Friday, October 4, 2024

March 2006 Legal Briefs

Higher Debt Allowed for $150-500 Million Holding Companies

  1. Some Advantages
  2. Permitted Debt Ratios
  3. Reason for the Change
  4. Additional Restrictions

More New Changes to Regulation E

  1. Disclosure at ATM’s
  2. Preauthorized Debits
  3. Good Faith Errors
  4. Stop Payments
  5. Extended Time for Raising Errors
  6. Extent of Error Investigation

Using Multiple CIP Approaches

Higher Debt Allowed for $150-500 Million Holding Companies

The Federal Reserve has issued a final rule expanding its definition of “small bank holding company” to include organizations with up to $500 million in consolidated assets.  These changes to Regulation Y are especially useful in Oklahoma, where all but a dozen banks are under $500 million in assets.

Very large holding companies pay for mergers and acquisitions by selling publicly traded stock.  Smaller holding companies typically must rely on borrowing to finance bank acquisitions, mergers, stock buy-backs, etc.  Sometimes, the Fed’s restrictions on holding company debt levels are the critical factor limiting a holding company’s expansion activities.

Since 1980, the Fed has allowed holding companies with less than $150 million in total assets to incur a higher ratio of debt, but holding companies over $150 million have been restricted in their permitted debt levels.

With the changes that the Fed has just adopted, holding companies up to $500 million in consolidated assets will be able to incur the same higher debt ratios that previously have applied only to holding companies under $150 million in assets.

1.  Some Advantages

Following are examples of advantages created by these changes:

(1) Holding companies with between $150 million and $500 million in consolidated assets will be allowed to incur substantially larger amounts of debt than before (with Fed approval).

(2) The increased borrowing authority for holding companies with consolidated assets between $150 million and $500 million will allow mergers or acquisitions that previously could not have been financed and approved.  (For an acquisition that increases a holding company’s consolidated assets to over $150 million, the purchase price can be financed at least 75% with increased debt.)

(3)  If a holding company with between $150 million and $500 million in total assets wants to increase the bank’s capital, or wants to buy back a large amount of holding company stock from certain shareholders who are selling out, the holding company can borrow substantially more money for these purposes than before.

2.  Permitted Debt Ratios

As outlined in Appendix C to Regulation Y, a “small bank holding company” can have a maximum debt-to-equity ratio of 3-to-1 (or “three parts debt to one part equity”) at the holding company level.  The bank must maintain adequate capital, but the holding company does not need to meet a separate minimum capital requirement.  For example, if a bank has a more-than-satisfactory capital-to-assets ratio of 8%, its small bank holding company could have debt as high as 3/4 of the bank’s capital, and the holding company’s net worth could be approximately 1/4 of bank capital, but is not required to be any specific minimum percentage.  (To keep it simple, I have assumed no intangible capital at the holding company level in this example.)

By contrast, for any holding company too large to be a “small bank holding company,” capital adequacy ratios must be applied at the holding company level, based on consolidated assets.  Thus, if a bank has a capital ratio of 8%, its non-small-bank holding company would need capital of about 6% at the holding company level on a consolidated basis (compared to what was probably 2% consolidated capital in the earlier example for a small bank holding company).  A non-small-bank holding company basically must deduct its debt against bank capital, ending up with “net” capital at the holding company that still has to satisfy a minimum capital-adequacy ratio on holding company consolidated assets.

3. Reason for the Change

The Fed’s original 1980 Policy Statement (allowing a higher debt-to-equity ratio for small bank holding companies than for larger holding companies) was designed to facilitate transfer of ownership of small community-based banks.  

The average “small bank” today is proportionately larger than a small bank of 26 years ago.  A typical $150 million bank in 1980 would have more than doubled in size by 2006, just based on inflation—not considering expansion through branching or acquisitions.  But the Fed has not adjusted the “$150 million of assets” definition for small bank holding companies since it adopted its policy in 1980.  Thus, the original $150 million definition of “small bank holding company” became more restrictive with the passage of time.

In Oklahoma there are about 40 banks that hold between $150 million and $500 million in assets.  These banks will be helped immediately if they choose to take advantage of the revised debt provisions.  Other Oklahoma banks, currently below $150 million in size, can eventually expand above $150 million without becoming subject to the more restrictive holding company debt ratio requirements that existed previously.

