Banking, other financial businesses: customer identification program and international conventions

Customer identification in banking and financial businesses has gained importance due to abnormal increase in financial crimes including tax evasion, money laundering and terrorist financing. There are two sets of requirements for this purpose, that is, domestic and international. As regards domestic requirements, the provisions of the US Patriot Act and Bank Secrecy Act have been discussed.

The international requirements are in the form of conventions, directives and model laws. These too have been discussed to provide an easy reference to the reader. In this background, this paper seeks to discuss the hotly-debated topic of customer identification programme.

The final rules for the Customer Identification Programme (CIP) were implemented in June 2003.1 Section 326 of USA Patriot Act did apply to banks, thrifts, credit unions, agencies of foreign banks operating in the United States, securities and commodities dealers, insurance companies, checks-cashers and many other institutions.2 Financial institutions are required to implement a Customer Identification Programme (CIP) that is integrated within its bank secrecy requirements and anti-money laundering programme.3 The CIP provisions apply to all customer accounts and become operative once a new customer opens an account.4 A CIP consists of four components, namely: Identification Verification, Record-keeping and Retention. These requirements are laid down by the state laws and regulations.

The step of identification verification consists of checking the information that the client provides in order to verify whether or not the account-holder does exist at the address provided and they are who they claim to be prior to account opening. Verification requirements are different and vary amongst the clients. The requirements needed for an individual includes: date of birth; residential or business address; and it numbers (SSN for US person(s)).5 For non-individuals/businesses requirements include: name; business address or other physical location; and id numbers (TIN for US businesses). Adequate information about clients/customers is required in order to identity and spot suspicious activity. Failure to obtain sufficient information could lead to serious consequences, like regulatory criticism and possible criminal penalties that might lead to severe reputational risk if the company is seen to have neglected its duty to obtain, appropriate know your customer information (KYC).

For customer identification information needed includes name, date of birth for individuals, address, and identification number. The CIP must contain risk-based procedures when they are verifying a customer’s identity and the identity must be verified within a reasonable amount of time.6 The bank must verify enough information to reasonably believe the customer’s identity7 is a true identity.8 For verifying a customer’s identity, the steps needed include: documentary and non-documentary.9

The verification through documents takes place when a bank has to have procedures set-forth at the minimum acceptable documentations.10 The identification must provide evidence of a customer’s nationality or residence and must show a photograph such as a driver’s licence or a passport.11 Other form of identification may be used if it helps the bank to form a reasonable belief that the bank knows the true identity of the customer.12 The request of information, by the bank, prevents the possibility of counterfeit or fraudulent identities.13 If the bank is conducting business with a corporation, partnership, or a trust, the bank should obtain additional information and provide documents showing the legal existence of the entity such as certified articles of incorporation, an unexpired government-issued business licence, a partnership agreement, or a trust instrument.14

The verification through non-documentary methods is not required by banks.15 However, if a bank uses non-documentary methods, there must be procedures set-forth for the bank to follow.16 Some examples of non-documentary methods are contacting the customer, public database, comparing the gathered information with a consumer reporting agency, checking references with other financial institutions and/or obtaining a financial statement.17 Certain customers need additional information in order to open a bank account. The bank will obtain more information from an individual person associated with a corporation such as their signature to verify the customer’s identity.18

International recommendations, conventions and directives in this regard state as under:

(a) The FAFT ‘Forty Recommendations’ of 1990: recommendations 12-14 talks about customer Identification and Records-keeping rules19 Recommendation 12 talks about how financial institutions should not keep anonymous accounts or accounts in obviously fictitious names.20 Recommendation 13 talks about how financial institutions should take reasonable measures to obtain information about the true identity of the persons on whose behalf an account is opened.21 And, recommendation 14 talks about how financial institutions should maintain, for at least five years, all necessary records on transactions, both domestic and/or international to enable them to comply swiftly with information requests.22 The three recommendations created a legal obligatory requirement for all financial institutions.

