Articles
FAQs
Question: We open deposit accounts online. We require applicants to upload a copy of their driver’s license. We were informed that we are not allowed to retain a copy of their driver’s license when an account is opened online. Is that true?
Answer: Yes. In May 2018, Congress enacted the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA). Section 213 of EGRRCPA states that a financial institution is authorized to record personal information from a scan, copy, or image of an individual’s driver’s license or personal identification card and store the information electronically when an individual initiates an online request to open an account or obtain a financial product. The financial institution may use the information for the purpose of verifying the authenticity of the driver’s license or identification card, verifying the identity of the individual, or complying with legal requirements. The financial institution must however, delete any copy or image of an individual’s driver’s license or personal identification card after use. Driver’s licenses are frequently used by banks for CIP purposes since they contain several pieces of information needed to verify the identify the person opening the account. This prohibition also applies to other types of identification cards besides driver’s licenses. As a reminder, banks are prohibited from copying military cards, badges, or other insignia.
Question: When a new customer wants to open an account and they show us their military ID for CIP identification purposes, we record the information. We do not photocopy the ID because federal law prohibits it. Does this prohibition apply to other types of identification?
Answer: You are correct. It is illegal to photocopy U.S. military identification cards. Banks can ask to see the ID and record the information on the ID, but not copy it.
Title 18 U.S. Code Part 1 Chapter 33 section 701 states:
Whoever manufactures, sells or possesses any badge, identification card or other insignia, of the design prescribed by the head of any department or agency of the United States for use by any officer or employee thereof, or any colorable imitation thereof, or photographs, prints, or in any other manner makes or executes any engraving, photograph, print, or impression in the likeness of any such badge, identification card, or other insignia, or any colorable imitation thereof, except as authorized under regulations made pursuant to law, shall be fined under this title or imprisoned not more than six months or both.
Not only is it illegal to photocopy U.S. military IDs, this prohibition applies to any U.S. government identification. The penalty for copying these IDs includes being fined, imprisoned not more than six months, or both. This is a safeguard against criminals and terrorists from carrying out acts against the United States. Find more information on the U.S. Department of Defense website. (April 2021)
Question: What are the key requirements of banks under Section 326 of the USA PATRIOT Act?
Answer: The rules were drafted with the intention to facilitate the prevention, detection and prosecution of international money laundering and financing of terrorist activities. The Treasury and Federal Agencies also believe a side-benefit will be a reduction in identity theft. Under Section 326, banks are required to develop a Customer Identification Program (CIP) which:
- Implements reasonable procedures to verify the identity of any person seeking to open an account, to the extent reasonable and practicable;
- Maintains records of the information used to verify the person’s identity; and
- Determines whether the person appears on any lists of known or suspected terrorist organizations provided to banks by any government agency.
Question: How do we handle CIP for joint accounts when only one of the account owners is present at the time of account opening?
Answer: The final CIP rules require that banks obtain and verify the identity of EACH person that opens an account (per the CIP FAQs dated 2005), regardless of whether that owner is present at the time of account opening. This includes individuals using a power-of-attorney or other court documentation for a person who lacks legal capacity. Generally, identifying information includes the following: legal name, physical address, date of birth, identification number (typically a SSN, ITIN, ATIN or EIN). Within a reasonable time after account opening, customer verification must be performed using either documentary or non-documentary methods or a combination of both. If you have all required pieces of information and can perform verification, the account can be opened. However, your Bank may choose to develop an internal policy requiring all account owners to be present at account opening. If this policy is in place and only one account owner is present, the account should be treated a single owner account (until such time the identifying information and verification process can be completed for the non-present accountholder). Keep in mind the FDIC will not qualify the account as a “joint ownership” account for FDIC insurance purposes until signatures of the named owners are obtained on the account agreement. Banks may consider gathering as much information as possible from the individual opening the account on the owner who is not present, then releasing the account contract for notarized signatures and W-9 certification. Upon receiving the signed contract back, the bank could then use a non-documentary verification tool to verify the identity of the customer who was not present.
Question: We are struggling to implement our bank’s CIP provisions when opening accounts for local organizations that are not formalized — like a bowling league or group organizing a class reunion. Who do we obtain the name, address, identifying number and date of birth on: the person opening the account or the group itself? What if the group does not have a tax identification number?
Answer: While collecting information from individuals is relatively easy, many banks struggle with whose identity to verify when a new account is opened for a social club, such as a bowling league or similar group that is not a legal person. The Bank Secrecy Act’s customer identification program (CIP) provisions require institutions to collect and verify identification information on a “customer” when opening an account.
Under the BSA, a “customer” for CIP purposes includes a person who is opening an account for an individual who lacks legal capacity, such as a minor or an entity that is not a legal person.
So, if a person is opening an account for a social club, bowling league or similar group that is not a legal person, the person whose identity must be verified is the individual who opens the account on behalf of the social club. The person opening the account should not be listed as the “owner” of the account, rather the deposit account agreement should reflect this person is the authorized signor on the account. It is important to note the club does need its own tax identification number. The bank should NOT use the tax ID number of the person opening the account! Rather the club or group should apply for its own tax ID number for banking purposes.
Question: Who is the “owner” of a Uniform Transfer to Minor Act account (IA UTMA) – the minor child or the custodian? We are not sure who we should verify the identity of for CIP purposes.