Nationally, about 85% of all holding companies will be able to qualify for “small bank holding company” treatment because of the changed $500 million definition, versus about 55% of holding companies that were eligible under the previous $150 million definition.

Although there will be no automatic “inflation adjustment” built into the Fed’s “small bank holding company” definition on a going-forward basis, the Fed does anticipate that it will review the asset threshold again at least once every five years, to determine whether it should be further adjusted.

4.  Additional Restrictions

As a condition for allowing higher debt-to-equity ratios, the Fed has always imposed certain additional restrictions on these small bank holding companies’ activities.  These restrictions will now apply to any holding company with up to $500 million in assets that wants to take advantage of higher debt ratios.  

The Fed views a higher-debt ratio for a small bank holding company as being somewhat at odds with that holding company’s ability to serve as a “source of strength” for the bank.  Therefore, the Fed (1) imposes requirements for reducing the debt in an orderly manner, (2) imposes a prohibition on dividends being paid by the holding company until debt is reduced to a certain level, and (3) prohibits a highly-leveraged small bank holding company from engaging in most activities other than owning the bank.

As previously stated, a small bank holding company cannot incur debt in excess of “three parts debt to one part equity” at the holding company level.  Other debt-related restrictions apply:  First, the holding company must be able to repay its debt in not more than 25 years.  Second, the holding company must be able to reduce its debt-to-equity ratio to .30-to-1 (“three parts debt to 10 parts equity”) within not more than 12 years, while projecting realistic levels of bank income, bank capital, asset growth, dividends, etc. Third, the subsidiary bank must remain well-capitalized at all times.  Fourth, the holding company must not pay dividends to its shareholders until the holding company’s debt-to-equity ratio is reduced to 1-to-1 (“one part debt to one part equity”).

The restriction on paying holding company dividends, as just discussed, is particularly important for banks and holding companies making a “Subchapter S” election.  (A “Sub S” bank or holding company pays no tax at the company level, but reports out a share of the company’s total income to each shareholder.  The shareholder then must pay tax on his share of the total income—regardless of whether he actually receives any money from the company. Most entities making a “Sub S” election do find it necessary to pay at least enough dividends to allow shareholders to pay tax on the company’s income.)  

A small bank holding company that makes a “Sub S” election probably would not want to incur a level of debt-to-equity exceeding “one-to-one” because a Sub S company must continue to pay dividends to shareholders.  But a “one-to-one” ratio still allows a holding company to incur debt equal to approximately half of the bank’s capital.  For holding companies with between $150 million and $500 million in total assets, this is substantially more than the company could borrow under the Fed’s previous rules.  

 Anyway, holding companies with between $150 million and $500 million in total assets may have too many shareholders to make a “Sub S election.”  For these companies, qualifying for higher debt levels as a “small bank holding company” can still be very attractive; and if the holding company is unable to pay dividends until debt-to-equity is reduced to “one-to-one,” this may be something that the company’s shareholders can live with for a while.  (There’s greater flexibility than before to incur debt, but the extent to which it’s useful depends on the particular holding company’s situation.)

The last restriction, mentioned briefly above, is that a small bank holding company with significant debt must not be engaged in any non-banking activity that involves significant leverage, either directly or through a non-bank subsidiary.  The holding company’s activities must be “plain vanilla,” at least until debt is significantly reduced.  

One example of an “extra” holding company activity that the Fed has frequently approved is a credit-life insurance agency.  This involves almost no investment, no debt, and little risk.    

The Gramm-Leach-Bliley Act granted holding companies the potential to engage in a variety of financially-related activities.  Some smaller holding companies have done so, but most have not.  Basically, a small bank holding company must choose between engaging in some of these more exotic financially-related activities, or utilizing the higher debt ratio allowed for small bank holding companies–but it can’t do both.  

Until a small bank holding company’s debt-to-equity ratio drops below “one-to-one,” the company cannot use the Fed’s expedited applications procedures and may not redeem holding company stock without filing for approval.

