CUSTOMER IDENTIFICATION PROGRAM (CIP)
AUGUST & SEPTEMBER 2003
Page 1 of 25
• Bank Secrecy Act & Anti- What Every Employee Should Know About Suspicious Activity
Money Laundering Reports; What is suspicious? Know Your Customer and CIP.
Money Laundering Terms: Placement, Layering, Integration.
• OFAC General overview of the requirements - What does it mean to me?
What do I do if I get an OFAC Hit?
• Customer Identification CIP is a component of the Company’s BSA & AML program. Learn
Program (CIP) how the CIP program will affect you, and what is required by
October 1, 2003.
• Privacy How does Customer Information Privacy Impact me? What is an
• Fun & Games Do you always COMPLY to the rules? We have made up a game to
test your learning, called Tic Tac CIP, based on the Tic Tac Toe
END OF SESSION FOR NON-BRANCH STAFF
• Regulation CC – Funds For our institution Branch Staff only.
Availability Refresher of requirements of Regulation CC. When are my customer’s
funds truly available?
Page 2 of 25
BANK SECRECY ACT (BSA) – ANTI-MONEY LAUNDERING
The basic purpose of BSA (Bank Secrecy Act) is to create a paper trail for transactions that don’t normally
have one. This information may be useful in investigations of money laundering, tax evasion, and other illegal
One of the most important directives of this Act is a requirement to report any activity that we identify as
suspicious, including in connection with a loan transaction or any other activity that could be considered
Such activity could be, for example, a customer whose transactions do not fit with their profile or whose
transaction activity suddenly or significantly changes.
If you observe any suspicious activity, confidentially discuss the situation with your
supervisor. You or your supervisor should report it to the BSA Department.
The BSA Department is responsible for filing Suspicious Activity Reports (SAR’s).
★ BSA Director/Officer: Lee Roberts
Important: An employee and/or the bank can be held personally liable if
suspicious activity that we should have been aware of is not reported.
Also, we may not inform any person potentially involved in suspicious
activity that the activity has been reported. Likewise, we cannot disclose
the contents or even the existence of a report to anyone requesting it (even a
subpoena). If you ever receive a request, you should decline to disclose
anything and inform Fraud Investigation, Audit or Compliance of the request.
• Bank Secrecy Act and Money Laundering and Check Fraud were the top two reasons why a Suspicious
Activity Report was filed in 2002.
• Mortgage Loan Fraud ranked 9th on the list – and in the last six years
has increased by almost 3 times since 1996.
• Consumer Loan Fraud ranked 11th on the list – and in the last three
years has increased almost 3 times since 1996.
• Commercial Loan Fraud ranked 14th on the list – and in the last six
years has increased 2.75 times.
• Refer to the BSA Suspicious Activity Sheet for more details.
Page 3 of 25
WHAT EVERY EMPLOYEE SHOULD KNOW ABOUT SAR’S
(SUSPICIOUS ACTIVITY REPORTS)
First, filing a SAR is not the equivalent of calling up the FBI and
telling them to investigate a customer. Filing a SAR simply puts
information about the individual and the transaction(s) into a database.
Law enforcement doesn’t pursue every suspicious report. They
look for patterns. If our customer is actually innocent, then the report will
probably never be noticed. It will be about as noticeable as white noise
in the system. But, if our customer is part of a bigger undertaking, our
SAR may be a critical piece of evidence.
Not filing a SAR when we have a suspicion could later look like we
were aiding and abetting a criminal. Hindsight tends to see things differently. Remember → if you
turn a blind eye, you can be held personally responsible…..this is called Willful Blindness. Refer
to the penalties listed on the BSA Suspicious Activity Sheet for details.
If, however, you file a SAR, when the customer was truly innocent, you fall under the Safe Harbor
Rule, of acting in good faith, and cannot be held liable.
Become familiar with the various stages of money laundering: Refer to FinCen Money Laundering
Stages Graphic (Instructor comments on: Placement, Layering and Integration) [FinCen Handout].
What is suspicious? Anything that is not normal or clearly related to the consumer’s reasonable
banking transactions. If it doesn’t seem right to you…it probably isn’t. In addition, SAR’s must
be filed for the following:
♦ Terrorist Acts of Financing ♦ Counterfeit Debit or Credit ♦ Debit Card Fraud
♦ Computer Intrusion ♦ Commercial Loan Fraud ♦ Defalcation, Embezzlement
♦ Check Kiting ♦ Consumer Loan Fraud ♦ Wire Transfer Fraud
♦ Check Fraud ♦ False Statement(s) ♦ Mysterious Disappearance
♦ Counterfeit Check(s) ♦ Identify Theft ♦ Mortgage Loan Fraud
♦ Counterfeit Instrument(s) ♦ Credit Card Fraud ♦ Bribery/Gratuity
♦ BSA, Structuring, or Money ♦ Misuse of Position of Self ♦ Other (Describe)
➯ GOOD RULE OF THUMB…..If you think something is suspicious, report it to your supervisor and to the
➯ THE MOST IMPORTANT PIECE OF BSA…..Know your customer! [Instructor comments: USA Patriot
Act and CIP (Customer Identification Program) requirements- Effective 10/1/03……more on this later.
