View original document

The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.

Federal Reserve Bank
of Dallas

l l★K

DALLAS, TEXAS
75265-5906

August 9, 2002
Notice 02-40

TO: The Chief Executive Officer of each
financial institution and others concerned
in the Eleventh Federal Reserve District

SUBJECT
Customer Identification Programs
for Banks, Savings Associations, and Credit Unions
DETAILS
The Board of Governors, the Department of the Treasury, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision,
and the National Credit Union Administration (collectively, the agencies) have jointly issued a
proposed regulation. The proposed regulation, which applies to banks, savings associations, and
credit unions, will implement section 326 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.
Section 326 requires the Secretary of the Treasury to jointly prescribe with each of
the agencies, the Securities and Exchange Commission, and the Commodity Futures Trading
Commission, a regulation that requires financial institutions to implement reasonable procedures
to
•

Verify the identity of any person seeking to open an account;

•

Maintain records of the information used to verify the person’s identity; and

•

Determine whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency.

For additional copies, bankers and others are encouraged to use one of the following toll-free numbers in contacting the Federal
Reserve Bank of Dallas: Dallas Office (800) 333-4460; El Paso Branch Intrastate (800) 592-1631, Interstate (800) 351-1012;
Houston Branch Intrastate (800) 392-4162, Interstate (800) 221-0363; San Antonio Branch Intrastate (800) 292-5810.

-2-

Because paper mail in the Washington area may be subject to delay, commenters are
encouraged to e-mail or fax comments. Comments should be sent by one method only, and
financial institution commenters are encouraged to submit comments only to their federal functional regulator. Nonfinancial institution commenters are encouraged to submit comments only to
FinCEN.
The Board must receive comments by September 6, 2002. Please address comments
to Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution
Avenue, N.W., Washington, DC 20551. To fax comments, please call (202) 452-3819 or (202)
452-3102. Also, you may e-mail comments to regs.comments@federalreserve.gov. All comments should refer to Docket No. R-1127.
ATTACHMENT
A copy of the agencies’ notice as it appears on pages 48290–99, Vol. 67, No. 141 of
the Federal Register dated July 23, 2002, is attached.
MORE INFORMATION
For more information, please contact James Dean, Banking Supervision Department,
at (214) 922-6237. Paper copies of this notice or previous Federal Reserve Bank notices can be
printed from our web site at http://www.dallasfed.org/banking/notices/index.html.

Tuesday,
July 23, 2002

Part III
Department of the Treasury
31 CFR Part 103
Office of the Comptroller of the
Currency
12 CFR Part 21
Office of Thrift Supervision
12 CFR Part 563

Federal Reserve System
12 CFR Parts 208 and 211

Federal Deposit Insurance
Corporation
12 CFR Part 326

National Credit Union
Administration
12 CFR Part 748

Commodity Futures Trading
Commission
17 CFR Part 1

Securities and Exchange
Commission
17 CFR Part 240
Transactions and Customer Identification
Programs; Proposed Rules

VerDate Jul<19>2002

18:43 Jul 22, 2002

Jkt 197001

PO 00000

Frm 00001

Fmt 4737

Sfmt 4737

E:\FR\FM\23JYP2.SGM

pfrm17

PsN: 23JYP2

48290

Federal Register / Vol. 67, No. 141 / Tuesday, July 23, 2002 / Proposed Rules

DEPARTMENT OF THE TREASURY
Office of the Comptroller of the
Currency
12 CFR Part 21
[Docket No. 02–11]

FEDERAL RESERVE SYSTEM
12 CFR Parts 208 and 211
[Docket No. R–1127]

FEDERAL DEPOSIT INSURANCE
CORPORATION
12 CFR Part 326
DEPARTMENT OF THE TREASURY
Office of Thrift Supervision
12 CFR Part 563
[No. 2002–27]

NATIONAL CREDIT UNION
ADMINISTRATION
12 CFR Part 748
DEPARTMENT OF THE TREASURY
31 CFR Part 103
RIN 1506–AA31

Customer Identification Programs for
Banks, Savings Associations, and
Credit Unions
AGENCIES: The Financial Crimes
Enforcement Network, Treasury; Office
of the Comptroller of the Currency,
Treasury; Board of Governors of the
Federal Reserve System; Federal Deposit
Insurance Corporation; Office of Thrift
Supervision, Treasury; National Credit
Union Administration.
ACTION: Joint notice of proposed
rulemaking.
SUMMARY: The Department of the
Treasury, through the Financial Crimes
Enforcement Network (FinCEN),
together with the Office of the
Comptroller of the Currency (OCC), the
Board of Governors of the Federal
Reserve System (Board), the Federal
Deposit Insurance Corporation (FDIC),
the Office of Thrift Supervision (OTS),
and the National Credit Union
Administration (NCUA) (collectively,
the Agencies) are jointly issuing a
proposed regulation to implement
section 326 of the Uniting and
Strengthening America by Providing
Appropriate Tools Required to Intercept
and Obstruct Terrorism (USA PATRIOT)
Act of 2001 (the Act). Section 326
requires the Secretary of the Treasury

