Subpoena to Get Documents from a Credit Card Company in New Jersey

Document Sample
Subpoena to Get Documents from a Credit Card Company in New Jersey Powered By Docstoc
     Training Guide

         AUGUST & SEPTEMBER 2003

                                    Page 1 of 25
                                           CUSTOMER IDENTIFICATION
                                                     PROGRAM (CIP)
                                              COMPLIANCE TRAINING

Agenda Topics:
•   Bank Secrecy Act & Anti-      What Every Employee Should Know About Suspicious Activity
    Money Laundering              Reports; What is suspicious? Know Your Customer and CIP.
                                  Money Laundering Terms: Placement, Layering, Integration.

•   OFAC                          General overview of the requirements - What does it mean to me?
                                  What do I do if I get an OFAC Hit?

•   Customer Identification       CIP is a component of the Company’s BSA & AML program. Learn
    Program (CIP)                 how the CIP program will affect you, and what is required by
                                  October 1, 2003.

•   Privacy                       How does Customer Information Privacy Impact me? What is an

•   Fun & Games                   Do you always COMPLY to the rules? We have made up a game to
                                  test your learning, called Tic Tac CIP, based on the Tic Tac Toe
                                  childhood game.


•   Regulation CC – Funds      For our institution Branch Staff only.
    Availability               Refresher of requirements of Regulation CC. When are my customer’s
                               funds truly available?

                                                                                             Page 2 of 25

The basic purpose of BSA (Bank Secrecy Act) is to create a paper trail for transactions that don’t normally
have one. This information may be useful in investigations of money laundering, tax evasion, and other illegal

One of the most important directives of this Act is a requirement to report any activity that we identify as
suspicious, including in connection with a loan transaction or any other activity that could be considered

Such activity could be, for example, a customer whose transactions do not fit with their profile or whose
transaction activity suddenly or significantly changes.

                                If you observe any suspicious activity, confidentially discuss the situation with your
                                supervisor. You or your supervisor should report it to the BSA Department.

                                The BSA Department is responsible for filing Suspicious Activity Reports (SAR’s).

                                ★    BSA Director/Officer: Lee Roberts

                                Important: An employee and/or the bank can be held personally liable if
                                suspicious activity that we should have been aware of is not reported.

                                Also, we may not inform any person potentially involved in suspicious
                                activity that the activity has been reported. Likewise, we cannot disclose
                                the contents or even the existence of a report to anyone requesting it (even a
                                subpoena). If you ever receive a request, you should decline to disclose
                                anything and inform Fraud Investigation, Audit or Compliance of the request.


•   Bank Secrecy Act and Money Laundering and Check Fraud were the top two reasons why a Suspicious
    Activity Report was filed in 2002.

•   Mortgage Loan Fraud ranked 9th on the list – and in the last six years
    has increased by almost 3 times since 1996.

•   Consumer Loan Fraud ranked 11th on the list – and in the last three
    years has increased almost 3 times since 1996.

•   Commercial Loan Fraud ranked 14th on the list – and in the last six
    years has increased 2.75 times.

•   Refer to the BSA Suspicious Activity Sheet for more details.

                                                                                                              Page 3 of 25
                                      (SUSPICIOUS ACTIVITY REPORTS)

First, filing a SAR is not the equivalent of calling up the FBI and
telling them to investigate a customer. Filing a SAR simply puts
information about the individual and the transaction(s) into a database.

Law enforcement doesn’t pursue every suspicious report. They
look for patterns. If our customer is actually innocent, then the report will
probably never be noticed. It will be about as noticeable as white noise
in the system. But, if our customer is part of a bigger undertaking, our
SAR may be a critical piece of evidence.

    Not filing a SAR when we have a suspicion could later look like we
    were aiding and abetting a criminal. Hindsight tends to see things differently. Remember → if you
    turn a blind eye, you can be held personally responsible…..this is called Willful Blindness. Refer
    to the penalties listed on the BSA Suspicious Activity Sheet for details.

    If, however, you file a SAR, when the customer was truly innocent, you fall under the Safe Harbor
    Rule, of acting in good faith, and cannot be held liable.

    Become familiar with the various stages of money laundering: Refer to FinCen Money Laundering
    Stages Graphic (Instructor comments on: Placement, Layering and Integration) [FinCen Handout].

    What is suspicious? Anything that is not normal or clearly related to the consumer’s reasonable
    banking transactions. If it doesn’t seem right to you…it probably isn’t. In addition, SAR’s must
    be filed for the following:

    ♦   Terrorist Acts of Financing      ♦   Counterfeit Debit or Credit   ♦    Debit Card Fraud
    ♦   Computer Intrusion               ♦   Commercial Loan Fraud         ♦    Defalcation, Embezzlement
    ♦   Check Kiting                     ♦   Consumer Loan Fraud           ♦    Wire Transfer Fraud
    ♦   Check Fraud                      ♦   False Statement(s)            ♦    Mysterious Disappearance
    ♦   Counterfeit Check(s)             ♦   Identify Theft                ♦    Mortgage Loan Fraud
    ♦   Counterfeit Instrument(s)        ♦   Credit Card Fraud             ♦    Bribery/Gratuity
    ♦   BSA, Structuring, or Money       ♦   Misuse of Position of Self    ♦    Other (Describe)
        Laundering                           Dealing

➯   GOOD RULE OF THUMB…..If you think something is suspicious, report it to your supervisor and to the
    BSA Department.