Page 4 of 25
EXAMPLE #1: Mr. I. M. Stern is meeting with his lender regarding a business loan. He
commented several times how well his business is doing and that he will soon have
completely paid off his personal mortgage loan in just 7 years. You, the lender, know that he
paid in excess of $500,000 for the beautiful, 7500 sq. ft. beachfront home that he and his
wife live in. Then Mr. Stern comments that he always takes the first $50 of any of his
business deals (he sells widgets) and “puts it in his pocket; no need for the IRS to know
about this….ha, ha….what’s a little money under the table?” Do you have a suspicious
EXAMPLE #2: A business customer presents a purchase contract for a new corporate
headquarters and indicates that he will be making a sizable down payment. He wants a
referral to the bank’s insurance agency, since he will have large amounts of cash to put in
investment grade Single Premium Life Insurance Policies. He completes an application and
reports income that is not nearly sufficient to support the policy. He indicates that he will be
making payments from other sources, but does not wish to list them on the application? Do
you have a suspicious activity?
SUBPOENA’S AND SARS
QUESTION: You just got a Grand Jury Subpoena for one of our loan customers. I know we
can’t let the customer know we got the subpoena- it says so right on the cover letter. But
should we also file a SAR because we got the subpoena? Is there a department that handles
writes, levies, and subpoenas?
Page 5 of 25
FinCen Money Laundering Stages
Page 6 of 25
BANK SECRECY ACT
SUSPICIOUS ACTIVITY TIP SHEET
Tidbits: (Based on “The SAR Activity Review” – Trends, Tips & Issues, Issue #4, August 2002, published by
the FinCen’s BSA Advisory Group)
In 1996, 52,069 suspicious activity reports (SAR’s) were filed; in 2001, 203,538 SAR’s were filed.
Since 1996, the most SAR’s were filed in the state of California (201,824), followed by New York (101,764).
Pennsylvania ranked 8th (20,973) and New Jersey ranked 7th (21,323) out of 60 states and territories. In prior
years, New Jersey had ranked 8th. Delaware ranked 12th (16,830) and Virginia ranked 20th (11,258).
The most frequent reason for SAR filings is money laundering and structuring (46%), followed by check fraud
The incidences of identity theft have become the latest trend in reported criminal activity. Identity theft was the
top consumer complaint received by the FTC during 2000, 2001, and 2002. The FTC currently logs 1,700
complaints and inquiries a week related to identity theft.
Tools for Prevention:
Follow Know Your Customer and BSA Procedures
Require and Check Identification
Know What Type and Volume of Activity is Reasonable for Your Customer
Identify Significant Changes in the Activity of Your Customer
Use Your Logic – Examples:
Consider the proximity of the customer’s residence or business to yours. If it is
distant, determine why the customer is opening an account with you.
Discovery of a disconnected phone may warrant further investigation.
Consider the source of funds used to open accounts. Large amounts, especially cash, should be
Consider the reasonableness of activity based on activity by similar customers/businesses.
Be Alert for Suspicious Situations
High Risk Businesses
The following are among the businesses that have been identified as high risk because they provide “good
cover” for money launderers:
Money Transmitters Import / Export Companies
Accountants, Lawyers Notaries
Political Organizations Textile Businesses
Jewelers, Gems & Precious metal dealers Leather-Goods Stores, sporting goods stores
Casinos / Gaming Businesses Real Estate Agencies
Art / Antique Businesses Restaurants, hotels and bars
Religious Organizations Consumer Electronic Businesses
Retail Stores Car / Boat / Plane Dealers
Travel Agencies Phone Card Businesses
Check Cashers, casa de cambias (money Cash intensive businesses such as car washes,
exchange houses) Laundromats, gas stations
Auctioneers, Pawn Brokers Telemarketers
Page 7 of 25
Potentially Suspicious Activity: (These are directly from the OCC’s Handbook on Bank
Secrecy Act – Anti-Money Laundering)
Customer is reluctant or refuses to provide any information requested for proper
Customer activity that is inconsistent with past historical activity, or with other similar businesses in the
Insider abuse for any amount (Filing a SAR is required)
Customer makes frequent transactions in large amounts of currency for no apparent business reason, or
for a business that generally does not involve large amounts of cash.
Customer’s stated purpose for a loan does not make economic sense, or they propose that cash collateral
be provided for a loan while refusing to disclose the purpose of the loan.
Shared addresses, which are also business locations, by individuals involved in currency transactions.
Unusual documents that are not easily recognizable or questionable.
Customer purchases CDs and uses them for collateral for a loan.
Customer collateralizes loan with cash deposit.
Fraudulent (or suspected fraudulent) loan activity.
A mailing address outside the United States.
Offshore companies, especially those located in bank secrecy haven countries, ask for a loan from a
domestic U.S. bank or for a loan secured by obligations of offshore banks.
