freeze any accounts for these individuals or countries within 10 days from the occurrence of the activity. 85! Your institution can be fined and penalized for failure to comply with OFAC

44 OFAC LIST The OFAC list is updated frequently and should be kept up to date at your financial institution. 87 Before we open an account, it is a good idea to check the list to make sure that the person or entity opening the account is not on the list. That way we can prevent subsequent action of blocking and freezing assets

45 Your financial institution should have established procedures to continually audit and check for compliance with OFAC guidelines. Since the list is updated often, an account that you opened up last year may now be on this list. This is not something that you can prevent at the new accounts desk. 89 OFAC Frequently Asked Questions Read the OFAC Questions Look at the Due Diligence Steps. What are some of the other lists that we might track? Who should we contact on those lists? What does it say to do if someone tries to open an account and that person s name is on the list? 90 45

46 91 In your financial institution s identity theft program you are required to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account

47 Covered account means: An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account. 93 Important! The definition of covered account varies from institution to institution. For example, some institutions cover business accounts, some only cover sole proprietorships. This definition covers new and existing member/customers

48 Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to member/customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks is a covered account. 95 The Program In designing its Program, a financial institution or creditor may incorporate, as appropriate, its existing policies, procedures, and other arrangements that control reasonably foreseeable risks to member/customers or to the safety and soundness of the financial institution or creditor from identity theft

49 Identifying Relevant Red Flags 97 Risk Factors A financial institution or creditor should consider the following factors in identifying relevant Red Flags for covered accounts, as appropriate: 1. The types of covered accounts it offers or maintains; 2. The methods it provides to open its covered accounts; 3. The methods it provides to access its covered accounts; and 4. Its previous experiences with identity theft

50 Sources of Red Flags Financial institutions and creditors should incorporate relevant Red Flags from sources such as: 1. Incidents of identity theft that the financial institution or creditor has experienced; 2. Methods of identity theft that the financial institution or creditor has identified that reflect changes in identity theft risks; and 3. Applicable supervisory guidance. 99 Categories of Red Flags The Program should include relevant Red Flags from the following categories, as appropriate

51 Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services; 101 The presentation of suspicious documents;

52 The presentation of suspicious personal identifying information, such as a suspicious address change; 103 The unusual use of, or other suspicious activity related to, a covered account; and

53 Notice from member/customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts held by the financial institution or creditor

54 {Applies to new and existing business accounts} 107 Due Diligence: At the establishment of the account or relationship, the financial institution conducts due diligence of a commercial member/customer and make sure its activities are consistent with the participant's judgment of the risk of restricted transactions presented by the member/customer's business

55 Based on its due diligence, the participant makes a determination regarding the risk the commercial member/customer presents of engaging in an Internet gambling business. 109 The financial institution may determine that the member/customer presents a minimal risk of engaging in an Internet gambling business

56 If the financial institution cannot determine that the member/customer presents a minimal risk of engaging in an Internet gambling business, it obtains certification from the member/customer that it does not engage in an Internet gambling business. 111 If the member/customer does engage in an Internet gambling business, you should obtain each of the following :

57 Evidence of legal authority to engage in the Internet gambling business, such as : A copy of the commercial member/customer's license that expressly authorizes the member/customer to engage in the Internet gambling business issued by the appropriate State or Tribal authority OR 113 A written commitment by the commercial member/customer to notify the participant of any changes in its legal authority to engage in its Internet gambling business. Note: Check your state

58 115 Applies to: Transaction accounts in the first 30 days. Your institution may or may not use the new account exception. You must look on your account disclosure to see if you use this exception. If you do, the following availability will apply for member/customers who have not had a transaction account with you in the last 30 days

59 If you do not use this exception, then you will treat items as next day, or local or nonlocal checks. This only applies to transaction accounts. You could always place a hold on a savings account. 117 No Hold Notice You do not give a hold notice on a new account because you told them in the disclosure that special rules may apply. You do not give the member/customer $100 cash

60 New Accounts Availability Schedule Type of Item Availability CASH ELECTRONIC PAYMENTS Treasury Checks, Postal Money Orders, Federal Reserve or Federal Home Loan Bank Checks, State or Local Government, Cashier s, Certified, Teller s and Traveler s Checks Next day. Wires and ACH Next day after financial institution receives funds. Aggregate of funds $5000 and below are available the next day from the total of these items. Funds above $5000 are available on the 9 th business day after the financial institution day of deposit. $200 Cash Does not apply to new accounts. Local Checks Bank s policy

61 Customer Identification Programs (CIP) risk is related to many items. You will probably consider accounts to be high risk if they were: 121 Not Opened in person Opened by non resident aliens Opened without all documents Opened without proper identification Opened for a minor (What is your financial institution's policy on joint accounts for identification?)

