Tuesday, June 18, 2024

May 2005 Legal Briefs

Regulators Issue Guidance on Money Services Businesses

  1. Background
  2. Basic Due-Diligence Requirements for All MSB Accounts
  3. Performing Risk Assessments
  4. Risk Indicators
  5. Due Diligence for Higher-Risk Customers
  6. Suspicious Activity Reporting
  7. Review of Existing MSB Accounts
  8. Banks Not Regulators of MSB’s
  9. Guidance to MSB’s

Guidance on the Final CIP Rule

Regulators Issue Guidance on Money Services Businesses

On April 26, 2005, the Federal banking regulatory agencies jointly issued their “Interagency Interpretive Guidance on Providing Banking Services to Money Services Businesses Operating in the United States.”  

Among other points, the guidance clarifies that (1) money services businesses (MSB’s) are all different, and how they are treated should vary, depending on the extent to which a particular MSB’s activities have potential money-laundering risk; (2) banks are not de facto regulators, and aren’t expected to educate MSB’s or bring them into compliance with state and Federal laws and regulations; and (3) banks should not be criticized for maintaining accounts for MSB’s (even noncompliant MSB’s), as long as banks do adequate risk-assessment, frequent monitoring, and proper SAR reporting on such entities.  

The guidance sets out minimum steps that a bank should take when providing services to an MSB.  It also outlines additional steps that may be appropriate if a particular entity may involve higher risk. Each MSB has different characteristics, in terms of products offered, location(s), banking activities, and customers served, and based on those factors it may involve high or low risk for potential money-laundering. Banks are expected to do a BSA risk-assessment for MSB’s (just as for any type of accountholder), but MSB’s as a category certainly have a potential for higher risk.

Many banks have refused to open accounts for MSB’s that are out of compliance with BSA requirements.  Going farther, some banks have refused to open any new accounts for MSB’s.  This is probably “overkill,” but can be directly blamed on somewhat ambiguous language in regulators’ previously issued examination procedures. One reason the regulators are revising their provisions is the realization that it doesn’t solve money-laundering problems (or help the compliant MSB’s) for banks to drive out both good and bad MSB’s, and to force the bad ones underground.  

Rather, it’s a more useful enforcement strategy to allow banks to retain MSB’s as customers (even noncompliant MSB’s)—so that the bank can investigate the entity’s compliance, monitor its transactions, and (if applicable) file SAR’s noting noncompliance with registration requirements and other laws.

I will review some of the provisions of the new interagency guidance.
1.  Background

“Money services businesses” are defined in the BSA regulation, at 31 C.F.R. Section 103.11(uu).  In addition to the U.S. Postal Service, five types of financial services providers are included in this definition: (1) currency dealers or exchangers [uncommon in Oklahoma], (2) check cashers [quite common, including some grocery stores and convenience stores], (3) issuers of traveler’s checks, money orders or stored value [referring to the company that pays the item, not the local agent], (4) sellers or redeemers of traveler’s checks, money orders or stored value [the local agent from whom the checks are purchased], and (5) money transmitters [such as Western Union, including local agents].

For the first four categories above, there is a threshold dollar amount per day.  A business is not an MSB based on any one of the first four categories of activity if it never engages in transactions in that category in an amount exceeding $1,000 for any customer in one day (for example, combining all money orders sold to one customer in one day, or all checks cashed for one customer in one day).

Using the $1,000-per-day test, some business accountholders clearly fall within the MSB definition, and others clearly drop out.  This leaves some accountholders in a middle ground that the bank is not completely comfortable with, so more questions may be appropriate, such as (1) whether the business enforces a policy of declining MSB transactions (cashing checks, selling money orders) in a combined amount that exceeds $1,000 per person per day, and/or (2) whether the particular business (such as one with multiple locations or multiple shifts) has any way of adding up separate transactions with one person in one day, to determine whether the total amount ever exceeds $1,000 per day.

Generally, a bank could reasonably rely on a statement that the accountholder does not allow daily transactions large enough to cause it to be an MSB—particularly if the customer can make a clear explanation of its business activities and why those don’t meet any of the MSB tests, and the bank account transactions do not indicate something more extensive.  (As with C.I.P. procedures, it’s a matter of finding out enough to be satisfied with the customer, instead of a requirement to dig down to the bottom of everything.)

All the five previously listed categories of MSB’s are alternatives to the traditional banking system, and therefore could be used by money-launderers wanting to hide their trail—particularly if an MSB is not compliant with registration requirements and lacks appropriate procedures.   