A large loan is suddenly paid down with no reasonable explanation of the source of funds.
Use of loan proceeds in a manner inconsistent with the stated purpose of the loan.
A customer's refusal to provide the usual information necessary to qualify customers for credit or other
A customer's unwillingness to provide personal background information when opening an account.
A customer who desires to open an account without providing references, a local address, or identification
(passport, alien registration card, driver's license, or social security card); or who refuses to provide any
other information the financial institution requires to open an account.
Unusual or suspicious identification documents that the financial institution cannot verify readily.
The discovery that a customer's home or business phone is disconnected.
No record of past or present employment on a loan application.
The customer's background is at variance with his or her business activities.
The customer is reluctant to reveal details about business activities or to provide business financial
The customer's financial statements differ from those of similar businesses.
Case in Point – It Can Happen Here!
A SAR filed by a financial institution in Pennsylvania led to a joint investigation by the IRS, US Postal Service
and the FBI into a network of Brazilian nationals that used U.S. banks to launder the proceeds from stolen
checks. Checks for individuals and companies located in South America were fraudulently endorsed and
deposited into more than 150 bank accounts at approximately 50 different financial institutions in PA and 11
other states. These accounts had been opened with false identification, such as driver’s licenses, passports,
and social security cards. The main conspirator received jail time and was ordered to pay $255,421 in
Page 8 of 25
KNOW YOUR CUSTOMER!
Penalties for money laundering are severe. Individuals, including bank employees,
convicted of money laundering face up to 20 years in prison for each transaction.
Businesses, including banks and individuals, face fines up to the greater of $500,000 or 2x
the value of the transaction. In addition, the bank may risk losing its charter and bank
employee’s risk being removed and barred from banking.
For any willful violation of reporting requirements, including suspicious activity requirements, the bank or any
employee may be fined up to $100,000. Any person that knowingly makes a false statement in any report may
be subject to criminal penalties of up to $10,000 or 5 years in prison or both.
OFFICE OF FOREIGN ASSET CONTROL – (OFAC)
PURPOSE: The Treasury Department’s OFAC was established in 1950 to administer and enforce economic
and trade sanctions against targeted foreign countries, terrorism sponsoring organizations and international
narcotics traffickers, based on U. S. foreign policy and national security goals.
“OFAC Concerns” – Sanctioned Countries
In its most basic terms, OFAC’s regulations restrict a financial institution from dealing with
individuals, businesses and organizations involved with a sanctioned country (“OFAC
concerns”). Sanctioned countries and activities currently include (but are not limited to):
wBalkans wIraq wSierra Leone wYugoslavia
wZimbabwe wLiberia wSudan wBurma (Myanmar)
wCuba wLibya wTaliban wTerrorists w Narcotics Trafficking
wIran wNorth Korea wUNITA (Angola) wNonproliferation (Weapons of Mass Destruction)
What types of accounts are involved?
Generally all types of accounts are covered across the organization, including, but not limited to:
➯ All account holders, direct or indirect ownership interest
➯ Securities dealings, wire transfers, on-line and electronic banking transactions
➯ Transactions related to the administration of trusts and estates
➯ All debtors, buyers, sellers, originators, recipients, beneficiaries, trustees
➯ All names tied to an account, either directly or indirectly
➯ Transactions involving safe deposit boxes, fiduciary and safe keeping arrangements
Page 9 of 25
How do I check (know) if my customer is on the OFAC list?
All accounts, and relationships under the National Penn Bancshares, Inc. organization are scanned daily,
and the OFAC list is updated through OFAC software called Bridger.
A new deposit account is verified automatically, when ChexSystems is used for verification.
Other new accounts, international, commercial loans, consumer loans, can be verified on line at
www.ofaccompliance.com, by simply typing in the actual name, and address.
Procedures may change – Instructor comments.
What is the most important component of OFAC?
➯ Blocking (sounds like it belongs on a sports page)
If I have an account on the OFAC List, what must I do?
You will report your findings to the BSA Department. They will “Block the account”; this
means “Grab the Money, and Freeze It.” As funds are brought into the bank, you should
place the funds in a “blocked” account.
The bank becomes the “custodian” of the funds in the account.
The bank is required to report the transaction to FinCen (OFAC) within 10 days. The bank’s BSA Officer
(Lee Roberts) is responsible for doing this. Annually, in September, all blocked accounts are reported to
Only FinCen (OFAC) can make the decision on when to release the funds- never the customer, or
If you are unsure, contact Lee Roberts, the bank’s BSA Officer.
Financial Institutions must have a program in place to identify OFAC concerns and prevent violations
from taking place. Penalties for violations can be severe, as OFAC regulations are based on ten
different laws including Trading with the Enemy Act, International Emergency Economic Powers Act,
the Anti-Terrorism and Effective Death Penalty Act, and the U.S. Criminal Code.
➯ For a single “count” of willfully violating OFAC requirements, a corporation may be fined up to
➯ An individual may be fined up to $5 million for the same kind of violation.
