3 minute read
FINANCIAL INSTITUTION REQUIREMENTS CONCERNING RETENTION OF DRIVERS LICENSE COPIES
By Christopher Rahl1
This article reminds us to take care with diligence gathered to support financing transactions.
A little-known federal law imposes restrictions on federally insured financial institutions in connection with copying and retaining copies of state-issued drivers license and similar identification cards when accounts, products, or services are requested through online applications. The statute, part of the Economic Growth, Regulatory Relief, and Consumer Protection Act of 2018 (EGRRCPA)(codified at 12 U.S.C. § 1829c), applies to situations involving online requests by an individual to open an account or obtain any other financial product or service from a federally insured financial institution. The law (called the “Making online banking initiation legal and easy”) permits a financial institution to copy and temporarily store an individual’s state identification card in an electronic format only for certain purposes.
Under this provision, financial institutions may use the information obtained from copying and storing a state identification card to: (a) verify the authenticity of the identification card; (b) verify the identity of the individual; and (c) comply with legal requirements related to opening an account or obtaining a financial product or service (including customer identification requirements under the Bank Secrecy Act as supplemented by the USA Patriot Act). The law further provides that upon copying and storing a state identification card for the permitted account opening or related product/service request, a financial institution must permanently delete any image of the identification card and any copies of the image; but the law does not specify how quickly a financial institution must delete state identification card images/copies. The law preempts any conflicting state law.
Many financial institutions believe that they are required to retain copies of state identification cards presented for customer identification purposes under the Bank Secrecy Act (codified at 31 U.S.C. §5311, et seq.) as supplemented in 2001 by the USA Patriot Act (107 Pub. L. No. 56, 115 Stat. 272) and related implementing regulations. A close reading of the regulations that implement these federal customer identification requirements do not explicitly require financial institutions to retain copies of customer identification (see 31 C.F.R. § 1020.220). Financial institutions are required to maintain “descriptions” of documents and/or methods relied upon to verify a customer’s identity for 5 years after the related account is closed, but not an actual copy of customer identification documents. Because of the above EGRRCPA provisions applicable to online account/service offerings, financial institutions should review their online account opening procedures to verify that state identification cards are being destroyed within a reasonable period after an online account or product/service request has been completed.
Endnotes
1.Christopher Rahl is the chair of Gordon Feinblatt’s Financial Services Group, located in Baltimore, Maryland. He provides legal advice concerning a broad range of legal issues, including regulatory compliance, transactional matters, corporate governance, and litigation avoidance and management. Chris advises clients in connection with state and federal lending, deposit, debt adjustment, credit service business, money transmission, and privacy statutes and regulations. For more detail regarding Chris and his practice see: Rahl, Christopher R. | Gordon Feinblatt LLC (gfrlaw.com).
WINTER 2022 - eReport