➯   THE MOST IMPORTANT PIECE OF BSA…..Know your customer! [Instructor comments: USA Patriot
    Act and CIP (Customer Identification Program) requirements- Effective 10/1/03……more on this later.

                                                                                                       Page 4 of 25
 EXAMPLE #1: Mr. I. M. Stern is meeting with his lender regarding a business loan. He
 commented several times how well his business is doing and that he will soon have
 completely paid off his personal mortgage loan in just 7 years. You, the lender, know that he
 paid in excess of $500,000 for the beautiful, 7500 sq. ft. beachfront home that he and his
 wife live in. Then Mr. Stern comments that he always takes the first $50 of any of his
 business deals (he sells widgets) and “puts it in his pocket; no need for the IRS to know
 about this….ha, ha….what’s a little money under the table?” Do you have a suspicious

EXAMPLE #2: A business customer presents a purchase contract for a new corporate
headquarters and indicates that he will be making a sizable down payment. He wants a
referral to the bank’s insurance agency, since he will have large amounts of cash to put in
investment grade Single Premium Life Insurance Policies. He completes an application and
reports income that is not nearly sufficient to support the policy. He indicates that he will be
making payments from other sources, but does not wish to list them on the application? Do
you have a suspicious activity?


QUESTION: You just got a Grand Jury Subpoena for one of our loan customers. I know we
can’t let the customer know we got the subpoena- it says so right on the cover letter. But
should we also file a SAR because we got the subpoena? Is there a department that handles
writes, levies, and subpoenas?

                                                                                        Page 5 of 25
FinCen Money Laundering Stages

                                 Page 6 of 25
                                            BANK SECRECY ACT

                        SUSPICIOUS ACTIVITY TIP SHEET

Tidbits: (Based on “The SAR Activity Review” – Trends, Tips & Issues, Issue #4, August 2002, published by
the FinCen’s BSA Advisory Group)

In 1996, 52,069 suspicious activity reports (SAR’s) were filed; in 2001, 203,538 SAR’s were filed.

Since 1996, the most SAR’s were filed in the state of California (201,824), followed by New York (101,764).
Pennsylvania ranked 8th (20,973) and New Jersey ranked 7th (21,323) out of 60 states and territories. In prior
years, New Jersey had ranked 8th. Delaware ranked 12th (16,830) and Virginia ranked 20th (11,258).

The most frequent reason for SAR filings is money laundering and structuring (46%), followed by check fraud

The incidences of identity theft have become the latest trend in reported criminal activity. Identity theft was the
top consumer complaint received by the FTC during 2000, 2001, and 2002. The FTC currently logs 1,700
complaints and inquiries a week related to identity theft.

Tools for Prevention:
   Follow Know Your Customer and BSA Procedures
   Require and Check Identification
   Know What Type and Volume of Activity is Reasonable for Your Customer
   Identify Significant Changes in the Activity of Your Customer
   Use Your Logic – Examples:
       Consider the proximity of the customer’s residence or business to yours. If it is
       distant, determine why the customer is opening an account with you.
       Discovery of a disconnected phone may warrant further investigation.
       Consider the source of funds used to open accounts. Large amounts, especially cash, should be
       Consider the reasonableness of activity based on activity by similar customers/businesses.
   Be Alert for Suspicious Situations

High Risk Businesses
The following are among the businesses that have been identified as high risk because they provide “good
cover” for money launderers:

           Money Transmitters                                 Import / Export Companies
           Accountants, Lawyers                               Notaries
           Political Organizations                            Textile Businesses
           Jewelers, Gems & Precious metal dealers            Leather-Goods Stores, sporting goods stores
           Casinos / Gaming Businesses                        Real Estate Agencies
           Art / Antique Businesses                           Restaurants, hotels and bars
           Religious Organizations                            Consumer Electronic Businesses
           Retail Stores                                      Car / Boat / Plane Dealers
           Travel Agencies                                    Phone Card Businesses
           Check Cashers, casa de cambias (money              Cash intensive businesses such as car washes,
           exchange houses)                                   Laundromats, gas stations
           Auctioneers, Pawn Brokers                          Telemarketers
                                                                                                       Page 7 of 25
                Potentially Suspicious Activity: (These are directly from the OCC’s Handbook on Bank
                Secrecy Act – Anti-Money Laundering)