➯ The monetary penalty may be accompanied by up to 30 years imprisonment, for
individuals, corporate officers, and others.
➯ Plus, the OFAC Penalties may be combined with USA Patriot Act and BSA penalties, of up to $1 million per
➯ And, the negative publicity has a high probability of the bank, and/or the individual being labeled
as someone who aided and abetted a terrorist, at least in the public’s eye.
Page 10 of 25
*CUSTOMER IDENTIFICATION PROGRAM (CIP)
HOW DID THIS LAW GET PASSED AND WHAT IS ITS PURPOSE?
After September 11th, the USA Patriot Act was passed to prevent further terrorist acts. Section 326 which
concerns Customer Identification was scheduled to be effective October 26, 2002, but was delayed. On April
30, 2003, Section 326 was finalized and now requires mandatory compliance by October 1, 2003.
Customer Identification is a core piece of the organization’s Bank Secrecy Act (BSA) Program. The principle of
a BSA program is to know who your customers are, where they obtained their money, and what they do with
the their money – especially money you lend them.
Under the Section 326 rules, each institution must develop a Customer Identification Program (CIP). The goal
of CIP is to allow you to determine the true identity of your customers, to the extent reasonable and
practicable. A basic element of the CIP program is to compile proof of the customer’s identity. “What did you
know and when did you know it” is the fundamental element of the customer identification program.
The CIP regulation requires Board of Director approval of the CIP policies and procedures. Our CIP Policy will
be approved by the National Penn Bancshares, Inc. Board in August 2003, and the detailed procedures are
incorporated by reference. Policy and procedures will be available on the corporate Intranet.
➯ USA PATRIOT ACT (Trivia)…..Do you know the acronym is a wonderful example of your
elected representatives at work: It stands for “Uniting and Strengthening America by
Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.”
DOESN’T CIP APPLY ONLY TO CONSUMERS, LIKE THE PRIVACY LAWS?
WHAT TYPES OF ACCOUNTS ARE COVERED?
No, the CIP regulation has a broader application and applies equally to business, consumer and other types of
loan and deposit accounts as well as insurance or trusts, dealer loans, cash management accounts, or safe
deposit boxes. The purpose of the account is irrelevant, as is the type of account, business or personal– this
regulation is about “Documenting the Customer’s Identity”.
The law does not apply to incidental (one time service) relationships such as a purchase of a
money order, traveler’s checks, or a one-time wire transfer. Employee 401(k) accounts are not
covered; however the employer (corporate account) is covered.
All other types of accounts and persons who open accounts are applicable. The term “Person” is
defined in the law and includes individuals, corporations, partnerships, trusts, non-profits, and
Page 11 of 25
Starting October 1, 2003, when a customer opens a new account, the Customer Identification Program (CIP)
regulations will require financial institutions to do five things: (We will cover these in separate detail in this
Provide a disclosure (this can be a sign, brochure, or other notice of the changes)
Obtain customer identification
Check a government list (OFAC), and
Retain records of the process
PROVIDE A DISCLOSURE
The CIP regulation requires that the organization inform the customer of the identification requirements for
opening a new account. Acceptable methods of providing the notice include oral statements, signs, handouts,
and including the language on various applications.
National Penn Bancshares, Inc. has determined that it will use the handout brochures. (See
example in your packet). These are being printed and will be distributed when available.
They should be included with all new account, application disclosures. For the future, as
applications and various disclosures are revised, the notice disclosure will be incorporated
into the revisions. The notice will also be required on any company web sites that allow on-
In the case of indirect lending (i.e. the bank approves applications taken by a third party such as a car dealer)
the bank remains responsible for providing the notice. Handout brochures will be provided to dealers, and
applications may be revised in the future.
OBTAIN CUSTOMER IDENTIFICATION
Prior to opening any account, the company is required to obtain four pieces of information from
customers, which include the following:
1. Full name
2. Physical residential or business street address (not a P. O. Box)
3. Identifying number such as Social Security Number or Employer
Identification Number (other than individual)
4. Date of birth (for individuals)
The above four pieces of information are required; the regulation makes it clear that failing to obtain the
information is a violation of law, and is not negotiable.
Under BSA, the violations are stiff for non-compliance to CIP:
A negligent failure to obtain information can generate $500 penalty per instance.
A knowing or intentional failure inflates the amount to $1,000 per instance and creates the
possibility of criminal penalties. (Several million dollars is more than likely)
The company is allowed under the regulation to have a temporary exception for a customer who has applied
for, but has not received a taxpayer identification number, for example for a corporation or a new partnership.
Page 12 of 25
Accounts should not be opened without obtaining appropriate identification. If required documentation
was not obtained at the time of opening, and the Company cannot obtain the required documentation, within
30 days, the account will be closed and funds will be returned to the current address listed and payable to the
current signers. Note: This situation should be the exception rather than the rule.
Note: There is no law that decrees that a financial institution must open an account for an applicant.
Customer identification programs must provide procedures where the relationship manager (or new accounts
representative) can take the information that the customer has provided and verify its accuracy against
“documentary” or “non-documentary” sources.