VerDate Jul<19>2002

18:43 Jul 22, 2002

Jkt 197001

(Secretary) to jointly prescribe with each
of the Agencies, the Securities and
Exchange Commission (SEC), and the
Commodity Futures Trading
Commission (CFTC), a regulation that,
at a minimum, requires financial
institutions to implement reasonable
procedures to verify the identity of any
person seeking to open an account, to
the extent reasonable and practicable;
maintain records of the information
used to verify the person’s identity; and
determine whether the person appears
on any lists of known or suspected
terrorists or terrorist organizations
provided to the financial institution by
any government agency. The proposed
regulation applies to banks, savings
associations, and credit unions.
DATES: Written comments on the
proposed rule may be submitted on or
before September 6, 2002.
ADDRESSES: Because paper mail in the
Washington area may be subject to
delay, commenters are encouraged to email or fax comments. Comments
should be sent by one method only.
Financial institution commenters are
encouraged to submit comments only to
their Federal functional regulator. Nonfinancial institution commenters are
encouraged to submit comments only to
FinCEN. All comments will be
considered by Treasury and the
Agencies in formulating the final rule.
OCC: Please direct your comments to:
Office of the Comptroller of the
Currency, 250 E Street, SW., Public
Information Room, Mailstop 1–5,
Washington, DC 20219, Attention;
Docket No. 02–11; FAX number (202)
874–4448; or Internet address:
regs.comments@occ.treas.gov.
Comments may be inspected and
photocopied at the OCC’s Public
Reference Room, 250 E Street, SW.,
Washington, DC. You can make an
appointment to inspect comments by
calling (202) 874–5043.
Board: Comments should refer to
Docket No. R–1127 and may be mailed
to Secretary, Board of Governors of the
Federal Reserve System, 20th Street and
Constitution Avenue, NW., Washington,
DC 20551; sent by FAX to (202) 452–
3819 or (202) 452–3102; or sent by email to
regs.comments@federalreserve.gov.
Members of the public may inspect
comments in Room MP–500 between 9
a.m. and 5 p.m. on weekdays pursuant
to section 261.12 (except as provided in
section 261.14) of the Board’s Rules
Regarding Availability of Information,
12 CFR 261.12 and 261.14.
FDIC: Comments should be directed
to: Executive Secretary, Attention:
Comments/OES, Federal Deposit

PO 00000

Frm 00002

Fmt 4701

Sfmt 4702

Insurance Corporation, 550 17th Street,
NW., Washington, DC 20429. Comments
may be hand-delivered to the guard
station at the rear of the 550 17th Street
Building (located on F Street), on
business days between 7 a.m. and 5 p.m.
In addition, comments may be sent by
fax to (202) 898–3838, or by electronic
mail to comments@FDIC.gov. Comments
may be inspected and photocopied in
the FDIC Public Information Center,
Room 100, 801 17th Street, NW.,
Washington, DC, between 9 a.m. and
4:30 p.m., on business days.
OTS: Comments may be mailed to
Regulation Comments, Chief Counsel’s
Office, Office of Thrift Supervision,
1700 G Street, NW., Washington, DC
20552, Attention: No. 2002–27; FAX
number (202) 906–6518, Attention: No.
2002–27; or Internet address
regs.comments@ots.treas.gov, Attention:
No. 2002–27 and include your name
and telephone number. Comments may
also be hand delivered to the Guard’s
Desk, East Lobby Entrance, 1700 G
Street, NW., from 9 a.m. to 4 p.m. on
business days, Attention: Regulation
Comments, Chief Counsel’s Office, No.
2002–27. OTS will post comments and
the related index on the OTS Internet
Site at www.ots.treas.gov. In addition,
you may inspect comments at the Public
Reading Room, 1700 G St. NW., by
appointment. To make an appointment
for access, you may call (202) 906–5922,
send an e-mail to
public.info@ots.treas.gov, or send a
facsimile transmission to (202) 906–
7755. (Please identify the materials you
would like to inspect to assist us in
serving you.) We schedule
appointments on business days between
10 a.m. and 4 p.m. In most cases,
appointments will be available the
business day after the date we receive a
request.
NCUA: Direct comments to the
Secretary of the Board. Mail or handdeliver comments to: National Credit
Union Administration, 1775 Duke
Street, Alexandria, Virginia 22314–
3428. You may fax comments to (703)
518–6319, or e-mail comments to
regcomments@NCUA.gov. To inspect
comments, please contact the Office of
General Counsel, (703) 518–6540; or the
Office of Examination and Insurance,
(703) 518–6360.
FinCEN: Comments may be mailed to
FinCEN, Section 326 Bank Rule
Comments, P.O. Box 39, Vienna, VA
22183, or sent to Internet address
regcomments@fincen.treas.gov with the
caption ‘‘Attention: Section 326 Bank
Rule Comments’’ in the body of the text.
Comments may be inspected at FinCEN
between 10 a.m. and 4 p.m. in the
FinCEN Reading Room in Washington,