More New Changes to Regulation E

The Federal Reserve’s recent changes to Regulation E are mostly about electronic check conversion, as discussed in my February article.  However, there are also some minor Regulation E changes on other points, which I will review here.  These changes become effective on January 1, 2007; however, a bank can voluntarily comply with them at any time before then.

The changes relate to (1) initial disclosure at ATM’s, (2) using recorded authorization for preauthorized debits, (3) good faith errors, (4) stop payments, (5) time for the consumer’s notice of errors, and (6) how much investigation is required in error resolution. 

1.  Disclosure at ATM’s

Regarding fees imposed on non-customers for ATM use, Regulation E requires a two-step disclosure at the ATM.  The first required step is a disclosure on the machine (such as a sign, or a sticker-type notice, on the ATM).  Section 205.16(b)(1) of Reg E currently requires this notice to non-customers to disclose (1) “that a fee will be imposed” for EFT services or for a balance inquiry (if it’s not a totally free ATM), and (2) the amount of the fee.  

Instead of stating that a fee “will be imposed,” some of the larger ATM networks have been disclosing on the machine that a fee “may be imposed,” on the basis that they do not impose a fee on non-customers in all situations. (Until now, Reg E has only allowed banks to disclose that a fee “will be” imposed.)  For marketing reasons or better accuracy, banks have disliked stating that a fee “will be imposed” on non-customers, if at least some EFT transactions at ATM’s will require no fee.

When non-customers make only a balance inquiry at the ATM (one type of EFT service), this typically is without charge.  As another example, several banks could enter into a reciprocal agreement whereby ATM fees are not charged to each others’ customers, while non-network banks’ customers do incur the fee. In these “some will/some won’t” examples, a bank could legitimately prefer not to make the somewhat inaccurate and overly general disclosure that a fee “will be imposed.”  

Revised Section 205.16(c)(1) allows a bank, at its discretion, to disclose either that a fee “will be imposed” or that a fee “may be imposed,” as long as there are some situations in which a non-customer will not be charged for EFT services at the ATM.

Regardless of whether a bank’s existing ATM disclosure says a fee “will be imposed” or “may be imposed,” the bank can probably stick with its existing notice, if that’s what it prefers.  But if the disclosure currently states that a fee “will be imposed,” and the bank prefers to change to “may be imposed,” it can probably do so.

The second required fee-disclosure notice at an ATM is the screen or paper notice, given either on the ATM screen or on a paper slip, after the consumer has inserted his card into the ATM.  This disclosure is more transaction-specific, informing the consumer that a fee will be imposed for the actual transaction that the consumer has selected (if that is true), and giving the consumer the option to cancel the transaction before the fee is imposed. This second disclosure requirement is not changed.

The Fed points out that the two separate disclosures at an ATM have somewhat different purposes.  The first notice is sort of a “quick-glance” notice, “intended to allow consumers to identify ATM’s that generally charge a fee for use.”  The notice on the outside of the ATM must be brief and easily readable.  It would destroy the purpose to try to include in this notice all the details of when a fee is imposed and when an exception applies.  Recognizing that much, it makes little difference whether the first notice uses “will” or “may,” because the disclosure is still incomplete without going into more detail than realistically can be provided.   

The second notice has a different purpose.  It corrects for the first notice’s shortness by (1) telling the consumer specifically (if true) that the particular transaction selected at the ATM will involve a fee, and (2) allowing him to cancel the transaction based on that notice.  

2.  Preauthorized Debits

It has always been true that repeated, pre-authorized automatic drafts from a consumer’s deposit account (insurance payments, mortgage payments, etc.) must be authorized by the consumer in writing.  However, the Fed has decided to delete from the Regulation E Commentary its Comment 10(b)-3 to Section 205.10(b), which states, “A tape recording of a telephone conversation with a consumer who agrees to preauthorized debits . . . does not constitute written authorization . . . “   Based on this change, a tape recording apparently will be enough.

Existing language in Section 205.10(b) of Reg E states, “Preauthorized electronic fund transfers from a consumer’s account may be authorized only by a writing signed or similarly authenticated by the consumer.”  This language is not changing.  But several years after this wording was first adopted, Congress passed the federal E-Sign Act, providing in most cases that a statute requiring a signed, written document can be satisfied instead by an authenticated electronic record in place of a paper document. (A tape recording is electronic, and a record of what the consumer authorized, and convincing proof.)