Examples of “Documentary” sources of identification include:
♦ A Driver’s License
♦ A Passport
♦ A Current Armed Forces ID
♦ Other forms of Primary and Secondary Identification for individuals (See Appendix D)
Examples of “Non-Documentary” sources of identification include:
♦ Sending a Thank You Card after the relationship has been
♦ A telephone call after the account relationship has been opened.
♦ Obtaining a Financial Statement, Tax Return, Accountant’s Financial Statement.
♦ Personal site visit to the customer’s business.
♦ Checking references with other financial institutions.
♦ Visiting the customer’s web site.
♦ Comparison of the identifying information provided by the customer against fraud and bad
check databases (Chex Systems) to determine whether any of the information is associated
with known incidents of fraudulent behavior (negative behavior)
♦ Comparing the identifying information against information available through a trusted third
party source such as a Credit Report, or a consumer-reporting agency (Trans Union,
Experian, Equifax, Dun & Bradstreet, Tax Services)
♦ Analyze whether there is logical consistency between the identifying information provided
such as the customer’s name, street address, ZIP code, telephone number, date of birth,
and social security number (logical verification).
It is important to do the following consistently:
1. Verify. Call ChexSystems and verify the applicant. Be sure to verify ALL signers. (For business
accounts, this includes all signers) Additionally, a loan, a credit report, or other report may be
necessary according to guidelines in your area.
2. Affirm. Reaffirm the customer information (phone number, address, date of birth, employment)
3. Approve and Document. Make sure that the customer file shows evidence of compliance with
CIP, including approval authorities for any exceptions.
Page 13 of 25
Some good habits to form……
• Business accounts. A site visit is strongly recommended. You may also want to visit the
company’s web site, and request financial statements, tax returns.
• Opening accounts via the telephone. Generally, more due diligence is required (i.e. ordering a
credit report) as well as a ChexSystems report.
• Sending a “Thank You Letter or Placing a Call”. It is a good idea to do this as a courtesy, but it
also helps to eliminate fraud. If your letter is returned, or the phone is disconnected, be sure to take
immediate action. Also, remember to contact the Corporate BSA Department to file a Suspicious
1. Negative Reports. Do not open the account if a negative report is received on either the Primary
or Joint applicant. (Be sure to follow Denial Procedures for Loans and Deposit Accounts.)
2. Delay activity. If all information cannot be verified, delay the use of the account (i.e. check orders,
ATM CheckCard, access to funds, etc.) until the information has been verified.
3. New Accounts with no other relationship with the company. Remember that banking
regulations (such as Regulation CC and others) allow us to selectively extend a new account hold
for the first 30 days of opening.
Refer to Appendix A through D of the procedures for documentation requirements for ID.
For individual accounts a primary form and a secondary form of ID is required.
Business forms of identification requirements are listed on Appendix G.
CHECK A GOVERNMENT LIST (OFAC)
Not the OFAC list, not the now defunct “control” list, not the USA Patriot Act 314(a)
lists, but a completely new list of “known or suspected terrorists or terrorist
organizations” must be checked within a reasonable time after the account is opened.
Financial institutions must provide for the list’s review in their written CIP.
On the topic of OFAC lists, National Penn will use ChexSystems for its new account
verification. This system includes OFAC checks. (Note: affiliates will be signed up
and receive instructions prior to the 10/1/03 mandatory compliance date.
RETAIN RECORDS OF THE PROCESS
The CIP regulations require us to provide for record retention. The organization must
retain the customer information; (i.e. the four pieces of information obtained: name,
address, SS# and birth date) for five years after the account is closed.
A file for a new customer (regardless of whether it is deposit, loan, or other) must include
at a minimum the following three items:
1. A “Description List of the identifying information provided by the customer. (See checklist – Appendix A of
2. Information regarding the non-documentary methods used to verify identity and their results, including
appropriate employee sign-off,
3. How the financial institution resolved any discrepancies in the information obtained from the customer, and
4. A copy of any document is not required under CIP, but may be included for fraud purposes only.
Page 14 of 25
You are not required to keep a copy of the identifying documents for CIP (you may be required to under a
Deposit, Loan or other Policy); but may include it for fraud purposes only.
A “Description List” includes the following for each document:
• The type of document
• Any identification number contained in the document
• The place of issuance
• Date of issuance and expiration date, if applicable
National Penn Bancshares, Inc.’s procedures for deposits and loans require entering of the above data on the
mainframe system. Affiliates are likewise allowed to enter the same data on their systems, or alternatively use
the Checklist in Appendix A of the procedures, or keep the data in the account files, which may be retained and
available for the required time frame. Records may be originals, copies, or other reproductions.
Note: The USA Patriot Act Section 326 is being challenged by House Judiciary Committee
Chairman, James Sensenbrenner (R-Wisconsin), who asked Treasury to reconsider whether
copies of Drivers Licenses should be required and what sort of reliance on certain forms of
foreign government-issued identification should be in place. Copies were required in the
initial regulation, and then removed from the Final Regulation in April 2003. He states that
the final rule has lowered the standard for combating terrorism by allowing only a description
of the document used for verification. Treasury has received over 3,000 comment letters; the
comment period closes 7/31/03. Stay tuned – we will let you know the results, and there
may be some changes!
