CIP and Signers for Municipal Accounts

Issue/Inquiry

The Bank would like to open deposit accounts for a new municipal customer. Typically, when an account is opened for a business customer, the Bank will collect Customer Identification Program (“CIP”) information on the account signers in addition to the customer because this helps identify the signer if they contact the Bank regarding the account. Municipal customers tend to push back against this requirement and may be only willing to provide limited information regarding account signers. What does the law require and what is the best practice in this situation?

Response Summary

The CIP rules do not require the Bank to verify the identity of a municipality or the signers on the account of a municipality. Whether the Bank requires such verification as a matter of policy should be a risk-based decision.

Response Detail

Before we can determine the best practice for the Bank in this situation, the following two questions must be answered:

• Is a municipality considered a “customer” for CIP verification purposes?
• Must the identity of an authorized signer be verified under the CIP rules?

We will discuss the second question first. Under the CIP rules, the identity of a customer must be verified. A “customer” is generally “a person that opens a new account”. This means that the customer will be the named owner of the account, rather than an individual who is authorized to sign on the account but who has no ownership interest in it. In this case, even if a municipality is considered a customer for CIP purposes, since an authorized signer is not considered a customer, the Bank is not required to verify their identity. 31 CFR 103.121(a)(3)(i); FFIEC, FAQs: Final CIP Rule.

Regarding the first question, some entities are specifically excluded from being considered as “customers” by the CIP rules. Such entities include federal, state, local, or inter-state governmental departments, agencies, or authorities. 31 CFR 103.121(a)(3)(B); 22(d)(2)(ii),(iii). For CIP purposes, a municipality is not considered a customer and its identity does not have to be verified.

However, there is a caveat that concerns the CIP policy of a bank. Although the CIP rules establish minimum standards, each bank is required to develop procedures in order to address all relevant risks in verifying the identity of all customers, to a reasonable and practical extent. The minimum requirements should be supplemented by risk-based verification procedures, where appropriate, in order to ensure that the Bank has a reasonable belief that it knows each customer’s identity. These procedures should be based upon the Bank’s assessment of the risk associated with the accounts, the methods of opening accounts, or the Bank’s location, size, and customer base. 31 CFR 103.121(b); FFIEC, FAQs: Final CIP Rule.

A risk-based analysis should consider the following factors:

• The nature and purpose of the customer relationship
• The nature and purpose of the customer’s transactions
• The parties or entities with which the transactions are conducted
• The location of the customer or the transactions
• Conducting ongoing monitoring to maintain and update customer information and report suspicious transactions.

These factors may also be applicable to municipal accounts.

There are also risk-based reasons for obtaining CIP information regarding the signers of a business account, given the nature of the Bank’s relationship with a business customer and the nature and purpose of the transactions conducted by such a customer. However, these reasons do not always justify similar practices for municipal accounts, since the transactions conducted by a municipal customer can tend to be more limited and straightforward than those of a business customer. For example, a municipality would be unlikely to do business with foreign entities or have a purpose that would inherently be high risk, such as the cultivation of marijuana or hemp.

If the Bank already has municipalities as customers, it could analyze the transactions associated with such accounts in order to determine the degree of risk posed by them. The Bank could also determine whether there is a need to verify the identity of the signers of such accounts the same as it would the signers of business accounts.

From anecdotal evidence, it does not appear that the CIPs of most banks require the identity of a municipality or its signers to be verified. Requiring such information may restrict the number of municipality customers that the Bank has. Nevertheless, whether the Bank wishes to apply CIP standards to municipal accounts or its signers is ultimately a business decision for it to make.

This response is for informational purposes only and is not intended for legal guidance.

This entry was posted on Monday, February 24th, 2020 at 6:00 am.