GP was never their customer, though. They started filling out the application to open an account, got past the ID verification step, and then decided not to complete the new account process.
Likely the issue is that they just didn't think of this possible case, and there's no way to delete the ID information, and the CS person didn't want to go through the extra work to find someone who could approve it and/or get it done.
IANAL, so I'm not gonna attempt to interpret it, but here's how it's phrased:
> Recordkeeping. Section 326 of the Act requires reasonable procedures for maintaining
records of the information used to verify a person's name, address, and other identifying
information. The proposed regulation sets forth recordkeeping procedures that must be included
in a bank's CIP. Under the proposal, a bank is required to maintain a record of the identifying
information provided by the customer. Where a bank relies upon a document to verify identity,
the bank must maintain a copy of the document that the bank relied on that clearly evidences the
type of document and any identifying information it may contain.6 The bank also must record
the methods and result of any additional measures undertaken to verify the identity of the
customer. Last, the bank must record the resolution of any discrepancy in the identifying
information obtained. The bank must retain all of these records for five years after the date the
account is closed.
Likely the issue is that they just didn't think of this possible case, and there's no way to delete the ID information, and the CS person didn't want to go through the extra work to find someone who could approve it and/or get it done.