                   Customer is reluctant or refuses to provide any information requested for proper
   Customer activity that is inconsistent with past historical activity, or with other similar businesses in the
   Insider abuse for any amount (Filing a SAR is required)
   Customer makes frequent transactions in large amounts of currency for no apparent business reason, or
   for a business that generally does not involve large amounts of cash.
   Customer’s stated purpose for a loan does not make economic sense, or they propose that cash collateral
   be provided for a loan while refusing to disclose the purpose of the loan.
   Shared addresses, which are also business locations, by individuals involved in currency transactions.
   Unusual documents that are not easily recognizable or questionable.
   Customer purchases CDs and uses them for collateral for a loan.
   Customer collateralizes loan with cash deposit.
   Fraudulent (or suspected fraudulent) loan activity.
   A mailing address outside the United States.
   Offshore companies, especially those located in bank secrecy haven countries, ask for a loan from a
   domestic U.S. bank or for a loan secured by obligations of offshore banks.
   A large loan is suddenly paid down with no reasonable explanation of the source of funds.
   Use of loan proceeds in a manner inconsistent with the stated purpose of the loan.
   A customer's refusal to provide the usual information necessary to qualify customers for credit or other
   banking services.
   A customer's unwillingness to provide personal background information when opening an account.
   A customer who desires to open an account without providing references, a local address, or identification
   (passport, alien registration card, driver's license, or social security card); or who refuses to provide any
   other information the financial institution requires to open an account.
   Unusual or suspicious identification documents that the financial institution cannot verify readily.
   The discovery that a customer's home or business phone is disconnected.
   No record of past or present employment on a loan application.
   The customer's background is at variance with his or her business activities.
   The customer is reluctant to reveal details about business activities or to provide business financial
   The customer's financial statements differ from those of similar businesses.

Case in Point – It Can Happen Here!
A SAR filed by a financial institution in Pennsylvania led to a joint investigation by the IRS, US Postal Service
and the FBI into a network of Brazilian nationals that used U.S. banks to launder the proceeds from stolen
checks. Checks for individuals and companies located in South America were fraudulently endorsed and
deposited into more than 150 bank accounts at approximately 50 different financial institutions in PA and 11
other states. These accounts had been opened with false identification, such as driver’s licenses, passports,
and social security cards. The main conspirator received jail time and was ordered to pay $255,421 in

                                                                                                         Page 8 of 25
                                       KNOW YOUR CUSTOMER!

                   Penalties for money laundering are severe. Individuals, including bank employees,
                   convicted of money laundering face up to 20 years in prison for each transaction.
                   Businesses, including banks and individuals, face fines up to the greater of $500,000 or 2x
                   the value of the transaction. In addition, the bank may risk losing its charter and bank
                   employee’s risk being removed and barred from banking.

For any willful violation of reporting requirements, including suspicious activity requirements, the bank or any
employee may be fined up to $100,000. Any person that knowingly makes a false statement in any report may
be subject to criminal penalties of up to $10,000 or 5 years in prison or both.


PURPOSE: The Treasury Department’s OFAC was established in 1950 to administer and enforce economic
and trade sanctions against targeted foreign countries, terrorism sponsoring organizations and international
narcotics traffickers, based on U. S. foreign policy and national security goals.

“OFAC Concerns” – Sanctioned Countries

In its most basic terms, OFAC’s regulations restrict a financial institution from dealing with
individuals, businesses and organizations involved with a sanctioned country (“OFAC
concerns”). Sanctioned countries and activities currently include (but are not limited to):

     wBalkans           wIraq               wSierra Leone            wYugoslavia

     wZimbabwe          wLiberia            wSudan                   wBurma (Myanmar)

     wCuba              wLibya              wTaliban                 wTerrorists           w Narcotics Trafficking

     wIran              wNorth Korea        wUNITA (Angola)          wNonproliferation (Weapons of Mass Destruction)

What types of accounts are involved?

Generally all types of accounts are covered across the organization, including, but not limited to:
   ➯   All account holders, direct or indirect ownership interest
   ➯   Securities dealings, wire transfers, on-line and electronic banking transactions
   ➯   Transactions related to the administration of trusts and estates
   ➯   All debtors, buyers, sellers, originators, recipients, beneficiaries, trustees
   ➯   All names tied to an account, either directly or indirectly
   ➯   Transactions involving safe deposit boxes, fiduciary and safe keeping arrangements

                                                                                                          Page 9 of 25
How do I check (know) if my customer is on the OFAC list?
     All accounts, and relationships under the National Penn Bancshares, Inc. organization are scanned daily,
     and the OFAC list is updated through OFAC software called Bridger.
     A new deposit account is verified automatically, when ChexSystems is used for verification.
     Other new accounts, international, commercial loans, consumer loans, can be verified on line at, by simply typing in the actual name, and address.
     Procedures may change – Instructor comments.

               What is the most important component of OFAC?
               ➯   Blocking (sounds like it belongs on a sports page)

If I have an account on the OFAC List, what must I do?
    You will report your findings to the BSA Department. They will “Block the account”; this
    means “Grab the Money, and Freeze It.” As funds are brought into the bank, you should
    place the funds in a “blocked” account.
    The bank becomes the “custodian” of the funds in the account.
    The bank is required to report the transaction to FinCen (OFAC) within 10 days. The bank’s BSA Officer
    (Lee Roberts) is responsible for doing this. Annually, in September, all blocked accounts are reported to
    Only FinCen (OFAC) can make the decision on when to release the funds- never the customer, or
    the bank.
    If you are unsure, contact Lee Roberts, the bank’s BSA Officer.

Financial Institutions must have a program in place to identify OFAC concerns and prevent violations
from taking place. Penalties for violations can be severe, as OFAC regulations are based on ten
different laws including Trading with the Enemy Act, International Emergency Economic Powers Act,
the Anti-Terrorism and Effective Death Penalty Act, and the U.S. Criminal Code.

            ➯   For a single “count” of willfully violating OFAC requirements, a corporation may be fined up to
                $10 million.

