Written by Shereefat Balogun, Regulatory Compliance Counsel
So last week, I attempted to take some cash out of my credit union’s ATM but the customer in front of me had a bunch of checks she had to deposit and took forever. I decided to walk into the branch and ask for the cash withdrawal. The teller asked me for my driver’s license or any similar ID. I told her that I did not have any ID on me (don’t judge me!), but I had my ATM/debit card. The teller said she would be able to process my request only if the credit union had a copy of my ID on file. While I understood the benefits of having the copy on file, I could not help but to think about the different compliance issues this raises. Yes, the copy of the ID is great for verifying your members’ identity or helping to detect fraud. However, it got me thinking about compliance issues relating to IDs, such as military IDs and fair lending concerns. Contrary to what we’ve been taught, what’s good for the goose is NOT always good for the gander.
Bank Secrecy Act and CIP Recordkeeping
The Bank Secrecy Act requires a credit union to know its member (KYC or KYM whichever lingo you prefer) and have a customer identification program (CIP). This includes checking a government identification number, which can be done with documentary evidence like an ID. So collecting the ID to verify the information is one thing. But should a credit union keep a copy of the ID in its records? For recordkeeping purposes, the CIP rule leaves it up to the credit union to determine how it wants to document verification that has been performed. Generally, the rule requires a credit union to retain a description of the document that was relied on, noting the type of document, any identification number contained in the document, the place and date of issuance, and expiration date. So, a description is generally sufficient. Though the credit union may retain a copy of the ID, it certainly is not required. See, 31 C.F.R. §1020.220(a)(3)(i)(B). This is also confirmed in FinCEN’s Guidance on Customer Identification Regulations FAQs:
- Can a bank keep copies of documents provided to verify a customer’s identity, in addition to the description required under 31 C.F.R. § 103.121(b)(3)(i)(B), even if it is not required to do so?
Yes, a bank may keep copies of identifying documents that it uses to verify a customer’s identity. A bank’s verification procedures should be risk-based and, in certain situations, keeping copies of identifying documents may be warranted. In addition, a bank may have procedures to keep copies of documents for other purposes, for example, to facilitate investigating potential fraud…
Keep in mind though, that although there are no federal regulations prohibiting a credit union from photocopying ID, some states prohibit photocopying IDs. Be sure to check with your individual state law to see if there are any limitations here.
But wait…what about military IDs? Good question! While a credit union may use a military ID to collect identifying information for CIP purposes and other purposes, it cannot copy the ID for CIP purposes. Federal law generally prohibits the copying or scanning of military ID:
Whoever manufactures, sells, or possesses any badge, identification card, or other insignia, of the design prescribed by the head of any department or agency of the United States for use by any officer or employee thereof, or any colorable imitation thereof, or photographs, prints, or in any other manner makes or executes any engraving, photograph, print, or impression in the likeness of any such badge, identification card, or other insignia, or any colorable imitation thereof, except as authorized under regulations made pursuant to law, shall be fined under this title or imprisoned not more than six months, or both.
As stated above, photocopying military ID can subject a person to fines and imprisonment up to 6 months. If your BSA/CIP program permits the photocopying of military ID identification, you may want to reassess your CIP requirements.
To emphasize, the statute prohibits the photocopying the military identification card. For CIP purposes, it’s our understanding that some credit unions document information found on the military ID since they are unable to make a copy. This practice is consistent with the CIP recordkeeping requirement discussed above.
Fair Lending Concerns
So we’ve established that it is customary to collect and retain a copy of a driver’s license for CIP purposes. However, for purposes of Regulation B and other fair lending laws, credit unions may want to keep that copy out of the member’s loan application file. For example, Regulation B prohibits financial institutions from considering certain information when evaluating an application and making a credit decision. Indeed, the FinCEN FAQ highlighted above also warned:
Nonetheless, a bank should be mindful that it must not improperly use any document containing a picture of an individual, such as a driver’s license, in connection with any aspect of a credit transaction.
Regulation B and Regulation C require a credit union to collect certain information for monitoring purposes. For instance, Regulation B requires a credit union that receives a credit application to collect certain information, such as ethnicity, sex, and age. See, 12 C.F.R. §1002.13(a). Similarly, Regulation C requires a credit union to collect certain data in relation to applications for home purchase loans, home improvement loans, and refinancings. This information includes information about the ethnicity, race, and sex of the applicant or borrower. See, 12 C.F.R. §1003.4(a)(10). When collecting this information, a credit union may list questions regarding the ethnicity, race, and sex of the applicant on the loan application form, or on a separate form that refers to the application. See, Appendix B to 12 C.F.R. Part 1003.
Although neither rule explicitly instructs credit unions to refrain from maintaining a copy of a driver’s license from a loan file, doing so may increase your fair lending risks, and may lead to examiner scrutiny.
As always, if you have any questions about this blog or any other compliance issue, please feel free to reach out to NAFCU’s Regulatory Compliance Team. We’re here for you!