Patriot Act Could Lead to Privacy Issues
September 1, 2003
The Patriot Act's customer identification requirements set to take effect Oct. 1 could become a splitting headache for customer service reps if firms are not proactive in informing customers, according to Charlie O'Neill, Dalbar's manager of anti-money laundering (AML) services.
It's not just about the extra costs and increased paperwork, although those are legitimate concerns as well. Firms need to let their customers know about the new rules and how the regs will affect the collection of information, the amount of information that is needed, as well as potential consequences of the rules. O'Neill said it is also vital for firms to realize how the changes will impact them and their customers financially and, potentially, legally.
The Patriot Act was enacted in the wake of the Sept. 11, 2001 terrorist attacks on America and aims to detect and prevent terrorists from funding their activities after it was learned that several of the hijackers had opened bank accounts and used credit cards obtained with false information. Overall, the act has periodic deadlines for companies to come into compliance with different aspects of the rules. The anti-money laundering provision aims to keep terrorists from using American financial institutions and to prevent those institutions from aiding terrorists directly or inadvertently.
Most firms, now with two full years under their belts since the passage of the Patriot Act, should have systems for compliance firmly in place. However, a large number of investors are unaware of what is actually involved on their end of the new regs, a fact that could become a thorn in the side for the fund industry.
As identity theft and personal privacy continue to be key concerns for a large number of investors, firms will have their hands full. "The way to have good customer service is to not surprise the customer," O'Neill said. "If we as an industry want to maintain good customer service, we should let our customers know about it and how their cooperation is vital."
Every financial institution account is now required to verify the data of its customers. The information is to be crosschecked for validity and screened against lists of terrorist names, addresses and organizations. This is all an attempt to identify suspicious activity within an account. Firms must also look at employment and income data, investment objectives and the likely trading patterns of an account.
Loss of Privacy
Some investors will undoubtedly be dissatisfied will the loss of certain privacy. Activity that is red flagged, or considered suspect, must be reported to federal authorities. The account holder is not alerted. The money is held and potentially seized. Something as simple as an account with a similar name or address to those on the terrorist lists can be cause for a red flag and carries the high potential for false alarms. Customers can expect delays, O'Neill said.
This is why a line in the disclosure statement given to investors is not adequate explanation or enough to alert customers as to what to expect, O'Neill said. Most people either don't read those statements or don't understand them.
O'Neill said a good way to head off a number of these problems is to communicate effectively with customers opening new accounts, explaining to them what the rules require and what the possible outcomes are.
Key to tackling the new requirements is training of staff. "The training implications are very serious, very substantial," O'Neill said. It involves individual judgments and that will require constant training of staff, and constant education."
Screeners will have to be constantly trained and educated on new developments on the lists and will also have to learn new procedures as systems are designed or reworked, O'Neill said. This will be done so it will be more difficult for terrorists to circumvent the system.
"We're talking about terrorist funding here," O'Neill said. "There is something very special about the Patriot Act. Therefore, failure [to comply could lead to] great consequences. If you fail to train people and a transaction goes through that shouldn't have, you can be liable of willful negligence," he said, adding that can carry both civil and even criminal penalties. "It's an exceptionally high-risk area."
O'Neill said a new Dalbar product called AML Testing marks the firm's entry into the AML arena. It will be available on Oct. 1. The NASD requires broker/dealers to conduct annual independent testing to make sure suspicious transactions are noticed.
The product is based on the secret-shopper approach and is aimed at detecting holes in the system. The system, which uses live customer accounts, supports adviser-based, direct and online sales by broker/dealers, mutual funds and annuity companies.
Dalbar will adapt its services to each firms' specific practices, O'Neill said. "The Dalbar methodology used for AML has been successfully audited by regulators and has proven to be the most reliable testing method for financial services transactions," he said.
Far Higher Costs
Other areas of concern for firms and investors to keep in mind are the increased costs from gathering and processing the increased information. Dalbar estimates that the cost of processing a typical new account will increase from $7.75 to $22, representing more than a 180% jump. These costs will affect the customer, because they will undoubtedly be passed on to them at some point.
"Effectiveness will ultimately depend on how firms comply with AML as well as the thoroughness of the implementation," O'Neill said. "Implementation will require each to balance effectiveness with cost, competitiveness, customer service and the level of changes required."
Copyright 2003 Thomson Media Inc. All Rights Reserved.