JOE LOCKWOOD – Vendors needed

The October compliance deadline for the Customer Identification Program of the USA Patriot Act has banks throughout New England and the nation engaged in new strategies for identifying old customers, as well as coping with the reality that new compliance initiatives may come with a hefty price tag.

Breffni McGuire, a senior analyst at the Needham, Mass.-based financial consulting firm TowerGroup, said bank spending on technology systems that keep such institutions in compliance with new regulations such as the USA Patriot Act has increased 15 percent since last year.

“Last year, technology spending for anti-money-laundering systems was around $62 million and that amount is going up at [a rate of] about 15 percent for this year. Most of the larger banks have either upgraded or contracted for new technology because of the USA Patriot Act and the effects of [the September 2001 terrorist attacks],” said McGuire. “There were enough new [amendments] in the Patriot Act that banks had to adjust their technology infrastructure. The Patriot Act changed the emphasis from strict compliance to proactive detection [of suspicious activity] … new technology really helped in [getting a better look at] customer and transaction activity.”

However, McGuire said that some banks are still waiting before making any changes or investments in an effort to “assess the severity of the proposed regulation” and identify what it will cost the bank.

“This is compliance and banks are feeling the expense – you’re not getting any new revenue out of this,” said McGuire.

Section 326 of the act, which specifically governs account-opening identification verification procedures, was amended and reissued by the U.S. Department of the Treasury on April 30 and requires all institutions to comply by Oct. 1.

In a seminar hosted and sponsored by Lexis Nexis and the American Bankers Association, industry experts discussed the intricacies of the Customer Identification Program and offered banks advice in managing costs associated with additional technology needed for the CIP.

“[Banks] need to look to see what they already have in the existing procedures and incorporate the CIP into [bank] policy,” said Pamela J. Johnson, senior anti-money laundering coordinator at the Division of Banking Supervision and Regulation for the board of governors of the Federal Reserve System. “The CIP has to be incorporated into the procedures and policies of the bank. Nothing in this rule dilutes or eliminates your existing responsibilities.”

John Byrne, senior counsel and compliance manager of regulatory and trust affairs for the ABA, said as the October compliance deadline approaches, banks should focus their efforts on educating their customers about the new regulations.

“Banks have to obtain information from customers to verify identification, must form a reasonable belief to prove the true form of the identity, maintain records of the information of the customer identification and determine whether the customer appears on lists of known terrorists, which are not available yet,” said Byrne. “[Banks] have to know the nuances of all accounts and what the definition of a customer is – that helps to craft the customer identification program … and deal with opening up accounts and CIP for [bank customers].”

Joe Lockwood, first vice president and chief technology officer at Avon-based COCC – an information technology company tailored to financial institutions and banks throughout the Northeastern United States – said banks will have to use third-party vendors for verifying certain account information, including foreign identification cards and passports, which will undoubtedly pose a cost to the banks.

“Credit bureau agency systems can be used to verify undocumented accounts … those systems are in place, but there will be a cost associated with them,” said Lockwood. “The numbers that we are seeing for a $1 billion institution could run upward of $1,000 a month. For smaller community banks, there will be a base entry fee and so proportionality there will be correlation in costs. [COCC] relies on third-party software vendors that produce future initiatives … we’ll buy and supply to the banks, and the banks will rely on us to help keep them in compliance.”

‘Just Do It’

In a survey conducted by the ABA, the association found that regardless of the asset size, financial institutions are spending substantial funds on compliance largely for the salaries and benefits of the many people necessary to meet regulatory requirements.

“Costs for software, record-keeping, communications, monitoring, consultants, lawyers – it all adds up,” said Peggy Wilson, director of corporate marketing communications for Minnesota-based Bankers Systems, about the survey results. “By far, ‘people costs’ are the most expensive. In spite of the banking industry’s reliance on automation, compliance is still largely based on people and human interaction.”

Asked which regulations were the most costly to implement, survey respondents said the Bank Secrecy Act and anti-money laundering requirements were the most expensive, but must be funded adequately.

Ath Power Consulting Corp. founder Frank Aloi said the CIP is directly associated with a bank’s Secrecy Act and anti-money laundering procedures, so 90 percent of the CIP should already be in place.

“Institutions have until October to implement CIP, but a lot is already honed in with the existing bank plans. For corporate accounts it will be a new procedure, but the procedures are in place to a certain degree, and now they are simply more stringent on allowing leeway,” said Aloi. “This is not necessarily a major cost issue, but it is something [where] the compliance team goes back to and looks at what is going on now and how it is working. This is a good way to refocus the compliance team.”

Ath Power provides clients throughout New England, including Citizens Bank and Banknorth, with market research, training and consulting services.

Glenna Hicks, senior vice president of Citizens Financial Group and director of the bank’s financial intelligence unit for branches throughout New England, said Citizens is on track with the Oct. 1 deadline and cost is not an issue to be concerned about.

“We’re feeling pretty good about compliance because we were 80 percent ready last year … we’ll be enhancing the new technology over time. That puts us ahead of the game in the long run,” said Hicks.

Aloi said it is the responsibility of a bank’s compliance officer to make sure that the bank maintains compliancy with new regulations and legislation.

Each bank is required to implement a written Customer Identification Program appropriate for its size and type of business that includes risk-based procedures for verifying the identity of each customer, making and maintaining records of information obtained, determining whether customers appear on any lists of known or suspected terrorists or terrorist organizations and providing bank customers with adequate notice, before they open their accounts, that information will be requested to verify their identities.

But although CIP compliance will not be free, Hicks noted that there is always a cost associated with new legislation requirements. Banks need to worry more about their customers and less about the costs associated with changing regulations, she said.

“It’s hard to quantify the cost of new technology … it’s a requirement for us to continue to grow and we have a reasonable belief that we know our customers and we don’t have to run them through these hoops,” said Hicks. “Citizens obviously wants to remain compliant, so the money is not an issue – we need to get this done, so let’s just do it.”