The question refers to the Customer Identification Program (CIP) section of the USA Patriot Act of 2001. The act, the full name of which is Uniting and Strengthening America by Providing Appropriate Tools Required to Intersect and Obstruct Terrorism, requires banks to be sure they know the companies with which they do business.
CIP requires banks to ask businesses for certain documents to verify their identity. For example, corporations may be asked for copies of their certificates of good standing, limited partnerships for copies of their partnership agreements and not-for-profit organizations for copies of their organization agreements.
Banks have always required their customers to provide adequate identification. The CIP regulation that banks must establish a reasonable belief that they know the true identities of their commercial customers is not significantly different from past operations. If the business entity cannot be adequately identified, banks have traditionally taken additional steps to confirm the identities of individuals with authority and control over the account.
What has changed as a result of the Patriot Act is that most banks now are routinely collecting identification information up front for the individual account signers, as well as for the business itself for every new account that is opened. Principals must provide their names, addresses, dates of birth and Social Security numbers, along with their business's taxpayer identification numbers.
In addition, banks must screen potential new business customers against a list of about 5,000 businesses and individuals with which U.S. enterprises may not do business, according to the Treasury Department's Office of Foreign Asset Control. The list ranges from drug traffickers and oppressive governments to shipping vessels, Al Qaeda and Cuba.
As a result of the Patriot Act, banks may be more likely to do account profile screenings that give them an idea of what type of business they should expect from new accounts. Bankers may want to know whether a certain account is likely to generate a lot of cash transactions, for instance, or whether funds will routinely be wired to foreign countries -- and if so, where.
Such questions will help banks satisfy increased regulatory scrutiny of their monitoring for suspicious activity. Many of the activities that prompt suspicious activity reports are longstanding provisions of legislation such as the Bank Secrecy Act, which requires banks to report transactions or activities that don't fit the profiles of the businesses involved.
Firms that attempt to circumvent the Bank Secrecy Act requirement of reporting currency transactions involving $10,000 or more, for instance, by using repeated transactions of just under $10,000 are among those that would generate suspicious activity reports. So are businesses that show ongoing cash transactions that might not be consistent with their profiles. The extra questions for new accounts help banks determine what would be considered normal.
The Patriot Act should not concern legitimate business owners. Fear of identity theft makes some people reluctant to provide their Social Security numbers in writing, but the CIP regulation requires banks to obtain a Social Security number when opening an account for a new customer who is a U.S. citizen. Also, without Social Security numbers on file for interest-bearing deposit accounts, banks must employ backup withholding, automatically remitting a portion of the interest paid on the account directly to the IRS.
In short, the Patriot Act simply requires banks to do what they have always done -- collect information on the customers they serve, keep that information secure and report any suspicious activity that may occur. The only difference is that the requirements for information, like many aspects of security after Sept. 11, have been greatly increased in response to the times.
Susan Lepore is vice president of compliance and community reinvestment activities for MB Financial Bank. Reach her at (847) 653-1770 or www.mbfinancial.com.