It’s at least encouraging that the guidelines recognize a clear distinction between (1) MSB activities that are fairly tame, versus (2) MSB operations that raise serious red flags. If Grandma cashes her Social Security check and tax refund check on the same day, a local business could have more than $1,000 of check cashing for one person in one day, making that business an MSB.  But nobody (including the regulators) thinks the cashing of Social Security checks, tax refund checks and payroll checks for known local residents is likely to involve a terrorist or money-laundering activity.  The business may technically be an MSB, and may have to register and follow BSA procedures, but the risk level is low.

The new guidance emphasizes that each bank must evaluate what level of risk (high or low) is posed by a particular MSB’s activities.  Low risk requires a lower level of scrutiny, but high risk requires greater ongoing scrutiny.

2. Basic Due Diligence Requirements for All MSB Accounts

The regulators list minimum due diligence requirements that are expected of banks in opening and maintaining accounts for MSB’s:

(1) applying the bank’s regular C.I.P. procedures;

(2) confirming that the entity is registered with FinCEN, if required;

(3) confirming compliance with state or local licensing requirements, if applicable;

(4) confirming that the MSB is acting as an agent rather than a principal (if true) with respect to the MSB activity; and

(5) conducting a BSA/Anti-Money Laundering risk assessment to determine what level of risk is associated with the account and whether further due diligence is necessary.

Concerning whether a business customer has properly registered as an MSB, regulators expect a bank to ask questions to determine (1) whether the accountholder’s activities would require it to register as an MSB, and (2) whether that MSB has actually registered.  Based on an answer I received from the FDIC, a bank is not expected to turn down an account for an entity that has failed to register with FinCEN when required to do so (but a bank would be reasonable in declining the customer); nor is the bank required to persuade the accountholder that it should register with FinCEN.  However, when an entity required to register with FinCEN does not do so, a bank is expected to file an SAR disclosing the MSB’s noncompliance with legal requirements—and increased monitoring of transactions, and increased due diligence, are both necessary.  

(An entity has up to 180 days to register with FinCEN after it begins MSB activities.  This is done by filing FinCEN Form 107 with the IRS Detroit Computing Center.  FinCEN then may take up to 60 days before responding to the submitted registration form.  During the 60-day period while a registration application is pending, a bank may rely on a copy of the MSB’s submitted registration application.  Completion of an MSB’s registration will then be documented by an acknowledgment letter from the IRS Detroit Computing Center, which is what a bank should look for as proof of MSB registration.  (Later, the MSB will appear on FinCEN’s MSB registration list.) It’s quite possible that an MSB will seek banking services either within the initial 180-day period or the 60-day period while a registrations is pending, and the MSB will not be in violation of registration requirements while the applicable time periods are still running.)

Regarding the third item (state or local licensing requirements), there aren’t any in Oklahoma, except that (based on the Sale of Checks Act which is part of the Oklahoma Banking Code, beginning at Section 2201) the main company that is responsible for paying the checks (travelers’ checks, money orders, etc.) must register with the Banking Department and pay a fee for each location at which an agent of that company sells checks.  

The fourth item, “agent status,” is easy to verify. If, for example, a grocery store sells money orders, it will be an “agent” of a money order company, and can prove this by its agency agreement, or perhaps by providing a copy of the “sale of checks” license (in the name of the money order company) covering the grocery’s address. Similarly, if a check casher wires funds, it will be an agent of Western Union or someone else, and will have an agency agreement to prove it.

Of course, the main company that engages in MSB transactions must register with FinCEN as an MSB, but its separate agents don’t have to register, at least for that particular line of activity.  For example, a funds-wiring company, such as Western Union, must register with FinCEN, but its separate agents are not required to register their MSB services in the category of funds transfers if they only operate through Western Union.  

Similarly, a money order company is an MSB that will be registered with FinCEN, but agents (for example, convenience stores) that sell the company’s money orders don’t need to register as MSB’s with respect to money order transactions.  

However, the same business that may wire funds as agent and may sell money orders as agent could also be cashing checks in a sufficient amount to be classified as an MSB in the category of check cashing also.  A company typically does check-cashing on its own (not as agent), so a business that is an agent for other companies as to some of its MSB activities could still be required to register with FinCEN as an MSB because a large enough amount of check cashing is occurring (not as agent for others).

