Final Rules For Patriot Act Relieve Some Proposed Burdens

Register now

Credit unions are going to appreciate the changes that are anticipated to be made to the USA Patriot Act, according to at least one analyst.

The long-awaited and much-debated final rule implementing key provisions of the USA Patriot Act-whose key aim is to block access by terrorists to the United States' financial system-is expected to be issued later this month.

The U.S. Treasury Department is revising portions of the Act's customer-member identity verification provisions after associations of credit unions and banks complained that it placed an undue burden on financial institutions.

Congress drafted the USA Patriot Act in the wake of the Sept. 11, 2001, terrorist attacks on the U.S. The rule for Section 326, which sets minimum standards for verifying customer or member identity at account opening, was supposed to be effective Oct. 25, 2002, but it was postponed for what became a lengthy discussion period until the rule could be finalized.

Easier Compliance

Barbara Span, vice president of external affairs for ATM-debit network company STAR, described the anticipated revised rule as being easier to comply with.

"As we approach the date when the rule will be released, it appears there will be relief from some of the burdens that were in the original version of the rule, such as document retention," she told The Credit Union Journal.

Section 326 of the USA Patriot Act requires financial institutions to verify the identity of their customers-members, both foreign and domestic, when they open an account. As part of the verification process, financial institutions must consult lists-which will be provided by a governmental agency-of known or suspected terrorists or terrorist organizations. These lists are not yet finalized, but will be sent to financial institutions when they are complete.

Complying with the original provisions of the Act would have meant following three steps: verifying identity, checking the customer's- member's name against the terrorist lists, and then maintaining records for a certain number of years of all people who applied to open an account. The latter step meant CUs and banks would have had to keep voluminous files of photocopied driver's licenses, passports, or other forms of photo identification from potentially thousands or tens of thousands of people each year.

"Financial institutions raised a concern about the third item because of the burden of record keeping," Span explained. "Also, there was a concern about financial institutions receiving frequent requests for information about individuals for investigations unrelated to terrorist financing, which is beyond the scope of the Act."

Instead of physically storing the pieces of paper, it is expected that financial institutions will be required to keep a description of which document or documents they relied upon for identification when the account was opened.

When the rule is released, the new compliance date will be announced.

"The revised rule relieves some of the burden on financial institutions in terms of the document retention requirements. At the same time, it sets minimum standards for identification validation, which is good for financial institutions and especially good for credit unions," said Span. "By meeting or exceeding the Act's identity verification requirements, credit unions not only can comply with the Patriot Act, but also help reduce identity theft and check deposit fraud, which are growing more quickly at credit unions and smaller financial institutions than at larger institutions."

The revised rule reportedly will not require financial institutions to invest in verification tools, but it is expected to command them to have a protocol in place for verification, which may include the use of such tools, she said.

Tools Available

There are many tools available to establish the identification of a person opening an account, or for retroactively examining existing members or customers, Span said. For example, some identity verification programs crosscheck a person's birth date with the range of social security numbers issued during that birth year, or verify that the listed phone number matches those available in the person's area code.

According to Span, it will take time to see if the USA Patriot Act serves its stated purpose, but she said the revisions are a positive step.

"There are many complexities and issues in this Act," she said. "There was a lot of discussion about whether these rules would protect the financial system from money launderers and terrorists."

"The changes made since last fall are the result of a number of industry organizations working with the Treasury Department," Span continued. "The financial institutions have a desire to comply. They already take the verification of their account holders seriously, but they were unhappy about the problems the original rule may have caused."

For reprint and licensing requests for this article, click here.