62 Watch your geography! Look for the areas in your state that are in the high intensity drug trafficking area. 123 High Intensity Drug Trafficking Areas

63 The High Intensity Drug Trafficking Areas (HIDTA) program enhances and coordinates drug control efforts among local, State, and Federal law enforcement agencies. The program provides agencies with coordination, equipment, technology, and additional resources to combat drug trafficking and its harmful consequences in critical regions of the United States

64 Opening of a deposit account Withholding agent W 9 US Person W 8BEN or W 8BENE Nonresident alien 127 Use TIN number on W 9 or W 8BEN US Citizens SSN Resident Aliens Types of TIN EIN Nonresident Alien Estates, Nonprofits, businesses, etc. ITIN US Persons Nonresident aliens

65 IRS determines who uses what 129 SS 4 Application for Employer Identification Number (EIN)

66 Know Your Financial Institution s CIP Policy on Social Security Cards as forms of Identification. SSN can now be randomized. 131 Individual Taxpayer Identification Number (ITIN) Customer is not eligible for a social security number but has a tax purpose for needing a tax identification number. To get an ITIN the member/customer may have to be turned down for a SSN first and then apply for the ITIN. To get an account for banking purposes, the member/customer may have to prove the tax purpose. See letter to give member/customer to get ITIN. 66

67 General ITIN Information What is an ITIN? An Individual Taxpayer Identification Number (ITIN) is a tax processing number issued by the Internal Revenue Service. It is a nine digit number that always begins with the number 9 and has a range of in the fourth and fifth digit. Effective April 12, 2011, the range was extended to include through , through and through IRS issues ITINs to individuals who are required to have a U.S. taxpayer identification number but who do not have, and are not eligible to obtain a Social Security Number (SSN) from the Social Security Administration (SSA). ITINs are issued regardless of immigration status because both resident and nonresident aliens may have a U.S. filing or reporting requirement under the Internal Revenue Code. 133 CONDUCTING THE INTERVIEW

68 1. Eye Contact When you are asking for all this information, remember it is important to keep an interested tone of voice and eye contact with the member/customer Let them Speak Try not to talk too much so that the member/customer has time to speak and answer your questions

69 3. Service Make this as much about service as you can. When they ask why you need to know all this information, tell them you want to provide the best possible service for them Show Interest You will have many opportunities along the way to present products, services and perhaps develop future opportunities if they perceive that you are interested in them

70 5. Worksheets Compliance officers please have the new accounts people develop the worksheets. If they can ask the questions the way that they want, what difference does it make to you as long as all tasks are accomplished? Trust We need to know these member/customers and the risks and hopefully, potential future business opportunities by building trust between you and them

71 7. Follow up Follow up and check on them afterwards. You can verify phone numbers and thank them for their time and interest in your financial institution. 141 A NEW ACCOUNT INTERVIEW MIGHT LOOK LIKE THIS:

72 Good morning! My name is Sally Jane Smith and you are? Mrs. Betty Jones. Mrs. Jones. Welcome to the financial institution. How can I help you today? 143 I would like to open an account. I am delighted to help you. I will need two forms of identification. We prefer driver s license and social security card if you have them. Tasks 1 5 Accomplished here

73 Do you have any other accounts at this financial institution? No Thanks for the identification. Is everything correct on your identification? 145 The address is not correct. Do you happen to have a document, bill or anything else with current address? I have my phone bill. Or...No I don t have anything with me. But I can drop it by later or fax it to you

74 You will be completing your worksheets or photocopying identification. Some of you will check them on OFAC, Telecheck, Check systems and or run a credit report on the member/customer at this time. If unable to identify the member/customer, you will have to decline the account. 147 You will have to check them out and go back and close the account. Don t forget you can place a hold on the funds till things are resolved. Follow Reg CC disclosure and policy

75 While this conversation is taking place you will complete your records and take whatever sales opportunities that are at your disposal. Some front lines assign risk and some send to the back of the house. The trickier part is getting the Due diligence in. 149 Deborah L. Crawford Gettechnical Inc gettechnical@msn.com TTS Info@ttsTrain.com CUWebinars June 23 rd - Analyzing Sole Proprietorships and One-Member LLC's July 9 th - Opening Accounts for Nonresident Aliens: W-8BEN, W-8BEN E and Due Diligence Rules July 20 th - IRA Products August 5 th - Do's and Don'ts on Checks August 13 th - IRA Distributions: Premature and Normal