ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

ABA Compliance Center Inbox, November/December 2017

October 9, 2017
Reading Time: 3 mins read

Q: Can I keep a copy of a customer’s ID on file? I am working for a new bank and am being told that Section 326 of the Patriot Act (the Customer Identification Program rule) requires that banks keep a copy of the ID that the customer provided. I have heard that many small banks such as ours keep the copy in the loan file and cite the Patriot Act. According to my peers, the examiners have not questioned this practice. Is this acceptable?

A: The CIP rule requires the bank to collect certain pieces of information about a customer and then verify the customer’s identity. The rule then requires that the bank keep the information, name, physical address, date of birth and ID number such as a social security number or taxpayer identification number. It must also retain information about how it verified the identity. All of this will be set forth in the written CIP policy approved by the bank’s board of directors.
See the CIP overview section in the FFIEC Bank Secrecy Act Examination Manual:

A bank’s CIP must include recordkeeping procedures. At a minimum, the bank must retain the identifying information (name, address, date of birth for an individual, TIN, and any other information required by the CIP) obtained at account opening for a period of five years after the account is closed. For credit cards, the retention period is five years after the account closes or becomes dormant. The bank must also keep a description of the following for five years after the record was made:

  • Any document that was relied on to verify identity, noting the type of document, the identification number, the place of issuance, and, if any, the date of issuance and expiration date.
  • The method and the results of any measures undertaken to verify identity.
  • The results of any substantive discrepancy discovered when verifying identity.

For many banks, the easiest way to demonstrate compliance is to retain a copy of the customer’s driver’s license. And, there are certain teller software packages that use the driver’s license to identify the customer. However, while that complies with CIP, the question is what about Regulation B and the Equal Credit Opportunity Act.

This is a situation where there is a conflict between two regulations. Reg B generally prohibits collection of information about a customer’s race, ethnicity and gender for non-mortgage loans. The problem is that if you have a copy of driver’s license in the file, you have a picture which will indicate race and gender and the surname may indicate ethnicity. Also—it is illegal in some states to make a copy of driver’s license and it is illegal under federal law to make a copy of any government or military ID.

One solution that some banks have used in states where it’s permissible to keep a copy of a driver’s licenses is to create a firewall or barrier so that the bank’s lenders and underwriters do not have access to the files where the copy of a customer’s driver’s license is maintained. This is important if the bank does keep copies of a driver’s license in customer files.

Importantly, nowhere in Section 326 does it state that you must keep a copy of the identification provided. In fact, during the comment period for the final rule, the agencies discussed whether to require financial institutions to make a copy of the consumer’s identification but decided against it. The final regulation states that banks must keep the information and a description—not the documents themselves. The information on a driver’s license, for example, would be the name of the document (driver’s license), issuing party (state of X), issue date and expiration date. For a passport, a bank would retain the information relating to the country, issue date and expiration date. (Response provided July 2017.)

Answers are provided by Leslie Callaway, CRCM, CAFP, director of compliance outreach and development; Mark Kruhm, CRCM, CAFP, senior compliance analyst; and Rhonda Castaneda, CRCM, compliance analyst, ABA Center for Regulatory Compliance. Answers do not provide, nor are they intended to substitute for, professional legal advice. Answers were current as of the response date shown at the end of each item.

ADVERTISEMENT
Tags: Bank Secrecy ActECOAKnow your customer
ShareTweetPin

Related Posts

OCC releases Q3 bank trading revenue report

OCC report: Banking system sound, key risks highlighted

Compliance and Risk
June 30, 2025

The strength of the federal banking system remains sound, the OCC reported in its most recent semiannual risk perspective report. The report covers risks facing national banks, federal savings associations, and federal branches and agencies based on data...

2025 bank marketing trends

ABA Viewpoint: Toward a smarter framework for bank asset thresholds

Compliance and Risk
June 30, 2025

Indexing regulatory thresholds for growth makes sense. Here’s how to do it most effectively.

Fighting fraud on the frontline

Fighting fraud on the frontline

Compliance and Risk
June 30, 2025

Customer inquiries and complaints are important tools for detecting scams, but structural barriers in the bank may prevent them from being fully utilized.

Treasury names FinCEN director

Banking agencies allow banks to collect CIP data from third parties

Compliance and Risk
June 27, 2025

The order permits banks to obtain TIN information from a third party rather than the customer as long as the bank otherwise complies with the customer identification program rule.

Mutuals Ion Bank, NVE Bank plan merger

ABA Viewpoint: Banking has changed, and so should the rules around bank mergers

Compliance and Risk
June 27, 2025

Three decades on, the test for bank mergers no longer reflects the competitive marketplace.

BIS: Stablecoins fail as ‘sound money’

BIS: Stablecoins fail as ‘sound money’

Compliance and Risk
June 27, 2025

Stablecoins as a form of sound money fall short, and without regulation pose a risk to financial stability and monetary sovereignty, according to a recent report by the Bank for International Settlements.

NEWSBYTES

HUD rescinds several regulatory requirements for FHA-backed mortgages

July 1, 2025

Louisiana-based Investar inks deal for Wichita Falls Bancshares in Texas

July 1, 2025

Banking groups urge regulators to prioritize indexing of supervisory asset thresholds

July 1, 2025

SPONSORED CONTENT

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

July 1, 2025
AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025

PODCASTS

Podcast: Inside ABA’s new Treasury Check Verification System API

June 25, 2025

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.