 If the MSB activities of a business are carried on only as agent (and therefore not required to be separately registered with FinCEN by the agent), those agent activities may still meet the definition of MSB (based on volume of the agent’s transactions with one customer in one day).  If an agent meets any MSB test, it needs to have an anti-money-laundering (AML) program and it must comply with other recordkeeping and reporting requirements—even if it’s not required to register with FinCEN.   

If the MSB office that is doing business with a bank is a branch of an MSB that’s headquartered elsewhere (an owned branch office, not an agent), the branch does not have to be separately registered with FinCEN.  Rather, a review of the registration by the main company (of which it is a branch) is sufficient.

In performing a due diligence review on an MSB, a bank should note for its files that it has reviewed the appropriate registration, licensing, or agent status of an MSB customer, but the bank is not required to retain actual copies of these documents.

3. Performing Risk Assessments

By applying the five due diligence steps listed above in Section 2, a bank gets a first impression concerning whether a new customer’s MSB-type activities pose a high risk or low risk for money-laundering. After this initial review, in some cases no additional due diligence will be needed on the customer.

For example, if a grocery store’s only MSB-type activity is check cashing, and the dollar amount of checks cashed is modest, the MSB definition will not be met, and there’s no reason to review anything more–unless something looks suspicious or illegal.  

As another example of risk assessment, if the only MSB-type activity is cashing government checks and payroll checks for local residents who are personally known, a business would usually be categorized as “low-risk.”

In other cases, the initial due diligence on a new customer (or periodic review of an existing customer) raises issues that must be pursued by further questioning of the customer or more documentation.  In some cases, extensive additional due diligence will be required. The regulators repeatedly emphasize that the bank’s own accurate risk assessment of customers is what should trigger more investigation (or not).

If risk assessment has been performed, and the customer is determined to be an MSB, and the entity is not “low risk,” there are certain issues the bank should consider in deciding what, if any, additional due diligence is required. These issues include (1) types of products and services offered by the MSB, (2) locations and markets served by the MSB, (3) anticipated account activity, and (4) purpose of the account.

The categories in which an MSB has activities may affect the entity’s over-all risk.  For example, it might be that a particular business cashes checks (even some fairly large checks) as a courtesy to its known local customers, but does not wire funds or sell money orders.  This may technically meet the definition of MSB activity, but it’s still only a sideline of a main business that is of a different type.   Most factors would tend to point toward “lower risk,” including the fact that the volume of checks is less than for a full-time check casher.  At the same time, because this entity is less focused on the idea that check-cashing is a “business,” it may not know that it is required to be registered with FinCEN, and it may not have the required BSA procedures in place.

Certain areas of the U.S. are recognized as having a higher intensity for drug trafficking and/or for financial crimes.  Regulators expect a bank to use a risk assessment procedure that is appropriate to its location, including taking these high-crime-intensity patterns into account.

Only six counties in Oklahoma are classified as “higher risk” for drug trafficking. These counties are Comanche, Cleveland, Oklahoma, Tulsa, Muskogee and Sequoyah.  Higher population is obviously not the only factor, but four of these counties are among the most highly populated in Oklahoma.  (To view a map of the Oklahoma counties that are considered as higher risk for drug trafficking, go to www.whitehousedrugpolicy.gov/hidta, and click on the “North Texas” area.)

 At the same time, 71 counties in Oklahoma are not considered “higher risk” for drug trafficking.  Strangers tend to attract more attention in rural Oklahoma, and drug traffickers will most naturally go where there are a lot of potential customers and where they can maintain a lower profile.

There are also High-Risk Money Laundering and Related Financial Crime Areas (HIFCA’s), including such areas as San Francisco, Los Angeles, Chicago and New York.  Oklahoma is not in an HIFCA.  

Some MSB’s have a riskier client base than others.  Cashing Grandma’s Social Security check at the grocery store where she shops is not the same as selling large quantities of money orders to strangers or wiring funds to “anywhere” for anyone who walks in the door.  

Some MSB’s may be entirely local, marketing their services only to local people, while other MSB’s have broader markets and may even be involved in international transactions.  

A bank must understand the expected bank services that an MSB is planning to use, including currency deposits or withdrawals, check deposits, and funds transfers.   If an MSB deviates substantially from the quantity and type of services that it says it will need from the bank, this can be a “red flag” that the MSB has not accurately described its business, or that it is making changes in its business that the bank should review.

For example, a check casher would typically be depositing a large quantity of checks, and may need a lot of currency.  If a check casher (not selling money orders) instead starts depositing a lot of cash or wiring out funds to foreign countries, this would be very strange, and calls for greater explanation.  As another example, an agent selling money orders usually will be depositing a lot of cash to a special “agency” account, and probably will wire the “proceeds” from sale of money orders to the main money order company; but it usually wouldn’t be depositing money orders payable to itself (or any proceeds of sales of money orders) to its general business account, nor will it be wiring money order proceeds to unexplained places.

