This article elaborates on ‘Primary And Secondary Non-Documentary Verification: Solid CDD/KYC Protocols’. An organization that utilizes non-documentary means to verify a customer’s identification must have protocols in place that outline the methods it employs.
Such means include contacting a customer, independently verifying the customers’ identities by comparing the information provided by the customer with information obtained from a consumer reporting agency, checking the public database or another source, checking references with other financial institutions, and obtaining a financial statement.
Situations that need to be addressed
If an organization uses non-documentary methods to verify a customer’s identity, its procedures must address situations in which: an individual cannot present an unexpired government-issued identification document with a photograph or other safeguard, the bank is unfamiliar with the documents presented, the account is opened without obtaining documents, if the customer opens the account without appearing in person at the bank, and if the bank is otherwise unable to verify the customer’s identity.
One of the options a bank may use to authenticate a customer’s identification is to attain an electronic credential, such as a digital certificate. The CIP rule, on the other hand, requires the bank to have reasonable confidence that it knows the customer’s genuine identity. As a result, the bank, for example, is responsible for ensuring that the third party employs the same degree of authentication as the bank.
A bank must verify the identity of a sole proprietorship that opens a new account when there are no documents or non-documentary methods that will establish the identity of the sole proprietorship.
As a primary verification procedure, to verify the identity of a sole proprietorship, when there are no documents or non-documentary methods are used, the bank must undertake additional verification by obtaining information about the sole proprietor from the regulatory authority where the sole proprietorship is registered. The information to be asked may include the registered name, business address, date of birth of the sole proprietor, and tax number.
As a secondary method, to verify the identity of the sole proprietor, the bank may obtain additional information from reliable public sources, by performing general internet research or by running negative media checks for the sole proprietor.
A bank should verify the identity of a partnership that opens a new account when there are no documents or non-documentary methods by undertaking additional verification by obtaining information about the identity of any individual with authority or control over the partnership account to verify the partnership’s identity.
As a secondary means, the CIP must include procedures for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations issued by any federal government agency and designated as such by the Treasury in consultation with the federal functional regulators.
The procedures must require the bank to make such a determination within a reasonable period after the account is opened or earlier if required by another federal law or regulation or Federal directive issued in connection with the applicable list. The procedures must also require the bank to follow all federal directives issued in connection with such lists. Banks will receive notification by way of separate guidance regarding the list that must be consulted for purposes of this provision.
Relying on the performance of an affiliate
The bank’s CIP may include procedures specifying when a bank will rely on the performance by another financial institution (including an affiliate) of any procedures of the bank’s CIP concerning any customer of the bank that is opening, or has opened, an account or has established a similar formal banking or business relationship with the other financial institution to provide or engage in services, dealings, or other financial transactions, provided that such reliance is reasonable under the circumstances, and the other financial institution enters into a contract requiring it to certify to the bank annually that it has implemented its AML program, and that it will perform (or its agent will perform) the specified requirements of the bank’s CIP
The CIP rule does not alter a bank’s authority to use a third party, such as an agent or service provider, to perform services on its behalf. Therefore, a bank may arrange for a third party, such as a car dealer or mortgage broker, acting as its agent in connection with a loan, to verify the identity of its customer. The bank can also arrange for a third party to maintain its records. However, as with other responsibilities performed by a third party, the bank is ultimately responsible for compliance with the requirements of the CIP rule. Examiners should refer to their agency’s relevant guidance and requirements for such third-party relationships.
A company that uses non-documentary means to verify a customer’s identification must have procedures in place that outline the methods it employs include contacting a customer, independently verifying the customers’ identities by comparing the information provided by the customer with information obtained from a consumer reporting agency.