E:\FR\FM\23JYP2.SGM

pfrm17

PsN: 23JYP2

Federal Register / Vol. 67, No. 141 / Tuesday, July 23, 2002 / Proposed Rules
DC. Persons wishing to inspect the
comments submitted must request an
appointment by telephoning (202) 354–
6400 (not a toll-free number).
FOR FURTHER INFORMATION CONTACT:
OCC: Office of the Chief Counsel (202)
874–3295.
Board: Enforcement and Special
Investigations Sections: (202) 452–5235;
(202) 728–5829; or (202) 452–2961.
FDIC: Special Activities Section,
Division of Supervision, and Legal
Division at (202) 898–3671.
OTS: Office of the Chief Counsel,
(202) 906–6012.
NCUA: Office of General Counsel,
(703) 518–6540; or Office of
Examination and Insurance, (703) 518–
6360.
Treasury: Office of the Chief Counsel
(FinCEN), (703) 905–3590; Office of the
Assistant General Counsel for
Enforcement (Treasury), (202) 622–
1927; or the Office of the Assistant
General Counsel for Banking & Finance
(Treasury), (202) 622–0480.
SUPPLEMENTARY INFORMATION:
I. Background
A. Section 326 of the USA PATRIOT Act
On October 26, 2001, President Bush
signed into law the USA PATRIOT Act,
Public Law 107–56. Title III of the Act,
captioned ‘‘International Money
Laundering Abatement and Antiterrorist Financing Act of 2001,’’ adds
several new provisions to the Bank
Secrecy Act (BSA), 31 U.S.C. 5311 et
seq. These provisions are intended to
facilitate the prevention, detection, and
prosecution of international money
laundering and the financing of
terrorism.
Section 326 of the Act adds a new
subsection (l) to 31 U.S.C. 5318 that
requires the Secretary to prescribe
regulations setting forth minimum
standards for financial institutions that
relate to the identification and
verification of any person who applies
to open an account.
Section 326 applies to all ‘‘financial
institutions.’’ This term is defined very
broadly in the BSA to encompass a
variety of entities including banks,
agencies and branches of foreign banks
in the United States, thrifts, credit
unions, brokers and dealers in securities
or commodities, insurance companies,
travel agents, pawnbrokers, dealers in
precious metals, check-cashers, casinos,
and telegraph companies, among many
others. See 31 U.S.C. 5312(a)(2).
For any financial institution engaged
in financial activities described in
section 4(k) of the Bank Holding
Company Act of 1956 (section 4(k)
institutions), the Secretary is required to

VerDate Jul<19>2002

20:33 Jul 22, 2002

Jkt 197001

prescribe the regulations issued under
section 326 jointly with each of the
Agencies, the SEC, and the CFTC (the
Federal functional regulators). Final
regulations implementing section 326
must be effective by October 25, 2002.
Section 326 of the Act provides that
the regulations must contain certain
requirements. At a minimum, the
regulations must require financial
institutions to implement reasonable
procedures for (1) verifying the identity
of any person seeking to open an
account, to the extent reasonable and
practicable; (2) maintaining records of
the information used to verify the
person’s identity, including name,
address, and other identifying
information; and (3) determining
whether the person appears on any lists
of known or suspected terrorists or
terrorist organizations provided to the
financial institution by any government
agency.
In prescribing these regulations, the
Secretary is directed to take into
consideration the various types of
accounts maintained by various types of
financial institutions, the various
methods of opening accounts, and the
various types of identifying information
available. The following proposal is
being issued jointly by Treasury and the
Agencies. It applies only to a financial
institution that is a ‘‘bank’’ as defined in
31 CFR 103.11(c) that is subject to
regulation by one of the Agencies,1 and
any foreign branch of an insured bank.
Regulations governing the applicability
of section 326 to other financial
institutions, including section 4(k)
institutions regulated by the SEC and
the CFTC, will be issued separately.
Treasury, the Agencies, the SEC, and
the CFTC consulted extensively in the
development of all rules implementing
section 326 of the Act. All of the
participating agencies intend the effect
of the rules to be uniform throughout
the financial services industry.
The Secretary has determined that the
records required to be kept by section
326 of the Act have a high degree of
usefulness in criminal, tax, or regulatory
investigations or proceedings, or in the
conduct of intelligence or
counterintelligence activities, to protect
against international terrorism.
In addition, Treasury under its own
authority is proposing conforming
amendments to 31 CFR 103.34, which
currently imposes requirements
1 Published elsewhere in this separate part of this
issue of the Federal Register is a separate Treasury
proposal implementing section 326 for banks that
are not subject to regulation by a Federal functional
regulator, including certain state-chartered
uninsured trust companies and non-federally
insured credit unions.

