It looks to me like the PATRIOT Act requires that banks both verify the identity of account holders and maintain a record of identifying information:
SEC. 326. VERIFICATION OF IDENTIFICATION.
(a) IN GENERAL.—Section 5318 of title 31, United States Code,
as amended by this title, is amended by adding at the end the
following:
‘‘(l) IDENTIFICATION AND VERIFICATION OF ACCOUNTHOLDERS.—
‘‘(1) IN GENERAL.—Subject to the requirements of this sub-
section, the Secretary of the Treasury shall prescribe regula-
tions setting forth the minimum standards for financial institu-
tions and their customers regarding the identity of the customer
that shall apply in connection with the opening of an account
at a financial institution.
‘‘(2) MINIMUM REQUIREMENTS.—The regulations shall, at
a minimum, require financial institutions to implement, and
customers (after being given adequate notice) to comply with,
reasonable procedures for—
‘‘(A) verifying the identity of any person seeking to
open an account to the extent reasonable and practicable;
‘‘(B) maintaining records of the information used to
verify a person’s identity, including name, address, and
other identifying information; and
‘‘(C) consulting lists of known or suspected terrorists
or terrorist organizations provided to the financial institu-
tion by any government agency to determine whether a
person seeking to open an account appears on any such list.
There is no way, nor really should there be, to get around these regulations given their focus on terrorism and the hangover that remains since 9/11. At the same time, it isn’t specific as to what they have to have - is this something the industry just figured out over time? That is, if the regulators have not determined exactly what the banks are required to have then is it up to them? If that is the case, then how do they figure out what to do other than by copying each other? If this is the case then which organization ultimately determined the required information?
The other question is what it means to “maintain records.” I am sure that this is interpreted as records that they own and protect to make sure that they can tie things together. That gets troublesome when all the information ends up in the hands of the front office, who are moving around a lot (particularly in retail). Had this information not been available at WFC then the rogue employees could never have opened new accounts on behalf of the customers. This was true when I was at JPM - I could see the SS# of my clients even though ostensibly there was no need for this. I never used it to verify the identity of a caller.
The other reason that this data exists is because they want to use it to market new products to people using the data-driven models they’ve built over the last 20 years. This is both a business-line and cross-selling effort - credit card databases are potentially quite useful for identifying people with large spending habits, which you might think would correlate with wealth. The big banks certainly think so.
I guess it isn’t important to start by disrupting this marketing machine the banks have built. The fight seems larger than the prize. But the first step, which can be an easier way to communicate the information… that should be doable.
No comments:
Post a Comment