➯   An individual may be fined up to $5 million for the same kind of violation.

➯   The monetary penalty may be accompanied by up to 30 years imprisonment, for
    individuals, corporate officers, and others.

➯   Plus, the OFAC Penalties may be combined with USA Patriot Act and BSA penalties, of up to $1 million per

           ➯   And, the negative publicity has a high probability of the bank, and/or the individual being labeled
               as someone who aided and abetted a terrorist, at least in the public’s eye.

                                                                                                     Page 10 of 25


After September 11th, the USA Patriot Act was passed to prevent further terrorist acts. Section 326 which
concerns Customer Identification was scheduled to be effective October 26, 2002, but was delayed. On April
30, 2003, Section 326 was finalized and now requires mandatory compliance by October 1, 2003.

Customer Identification is a core piece of the organization’s Bank Secrecy Act (BSA) Program. The principle of
a BSA program is to know who your customers are, where they obtained their money, and what they do with
the their money – especially money you lend them.

Under the Section 326 rules, each institution must develop a Customer Identification Program (CIP). The goal
of CIP is to allow you to determine the true identity of your customers, to the extent reasonable and
practicable. A basic element of the CIP program is to compile proof of the customer’s identity. “What did you
know and when did you know it” is the fundamental element of the customer identification program.

The CIP regulation requires Board of Director approval of the CIP policies and procedures. Our CIP Policy will
be approved by the National Penn Bancshares, Inc. Board in August 2003, and the detailed procedures are
incorporated by reference. Policy and procedures will be available on the corporate Intranet.

                ➯   USA PATRIOT ACT (Trivia)…..Do you know the acronym is a wonderful example of your
                    elected representatives at work: It stands for “Uniting and Strengthening America by
                    Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.”

                          WHAT TYPES OF ACCOUNTS ARE COVERED?

No, the CIP regulation has a broader application and applies equally to business, consumer and other types of
loan and deposit accounts as well as insurance or trusts, dealer loans, cash management accounts, or safe
deposit boxes. The purpose of the account is irrelevant, as is the type of account, business or personal– this
regulation is about “Documenting the Customer’s Identity”.

           The law does not apply to incidental (one time service) relationships such as a purchase of a
           money order, traveler’s checks, or a one-time wire transfer. Employee 401(k) accounts are not
           covered; however the employer (corporate account) is covered.

           All other types of accounts and persons who open accounts are applicable. The term “Person” is
           defined in the law and includes individuals, corporations, partnerships, trusts, non-profits, and

                                                                                                 Page 11 of 25
Starting October 1, 2003, when a customer opens a new account, the Customer Identification Program (CIP)
regulations will require financial institutions to do five things: (We will cover these in separate detail in this

           Provide a disclosure (this can be a sign, brochure, or other notice of the changes)
           Obtain customer identification
           Verify identity
           Check a government list (OFAC), and
           Retain records of the process


The CIP regulation requires that the organization inform the customer of the identification requirements for
opening a new account. Acceptable methods of providing the notice include oral statements, signs, handouts,
                 and including the language on various applications.

                  National Penn Bancshares, Inc. has determined that it will use the handout brochures. (See
                  example in your packet). These are being printed and will be distributed when available.
                  They should be included with all new account, application disclosures. For the future, as
                  applications and various disclosures are revised, the notice disclosure will be incorporated
                  into the revisions. The notice will also be required on any company web sites that allow on-
                  line applications.

In the case of indirect lending (i.e. the bank approves applications taken by a third party such as a car dealer)
the bank remains responsible for providing the notice. Handout brochures will be provided to dealers, and
applications may be revised in the future.


Prior to opening any account, the company is required to obtain four pieces of information from
customers, which include the following:

       1. Full name
       2. Physical residential or business street address (not a P. O. Box)
       3. Identifying number such as Social Security Number or Employer
           Identification Number (other than individual)
       4. Date of birth (for individuals)

The above four pieces of information are required; the regulation makes it clear that failing to obtain the
information is a violation of law, and is not negotiable.

Under BSA, the violations are stiff for non-compliance to CIP:

           A negligent failure to obtain information can generate $500 penalty per instance.
           A knowing or intentional failure inflates the amount to $1,000 per instance and creates the
           possibility of criminal penalties. (Several million dollars is more than likely)

The company is allowed under the regulation to have a temporary exception for a customer who has applied
for, but has not received a taxpayer identification number, for example for a corporation or a new partnership.

                                                                                                      Page 12 of 25
Accounts should not be opened without obtaining appropriate identification. If required documentation
was not obtained at the time of opening, and the Company cannot obtain the required documentation, within
30 days, the account will be closed and funds will be returned to the current address listed and payable to the
current signers. Note: This situation should be the exception rather than the rule.

Note: There is no law that decrees that a financial institution must open an account for an applicant.


Customer identification programs must provide procedures where the relationship manager (or new accounts
representative) can take the information that the customer has provided and verify its accuracy against
“documentary” or “non-documentary” sources.

