Several new regulations, including Check 21, Gramm-Leach-Bliley and the USA Patriot Act, have emerged over the past few years and directly affect the document management processes of financial institutions. These regulations among others have increased the need for document management technologies to aid in compliance.
For Financial Institutions, including persons involved in real estate settlements and closings, one leading compliance regulation that must be addressed is the USA Patriot Act. Understanding the rules and regulations surrounding the USA PATRIOT Act is a necessary component of any compliance program.
What is the USA Patriot Act? The USA PATRIOT Act stands for Uniting and Strengthening America by Providing Appropriate Tools Required to intercept and Obstruct Terrorism. The act was signed into law by President Bush on October 26, 2001. It grants the government broad, new powers in the war on money laundering and the financing of terrorist activity.
The Patriot Act requires that all financial institutions implement a customer identification program (CIP), as well as a money laundering program. The Act is designed to implement requirements regarding the reporting of potential money laundering transactions to proper authorities, to deter and punish the use of the U.S. financial system by terrorists in the United State or abroad, and to provide guidance to U.S. financial institutions in the form of appropriate regulation and the integrity of their employee population. The Act also ensures the forfeiture of assets in connection with the government’s anti-terrorist efforts post 9/11.
The USA Patriot Act & Records Management With the passage of the Patriot Act, the importance of proper document management and record keeping needs to be a top priority with businesses. The Patriot Act reinforces the reality that any paper or electronic data management program should garner top priority for corporate leadership and corporate governance.
The Patriot Act requires the Secretary of the Treasury to prescribe regulations “setting forth the minimum standards for financial institutions and their customers regarding the identity of the customer that shall apply in connection with the opening of an account at a financial institution.” The CIP must include procedures for making and maintaining a record of all information obtained.
Requirements involve the development of a compliance program with accompanying internal policies and procedures, including ongoing training and support for personnel. Organizations may be subject to independent or random reviews by multiple regulatory agencies, it is important to establish a comprehensive program.
What are the record-keeping requirements under the USA Patriot Act and what are the regulations?
The Act and the regulations require a financial institution to maintain a record of the following:
a) Required identifying information provided by the customer,
b) A description of any documents they used to identify the customer,
c) Information on any non-documentary methods to identify the customer if such methods were used,
d) Information on additional verification methods used for customers in which standard methods were unable to verify the customer’s identity (“additional methods”), and
e) Information regarding how the financial institution resolved any discrepancies found in the information obtained from its customers.
The required identifying information must be maintained for five years after the date the account is closed (or dormant or closed for credit card accounts). The information in sections “b” through “e” above must be maintained for five years after the record is made. And financial institutions are permitted to use electronic records to satisfy these requirements. This record-keeping requirement generally reflects usual and customary business practices. Financial institutions already must keep similar records to comply with existing requirements in 31 CFR Part 103.