Some persons argued that the Commentary’s ban on tape recordings as a basis for preauthorized debits was contrary to E-Sign’s recognition of electronic records as being equal to written records.  By deleting the Commentary’s statement that a tape recording won’t work, the Fed still does not specifically state that a tape recording amounts to preauthorization; but the presumption from this action is that a tape recording will work.  With respect to EFT’s on depositors’ accounts, banks now apparently must accept a tape recording as the basis for preauthorized transfers, instead of insisting on written, signed preauthorization.

Electronic payments have changed a lot since Reg E’s provisions were first adopted.  Originally, a consumer wanting to make a purchase over the telephone had to pay by credit card–perhaps arranging (in the case of a major purchase) for several equal monthly installments, each of which would be charged to the card by the seller or other service provider.

Today, millions of consumers make purchases by debit card.  It has been technically impossible in the past to give a telephoned pre-authorization for a series of payments to be withdrawn from the consumer’s deposit account—even if the payments will be initiated through a debit card number.  Technically, Reg E has required a signed, written authorization for any series of preauthorized payments drawn from a deposit account.  

Many consumers today have no credit card, or prefer not to use one.  Instead, they want to buy merchandise or services over the phone in a series of payments to be drawn from their deposit account (using either a debit card number or ACH debits).  The Fed’s change to the Commentary should allow telephone-recorded preauthorization for repeating payment transactions, either by debit card or ACH.

3. Good Faith Errors

Lots of consumers have a debit card but aren’t concerned with precisely what it should be called.  (Some bank cards say “check card” at the top, not “debit card.” This makes the issue even more confusing when the consumer is asked, “Do you have a credit card or debit card?”)  And many consumers view every plastic card as basically some sub-category of “credit card.”  (A person may talk about using “my credit card on my bank account” to make a payment.)  Although a debit card doesn’t involve “credit,” this is irrelevant to a consumer, who cares about carrying out his transaction, not terminology.   
For Regulation E reasons it does matter, technically, that a consumer is attempting to enter into a multiple-payment transaction over the telephone (“four easy monthly payments”) with a debit card.  The seller or service provider in this situation typically will not have the customer’s signed, written preauthorization (to initiate repeated debits to a deposit account) and may mistakenly believe that the consumer is providing a “credit card.”

In a telephone-originated transaction involving multiple payments, the   consumer who says he’s paying by credit card (when really it’s a debit card) may lead the seller or service provider into believing that a Reg-E-type preauthorization is not needed.  If only verbal approval is given for multiple payments to be made by debit card, Reg E would require such verbal authorization to be tape-recorded, as explained above.

Existing Comment 10(b)-7 to Section 205.10 gives protection for the payee who makes a good-faith error in believing that a transaction involves a credit card, although in fact it’s a debit card.  The payee did not violate the requirement to obtain written preauthorization for recurring charges, “if the failure to obtain written authorization was not intentional and resulted from a bona fide error, and if the payee maintains procedures reasonably adapted to avoid any such error.”  The existing Comment gave the payee the benefit of the doubt “if the payee is unable to determine, at the time of authorization, whether a credit or debit card number is involved, and later finds that the card used is a debit card.” The existing Comment did not suggest what amounts to “procedures reasonably adapted to avoid any such error.”

The newly revised language of Comment 10(b)-7 somewhat tightens the previous standard for “bona fide error,” requiring the payee to get some actual indication from the consumer that the card is a credit card, before the payee can safely proceed as if no Reg-E preauthorization is needed.  A payee cannot just assume (without asking) that a card is a credit card, if the payee’s procedures do not reveal this. The revised approach requires the payee to ask the consumer what type of card he is using, unless the consumer specifically indicates that it’s a credit card, or that it’s not a debit card.

The revised Comment recommends the following standard approach: “Generally, requesting the consumer to specify whether the card to be used for the authorization is a debit (or check) card or a credit card is a reasonable procedure.”  The revised Comment also allows a payee to accept a consumer’s statement concerning the type of card he has: “Where the consumer has indicated that the card is a credit card (or that the card is not a debit or check card), the payee may rely on the consumer’s statement without seeking further information about the type of card.”

