The Financial Crimes Enforcement Network (FinCEN) is
considering updating bank requirements under its Customer Identification
Program (CIP) rule to account for technological advancements since the rule was
promulgated. The agency is encouraging interested parties to offer feedback by
responding to a request for information (RFI) recently published in the Federal
Register.
The RFI is intended to support FinCEN’s ongoing efforts to
implement section 6216 of the Anti-Money Laundering (AML) Act of 2020, according
to the agency. This section requires FinCEN to identify outdated or redundant regulations
and guidance, as well as those that otherwise do not promote a risk-based
regime consistent with AML and Currency and Financial Transactions Reporting
Act principles.
Banks are required, per the CIP, to collect taxpayer
identification numbers from customers before they can open accounts with a
covered institution. For individuals who are U.S. citizens, banks must collect
a full Social Security Number (SSN).
“The requirement for banks to collect identifying
information from a customer prior to opening an account has been a
long-standing component of a bank’s anti-money laundering program,” FinCEN
Director Andrea Gacki said in a press release. “However, FinCEN recognizes the
significant changes in technology and financial services that have taken place
since promulgation of the CIP rule, and we welcome comments from interested
parties as we explore ways to modernize the U.S. anti-money
laundering/countering the financing of terrorism regime.”
The RFI is indicative of FinCEN’s recognition of innovations
in tools for recording and verifying customer identifying information
collection since 2003, when the CIP rule was adopted. The agency hopes the
feedback provided will enhance its understanding in this area and help in evaluating
associated risks, benefits and safeguards needed if banks are permitted to
collect partial SSN information from a customer and subsequently use reputable
third-party sources to obtain the full SSN before an account opening.
“When the CIP rule was adopted, banks were exempted from the
requirement with respect to credit card accounts to collect identifying
information, including an identification number, directly from the customer,”
the RFI states. “Instead, for credit card accounts, a bank may obtain the
customer's identifying information, such as the SSN, from a third-party source
prior to extending credit to the customer. FinCEN recognized at that time that
without this exception, the CIP rule would alter a bank's business practices by
requiring additional information beyond what was already obtained directly from
a customer who opened a credit card account at the point of sale or by
telephone. Concerns were raised during the proposed CIP rule’s
comment period that an individual applying for a credit card account would be
reluctant to give out their SSN, especially through non-face-to-face means, due
to consumer privacy and security concerns.”
The RFI was issued in consultation with the Office of the
Comptroller of the Currency, the Federal Deposit Insurance Corp., the National
Credit Union Administration and the Federal Reserve. Comments will be accepted
for 60 days following the publication of the RFI in the Federal
Register.