RSK.IQ Question of the Week 1/16/18

CIP and Photo ID


The Bank’s CIP requires a photo ID to be obtained from the borrower in order to verify the borrower’s identity. Such identification discloses the borrower’s race and gender. When can a photo ID be obtained, in order to avoid the appearance of using such information in violation of Regulation B’s prohibition against discrimination?

Response Summary

If allowed by its CIP, the Bank can obtain a copy of a photo ID prior to closing, but must not use it for any improper purpose. The Bank should keep the copy of the photo ID separate from its credit file, to avoid the implication that it has relied on the information provided by it for an improper reason.

Response Detail

Under Section 326 of the USA PATRIOT Act, each bank must implement a written Customer Information Program (“CIP”) that is appropriate for its size and type of business and includes certain minimum requirements.

The CIP is intended to enable the bank to form a reasonable belief that it knows the true identity of each customer. It must include account opening procedures that specify the identifying information that will be obtained from its customers. It must also include reasonable and practical risk-based procedures for verifying the identity of a customer.  12 CFR §1020.220(a).

The methods for verifying the identity of a customer will be documentary or non-documentary, or some combination of both. When verification is through documents, the documents prescribed by the CIP may include, for an individual, an unexpired, government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard. A driver’s license or passport is an example of such a form of identification. 12 CFR §1020.220(a)(2)(ii)(A)(1).

The CIP rule provides that verification must be done within a reasonable time after the account is opened. 12 CFR §1020.220(a)(ii). This does not preclude a bank from verifying the identity of a customer prior to account opening, but only indicates that the verification cannot be later than a reasonable time after account closing.

Prior to the implementation of the CIP rule, banks often obtained copies of photo IDs as a means of verifying that the person signing the account documents was indeed the customer, and that the form of the customer’s name used on the documents was correct.

Where loans were concerned, this sometimes posed a problem with the federal regulators because the photograph on the identification necessarily disclosed the gender and race of the customer. Under Regulation B, a bank may not consider such characteristics in making a credit decision and may not collect information regarding them, except for government monitoring purposes with respect to loans secured by a lien on the principal residence of the applicant. 12 CFR §1002.13(a). The presence of such identification in the credit or application file implied that the bank had considered those characteristics in making its credit decision and had retained information concerning them, even when not permitted by the regulation.

As a practical matter, many examiners would allow copies to be made of photo IDs, provided that they were kept in a file separate from the credit or application file, while some preferred that the bank only review the photo ID and make a record of what it was.

With the implementation of the CIP rule, a bank is permitted to keep copies of identifying documents that it uses to verify a customer’s identity. In addition, it may also have procedures to keep copies of documents for other purposes, such as facilitating the investigation of potential fraud. Nonetheless, a bank should be mindful that it must not improperly use any document containing a picture of an individual, such as a driver’s license, in connection with any aspect of a credit transaction. Frequently Asked Questions Related to Customer Identification Program Rules issued by FinCEN, Federal Reserve, FDIC, NCUA, OCC, and OTS, April 28, 2005.

If allowed by its CIP, the Bank can obtain a copy of a photo ID prior to closing, but it should follow the old practice of keeping the copy apart from its credit file, to avoid any implication that it used the information provided by it for an improper purpose.

There is one form of photo ID, however, which a bank may not photocopy:  a U.S. government identification card, such as a military ID. 18 U.S.C. §701. In such case, a bank should review the identification and make a record of what it was.

This entry was posted on Tuesday, January 16th, 2018 at 6:00 am.

Leave a Reply

Your email address will not be published. Required fields are marked *