Examples of “Documentary” sources of identification include:
             ♦ A Driver’s License
               ♦ A Passport
               ♦ A Current Armed Forces ID
               ♦ Other forms of Primary and Secondary Identification for individuals (See Appendix D)

Examples of “Non-Documentary” sources of identification include:

               ♦ Sending a Thank You Card after the relationship has been
               ♦ A telephone call after the account relationship has been opened.
               ♦ Obtaining a Financial Statement, Tax Return, Accountant’s Financial Statement.
               ♦ Personal site visit to the customer’s business.
               ♦ Checking references with other financial institutions.
               ♦ Visiting the customer’s web site.
               ♦ Comparison of the identifying information provided by the customer against fraud and bad
                 check databases (Chex Systems) to determine whether any of the information is associated
                 with known incidents of fraudulent behavior (negative behavior)
               ♦ Comparing the identifying information against information available through a trusted third
                 party source such as a Credit Report, or a consumer-reporting agency (Trans Union,
                 Experian, Equifax, Dun & Bradstreet, Tax Services)
               ♦ Analyze whether there is logical consistency between the identifying information provided
                 such as the customer’s name, street address, ZIP code, telephone number, date of birth,
                 and social security number (logical verification).

It is important to do the following consistently:

       1. Verify. Call ChexSystems and verify the applicant. Be sure to verify ALL signers. (For business
          accounts, this includes all signers) Additionally, a loan, a credit report, or other report may be
          necessary according to guidelines in your area.
       2. Affirm. Reaffirm the customer information (phone number, address, date of birth, employment)
       3. Approve and Document. Make sure that the customer file shows evidence of compliance with
          CIP, including approval authorities for any exceptions.
                                                                                                   Page 13 of 25
Some good habits to form……

       •   Business accounts. A site visit is strongly recommended. You may also want to visit the
           company’s web site, and request financial statements, tax returns.
       •   Opening accounts via the telephone. Generally, more due diligence is required (i.e. ordering a
           credit report) as well as a ChexSystems report.
       •   Sending a “Thank You Letter or Placing a Call”. It is a good idea to do this as a courtesy, but it
           also helps to eliminate fraud. If your letter is returned, or the phone is disconnected, be sure to take
           immediate action. Also, remember to contact the Corporate BSA Department to file a Suspicious
           Activity Report.


       1. Negative Reports. Do not open the account if a negative report is received on either the Primary
          or Joint applicant. (Be sure to follow Denial Procedures for Loans and Deposit Accounts.)
       2. Delay activity. If all information cannot be verified, delay the use of the account (i.e. check orders,
          ATM CheckCard, access to funds, etc.) until the information has been verified.
       3. New Accounts with no other relationship with the company. Remember that banking
          regulations (such as Regulation CC and others) allow us to selectively extend a new account hold
          for the first 30 days of opening.

Refer to Appendix A through D of the procedures for documentation requirements for ID.

For individual accounts a primary form and a secondary form of ID is required.
Business forms of identification requirements are listed on Appendix G.


                        Not the OFAC list, not the now defunct “control” list, not the USA Patriot Act 314(a)
                        lists, but a completely new list of “known or suspected terrorists or terrorist
                        organizations” must be checked within a reasonable time after the account is opened.
                        Financial institutions must provide for the list’s review in their written CIP.

                        On the topic of OFAC lists, National Penn will use ChexSystems for its new account
                        verification. This system includes OFAC checks. (Note: affiliates will be signed up
                        and receive instructions prior to the 10/1/03 mandatory compliance date.

The CIP regulations require us to provide for record retention. The organization must
retain the customer information; (i.e. the four pieces of information obtained: name,
address, SS# and birth date) for five years after the account is closed.

A file for a new customer (regardless of whether it is deposit, loan, or other) must include
at a minimum the following three items:
1. A “Description List of the identifying information provided by the customer. (See checklist – Appendix A of
2. Information regarding the non-documentary methods used to verify identity and their results, including
     appropriate employee sign-off,
3. How the financial institution resolved any discrepancies in the information obtained from the customer, and
4. A copy of any document is not required under CIP, but may be included for fraud purposes only.

                                                                                                     Page 14 of 25
You are not required to keep a copy of the identifying documents for CIP (you may be required to under a
Deposit, Loan or other Policy); but may include it for fraud purposes only.

A “Description List” includes the following for each document:

               •    The type of document
               •    Any identification number contained in the document
               •    The place of issuance
               •    Date of issuance and expiration date, if applicable

National Penn Bancshares, Inc.’s procedures for deposits and loans require entering of the above data on the
mainframe system. Affiliates are likewise allowed to enter the same data on their systems, or alternatively use
the Checklist in Appendix A of the procedures, or keep the data in the account files, which may be retained and
available for the required time frame. Records may be originals, copies, or other reproductions.

                   Note: The USA Patriot Act Section 326 is being challenged by House Judiciary Committee
                   Chairman, James Sensenbrenner (R-Wisconsin), who asked Treasury to reconsider whether
                   copies of Drivers Licenses should be required and what sort of reliance on certain forms of
                   foreign government-issued identification should be in place. Copies were required in the
                   initial regulation, and then removed from the Final Regulation in April 2003. He states that
                   the final rule has lowered the standard for combating terrorism by allowing only a description
                   of the document used for verification. Treasury has received over 3,000 comment letters; the
                   comment period closes 7/31/03. Stay tuned – we will let you know the results, and there
                   may be some changes!


