If a customer completes a Certification of Beneficial Owners form for a DDA account and opens a Loan on the same day, may one form be used or should we have a form completed for each account?
You may use one form in this case since you have obtained a certification form--as long as the information is accurate and up-to-date (assuming yes since same day).
"If a legal entity customer opens multiple accounts at a covered financial institution
(whether or not simultaneously), must the financial institution identify and verify
the customer’s beneficial ownership for each account?
A. Generally, covered financial institutions must identify and verify the legal entity
customer’s beneficial ownership information for each new account opening,
regardless of the number of accounts opened or over a specific period of time.
However, an institution that has already obtained a Certification Form (or its
equivalent) for the beneficial owner(s) of the legal entity customer may rely on
that information to fulfill the beneficial ownership requirement for subsequent
accounts, provided the customer certifies or confirms (verbally or in writing) that
such information is up-to-date and accurate at the time each subsequent account
is opened and the financial institution has no knowledge of facts that would
reasonably call into question the reliability of such information. The institution
would also need to maintain a record of such certification or confirmation,
including for both verbal and written confirmations by the customer."
Our bank's website has been “spoofed” by a foreign website. The foreign website has a different but very similar URL and content almost identical to our site. Do you have any tips on what steps we should take?
In addition to following your regular BSA/AML policies and procedures, we recommend contacting your federal regulator, and your state's cybercrimes unit or Attorney General as soon as possible. We also recommend adding a “pop-up” or greeting page on your own website that explains the issue to your online visitors, and keeping it up until the fake site is removed. Furthermore, consider sending out a warning e-mail to at least all your online banking customers--if not all your customers--notifying them of the issue.
For the beneficial ownership verification portion, does the bank need a copy of the drivers licenses for each identified beneficial owner?
No, the bank does not specifically need a DL for verification purposes. This is not saying that the bank does not have to verify using CIP procedures, but there is just not a specific requirement for the bank to get a DL. The bank can, for instance, verify through non-documentary methods.
(b) Identification and verification. With respect to legal entity customers, the covered financial institution's customer due diligence procedures shall enable the institution to:
(2) Verify the identity of each beneficial owner identified to the covered financial institution, according to risk-based procedures to the extent reasonable and practicable. At a minimum, these procedures must contain the elements required for verifying the identity of customers that are individuals under § 1020.220(a)(2) of this chapter (for banks); § 1023.220(a)(2) of this chapter (for brokers or dealers in securities); § 1024.220(a)(2) of this chapter (for mutual funds); or § 1026.220(a)(2) of this chapter (for futures commission merchants or introducing brokers in commodities); provided, that in the case of documentary verification, the financial institution may use photocopies or other reproductions of the documents listed in paragraph (a)(2)(ii)(A)(1) of § 1020.220 of this chapter (for banks); § 1023.220 of this chapter (for brokers or dealers in securities); § 1024.220 of this chapter (for mutual funds); or § 1026.220 of this chapter (for futures commission merchants or introducing brokers in commodities). A covered financial institution may rely on the information supplied by the legal entity customer regarding the identity of its beneficial owner or owners, provided that it has no knowledge of facts that would reasonably call into question the reliability of such information.
12 CFR § 1010.230(b)(2): https://www.fdic.gov/regulations/laws/rules/8000-1400.html#fdic8000fra1010.230
The CIP must contain risk-based procedures for verifying the identity of the customer within a reasonable period of time after the account is opened. The verification procedures must use "the information obtained in accordance with [31 CFR 1020.220] paragraph (a)(2)(i)," namely the identifying information obtained by the bank. A bank need not establish the accuracy of every element of identifying information obtained, but it must verify enough information to form a reasonable belief that it knows the true identity of the customer. The bank’s procedures must describe when it will use documents, nondocumentary methods, or a combination of both.
FFIEC, CIP-Overview: https://www.ffiec.gov/bsa_aml_infobase/pages_manual/olm_011.htm
If we have four key factors already listed on an adverse action notice, but also took into account the number of inquiries, can we add that as a fifth factor? And, with this factor, do we have to list the number of inquiries?
Yes, you may add the number of inquiries as a fifth factor. Generally, you would only list four key factors for FCRA purposes, but there is an exception that expressly gives the bank the permission to tack this factor on. As to the actual number of inquiries, there is no requirement to list the actual number—just the factor, itself, is required.
For reference, see:
15 USC § 1681g(f)(9):
“Use of enquiries as a key factor. If a key factor that adversely affects the credit score of a consumer consists of the number of enquiries made with respect to a consumer report, that factor shall be included in the disclosure pursuant to paragraph (1)(C) without regard to the numerical limitation in such paragraph.”
When is the new TRID amendment regarding the black hole issue effective? And can we follow it before the rule is in effect?
The new rule is effective 30 days after publication in the Federal Register which still hasn't happened (as of writing on 04/30/2018). Unfortunately, there’s not an allowance for optional early adoption as there was with the general 2017 TRID amendments which were issued last year:
"The amendments in the final rule will become effective 30 days after publication in the
Federal Register. The Bureau believes the changes should enable industry to implement the
provisions set forth in the TILA-RESPA Rule more cost-effectively and that industry should be
able to implement these changes relatively quickly. Regarding some commenters’ requests for a
later effective date, an optional early compliance period, or an effective date that distinguishes
among transactions based on when a loan application was received, the Bureau declines to adopt
such approaches because the final rule does not impose any new burdens on creditors. Once the
final rule becomes effective, the ability to reset tolerances prior to consummation for a given
transaction will not be limited by when the application was received. The Bureau declines to
make this final rule retroactive, as retroactive rulemaking is disfavored by the courts and the
commenter has not established why it would be appropriate here. "
Compliance Alliance offers a comprehensive suite of compliance management solutions.
To learn how to put them to work for your bank, call (888) 353-3933 or email firstname.lastname@example.org.