WILL MY PROCEDURES CHANGE FOR OPENING NEW ACCOUNTS? WHAT MUST I DO?
For most of the individuals in our organization the change should be minimal, since we already collect the
required information, in many cases, much more than the minimum. Lending, Deposit, or Affiliate
guidelines for collecting such information will not change. The only change would be if you are
not collecting a certain piece of data – say for example birth date – now under CIP you must
You now have a retention period, and must be able to supply the information under CIP.
In the past, there was no consequence if you waived collecting any of the required pieces of information.
However, under CIP, it is now a violation of law and could lead to heavy fines.
For the affiliates, and lending areas of the organization, one change would be the use of ChexSystems ID
verification system. This is in addition to any other forms of identification that may be used. (For example – a
credit report. More details later on this.)
WHAT ARE THE IMPORTANT ISSUES I SHOULD REMEMBER?
Be aware the CIP involves everyone in our organization and that verifying customer
identity has now been elevated from a “policy” or an “optional item” to a “legal
requirement”, with stiff fines. Regulators take CIP very seriously, and so should we.
A side benefit of CIP verification is the possible reduction in fraud related occurrences in
Page 15 of 25
Existing customers may be exempt under our CIP process, provided that the “Reasonable Belief” doctrine
can be documented appropriately. (See below)
Accounts should not be opened for customers who have failed to provide appropriate documentation to
fulfill the verification process.
Under certain conditions, you may be able to use CIP procedures performed by one of the affiliates.
Restrictions may apply based on Privacy, the Fair Credit Reporting Act, and/or guidelines set by your
particular area of the organization.
At a minimum a description of the basic four components of identification must be kept on file for 5 years
after the date the account is closed.
WHAT ABOUT EXISTING CUSTOMERS; MUST I OBTAIN ID FOR THEM?
The organization need not verify the identity of an existing customer seeking to open a
new account relationship, or who becomes a signatory on the account, if the Company
“continues to have a reasonable belief that it knows the true identity of the
customer.” National Penn will not exempt the true identity requirement for all customers
with existing accounts. What do you need to do?
⇒ Document the verification process on the signature card, new account agreement, or in the loan,
insurance, or other files. Always date and sign such verifications.
⇒ “Reasonable Belief” can be documented by explanations of two or more of the following:
An existing customer who has a current satisfactory relationship with the Company (i.e. no
overdrawn, delinquent, workout accounts, charge off, or denied accounts, no fraud, other
inappropriate or suspicious activities)
An existing customer whose relationship with the Company has been well documented in
the Company files. (i.e. loan, credit files, trust or other files; extensive profiles, financial
statements, tax returns, recent credit reports, and/or other identifying information is currently
available and on file.
A customer whose relationship with the company is older than one year.
⇒ If a “Reasonable Belief” cannot be documented, then the CIP process must be completed for
that customer. Customer files that are not documented after the effective date of this policy are
unacceptable and subject the employee to criticism, from both their immediate supervisor, the
regulators and by Company Auditors.
There are many tools available in the Appendices of the CIP Procedure to help you comply.
Appendix A - Customer Profile Worksheet Appendix G – Tips on Credit & Identification
Appendix B – CIP Risk Assessment Matrix
Appendix C – Quick Reference Guide to New Appendix H – Alien Identification
Customer Identification Requirements Appendix I – Foreign Identification Documents
Appendix D – Quick Reference Guide to Minimum Appendix J – Alien Definitions and Clarifications
Identification & Verification Requirements
Appendix K – Table of Relevant Non-Immigrant
Appendix E – Who is the Customer for CIP Visa Classes
Appendix L – Green Cards & Renewal
Appendix F – Dealing with Customer Objections Requirements - INS
Page 16 of 25
WHAT DO YOU LEARN FROM SPECIFIC PIECES OF IDENTIFICATION?
We easily and blindly –look at and accept documents for what we think they tell us because we are familiar
with them and used to them.
For example specific pieces of identification tell us the following about individuals:
A driver’s license tells you the person is licensed to drive and
produced information that satisfied the Department of Motor
A passport is designed to be a piece of identification and tells you physical information to
identify the individual. It includes citizenship and address.
Employment ID cards identify where the customer works. Match that to other information
the customer provides about income.
Student ID cards tell you where the customer is going to school and when they are expected
Utility bills show the customer’s address and the fact that the account is (or isn’t) current.
Tax returns show what the customer told the IRS about income and related details.
The following specific pieces of identification tell us the following about business entities:
Tax returns establish that the business filed with the IRS as well as
indicating the income.
Local and state governments have licensing requirements. Ask for copies
of the certificate of incorporation or other identifying information. (Refer to
Appendix x for guidance)
Verify the identity of individuals representing the company. (This can be done through
How can you tell whether identification is valid or forged?