The Federal Reserve Board states the following in its explanatory remarks: “[I]t may have been reasonable in the past, when relatively few debit cards were in use compared to credit cards, for payees to use procedures that did not involve asking questions about the type of card being used.  Today, however, given the growth of debit card usage, the Board believes that reasonable procedures should include interaction with the consumer specifically designed to elicit information about whether a debit card is involved.”

The Fed points out that both Visa and MasterCard debit cards issued after January 1, 2005, display the words “debit card” (or “check card”) on the front of the card.  As debit cards are reissued over time, all such cards will eventually be clearly labeled.  For a payee taking information from a card in person, the labeling on the card will make clear what it is, and will alert that person to the need to obtain an appropriate preauthorization.  For consumers who are giving card information over the phone, the payee can ask the consumer whether this labeling appears on the card, identifying it as a debit card.  By this means, situations where a payee gives mistaken information about the type of card will diminish.

As in the past, if a payee later discovers that the card being used to make recurring payments is actually a debit card instead of a credit card, the payee must obtain an appropriate Reg-E preauthorization as soon as reasonably possible, or else cease debiting the consumer’s account.

4.  Stop Payments

Existing Section 205.10(c)(1) allows a consumer to stop payment on a preauthorized EFT by notifying the financial institution at least three days in advance of a scheduled payment, verbally or in writing.  The Fed has reaffirmed in Comment 10(c)-2 in the Commentary that a financial institution “must block all future payments for the particular debit transmitted by the designated payee-originator,” not just one EFT (one payment) based on one stop-payment order received.

The financial institution must block the future payments although the consumer possibly has not yet notified the payee that preauthorization is revoked.  However, the financial institution may require the consumer to provide within 14 days a copy of a revocation submitted by the consumer to the payee.  (This revocation may be dated after the date of the stop payment order).  Requiring the consumer to submit a written revocation to the payee on a fairly prompt basis has the advantage of stopping most payees from initiating further debits.

Where preauthorized payments are made over a debit card network, a financial institution may not have sufficient time to identify the payments against which stop-payment orders have been entered.  Some institutions may have problems in blocking a debit-card-originated payment from posting to the consumer’s account.  Intercepting transactions at the network level may be more effective than blocking transactions at the level of the account-holding institution.

A new Comment 10(c)-3 to Section 205.10 of Reg E is added to the Commentary.  It permits an institution, upon receiving a consumer’s stop payment order, to use a third party to block a preauthorized transfer if the institution itself does not have the capability to block the preauthorized debit from being posted to the consumer’s account—provided that the payment is in fact blocked. 

5. Extended Time for Raising Errors

Section 205.6(b)(1) establishes a two-business-day time period for timely notice of loss or theft of an EFT access device (an ATM or debit card).  Section 205.6(b)(3) states that if a consumer fails to report an unauthorized EFT within 60 days of the mailing of the statement containing the item, the consumer may be held liable for any additional items occurring after that 60 days that would not have been posted to the account if the consumer had reported the earlier unauthorized item more promptly.  (This is true even if the additional items are finally reported before they become 60 days old.)

In either of the situations just mentioned (lost card, or repeated unauthorized items on the statement), Section 205.6(b)(4) extends the “timely notice” period for a reasonable time “if the consumer’s delay in notifying the financial institution was due to extenuating circumstances.” Comment 6(b)(4)-1 to this section explains that such circumstances include “the consumer’s extended travel or hospitalization.”

In a situation where no “extenuating circumstances” exist (in other words, where there is no strong excuse for failing to give the bank prompt notice), the consumer might come in and explain to the bank that he has an unauthorized $50 EFT on his account, paid to XYZ Company, for each of the last six months.  In this case, the first few unauthorized items would be untimely (not raised within 60 days, as required by Section 205.11(b)(1)), while the later charges would be barred by  the “repeat item” rule in Section 205.6(b)(3), explained above.

The Fed’s Commentary adds a new Comment 11(b)-7 with respect to Section 205.11(b) of Reg E (the requirement for a consumer to give notice of an error within 60 days of receiving a statement containing the error).

