The San Francisco Chronicle
Shortly after he graduated from college in May, French Clements of San Jose tried to open an online brokerage account with Harrisdirect, where his stepfather has an account.
A day after he completed the online application, however, he got a brief e-mail from Harrisdirect saying, “We regret to inform you that we are unable to approve your application at this time: The customer’s identity not properly authenticated per the USA Patriot Act.”
Clements was stunned, and so was his mother, Alayne Yellum. “Maybe they don’t like people named French,” she says.
Changing his first name to Freedom would not help.
Clements is an unintended victim of Section 326 of the Patriot Act, which requires financial institutions to:
– Verify the identity of anyone opening an account.
– Maintain records of the information used to verify the person’s identity.
– Determine whether the person appears on any list of known or suspected terrorists or terrorist organizations.
– Banks, savings and loan associations, credit unions, securities brokers, mutual funds and futures merchants must comply with the act by Oct. 1. Many firms, such as Harrisdirect, are already doing so.
– Eventually, other companies that open accounts may have to comply, including casinos, pawnbrokers, insurance companies, money-transfer agents, auto dealers, real estate companies and some telecommunications firms.
Section 326 of the Patriot Act, passed in October 2001, is designed to “ensure that all financial institutions are appropriately identifying customers to guard against money laundering and the financing of terror,” says a U.S. Treasury Department official who would not be identified. Preventing identity theft is an auxiliary benefit.
That’s a laudable goal, but complying with the law will cost companies a small fortune.
“It’s very expensive. The numbers are extremely large,” says Alan Sorcher, associate general counsel for the Securities Industry Association.
Some of the costs will be passed along to consumers.
Consumer advocates also fear the Patriot Act will give companies another reason to invade privacy and prevent some people without criminal intent from opening accounts.
“This ranges between stupid, insidious and dangerous,” says Doug Heller, a senior consumer advocate for the Foundation for Taxpayer and Consumer Rights.
HOW IT WORKS
The law applies only to new account holders, not existing ones.
It requires financial institutions to collect at least four pieces of information from prospective customers: name, street address, date of birth and a taxpayer identification number, such as the Social Security number.
Institutions have been collecting all or most of this information for years, but now it’s required.
Next, the institution must verify that new customers are who they say they are through “documentary evidence,” such as a passport or driver’s license, or through “non-documentary evidence.”
If a customer walks into a bank or brokerage office with a valid driver’s license and tries to open an account with $10,000, the institution probably won’t ask for more information.
When a customer tries to open an account online or over the phone, things get complicated.
Many online brokers are trying to verify applicants’ identity by cross-checking the information they provide with credit bureaus and other external databases.
“We know how many mistakes are in credit reports. If that’s where they’re getting information, we’re all in trouble,” says Emily Whitfield, a spokeswoman for the American Civil Liberties Union.
CLEMENTS’ STORY
At Harrisdirect, prospective customers must give the brokerage firm permission to access their credit report.
At the end of the online application, customers are asked four multiple-choice questions drawn from their credit report at Equifax, one of three major credit bureaus.
They might be asked which bank holds their home loan and the size of their monthly payment. If they answer incorrectly, they could be rejected.
After Clements was spurned, he called Harrisdirect. A service rep said he must have answered the questions from his credit report wrong. But Clements says he never saw any questions from his credit report.
He applied a second time. Again he saw no questions from his credit report, and again he got an identical rejection citing the Patriot Act.
I called Harrisdirect on his behalf. Executive Managing Director Mike Hogan looked into Clements’ application and said he must have bungled the credit report questions.
When I said Clements never saw those questions, Hogan said that was next-to-impossible.
“We’re happy to see if there was a burp in the system that caused this problem,” he said. “I’d be pretty surprised if that was the issue.”
Later, a spokeswoman from Harrisdirect called back with a new explanation: “The address he was using did not match what was in his history with Equifax, so he didn’t get the four questions.”
After graduating from Fordham University in New York, Clements recently moved back to San Jose.
“He never got to the authentication because his address didn’t compute,” says John Ford, chief privacy officer with Equifax. “I regret that this gentleman wasn’t able to get what he wanted, but we have an obligation under the law to make sure people are who they say they are. There are a lot of fraudsters out there.”
Hogan says people who are rejected online can mail in a copy of their license or passport to verify their identity. Clements says Harrisdirect never suggested that.
Clements, 22, has $3,000 to invest and hoped to start a retirement plan.
Now, “part of me just wants to take my money and put it a paper bag under the mattress,” he says. “Part of me wants to go to a different firm. But what are they going to do? Check the same Equifax? It’s a little scary knowing they have this much power over my finances, especially for such a lame reason — a wrong address.”
A PERSONAL NOTE
I went to Harrisdirect’s Web site to open an account. I did get four questions, supposedly from my credit report, but none made sense.
It said I took out an auto loan around May 2000 and asked me to name the lender and the term. I haven’t had a car loan in more than a decade.
It said I took out a home loan in March 2000 with one of four banks. One is my current lender, but it wasn’t my lender in March 2000.
Confused, I answered “none of the above” to all four questions.
A second later, I had an account with Harrisdirect.
I asked Hogan about my experience.
“You got the placebo effect,” he says. “They don’t present real questions to everyone.”
I asked half a dozen other financial institutions how they are complying with the Patriot Act, but none would divulge how, exactly, they are verifying identities.
“It’s proprietary in some respects,” says Glen Mathison, a spokesman for the broker Charles Schwab. Also, “it’s not good to show a road map” to terrorists and money launderers, he says.
“There have been accounts that we have not opened” as a result of the Patriot Act, Mathison says, but he would not say why the applicants were turned down.
Heller, the consumer advocate, wonders whether companies will use the information they obtain doing “homeland security” work to sell some people more products or to avoid customers they’d rather not have.
“Obviously, you want to make sure that people aren’t using false identities. But when a corporation is allowed to go into your personal financial information, what protection do we have that they are not using that information beyond its stated purpose?” he says.