Be familiar with the identification designs. Know what local driver’s licenses should look like. (If unsure
call the Fraud Investigation Department – they can provide details about what identification should look
like – in all 50 states!)
Look closely at documents alterations, inconsistencies.
Consider the information and whether it is internally consistent – and matches the person you are
Decide whether the information makes sense.
Pay attention to customer behavior and your “gut instinct”.
If unsure, ask.
Page 17 of 25
WHAT DO I TELL A CUSTOMER WHO REFUSES TO GIVE THEIR ADDRESS, OR PROPER
One of the easiest ways to build CIP into your processes is to consistently ask customers, politely and
respectfully for the same information. Listed below is an example script that could be used in opening new
accounts (when asking for identification information):
“Mr./Ms. Customer, in order to open the account, I will need to verify some basic
information in order to identify you on our Company records. I will need the exact name
that you would like your account titled, the street location and phone number, as well as
your birth date and social security number. Also, would you be able to provide proof of
identity such as a driver’s license, passport, credit card or some other form of
identification? I will need two forms of identification…”
Sometimes, despite your best efforts customers will not understand or be agreeable to providing the requested
identification in order to open a new account. Remember, treat every customer consistently, fairly and with
respect! Refer to Appendix F for examples of negative situations you might encounter, and suggestions on
how to deal with them.
CUSTOMER INFORMATION PRIVACY
Maintaining the confidentiality of our customer’s information is extremely important. We
should obtain and discuss customer information for business purposes only. When
disclosing information, we need to ensure that it is only disclosed to those individuals that
are authorized to have it. And, we need to be careful with how we dispose of information.
Privacy regulations apply mainly to individual and consumers, but listed below are some
important issues that have come up recently:
Sharing of customer financial information among affiliates. Be sure that the customer has not “opted
out” of affiliate sharing. Customer’s who have “opted out” are flagged on the bank’s CIF records, noted
within the tracking messages.
Be careful when leaving messages on answering machines for customers –
do not leave any customer, personal information.
When discussing account details with a customer over the phone, know
whom you are talking to; be cautious in disclosing additional information.
Loan numbers may appear on recorded documents according to a recent Federal Trade Commission
ruling. This is a common industry practice that the FTC has allowed as an exception under the privacy
rules so that banks can easily cross reference loans and collateral. Remember - having the account
number does not mean that you are speaking to the actual customer.
When sending customer information, such as copies of documents or other customer information,
ensure that the customer receives “only” their information, and not that of another customer.
Page 18 of 25
✏ The Customer Information Privacy Tip Sheet - This represents a list of items to keep in mind to help
ensure that the privacy of customer information is not compromised.
✏ Minimum Sharing of Customer Information Procedures. These represent the minimum requirements
to be included in departmental procedures. A department is free to use procedures that are more stringent
than the minimums. These Procedures are available on the Intranet, under: Departments/Information
Security- Bottom of page/Sharing of Customer Information and Information Sharing Guide for Inside and
Outside the Organization.
✏ Annual Privacy Notices will be distributed in mid to late June to all National Penn Bancshares, Inc.
customers, as required under the Privacy regulations.
Page 19 of 25
For Protecting Privacy
Be aware that even the fact that someone is a customer of our organization may be confidential
Access customer information only when you need to know for business purposes.
Discuss / share customer information with co-workers only when necessary for business purposes.
Never discuss customer information with anyone outside of work unless there is a valid business purpose.
Never discuss confidential information in a public place or where others may overhear your discussion.
Write down sensitive information for a customer at the teller line when there are other customers in the
Make sure customer questions and error claims are investigated fully and promptly and that any errors are
corrected as soon as possible.
Always properly verify identity before disclosing information to anyone.
Always make sure an individual / party is authorized to have the information they are requesting before you
Check each piece of information to make sure that everything you are disclosing is authorized.
Never leave confidential information where it may be viewed by others.
Never leave confidential information on your computer where it can be viewed / accessed by others.
Always put confidential information away when you leave work each night.
Never leave personal information on an answering machine or voicemail.
Always be careful about e-mailing particularly sensitive information.
Always dispose of customer and other confidential information by shredding it or
in a similar manner.
If you’re not sure whether you can disclose or share information, please ask.
Page 20 of 25
FUNDS AVAILABILITY – REG CC
PURPOSE: This regulation contains rules regarding when a bank must make deposited funds available to its
customers and rules regarding the prompt collection and return of checks through the banking system.
Keep in mind these key terms: (Refer to Personal Deposit Booklet)
BUSINESS DAY: Refer to Deposit Booklet for
- Any day other than Saturday, Sunday, or - Local checks
holiday on which no processing occurs - Non-local checks
- Same day availability
CUT-OFF: - Next day availability
- Branch – 5:00 PM
- ATM – 3:00 PM
EXCEPTION HOLDS: The regulations describe circumstances when a bank may delay the availability of funds
beyond the normal policy. Keep in mind that all exceptions do not apply to all accounts.
