SBA Lenders: Beware of BSA

  • Article

Small Business Administration (SBA) lenders are required to comply with a long list of regulations set by the SBA. If you are a financial institution, you already know all too well the importance behind Bank Secrecy Act (BSA) compliance. However, if you’re a small business lending company (SBLC), did you know there are specific requirements as part of BSA you need to comply with? As an SBA lender, you should be well aware of the regulation and its requirements. Doeren Mayhew's compliance specialists provide an overview of the regulation, it’s requirements and must-know information to comply.

As a refresher, one of the BSA requirements is to have an established Customer Identification Program (CIP). Outlined in SOP 50 10 7.1 (Section A, Chapter 1, Paragraph G), it states:

SBA requires all participating SBA Lenders, including SBLCs, to comply with the U.S. Department of the Treasury regulations for Customer Identification Programs (CIP) for banks, savings associations, credit unions, and certain non-federally-regulated banks found at 31 CFR § 1020.220.

CIP requirements include having risk-based procedures for verifying the identity of customers. In general, you must obtain the following information from the customer:

  • Name
  • Date of birth, for an individual
  • Address (for a person other than an individual (such as a corporation, partnership or trust), a principal place of business, local office or other physical location
  • Identification number

You must have procedures for verifying the identity of the individual, using documents, non-documentary methods or a combination of both. Verification using documents for a person other than an individual includes documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement or trust instrument.  Non-documentary methods may include contacting a customer and independently verifying their identity through the comparison of information provided with the information obtained from a consumer reporting agency, public database or other source, and obtaining a financial statement.

Your CIP must include procedures for responding to circumstances in which you cannot form a reasonable belief that it knows the true identity of a customer. These procedures should describe when you should file a Suspicious Activity Report. Your CIP must also include procedures for determining whether the individual appears on any list of known or suspected terrorists, or terrorist organizations issued by any federal government agency.

Don’t forget, your CIP must also include procedures for providing customers with adequate notice that you are requesting information to verify their identities. The following is sample language for the notice:

Important Information About Procedures for Opening a New Account

To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify and record information that identifies each person who opens an account.

What this means for you: When you open an account, we will ask for your name, address, date of birth and other information that will allow us to identify you. We may also ask to see your driver's license or other identifying documents.

Doeren Mayhew's SBA loan compliance pros are here to help you navigate the complexities of BSA compliance.

John Zasada
Connect with Me
John Zasada is a Principal in Doeren Mayhew's Financial Institutions Group, where he assists financial institutions in navigating regulatory compliance.

Subscribe for more VIEWPoints