For most of the individuals in our organization the change should be minimal, since we already collect the
required information, in many cases, much more than the minimum. Lending, Deposit, or Affiliate
guidelines for collecting such information will not change. The only change would be if you are
not collecting a certain piece of data – say for example birth date – now under CIP you must
collect it.

You now have a retention period, and must be able to supply the information under CIP.

In the past, there was no consequence if you waived collecting any of the required pieces of information.
However, under CIP, it is now a violation of law and could lead to heavy fines.

For the affiliates, and lending areas of the organization, one change would be the use of ChexSystems ID
verification system. This is in addition to any other forms of identification that may be used. (For example – a
credit report. More details later on this.)


                     Be aware the CIP involves everyone in our organization and that verifying customer
                     identity has now been elevated from a “policy” or an “optional item” to a “legal
                     requirement”, with stiff fines. Regulators take CIP very seriously, and so should we.
                     A side benefit of CIP verification is the possible reduction in fraud related occurrences in
                     our organization.

                                                                                                      Page 15 of 25
   Existing customers may be exempt under our CIP process, provided that the “Reasonable Belief” doctrine
   can be documented appropriately. (See below)
   Accounts should not be opened for customers who have failed to provide appropriate documentation to
   fulfill the verification process.
   Under certain conditions, you may be able to use CIP procedures performed by one of the affiliates.
   Restrictions may apply based on Privacy, the Fair Credit Reporting Act, and/or guidelines set by your
   particular area of the organization.
   At a minimum a description of the basic four components of identification must be kept on file for 5 years
   after the date the account is closed.


The organization need not verify the identity of an existing customer seeking to open a
new account relationship, or who becomes a signatory on the account, if the Company
“continues to have a reasonable belief that it knows the true identity of the
customer.” National Penn will not exempt the true identity requirement for all customers
with existing accounts. What do you need to do?

       ⇒ Document the verification process on the signature card, new account agreement, or in the loan,
         insurance, or other files. Always date and sign such verifications.

       ⇒ “Reasonable Belief” can be documented by explanations of two or more of the following:
               An existing customer who has a current satisfactory relationship with the Company (i.e. no
               overdrawn, delinquent, workout accounts, charge off, or denied accounts, no fraud, other
               inappropriate or suspicious activities)
               An existing customer whose relationship with the Company has been well documented in
               the Company files. (i.e. loan, credit files, trust or other files; extensive profiles, financial
               statements, tax returns, recent credit reports, and/or other identifying information is currently
               available and on file.
               A customer whose relationship with the company is older than one year.

       ⇒ If a “Reasonable Belief” cannot be documented, then the CIP process must be completed for
         that customer. Customer files that are not documented after the effective date of this policy are
         unacceptable and subject the employee to criticism, from both their immediate supervisor, the
         regulators and by Company Auditors.

             HELPFUL TOOLS
             There are many tools available in the Appendices of the CIP Procedure to help you comply.

     Appendix A - Customer Profile Worksheet                     Appendix G – Tips on Credit & Identification
     Appendix B – CIP Risk Assessment Matrix
     Appendix C – Quick Reference Guide to New                   Appendix H – Alien Identification
     Customer Identification Requirements                        Appendix I – Foreign Identification Documents
     Appendix D – Quick Reference Guide to Minimum               Appendix J – Alien Definitions and Clarifications
     Identification & Verification Requirements
                                                                 Appendix K – Table of Relevant Non-Immigrant
     Appendix E – Who is the Customer for CIP                    Visa Classes
                                                                 Appendix L – Green Cards & Renewal
     Appendix F – Dealing with Customer Objections               Requirements - INS

                                                                                                       Page 16 of 25

We easily and blindly –look at and accept documents for what we think they tell us because we are familiar
with them and used to them.

For example specific pieces of identification tell us the following about individuals:

                   A driver’s license tells you the person is licensed to drive and
                   produced information that satisfied the Department of Motor
                   A passport is designed to be a piece of identification and tells you physical information to
                   identify the individual. It includes citizenship and address.
                   Employment ID cards identify where the customer works. Match that to other information
                   the customer provides about income.
                   Student ID cards tell you where the customer is going to school and when they are expected
                   to graduate.
                   Utility bills show the customer’s address and the fact that the account is (or isn’t) current.
                   Tax returns show what the customer told the IRS about income and related details.

The following specific pieces of identification tell us the following about business entities:

                   Tax returns establish that the business filed with the IRS as well as
                   indicating the income.
                   Local and state governments have licensing requirements. Ask for copies
                   of the certificate of incorporation or other identifying information. (Refer to
                   Appendix x for guidance)
                   Verify the identity of individuals representing the company. (This can be done through

How can you tell whether identification is valid or forged?

       Be familiar with the identification designs. Know what local driver’s licenses should look like. (If unsure
       call the Fraud Investigation Department – they can provide details about what identification should look
       like – in all 50 states!)
       Look closely at documents alterations, inconsistencies.
       Consider the information and whether it is internally consistent – and matches the person you are
       looking at.
       Decide whether the information makes sense.
       Pay attention to customer behavior and your “gut instinct”.
       If unsure, ask.