A customer should be able to tell the bank its true purpose for maintaining a bank account in connection with its business.  From time to time, the bank should look at the account activity to see whether the MSB is using its bank account in line with what the bank expects to occur.

Certain entities will have seasonal “peaks” in their business, when the volume of transactions will increase.  The bank should be aware of “peaks” that  occur naturally as part of the entity’s normal business, but should also see “red flags” if account activity gets out of line with anything that can reasonably be anticipated.  

4.  Risk Indicators

The interagency guidance lists a number of indicators of “low risk,” and also some indicators of “high risk,” with respect to MSB’s.  This list of factors is useful in helping banks sort out what’s ordinary from what is of greater concern to regulators.

“Low risk” indicators include the following:

(1) an established business with an operating history (particularly a business already known to the bank, and one that is not starting new MSB activities);

(2) a business with no MSB activity other than check-cashing for local residents;

(3) an entity with only a single line of MSB activity, such as only selling money orders, or only exchanging currency;

(3) an MSB whose customers primarily use its services to conduct what appear to be routine transactions, and not extremely frequently, and only in low amounts (for example, MSB customers who are retired, have no bank account, and need money orders to make regular payments for rent, monthly utility bills, etc.);

(4) a check casher that does not cash out-of-state checks;
(5) a check casher that only cashes the individual’s personal check, or only cashes payroll or government checks (no other third-party checks);

(6) a money transmitter that only remits funds to entities within the U.S.; or

(7) an MSB that sends bill payments (such as utility bills, loan payments, or credit card payments) only to receivers within the U.S.

At the opposite end of the spectrum, the regulators provide a list of “potentially higher-risk indicators,” including the following:

(1) a new MSB business without an established operating history;
(2) a business location within a High-Intensity Drug Trafficking Area (such as the six counties in Oklahoma mentioned earlier) or in a High Risk Money Laundering and Related Financial Crimes Area (not applicable to locations in Oklahoma, but possibly applicable if a customer has additional locations in other parts of the U.S.);

(3) an MSB that provides multiple types of money services products instead of only one;

(4) an MSB allowing customers to conduct higher-amount transactions with moderate to higher frequency (for example, if an MSB’s customer purchases a large amount of money orders on almost a daily basis, with no obvious explanation);

(5) a check casher that will cash any type of third-party check (not limited to government or payroll checks), or that will cash checks for a commercial business, drawn on that business (which might even be a “red flag” for kiting);

(6) the MSB is a money transmitter that only offers cross-border transactions, or specializes in cross-border transactions—particularly to countries that have a heightened risk for money laundering, or for financing of terrorism, or that have weak anti-money-laundering controls; or

(7) the MSB is a currency dealer or exchanger, for currencies of countries with a heightened risk for money laundering, or for financing of terrorism, or that have weak anti-money-laundering controls.

5.  Due Diligence for Higher-Risk Customers

If the bank’s initial risk assessment of an MSB indicates a potential for a higher risk of money laundering or terrorist financing (based on factors listed above, as well as anything else turned up by the bank’s own questioning), the bank will need to conduct further due diligence, appropriate to the heightened level of risk.  The regulators stress that this same general process of greater diligence based on risk should apply to any other business customer (not just MSB’s).  A bank always needs to learn more about the customer’s operations when there is heightened risk, but this does not mean the bank cannot maintain the account.

The regulators list certain actions that a bank should consider taking as further due diligence when an initial risk assessment of an MSB indicates possible higher risk.  (They do not expect a bank to take all of these actions for all MSB’s.) The same issues apply when review of an existing customer’s activities shows a change to “higher risk.” These are suggestions, some of which may be appropriate in a particular case, but everything depends on apparent degree of risk, as well the size and sophistication of an MSB’s operations:

(1) reviewing the MSB’s AML program (because even an MSB whose only activity is as an agent is required to have such a program);

(2) reviewing results of the MSB’s independent testing of its AML program;

(3) conducting on-site visits;

(4) reviewing lists of the entity’s agents (if any), including locations, both within or outside the U.S., that will be receiving services through the MSB’s business account;

(5) reviewing written procedures for the operation of the MSB;

(6) reviewing the MSB’s written practices for agent management and termination; or

(7) reviewing written employee screening practices for the MSB.