Answer: The child is the owner of the funds, but the custodian is the only person who has transaction authority over the account and the custodian must open the account on behalf of the minor child beneficiary. The CIP rules require the bank to identify and verify the identity of the “customer” entering into a continuing relationship with the bank. The CIP rule provides that a “customer” generally is “a person that opens a new account.” Thus, when an account is opened by an individual who is acting as “custodian,” the custodian is your customer and you must obtain the requisite four items of identity information (name, street address, TIN and DOB) from the custodian and verify the custodian’s identity. Of course you will still need to get the name and TIN of the minor child for tax reporting purposes and to comply with FDIC regulations to provide for appropriate insurance coverage.
Question: As part of our CIP procedures, we accept a major credit card as a secondary form of identification. We have been documenting the type of card, card issuer, card number and expiration date. However, an internal auditor recently advised us to stop recording the card number and expiration date, citing Iowa law prohibiting recording of this information. Do you have any additional information about Iowa’s prohibition on recording credit card numbers for identification purposes?
Answer: Iowa Code Section 537. 8101 prohibits recording the account number and expiration date of credit cards as a condition for cashing checks or when used for identification purposes. Essentially, the only information you can record for CIP purposes are the issuer and the type of card, for example, “UMB MasterCard’” or “US Bank Visa,’” etc. Nothing in Iowa’s law prohibits a person (such as the bank) from requesting a card holder to display the card for identification purposes, so your CIP procedures may still allow for the acceptance of a credit card as a secondary form of ID; simply change your procedures to record only the type of card and the issuer.
Question: We recently heard about a program called Safe at Home. What is Safe at Home?
Answer: Safe at Home (SAH) is an address confidentiality program, administered by the Iowa Secretary of State (SoS) office. This program is for people who are victims of various types of abuse, including but not limited to, domestic violence, sexual abuse, human trafficking, or stalking. The program allows the participants to use a substitute address for their mail and other items to conceal where they live.
Participants’ mail is sent to the office of the SoS. The address assigned to the participant includes a PO Box, apartment number, and a street address. The whole address must be used to send mail to a participant. Program staff sort and forward mail to the participant based on apartment number.
Several other states offer similar programs. Programs vary from state to state. If your bank has branches in other states that offer this type of program, review the laws in those states. Click this link to see a map of the states with an address confidentiality program. To see more information on these programs, click this link.
Question: Who is eligible to participate in SAH?
Answer: To be eligible for the program, a person must be:
- A resident of Iowa,
- Adults who are a victim of domestic violence, sexual assault, human trafficking or stalking, any person living in the same home with the victim, any minor, or an incapacitated person who fears for their safety, and
- Have filed a petition or a criminal complaint against their offender.
Effective July 1, 2021, SF342 (Back the Blue Bill) expanded the definition of “eligible person” to include:
- Currently active or retired state or local judicial officers, federal judges; their spouse and children;
- Currently active or retired state or local prosecuting attorney; their spouse and children; and
- Currently active or retired peace officer, civilian employees of law enforcement; their spouse and children.
To participate, an application must be completed and submitted to the SAH office.
Question: How does the SAH program relate to banking?
Answer: Prior to opening an account for consumers who are new to the bank, the Bank Secrecy Act requires banks to collect personal identification information, including the person’s address. SAH provides participants with an address that includes a street address, PO Box, apartment number, city, state and zip code. The person may present a card that shows their participation in SAH and the address provided by SAH. SAH links the apartment number to the participant. The assigned street address and PO Box provide additional layers to hide the actual address of the participant and is acceptable as a valid address for BSA purposes. In most cases, the SAH address will also be used on the participant’s driver’s license or state ID.
Question: If a SAH participant wants to open an account, how can we verify their enrollment in SAH?
Answer: Participants receive a card with all of the relevant verification information. Banks can also call the SAH corporate office at (515) 725-7233, or email SafeAtHome@iowa.gov. Staff can verify participation, but cannot give out other information.
Question: What address do we use for our CIP (Customer Identification Program)?
Answer: Two addresses will be used related to SAH participants. The address of the sponsoring agency (SoS) will be used for CIP purpose as the participant’s legal address. FinCEN issued ruling FIN-2009-R003 on address confidentiality programs that states the address used for CIP purposes is the address of the agency sponsoring the address confidentiality program. For Iowa, the address of the SoS is:
Iowa Secretary of State
321 E 12th Street
Des Moines, Iowa 50319
The separate address used for mailing documents is the address printed on the participant’s SAH program card:
SAH Participant Name
PO Box 959
899 E. 12th St., APT XXXX
Des Moines, IA 50304
The apartment “XXXX” is the number assigned to the participant by SAH.
Question: Can we photocopy the driver’s license of SAH participants for CIP?
Answer: SAH staff indicated that, for confidentiality purposes, the program card and the SAH participant driver’s license should not be photocopied. The bank should instead document the information from the card on the bank’s CIP form.
Question: Can eligible persons have their name redacted from public records found at the county courthouse?
Answer: SF342 states that upon request by SAH participants, the assessor or assessor’s staff must redact the participant’s name from electronic documents that are accessed through an internet site. In addition, peace officers, civilian employees of law enforcement agencies, state or federal judicial officers, state or federal prosecutors can request redaction of their name from electronic documents without participating in SAH.
Former peace officers and civilian employees of law enforcement agencies also can request redaction of their name from electronic documents upon presentation of evidence that it serves a compelling safety interest by doing so.
Question: Where can we find more information on Safe at Home?
Answer: The program’s website is safeathome.iowa.gov. Program resources, applications, FAQs and other information is on the website. Email address is SafeAtHome@iowa.gov. Phone number for the program is 515.725.SAFE (7233). Safe at Home is based on Iowa code 9E, called Address Confidentiality Program. Use this link to access Iowa code 9E.