This new Comment clarifies, first, that an institution is not required to comply with the error-resolution procedures at all, if a notice of error is received more than 60 days after the date of the periodic statement containing the error.  Second, however, this same Comment states for the first time that the institution “must comply with § 205.6 [see above] before it may impose any liability on the consumer,” if “the consumer’s assertion of error involves an unauthorized EFT.”  

In other words, for example, if the consumer comes in and says that he has received six monthly EFT charges of $50 from XYZ Company and they are unauthorized, and the consumer has “extenuating circumstances” to explain why he did not report these items until the end of the six months, it’s possible that the consumer is still not out of time for giving notice on the first few charges (although more than 60 days old), and that the “repeat charges” rule won’t apply either (for additional items occurring more than 60 days after the consumer got a statement with the first bad item).  “Extenuating circumstances” (depending on what they are) could excuse all of the otherwise applicable deadlines.

6.  Extent of Error Investigation

Section 205.11(c)(4) of Reg E specifies that “a financial institution’s review of its own records regarding an alleged error” satisfies the institution’s duty to investigate if “the alleged [EFT] error concerns a transfer to or from a third party,” and “there is no agreement between the institution and the third party for the type of electronic fund transfer involved.”  

This is sometimes known as the “four walls” rule.  An institution generally must review only information that is within its four walls.  Information may exist elsewhere, but is not included in the requirement to investigate if that information is beyond the institution’s control.

But the question remains as to what records an institution should review. Does it mean, in the case of a larger bank, that the bank must look throughout its entire organization for some possibly relevant records?

The Fed’s Commentary adds a new Comment 11(c)-5 to Section 205.11(c) of Reg E. This requires the institution to “review any relevant information within the institution’s own records for the particular account to resolve the consumer’s claim.  The extent of the investigation required may vary depending on the facts and circumstances.”   

The Fed makes several observations to further explain or clarify this standard: The investigation conducted by the institution within its four walls must be reasonable. An institution is not expected to “look throughout its entire operation for potentially relevant records.”  Institutions have discretion “to determine what information is relevant.” Also, “the information reviewed should pertain to the account for which the assertion of error is made and cover a reasonable period of time.”  Further, the Fed makes clear that “the scope of an investigation may vary,” because “the nature of a consumer’s allegation of error can vary.”

Having said all of this, the Fed also states that “an institution’s review of its ‘own records’ should not be confined to a mere confirmation of the payment instructions when other information within the institution’s ‘four walls’ could also be reviewed.”  Comment 11(c)-5 list six categories of “additional information” within an institution’s own records that would pertain to the particular account and that could help to resolve the customer’s error claim.

These categories include (i) the ACH transaction records for the transfer, (ii) the transaction history of the particular account, going back a reasonable amount of time (for example, to see if there have been previous transactions by the same payee); (iii) whether the check number of the transaction is notably out-of-sequence with other items being presented on the account; (iv) the location of the transaction or of the payee, in relation to the consumer’s place of residence and habitual transaction area; (v) records or information that could be dispositive of the facts, if within the control of the institution’s third-party providers, and relating to the account in question; or (vi) any other information appropriate to resolve the claim.

Using Multiple CIP Approaches

Often I get questions from a new accounts officer, asking what to do if the bank’s customer identification program (CIP) is too hard to comply with in a particular situation.  
There are a variety of cases where problems come up.  Last September, several banks asked me what to do about a Hurricane Katrina victim whose I.D. was lost in the flood—because the bank’s written CIP policy required a government-issued picture I.D.  

Another example is an elderly woman living in a nursing home who wants to open a bank account.  She’s mentally competent, but too feeble to leave the facility.  She doesn’t have a driver’s license any more. She could obtain a state-issued I.D. from the local tag agent (similar to a driver’s license), but now she’s too feeble to do even that much.  What can the bank do for CIP?

Another set of questions comes from banks that have a written policy requiring an individual to have a government-issued picture I.D. plus one other acceptable form of I.D.  Typically, the customer has a driver’s license in his possession but may not have an acceptable second form of I.D. with him. Some customers get really irritated when they can’t open an account by presenting a driver’s license—particularly if they’ve lived in the town for decades.  But the particular bank’s written C.I.P. requires two forms of I.D.