PO 00000

Frm 00003

Fmt 4701

Sfmt 4702

48291

concerning the identification of bank
customers.
B. Codification of the Joint Proposed
Rule
The substantive requirements of the
joint proposed rule will be codified with
other Bank Secrecy Act regulations as
part of Treasury’s regulations in 31 CFR
part 103. To minimize potential
confusion by affected entities regarding
the scope of the joint proposed rule,
each of the Agencies is also proposing
to add a nonsubstantive provision in its
own regulations in either 12 CFR part
21, 12 CFR parts 208 and 211, 12 CFR
part 326, 12 CFR part 563, or 12 CFR
part 748, that will cross-reference the
regulations in 31 CFR part 103.
Although no specific text is being
proposed at this time, the crossreferences will be included in
individual final rules published
concurrently with the joint final rule
issued by Treasury and the Agencies
implementing section 326 of the Act.
II. Section-by-Section Analysis
A. Regulations Implementing Section
326
Definitions
Section 103.121(a)(1) Account. The
proposed rule’s definition of ‘‘account’’
is based on the statutory definition of
‘‘account’’ that is used in section 311 of
the Act. ‘‘Account’’ means each formal
banking or business relationship
established to provide ongoing services,
dealings, or other financial transactions.
For example, a deposit account,
transaction or asset account, and a
credit account or other extension of
credit would each constitute an account.
Section 311 of the Act does not
require that this definition be used for
regulations implementing section 326 of
the Act. However, to the extent possible,
Treasury and the Agencies propose to
apply consistent definitions for each of
the regulations implementing the Act to
reduce confusion. ‘‘Deposit accounts’’
and ‘‘transaction accounts,’’ which as
previously noted, are considered
‘‘accounts’’ for purposes of this
rulemaking, are themselves defined
terms. In addition, the term ‘‘account’’
is limited to banking and business
relationships established to provide
‘‘ongoing’’ services, dealings, or other
financial transactions to make clear that
this term is not intended to cover
infrequent transactions such as the
occasional purchase of a money order or
a wire transfer.
Section 103.121(a)(2) Bank. As
discussed above, the proposal adopts
the definition of ‘‘bank’’ already used in
31 CFR 103.11(c), which encompasses

E:\FR\FM\23JYP2.SGM

pfrm17

PsN: 23JYP2

48292

Federal Register / Vol. 67, No. 141 / Tuesday, July 23, 2002 / Proposed Rules

virtually all of the financial institutions
regulated by the Agencies, including
banks, savings associations, and credit
unions. Any branch, agency, or
representative office of a foreign bank in
the United States, as well as any Edge
corporation, would be subject to this
joint regulation under the existing
definition of ‘‘bank.’’2 However, the
definition is modified to include ‘‘any
foreign branch of an insured bank’’ to
make clear that the procedures required
by this regulation must be implemented
throughout the bank, no matter where
its offices are located. These procedures
also apply to bank subsidiaries to the
same extent as existing BSA compliance
program requirements. We note that
securities broker-dealers, futures
commission merchants, insurance
companies, and investment companies
will be subject to forthcoming rules
implementing section 326, whether or
not they are affiliated with a bank.
Section 103.121(a)(3) Customer. The
proposed rule defines ‘‘customer’’ to
mean any person seeking to open a new
account. Accordingly, the term
‘‘customer’’ includes a person applying
to open an account, but would not cover
a person seeking information about an
account, such as rates charged or
interest paid on an account, if the
person does not actually open an
account. ‘‘Customer’’ includes both
individuals and other persons such as
corporations, partnerships, and trusts.
In addition, any person seeking to open
an account at a bank, on or after the
effective date of the final rule, will be
a ‘‘customer,’’ regardless of whether that
person already has an account at the
bank.
The proposed rule also defines a
‘‘customer’’ to include any signatory on
an account. Thus, for example, an
individual with signing authority over a
corporate account is a ‘‘customer’’
within the meaning of the proposed
rule. A signatory can become a
‘‘customer’’ when the account is opened
or when the signatory is added to an
existing account.
The requirements of section 326 of the
Act apply to any person ‘‘seeking to
open a new account.’’ Accordingly,
transfers of accounts from one bank to
another, that are not initiated by the
customer, for example, as a result of a
merger, acquisition, or purchase of
assets or assumption of liabilities, fall
2 Section 103.11(c) defines bank to include ‘‘each
agent, agency, branch, or office within the United
States of any person doing business in one or more
of the capacities listed below: * * *. (8) a bank
organized under foreign law; (9) any national
banking association or corporation acting under the
provisions of section [25a] of the [Federal Reserve
Act] (12 U.S.C. 611–32).’’