(b) Council of Europe’s Convention 141 on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime of 8th November 1990: Chapter III, Measures to be taken at national level, section 1 – general provisions, Article 4 and Article 7 to a certain extent addressed the fact that each party should adopt the legislative and other measures as may be necessary to enable to identify, trace, freeze or seize rapid property which is liable to be confiscated.23 According to Article 7 each party should adopt measure necessary to empower its courts or other components authorities to order that banks, financial or commercial records be made available or be seized in order to carry out the actions referred to in Article 3, 4 and 5.24

(c) EC Directives of 10 June 1991: This document address that credit and financial institutions require identification of their customers when entering into business relations or conducting transactions, exceeding certain thresholds are necessary to avoid launderers taking advantage of anonymity to carry out their criminal activities.25 Credit and financial institutions must keep for at least five years copies or references of the identification documents required as well as supporting evidence and records consisting of documents relating to transactions or copies thereof similarly admissible in court proceedings under the applicable national legislation for use as evidence in any investigation into money laundering.26 Article 3 also addresses the customer identification process when entering into business relations with a credit or financial institutions.

(d) Commonwealth Model Law for the Prohibition of Money Laundering and Supporting Documentation (May 1996): Customer Identification Verification Programme is addressed under the definition and provision for regulations common to all parts of the law section. Also, CIP is addressed in the property tracking and monitoring orders where any document can be obtained when the agency deems that the client has committed or is about to commit a money laundering offence can request documents relevant to identifying, locating and quantifying any property.

(e) Convention on combating Bribery of Foreign Officials in International Transactions (1997): Section C – Internal controls, ethics and compliance states that companies should develop and adopt adequate internal controls, ethics and compliance programmes or measures for the purpose of preventing and detecting foreign bribery.28 Also, business organisations and professional associations should encourage and assist companies in developing internal audit controls, ethics and compliance programmes or measures to detect foreign bribery.29

(f) United Nations’ Model Legislation on Laundering, Confiscation and International Co-operation in Relation to the Proceeds of Crime (1999): Under chapter II – transparency in financial transactions, article 2.2.2 states that identification of customers by credit and financial institutions are required to verify their customers’ identity and address before opening accounts, passbooks, taking stocks, bonds or other securities into safe custody.30 Article 2.2.3 – identification of casual customers and article 2.2.4 – identification of beneficial owners also require credit and financial institutions to seek customer information by means as to the true identity of the principal account holder.31 Verification of customer Identification shall be required.32

(The writer is an advocate and is currently working as an associate with Azim-ud-Din Law Associates Karachi)

1. Katie Iverson, USA Patriot Act Section 326 Customer Identification Program (CIP) Joint Final Rule, Attu’s Technologies (2003), http://www.bankersonline.com/aml/326whitepaper.pdf.

2. Id.

3. Id.

4. Id.

5. Bank Secrecy Act Anti-Money Laundering Examination Manual, BSA/AML Compliance Program-Overview, Federal Financial Institutions Examination Council Bank Secrecy Act/Anti Money Laundering Infobase, http://www.ffiec.gov/bsa_aml_infobase/pages_manual/OLM_007.htm.

6. Id. 31 CFR 103.121 paragraph (b)(2)(i) discusses the verification procedures and how the information gathered by the bank is essential in verifying the customer’s identity.

7. Id.

8. Id.

9. Id.

10. Id.

11. Id.

12. Id.

13. Id.

14. Id.

15. Id.

16. Id.

17. Id.

18. Id.

19. Financial Action Task Force, THE FORTY RECOMMENDATIONS OF THE FINANCIAL ACTION TASK FORCE ON MONEY LAUNDERING 1990, available at http://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/FATF%20Recommendations%201990.pdf

20. Id.

21. Id.

22. Id.

23. Warsaw, Council of Europe Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and on the Financing of Terrorism, 16 V. 2005, http://conventions.coe.int/Treat/en/Treaties/Hunt/198.htm

24. Id.

25. Council Directives, Official Journal of the European Communities – on Prevention of the use of the financial system for the purpose of money laundering, (June 1991), http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexapi!prod!CELEXnumdoc&lg=EN&numdoc=31991L0308&model=guichett

26. Id.

27. Id.

28. OECD, Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, (November 1997), http://www.justice.gov/criminal/fraud/fcpa/docs/combatbribe.pdf

29. Id.

30. United Nations, Model Legislation on Laundering, Confiscation and International Co-operation in relation to the Proceeds of Crime, http://www.imolin.org/imolin/m199eng.html

31. Id.

32. Id.