Section 103.121 of Treasury’s Currency and Foreign Transactions Regulation, at subsection (b)(1), requires every bank to implement a written CIP appropriate to the size and type of the particular bank’s business, and satisfying all of the requirements of subsections (b)(1) through (b)(5).  A bank clearly can tailor its CIP to what works for the bank (provided that it meets minimum requirements).

Subsection (b)(2) says the CIP must include “risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable.”  The word “practicable” means “capable of being done.”  The regulation does allow flexibility in the bank’s written policy, and alternative procedures—especially when circumstances make it impossible to follow the primary procedures.  

Admittedly, it’s a rare situation if someone has no I.D. and can’t get one.  But it doesn’t undermine the bank’s overall CIP to build true “hardship” exceptions into the policy.  (There’s very low risk that an elderly woman confined to a nursing home, transacting on her own account and receiving only Social Security, will turn out to be a terrorist, drug dealer, or money launderer.)  Even without a picture I.D., every elderly person has a birth certificate that can be obtained from a state health department in a short time, and possibly a marriage license on file in some county, and some information that could be provided by Social Security—if the bank prefers to obtain at least these types of non-photo-I.D. documents before opening an account.

Some banks get into a problem by providing for only one set of customer identification procedures that must be applied equally to all individuals.  In the first place, the regulation doesn’t require that much uniformity.  Secondly, it will inconvenience or anger some customers unnecessarily for the bank to rigidly follow procedures even when those procedures aren’t going to increase the bank’s already-existing certainty of the person’s identity.   For a new customer who has lived in the community for several decades but has always used the other bank, insisting on a second I.D. before opening a bank account will not make the person any better known to bank officers who have already known him since grade school.  

Nothing in the CIP rule requires a bank to obtain both a government-issued picture I.D. and another acceptable form of identification in all cases. I have no disagreement with this approach for a new customer who is unknown, as a method of limiting possible fraud.  However, it’s sensible for a bank’s written CIP to set out an alternative procedure to apply if someone is already known in the local community—for example, a process of (1) examining a government-issued picture I.D., plus (2) asking some bank employee (or bank officer) to verbally state that he/she has known the new customer for at least two years (to be followed up by the same thing in writing, for the file).  When no bank employee knows the person, you can go back to the “two forms of identification” approach.

A bank’s CIP is supposed to be “risk-based.”  This implies that the bank’s procedures will not be the same for everyone, because not every person and not every type of transaction will have the same degree of risk.  It is appropriate for a bank to identify situations where simpler procedures may be adequate, and other situations where more stringent verification is proper.  These separate approaches must be outlined in writing, because whatever the bank puts in its written CIP, it must follow.  

It is possible (but not very common) for individuals to lose all of their identification documents at least temporarily because of an accident or “natural disaster”—a flood, fire, tornado, hurricane, car wreck, etc.  If it wants to do so, a bank can put down in writing some identity-verification procedures that it will  follow in an emergency or extreme hardship situation, either if a government-issued picture I.D. is not available, or when a second form of I.D. is not available (if the bank requires that).  

Literally, subsection (b)(2)(ii)(A) does not require a bank to verify identity by examining documents, and does not require a picture I.D.  That’s just the easiest and surest approach.  Subsection (b)(2)(ii)(B) allows, alternatively, identification through non-documentary methods.  This is the harder way, but acceptable; and for younger children it may be the only way.  A bank usually is not willing to use non-documentary methods except in extreme cases where the bank feels this is necessary and appropriate.  

Hurricane Katrina victims were far from home, and some were without an I.D.   It was still possible to ask them for names and telephone numbers of friends, relatives, employers, teachers, government officials or case workers who knew them.  The bank could then call some of the listed persons by phone (hopefully finding some people who haven’t also been wiped out by the common disaster), asking for certain information, then turning to the customer and asking that same information, etc., to get comfortable with whether the customer is the same person who is known to individuals on the phone.  With the customer’s permission, the bank could ask the person on the phone to fax or e-mail certain documents that tend to verify the person’s previous residence address, employment, etc.  When enough information lines up, the bank can feel reasonably comfortable that it has verified the person’s identity. And even in a tragedy, the customer usually can replace his identification documents shortly afterward, before the account is in existence for very long.