WASHINGTON-NCUA, together with the Treasury Department, Treasury’s Financial Crimes Enforcement Network, and six other federal financial regulators recently issued final rules establishing procedures for verifying a new accountholder’s identity. The final rules will require financial institutions to establish a Customer Identification Program for obtaining identifying information from customers opening new accounts, collect standard information like a customer’s name, address, date of birth and some type of identification number, such as a social security number. The program is required to include procedures for verifying a customer’s identity within a reasonable period of time. The final rule allows for a risk-focused CIP based on the types of accounts, the method of identity verification, and other issues. The financial institution must establish that it has a “reasonable belief that it knows the true identity of the customer,” according to the rule. For the record retention provisions of the rule, credit unions and other financial institutions must retain the information obtained about a customer for five years after an account is closed or, in the case of credit card accounts, five years after the account is closed or becomes dormant. However, information verifying the customer’s identity only needs to be kept five years after the record is made. The proposal initially said this information had be to maintained five years after the account was closed, which CUNA and NAFCU objected to. Another change from the proposal concerns the lists financial institutions must cross-reference to determine if an accountholder appears on any list of known or suspected terrorists or terrorist organizations. “Because Treasury and the Federal functional regulators have not yet designated any such lists, the final rule cannot be more specific with respect to the lists banks must check in order to comply with this provision,” the rule reads. “However, banks will not have an affirmative duty under this regulation to seek out all lists of known or suspected terrorists or terrorist organizations compiled by the Federal government. Instead, banks will receive notification by way of separate guidance regarding the lists that must be consulted for purposes of this provision.” Concerning third-party service providers, NCUA is the only federal financial regulator that does not have the authority to regulate and examine vendors. For safety and soundness reasons, the agency will require credit unions to document that their service providers fully comply with the regulation and the credit union’s CIP. Section 326 of the USA PATRIOT Act directs regulators to create reasonable procedures for a financial institution to identify someone opening an account, maintain records of the information used to verify their identity, and determine if their name matches any list of known or suspected terrorists or terrorist organizations. The rules implementing Section 326 were expected to be published in the Federal Register shortly after deadline. The compliance date for the rule is Oct. 1, 2003. NCUA, Treasury, FinCEN, the Board of Governors of the Federal Reserve System, the Commodity Futures Trading Commission, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, and the Securities and Exchange Commission developed the rules announced last week jointly. The regulations apply to credit unions, banks and trust companies, savings associations, securities brokers and dealers, mutual funds, futures commission merchants, and futures introducing brokers. -