As to consumer accounts, your policy must require that the following information be obtained from customers: (1) name, (2) date of birth (for individuals), (3) address (principal place of business, local office, or other physical location), and (4) taxpayer identification number. 31 CFR 1020.220(a)(2)(i). Your policy must then provide for verifying that information, either by documentary or non-documentary methods (but not necessarily both). If you use documentary methods, you must review “documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement, or trust instrument.” 31 CFR 1020.220(a)(2)(ii)(A)(2). You can also provide for nondocumentary methods of verification, such as comparing the customer’s information with a public database (like the Secretary of State website), checking references with other financial institutions, and reviewing a financial statement. 31 CFR 1020.220(a)(2)(ii)(B)(1).
As to new business accounts, your policy must require that the following information be obtained from the business: (1) name, (2) address (principal place of business, local office, or other physical location), and (3) taxpayer identification number. 31 CFR 1020.220(a)(2). The FFIEC BSA/AML Examination Manual recommends that you obtain “articles of incorporation, a corporate resolution by the directors authorizing the opening of the account, or the appointment of a person to act as a signatory for the entity on the account” for all business accounts. Business Entities (Domestic and Foreign)—Overview. After obtaining the customer’s information, you must verify it through either documentary or non-documentary methods. 31 CFR 1020.220(a)(2)(ii).
In addition, we recommend that you adopt a policy that requires you to file a corporate authorization and signatures in business (and not-for-profit) customers’ accounts. Your policy can provide for collecting additional information; for example, some banks call the customer’s principal place of business to confirm the information on the corporate authorizations. Illinois courts read deposit agreement as creating an implied duty of care on the part of banks in handling customers’ accounts and in paying checks, and these safeguards help to fulfill that duty of care. Continental Cas. Co., Inc. v. Am. Nat. Bank and Trust Co., 329 Ill.App.3d 686, 698 (1st Dist. 2002).