Yes, we believe that you may retain copies of driver’s licenses in deposit account files, although it is not required. There may be some risk when retaining copies of driver’s licenses or other IDs in loan files or with loan applications, as we discuss below, but those risks do not apply to deposit account files.
The Customer Identification Program (CIP) regulations require your bank to verify an individual’s identity using a driver’s license or other government-issued form of identification. However, the CIP regulations do not require you to retain copies of this documentation. The FFIEC BSA/AML Examination Manual suggests retaining copies of such documentation when “warranted” based on a customer’s risk — possibly because the copy may be helpful “to facilitate investigating potential fraud.”
However, the FFIEC BSA/AML Examination Manual also warns about the risks of retaining copies of driver’s licenses or similar documents in a loan file. As this suggests, there are some fair lending risks when retaining copies of driver’s licenses in loan files. For example, because driver’s licenses include an individual’s picture and additional demographic information, some view the retention of driver’s license copies as an end-run around Regulation B’s prohibition on inquiries about a loan applicant’s “race, color, religion, national origin, or sex.” The FDIC has published Q&As from a Fair Lending presentation that echo this view.
Because deposit accounts are not subject to Regulation B, the risk of retaining copies of driver’s licenses or other IDs in deposit account files is lower than in the case of loan files. We do recommend heeding the FFIEC’s admonition to “ensure that these photocopies are physically secured to adequately protect against possible identity theft.” In addition, note that deposit accounts may be tied to loan accounts (sometimes directly, through an overdraft line of credit). Your bank should ensure that deposit account files with copies of driver’s licenses or IDs are segregated from your loan files.
For resources related to our guidance, please see:
- FinCEN Regulations, 31 CFR 1020.220(a)(2)(ii)(A)(1) (“Verification through documents. For a bank relying on documents, the CIP must contain procedures that set forth the documents that the bank will use. These documents may include: (1) For an individual, unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s license or passport. . . .”)
- FFIEC BSA/AML Examination Manual, Core Examination Overview and Procedures for Regulatory Requirements and Related Topics, note 49 (“A bank may keep photocopies of identifying documents that it uses to verify a customer’s identity; however, the CIP regulation does not require it. A bank’s verification procedures should be risk-based and, in certain situations, keeping copies of identifying documents may be warranted. In addition, a bank may have procedures to keep copies of the documents for other purposes, for example, to facilitate investigating potential fraud. However, if a bank does choose to retain photocopies of identifying documents, it should ensure that these photocopies are physically secured to adequately protect against possible identity theft. (These documents should be retained in accordance with the general recordkeeping requirements in 31 CFR 1010.430. Nonetheless, a bank should be mindful that it must not improperly use any documents containing a picture of an individual, such as a driver’s license, in connection with any aspect of a credit transaction. Refer to Frequently Asked Questions Related to Customer Identification Program Rules issued by FinCEN, Federal Reserve, FDIC, NCUA, OCC, and OTS, April 28, 2005.”)
- Interagency FAQs on Customer Identification Programs (April 28, 2005), page 11 (“2. Can a bank keep copies of documents provided to verify a customer’s identity, in addition to the description required under 31 C.F.R. § 103.121(b)(3)(i)(B), even if it is not required to do so? Yes, a bank may keep copies of identifying documents that it uses to verify a customer’s identity. A bank’s verification procedures should be risk-based and, in certain situations, keeping copies of identifying documents may be warranted. In addition, a bank may have procedures to keep copies of documents for other purposes, for example, to facilitate investigating potential fraud. (These documents should be retained in accordance with the general recordkeeping requirements in 31 C.F.R. § 103.38.) Nonetheless, a bank should be mindful that it must not improperly use any document containing a picture of an individual, such as a driver’s license, in connection with any aspect of a credit transaction.”)
- Regulation B, 12 CFR 1002.5(b) (“A creditor shall not inquire about the race, color, religion, national origin, or sex of an applicant or any other person in connection with a credit transaction, except as provided in paragraphs (b)(1) and (b)(2) of this section.”)
- FDIC, Q&A for Teleconference on Fair Lending Issues (November 16, 2010) (“Regulation B does not prohibit the practice of photo copying or digitally storing photo identification, but it does prohibit the collection of certain demographic information. Given that photo identification usually contains this prohibited information, it is a best practice not to retain a copy of the photo identification. However, if a bank chooses to retain a copy of photo identification, it is best if it is segregated from loan files. Furthermore, the photo identification should only be requested to comply with the USA Patriot Act and not be used as part of the underwriting process. . . .”)