                                                                                                       Page 17 of 25

One of the easiest ways to build CIP into your processes is to consistently ask customers, politely and
respectfully for the same information. Listed below is an example script that could be used in opening new
accounts (when asking for identification information):

                 “Mr./Ms. Customer, in order to open the account, I will need to verify some basic
                 information in order to identify you on our Company records. I will need the exact name
                 that you would like your account titled, the street location and phone number, as well as
                 your birth date and social security number. Also, would you be able to provide proof of
                 identity such as a driver’s license, passport, credit card or some other form of
                 identification? I will need two forms of identification…”

Sometimes, despite your best efforts customers will not understand or be agreeable to providing the requested
identification in order to open a new account. Remember, treat every customer consistently, fairly and with
respect! Refer to Appendix F for examples of negative situations you might encounter, and suggestions on
how to deal with them.


                  Maintaining the confidentiality of our customer’s information is extremely important. We
                  should obtain and discuss customer information for business purposes only. When
                  disclosing information, we need to ensure that it is only disclosed to those individuals that
                  are authorized to have it. And, we need to be careful with how we dispose of information.

                  Privacy regulations apply mainly to individual and consumers, but listed below are some
                  important issues that have come up recently:

       Sharing of customer financial information among affiliates. Be sure that the customer has not “opted
       out” of affiliate sharing. Customer’s who have “opted out” are flagged on the bank’s CIF records, noted
       within the tracking messages.

       Be careful when leaving messages on answering machines for customers –
       do not leave any customer, personal information.

       When discussing account details with a customer over the phone, know
       whom you are talking to; be cautious in disclosing additional information.

       Loan numbers may appear on recorded documents according to a recent Federal Trade Commission
       ruling. This is a common industry practice that the FTC has allowed as an exception under the privacy
       rules so that banks can easily cross reference loans and collateral. Remember - having the account
       number does not mean that you are speaking to the actual customer.

       When sending customer information, such as copies of documents or other customer information,
       ensure that the customer receives “only” their information, and not that of another customer.

                                                                                                    Page 18 of 25
✏   The Customer Information Privacy Tip Sheet - This represents a list of items to keep in mind to help
    ensure that the privacy of customer information is not compromised.

✏   Minimum Sharing of Customer Information Procedures. These represent the minimum requirements
    to be included in departmental procedures. A department is free to use procedures that are more stringent
    than the minimums. These Procedures are available on the Intranet, under: Departments/Information
    Security- Bottom of page/Sharing of Customer Information and Information Sharing Guide for Inside and
    Outside the Organization.

✏   National Penn Bancshares, Inc. Privacy Policy. This policy is available on all bank and affiliate

    ✏   Annual Privacy Notices will be distributed in mid to late June to all National Penn Bancshares, Inc.
        customers, as required under the Privacy regulations.


                                                                                                    Page 19 of 25
                   PRACTICAL TIPS
                   For Protecting Privacy

   Be aware that even the fact that someone is a customer of our organization may be confidential

   Access customer information only when you need to know for business purposes.

   Discuss / share customer information with co-workers only when necessary for business purposes.

   Never discuss customer information with anyone outside of work unless there is a valid business purpose.

   Never discuss confidential information in a public place or where others may overhear your discussion.

   Write down sensitive information for a customer at the teller line when there are other customers in the

   Make sure customer questions and error claims are investigated fully and promptly and that any errors are
   corrected as soon as possible.

   Always properly verify identity before disclosing information to anyone.

   Always make sure an individual / party is authorized to have the information they are requesting before you
   disclose it.

   Check each piece of information to make sure that everything you are disclosing is authorized.

   Never leave confidential information where it may be viewed by others.

   Never leave confidential information on your computer where it can be viewed / accessed by others.

   Always put confidential information away when you leave work each night.

   Never leave personal information on an answering machine or voicemail.

   Always be careful about e-mailing particularly sensitive information.

   Always dispose of customer and other confidential information by shredding it or
   in a similar manner.

If you’re not sure whether you can disclose or share information, please ask.

                                                                                                    Page 20 of 25

PURPOSE: This regulation contains rules regarding when a bank must make deposited funds available to its
customers and rules regarding the prompt collection and return of checks through the banking system.

Keep in mind these key terms: (Refer to Personal Deposit Booklet)

   BUSINESS DAY:                                               Refer to Deposit Booklet for
   - Any day other than Saturday, Sunday, or                      - Local checks
     holiday on which no processing occurs                        - Non-local checks
                                                                  - Same day availability
   CUT-OFF:                                                       - Next day availability
   - Branch – 5:00 PM
   - ATM – 3:00 PM

EXCEPTION HOLDS: The regulations describe circumstances when a bank may delay the availability of funds
beyond the normal policy. Keep in mind that all exceptions do not apply to all accounts.

   New Accounts: typically 30 days

   Large Deposits: Aggregate any one banking day greater than $5,000, may invoke exception for amount
   greater than $5,000

   Re-deposited Checks: These are treated as exceptions except if for a missing endorsement or post dated

   Repeat Overdraft: number of days in overdraft protection – see Deposit Booklet for more details

   Reasonable Cause to Doubt Collectibility: may treat as an exception

   Emergency Conditions: contingency conditions at the bank, which are specified in our funds availability

When invoking exceptions, we must give notice and extend the fine period for the availability of funds.
Remember to call Deposit Operations when doing this.