There’s nothing automatically “wrong” with having a business accountholder (a) that has multiple lines of MSB business (check-cashing, sale of money orders, wiring funds, and bill-payment services), (b) that cashes and deposits a high volume of checks, (c) that has multiple offices, and (d) that even wires funds to other countries (such as a high volume of persons transmitting funds to relatives in Mexico).  

However, to maintain an account for a complicated MSB while avoiding regulatory criticism, the bank may need to do considerable work to understand the nature of the MSB’s operations and to determine whether that MSB is operating under proper procedures and in compliance with law.  (A bank is not expected to enforce MSB requirements, but for a complicated entity it at least will need to understand whether MSB requirements are being met.  What a bank clearly cannot afford to do is to have a higher-risk MSB as a business customer without looking carefully at what that MSB is doing.

6.  Suspicious Activity Reporting

 The regulators point out that, as a key element of identifying and reporting suspicious transactions, banks should engage in risk-based monitoring of accounts for all customers, including MSB’s.  What this means is that the level and frequency of monitoring of accounts by the bank should depend on (1) the activity in the account, and (2) whether the customer is high-risk.

 A high-risk entity does not require “real-time” or constant monitoring of transactions flowing through the account, but will require more frequent monitoring than is necessary for a lower-risk entity.  Variances in account activity will not necessarily mean that a problem exists, but may mean that additional review of the account is appropriate.

The following types of significant unexplained variations in transactions by MSB’s may suggest potential suspicious activity:

(1) A check casher deposits currency in small denominations or in unusually large or unusually frequent amounts.  (Normally a check casher would deposit checks and require currency from the bank to meet its business needs.)

(2) A check casher deposits checks with unusual symbols, stamps or written annotations on the front or back.  
(3) A check casher deposits checks from foreign jurisdictions that pose a heightened risk for money laundering or the financing of terrorism, if the MSB does not overtly market its services to persons on those jurisdictions.  (Normally, I wonder why a check-casher in Oklahoma would ever cash a check written on a bank in a foreign country.)

(4) A money transmitter transfers funds to a different jurisdiction than the bank expects based on its due diligence information from the customer.  (For example, a company that says it will specialize in remittances to Latin America starts regularly transmitting funds to another part of the world, without any explanation.)

(5) A money transmitter or seller of money orders starts depositing currency significantly in excess of what the bank would expect, without any justifiable explanation—such as expanded business, new locations, etc.

Situations like the ones just listed would justify filing an SAR.  The regulators also clarify that if any bank determines that an MSB is operating in violation of requirements to register with FinCEN or is not licensed as required by any state, an SAR should be filed.

However, BSA regulations do not require a bank to close the account of an entity that is the subject of an SAR.  Bank management’s decision to close a customer’s account or keep it open should be based on guidelines approved by the bank’s board.  When an account is involved in suspicious or potentially illegal activity, the bank should determine whether it’s comfortable maintaining the account or not.  If the bank knows that the activity reported in an SAR is under investigation, the regulators prefer that the bank notify the applicable law enforcement agency before making any decision concerning the status of the account.

7.  Review of Existing MSB Accounts

The new guidance does not require banks to immediately conduct a review of existing accounts of known MSB’s to determine whether they are registered with FinCEN or are properly licensed (if required) under state law.  However, even under a bank’s pre-existing AML compliance program there was an obligation to make periodic assessments of existing MSB accounts to update risk factors, and in connection with this regular review process it will now be appropriate to look at an MSB’s licensing and registration status.

8.  Banks Not Regulators of MSB’s

Banks are not expected to educate MSB’s about BSA requirements applicable to MSB’s.  The burden of telling MSB’s what they have to do, or trying to bring them into compliance, does not rest with banks. (Banks may legitimately ask themselves whether they want to maintain an MSB as a customer if it is noncompliant, but it’s a choice.  Noncompliance does give an MSB’s account “higher risk,” imposing requirements of greater due diligence, more frequent monitoring, and possible SAR filings.)

In the course of reviewing a customer’s MSB activities, questions will inevitably arise. If asked for information, a bank can direct the MSB to regulatory resources that cover BSA requirements.  For example, a website for MSB’s at www.msb.gov includes the form for registering as an MSB, provides copies of Federal statues and regulations, discusses BSA requirements (including questions and answers), covers SAR filings, and includes a 52-page guide on money laundering prevention.  An MSB may also call FinCEN’s Regulatory Helpline at 1-800-949-2732.  