New Accounts: typically 30 days
Large Deposits: Aggregate any one banking day greater than $5,000, may invoke exception for amount
greater than $5,000
Re-deposited Checks: These are treated as exceptions except if for a missing endorsement or post dated
Repeat Overdraft: number of days in overdraft protection – see Deposit Booklet for more details
Reasonable Cause to Doubt Collectibility: may treat as an exception
Emergency Conditions: contingency conditions at the bank, which are specified in our funds availability
When invoking exceptions, we must give notice and extend the fine period for the availability of funds.
Remember to call Deposit Operations when doing this.
REMEMBER: Just because we make funds available under our funds availability policy, that does not mean
the funds are actually collected. A customer may still have a return item or compound collection item for which
they are responsible.
See Page 14-15 of Deposit Booklet
Page 21 of 25
FUNDS AVAILABILITY POLICY
TYPE OF DEPOSIT WHEN FUNDS CAN BE WITHDRAWN
• Electronic direct deposits • Same day as day of deposit.
• Cash • The first business day after the day of deposit.
• Wire transfers
• Checks drawn on National Penn Bank or any of its
• U.S. Treasury Checks
• Federal Reserve Bank checks
• Federal Home Loan Bank checks
• Postal money orders
• Savings bonds, bond coupons, food stamps,
certificates of deposit, and savings withdrawals
∗ State and local government checks ∗ These items require a special deposit slip to receive
∗ Cashier’s checks, treasurer checks, and teller next-day availability. You may obtain this special
checks deposit slip from the teller at the time you make your
∗ Certified checks deposit.
• Local checks • The second business day after the day of deposit.
• Nonlocal checks • The third business day after the day of deposit.
• Deposits made at National Penn Bank ATMs by:
• Up to 100% of the total amount of the deposit or $60,
whichever is less, is available immediately for cash
• Sole proprietorships withdrawal.
• Partnerships • The remainder of the deposit will be available the first
• Corporations business day after the day of deposit.
• Deposits made at ATMs owned by other financial
• Up to 100% of the total amount of the deposit or $60,
whichever is less, is available immediately for cash
• Sole proprietorships
• Up to 100% of the total amount of the deposit or $200,
• Partnerships whichever is less, is available the first business day
• Corporations (Empower CheckCard only) after the day of deposit.
• The remainder of the deposit will be available the fifth
business day after the day of deposit.
• Deposits made at ATMs owned by other financial
• The second business day after the day of deposit for
third party payments.
• Corporations (MAC Card only)
• The third business day after the day of deposit for
This policy applies to all types of checking, savings, and moneymarket accounts.
A business day is any day except Saturday, Sunday, or holiday. If you make a deposit before 5:00 p.m. on a business
day (3:00 p.m. at an ATM), we will consider that to be the day of your deposit. However, if you make a deposit after 5:00
p.m. (3:00 p.m. at an ATM), or on a non-business day, we will consider the deposit to be made on the next business day.
Page 22 of 25
Indicate the amount of the deposit that will be available and when for the situations listed. Assume
deposits are made at the branch unless noted otherwise.
1. A client deposits a $200 check drawn on our institution (“on-us” check) and a $250 local check at 10:00
AM on a Monday.
Day of Deposit: ________________
Amount Available: __________________________________________________
2. A client deposits $500 cash on a Friday at 6:00 PM.
Day of Deposit: ________________
Amount Available: __________________________________________________
3. A client deposits $200 local check and $300 non-local check at 2:00 PM on Thursday.
Day of Deposit: ________________
Amount Available: ___________________________________________________
4. A client deposits $400 local check on a Saturday at 9:00 AM. The following Monday is a holiday,
however we are open for all business functions.
Day of Deposit: _________________
Amount Available: ___________________________________________________
5. A client makes a $300 cash ATM deposit at another bank’s machine on a Monday at 12:00 PM.
Day of Deposit: _________________
Amount Available: ___________________________________________________
6. I have a customer where I want to make exceptions to the Funds Availability policy. Can I do this?
What should I beware of?
Page 23 of 25
Thank you for your participation!
Be sure to complete the attached course evaluation.
Page 24 of 25
TRAINING EVALUATION FORM
SUBJECT: CIP Compliance Training
DATE OF TRAINING: August and September 2003
Trainer: ___________________________ Location: _____________________________
Agree Neutral Disagree N/A
The method of training was effective. 1 2 3 4 5 0
The method of training was convenient. 1 2 3 4 5 0
The instructor was clear and concise. 1 2 3 4 5 0
The material was relevant to my job. 1 2 3 4 5 0
I understood the material presented. 1 2 3 4 5 0
I learned from the training and/or the 1 2 3 4 5 0
training was a good refresher of
information I already knew.
The handout material was useful. 1 2 3 4 5 0
I was satisfied with the training overall. 1 2 3 4 5 0
**Please explain any 4 or 5 ratings in the comments section below**
Please note one or more things you learned from the training:
Please note any other comments or suggestions about the content, handouts, instructors or method of training:
Page 25 of 25