REMEMBER: Just because we make funds available under our funds availability policy, that does not mean
the funds are actually collected. A customer may still have a return item or compound collection item for which
they are responsible.

See Page 14-15 of Deposit Booklet

                                                                                                   Page 21 of 25
                      FUNDS AVAILABILITY POLICY
                   TYPE OF DEPOSIT                               WHEN FUNDS CAN BE WITHDRAWN

•   Electronic direct deposits                            •   Same day as day of deposit.

•   Cash                                                  •   The first business day after the day of deposit.
•   Wire transfers
•   Checks drawn on National Penn Bank or any of its
•   U.S. Treasury Checks
•   Federal Reserve Bank checks
•   Federal Home Loan Bank checks
•   Postal money orders
•   Savings bonds, bond coupons, food stamps,
    certificates of deposit, and savings withdrawals

∗   State and local government checks                     ∗   These items require a special deposit slip to receive
∗   Cashier’s checks, treasurer checks, and teller            next-day availability. You may obtain this special
    checks                                                    deposit slip from the teller at the time you make your
∗   Certified checks                                          deposit.

•   Local checks                                          •   The second business day after the day of deposit.
•   Nonlocal checks                                       •   The third business day after the day of deposit.
•   Deposits made at National Penn Bank ATMs by:
                                                          •   Up to 100% of the total amount of the deposit or $60,
       • Consumers
                                                              whichever is less, is available immediately for cash
       • Sole proprietorships                                 withdrawal.
       • Partnerships                                     •   The remainder of the deposit will be available the first
       • Corporations                                         business day after the day of deposit.
•   Deposits made at ATMs owned by other financial
                                                          •   Up to 100% of the total amount of the deposit or $60,
    institutions by:
                                                              whichever is less, is available immediately for cash
         • Consumers
         • Sole proprietorships
                                                          •   Up to 100% of the total amount of the deposit or $200,
         • Partnerships                                       whichever is less, is available the first business day
         • Corporations (Empower CheckCard only)              after the day of deposit.
                                                          •   The remainder of the deposit will be available the fifth
                                                              business day after the day of deposit.
•   Deposits made at ATMs owned by other financial
                                                          •   The second business day after the day of deposit for
    institutions by:
                                                              third party payments.
         • Corporations (MAC Card only)
                                                          •   The third business day after the day of deposit for
                                                              cash withdrawals.

This policy applies to all types of checking, savings, and moneymarket accounts.
A business day is any day except Saturday, Sunday, or holiday. If you make a deposit before 5:00 p.m. on a business
day (3:00 p.m. at an ATM), we will consider that to be the day of your deposit. However, if you make a deposit after 5:00
p.m. (3:00 p.m. at an ATM), or on a non-business day, we will consider the deposit to be made on the next business day.

                                                       Member FDIC

                                                                                                             Page 22 of 25
                 FUNDS AVAILABILITY
                 Group Exercises

Indicate the amount of the deposit that will be available and when for the situations listed. Assume
deposits are made at the branch unless noted otherwise.

1.    A client deposits a $200 check drawn on our institution (“on-us” check) and a $250 local check at 10:00
      AM on a Monday.
             Day of Deposit:       ________________

             Amount Available:     __________________________________________________

2.    A client deposits $500 cash on a Friday at 6:00 PM.

             Day of Deposit:       ________________

             Amount Available:     __________________________________________________

3.    A client deposits $200 local check and $300 non-local check at 2:00 PM on Thursday.

             Day of Deposit:       ________________

             Amount Available:     ___________________________________________________

4.    A client deposits $400 local check on a Saturday at 9:00 AM. The following Monday is a holiday,
      however we are open for all business functions.

             Day of Deposit:       _________________

             Amount Available:     ___________________________________________________

5.    A client makes a $300 cash ATM deposit at another bank’s machine on a Monday at 12:00 PM.

             Day of Deposit:       _________________

             Amount Available:     ___________________________________________________

6.    I have a customer where I want to make exceptions to the Funds Availability policy. Can I do this?
      What should I beware of?



                                                                                                Page 23 of 25
  You have
CIP Training!

                 Great Job!
Thank you for your participation!

 Be sure to complete the attached course evaluation.

                                                       Page 24 of 25
                                    TRAINING EVALUATION FORM

SUBJECT: CIP Compliance Training

DATE OF TRAINING: August and September 2003

Trainer: ___________________________                 Location: _____________________________

                                              Agree                    Neutral                 Disagree         N/A
 The method of training was effective.           1              2         3            4            5           0
 The method of training was convenient.          1              2         3            4            5           0
 The instructor was clear and concise.           1              2         3            4            5            0
 The material was relevant to my job.            1              2         3            4            5           0
 I understood the material presented.            1              2         3            4            5           0
 I learned from the training and/or the          1              2         3            4            5           0
 training was a good refresher of
 information I already knew.
 The handout material was useful.                1              2         3            4            5            0
 I was satisfied with the training overall.      1              2         3            4            5            0

                          **Please explain any 4 or 5 ratings in the comments section below**

Please note one or more things you learned from the training:

Please note any other comments or suggestions about the content, handouts, instructors or method of training:

                                                                                                          Page 25 of 25

Description: Subpoena to Get Documents from a Credit Card Company in New Jersey document sample