The Baltimore Sun (Maryland)
Beginning next month, your word and a handshake will no longer be good enough to open a new bank or brokerage account.
New USA Patriot Act regulations designed to thwart terrorist financing require financial institutions to retain more personal data on their customers and to take rigorous steps to verify their identities.
The measures are the latest regulations that some experts say are costing the industry hundreds of millions of dollars and increasingly casting bankers in the uncomfortable role of beat cop in the fight against terrorism.
Many financial firms collect such information, but the new regulations increase reporting requirements and require companies to step up their procedures and recordkeeping.
Customers who supply inaccurate birth dates, Social Security numbers or other personal data could have their account application denied or their funds frozen, a prospect that has added to criticism that regulations related to the Patriot Act of 2001 go too far in prying into the personal lives of consumers.
The growing regulatory burden falls hardest on small community banks, which lack automated systems and often market themselves on the promise of friendly service and close relationships with their customers.
“At first, customers were very offended, particularly if it’s a customer coming in who you’ve already done business with, and they want to open a new account and you’re saying, ‘I want to see your driver’s license,’ and they’re like, ‘What are you talking about?'” said Carolyn Mroz, president of Bay-Vanguard Federal Savings Bank, a tiny $86 million institution with three branches in Baltimore. Bay-Vanguard started complying with the new regulations ahead of the Oct. 1 deadline.
Like Bay-Vanguard, most companies will require a driver’s license or other identification as part of the verification. Companies also must check customer names against lists of suspected or known terrorists and money launderers.
“Financial institutions are digging into personal information to effectively test consumers to make sure they are who they say they are, and the concern is that we have so little control over our private information that every time we open the door a little, so much more information escapes,” said Doug Heller, a senior consumer advocate for the Foundation for Taxpayer and Consumer Rights.
Many banks and mutual fund companies say those concerns are unfounded. Customer verification is mostly done using existing sources, they said.
“We are going to continue doing the same things we’ve been doing all along,” said Doug Fischer, vice president and corporate compliance officer for M&T Bank Corp. The Buffalo, N.Y.-based bank will post signs letting customers know about the new identification requirements. The verification of customer identities will be accomplished mostly behind the scenes, using sources that the bank has used for years, he said.
But as banks and brokerages reassure their customers, many are trying to stay ahead of regulations implemented by the Treasury Department and the Securities and Exchange Commission as part of the Patriot Act.
Existing anti-money-laundering rules require companies to step up the monitoring of accounts for signs of suspicious activity, prompting many large institutions to spend heavily on sophisticated software that searches financial transactions for signs of a terrorist’s calling card.
TowerGroup, a financial industry consulting firm, estimates that the brokerage industry will spend $ 700 million to meet Patriot Act requirements. Industry analysts said it’s too difficult to estimate how much banks are likely to spend.
Software companies and vendors are pushing their wares on the industry with a fervor not seen since the year 2000 computer crisis in the late 1990s. Software packages aimed at screening customer data for suspicious activity can cost a few thousand dollars to more than $ 6 million.
“It gets very sophisticated because the bad guys are well aware of all the tricks and of all the ways the tricks are found, so it’s a constant cat-and-mouse game,” said Robert A. Iati, director of research for TowerGroup.
The software is effective but not always perfect, Iati said. There is always the chance that an innocent transaction will be flagged as suspicious.
“Somewhere along the line, there will be people that feel intruded upon ,” he said.
A senior Treasury Department official played down that concern and disputed TowerGroup’s estimate of industry costs, saying the rules give financial companies wide latitude in meeting the requirements and don’t require the use of new technology. Regulators will be flexible in their enforcement, he said, giving companies time to figure out how to improve their procedures to confirm customer identities.
Many large institutions use third-party vendors to verify customer identification and have in-house computer systems that make tracking customer accounts easy, industry officials said.
“The banks in general are already doing a lot of what the Patriot Act requires,” said John Byrne, senior counsel and compliance manager for the American Bankers Association, an industry trade group.
T. Rowe Price, a Baltimore mutual fund company, has created account applications to comply with the new requirements. It contracts with an outside vendor that verifies customer information by tapping into credit reporting databases.
The company has trained its staff on the requirements and has added a few staff members to review the data and resolve any discrepancies that arise as a result of the additional checks.
“It will create more work, but for the most part we are using existing employees,” said Laura Chasney, T. Rowe Price’s associate legal counsel.
Mroz said Bay-Vanguard has devoted dozens of staff hours to complying with the Patriot Act. First, bank officials had to study the regulations and formulate new policies. Then, the staff had to be trained.
It doesn’t stop there. Every time the Treasury Department puts out a list of suspected terrorists or terrorist organizations, the bank’s security officer must manually search thousands of records to determine whether any of the names match.
Though banks have always been obligated to help the government catch money launderers, the list of suspects has grown since the Sept. 11, 2001, terror attacks, and the potential penalties for letting one slip by have increased to at least $ 1 million.
On one occasion, a Bay-Vanguard staffer took three days to check every name on the government’s list. He was back at it last week, when a new list was issued by the Office of Foreign Asset Control. “It’s nonproductive work,” Mroz said. “It doesn’t make you one red penny.”
Dan Canon, chief executive of Centerville National Bank, said most community bankers support efforts to thwart terrorists. But the volume of recordkeeping is onerous, he said. And the benefits and costs of the new regulations are often debated in the bank’s lunchroom.
“At what price do we get security?” he said. “How many civil liberties do we give up, if any? We’re really accustomed in this country to being able to come and go and do as we please.”