9.  Guidance to MSB’s

Simultaneous with issuance of the guidance to banks regarding banking services for MSB’s, the regulators also issued a “Guidance to Money Services Businesses on Obtaining and Maintaining Banking Services.”  This second guidance is sort of a simplified version of the bank’s guidance, but it’s specifically directed to MSB’s.

The purpose of this second document is to tell MSB’s what information and documentation they should be prepared to provide when seeking to open or maintain banking account relationships.  It includes the requirement to register with FinCEN.  It refers MSB’s to the website at www.msb.gov and explains that an MSB must have a BSA program.

The guidance notes that MSB “industry leaders” have made BSA compliance a top priority, but it admits that some MSB’s (particularly those engaging in MSB activity only as a sideline) are still unaware or unfamiliar with BSA requirements.

The guidance warns that MSB’s failing to comply with BSA provisions (including registration as an MSB) are subject to regulatory and law enforcement scrutiny, and also are likely to lose banking services that allow them to function.

The document then outlines the basic due diligence steps that banks are required to take in opening an account.  It advises them that in some cases, based on level of risk, the amount of additional due diligence may be extensive.  The document lists four categories of operational information that an MSB may be asked to explain to a bank (types of products and services; locations and markets served; anticipated account activity; and purpose for the account).  It also lists the additional information a bank may ask for when an MSB appears to be “higher risk.”

Because this guidance is specifically directed to MSB’s and lays out in advance what banks will require, MSB’s should be able to recognize easily that it’s a government requirement–not some unreasonable procedure that the bank is trying to impose.  It won’t necessarily make the MSB any happier to provide the information, but hopefully any displeasure at these requirements will be directed toward someone other than the bank.  If a new accounts officer keeps a copy of this MSB guidance available, it may prove useful in helping a new business customer that does not understand what is required or why.

Guidance on the Final CIP Rule

On April 28, the regulators issued joint “frequently asked questions” on the Final CIP Rule, which is also part of a bank’s obligations under BSA.  I will discuss the stated answers to several of these questions.  

1. Does the CIP rule apply to a loan applicant who is denied? No.  A person who does not receive banking services is not a “customer.”  A loan account is opened only when the bank enters into an enforceable agreement to make a loan.

2. Do bank subsidiaries need a customer information program? Yes.  The banking agencies take the position that subsidiaries of banks should implement CIP as a matter or safety and soundness, and to protect the bank from reputational risks.  Subsidiaries (other than “functionally regulated subsidiaries” such as a securities broker-dealer) should comply with the same CIP rule that applies to the parent bank. This would include, for example, a finance company subsidiary or mortgage company subsidiary of the bank.

Bank holding companies, and other BHC subsidiaries outside the bank’s control, are not subject to the CIP rule for banks.

3.  If an account is opened for a competent person by “power of attorney,” who is the “customer” on whom CIP information must be collected?  When the underlying owner of the account is no longer mentally competent, the “customer” is the person holding the power of attorney (because from a terrorism or money-laundering standpoint, that’s the only person capable of directing transactions on the account).  By contrast, when the owner is competent, it’s legally possible for either the competent person or the attorney-in-fact to control the account.  In this situation, the competent owner of the funds is the one treated as the “customer.” This is basically the same situation as an individual account with an authorized signer—either the mentally competent owner or the signer is able to sign, but the “customer” will be the owner.

4. Does the CIP rule apply when a joint owner is added to an existing account?  Yes.  CIP information must be obtained on a joint owner who is added, unless that person is already an existing customer of the bank.

5.  How does the CIP rule apply to a minor opening an account?  This answer gets a little strange, but if a minor opens the account for himself (such as an elementary school child at a “bank at school” program), CIP information should be gathered on the minor (even if he is not legally bound).  But if a parent opens the account for the minor (such as “Little Johnnie Doe, a minor, by Mary Doe”), then information should be gathered instead on the parent, Mary Doe.

A minor cannot be legally bound on a bank account unless the account is in the child’s sole name.  For a joint account between minor and parent (which I do not recommend), the child is not legally bound.  If the parent sets up the joint account that includes the minor child and the parent as owners, it is the parent’s information that should be gathered.  Similarly, on a UTMA for a minor (which I do recommend), the custodian (typically a parent) opens the account for a child, who cannot write checks or make withdrawals.  For a UTMA, it is the custodian’s information that should be gathered—because a child cannot open or sign on such an account.  

If a minor personally establishes an account his sole name (with or without a parent as signer) it’s the minor’s information that should be collected for CIP purposes.