Anti-terrorism legislation recently signed by US President George W
Bush appears likely to force financial services companies in the US
to invest in new technology and upgrade older systems.
The legislation aims to make it easier for law enforcement agencies
to combat money laundering and track down and freeze terrorists'
assets.
The proposed law calls for regulations to be drafted within a year
that will set standards for customer verification and financial
records production. The US government has nine months to develop a
secure network that will be used by companies to share information
with federal authorities.
The financial services component of the law is aimed primarily at
detecting money laundering. Banks that track deposits of more than
$10,000 (£6,880) may now be required to examine lesser amounts and
pull together records quickly for investigators.
Mark Loewenthal, chief privacy officer at the US bank, Providian
Financial, said that one challenge for banks would be tracking
international deposits, which get far less scrutiny than domestic
transactions. Bank transaction systems may have to be reprogrammed
to collect data when a wire transfer to an offshore account is
executed.
"We may have to increase retention of those types of transactions,"
he said. "If we have to track all transactions overseas, that will
become even more cumbersome."
Until the regulations are drafted, it is impossible to know exactly
what will be required of companies. But based on the law's
open-ended language, the extent to which systems will need to be
upgraded could be substantial.
"The new law is going to put more emphasis on upfront,
know-your-customer, due-diligence activities, and that's got a huge
cost," said Breffni McGuire, an analyst at research firm
TowerGroup.
One provision in the law calls for a federally mandated minimum
standard for verifying a customer's identity. For example, it may
no longer be enough for a bank employee to take a quick look at a
driving licence before they open a customer account. Real-time
verification of the licence against public records may be required,
along with the ability to scan and save copies of customer identity
documents..
The proposed law would give regulators a lot of latitude. But IT
managers such as Richard Snipes, vice-president of technical
services at Washington Mutual, the US's ninth-largest bank, can do
nothing now but wait for guidance. "The business unit will
eventually make a decision on what's needed to meet that
obligation," he said.
Despite the uncertainty about the law's ultimate impact, it has won
support from trade groups representing financial services
companies. Industry groups expect to work closely with regulators,
who are required to seek input from companies affected by the law
as part of the rule-making process.
"While this is going to add some new regulatory requirements, we
are willing to take on those requirements, because we share the
goal of eradicating money laundering," said Lisa McGreevy, director
of government and public affairs at The Financial Services
Roundtable, which represents the top 100 US financial services
firms.