VerDate Jul<19>2002

18:43 Jul 22, 2002

Jkt 197001

outside of the scope of section 326, and
are not covered by the proposed
regulation.3
Section 103.121(a)(4) Federal
functional regulator. The proposed rule
defines ‘‘Federal functional regulator’’
by reference to § 103.120(a)(2).
Accordingly, this term means each of
the Agencies (as well as the SEC and the
CFTC)
Section 103.121(a)(5) Person. The
proposed rule defines ‘‘person’’ by
reference to § 103.11(z). This definition
includes individuals, corporations,
partnerships, trusts, estates, joint stock
companies, associations, syndicates,
joint ventures, other unincorporated
organizations or groups, certain Indian
Tribes, and all entities cognizable as
legal personalities.
Section 103.121(a)(6) U.S. Person.
Under the proposed rule, for an
individual, ‘‘U.S. person’’ means a U.S.
citizen. For persons other than an
individual, ‘‘U.S. person’’ means an
entity established or organized under
the laws of a State or the United States.
A non-U.S. person is defined in
§ 103.121(a)(7) as a person who does not
satisfy these criteria.
Section 103.121(a)(8) Taxpayer
identification number. The proposed
rule continues the provision in current
§ 103.34(a)(4), which provides that the
provisions of section 6109 of the
Internal Revenue Code and the
regulations of the Internal Revenue
Service thereunder determine what
constitutes a taxpayer identification
number.
Customer Identification Program:
Minimum Requirements
Section 103.121(b)(1) General Rule.
Section 326 of the Act requires Treasury
and the Agencies to jointly issue a
regulation that establishes minimum
standards regarding the identity of any
customer who applies to open an
account. Section 326 then prescribes
three procedures that Treasury and the
Agencies must require institutions to
implement as part of this process: (1)
Identification and verification of
persons seeking to open an account; (2)
recordkeeping; and (3) comparison with
government lists.
Rather than imposing the same list of
specific requirements on every bank,
regardless of its circumstances, the
proposed regulation requires all banks
to implement a Customer Identification

Program (CIP) that is appropriate given
the bank’s size, location, and type of
business. The proposed regulation
requires a bank’s CIP to contain the
statutorily prescribed procedures,
describes these procedures, and details
certain minimum elements that each of
the procedures must contain.
In addition, the proposed rule
requires that the CIP be written and that
it be approved by the bank’s board of
directors or a committee of the board.
This latter requirement highlights the
responsibility of a bank’s board of
directors to approve and exercise
general oversight over the bank’s CIP.
Under the proposed regulation, the
CIP must be incorporated into the
bank’s anti-money laundering (BSA)
program.4 A bank’s BSA program must
include (1) internal policies,
procedures, and controls to ensure
ongoing compliance; (2) designation of
a compliance officer; (3) an ongoing
employee training program; and (4) an
independent audit function to test
programs. Each of these requirements
also applies to a bank’s CIP.
Unlike other sections of 31 CFR 103,
the proposed regulation explicitly states
that the CIP must be a part of a bank’s
BSA program. This language is included
to make clear that the CIP is not a
separate program. However, this
statement should not be read to create
any negative inference about a bank’s
need to establish and maintain a BSA
program that is designed to ensure
compliance with all other sections of 31
CFR 103.
Section 103.121(b)(2) Identity
Verification Procedures. Under section
326 of the Act, the regulations issued by
Treasury and the Agencies must require
banks to implement and comply with
reasonable procedures for verifying the
identity of any person seeking to open
an account, to the extent reasonable and
practicable. The proposed regulation
implements this requirement by
providing that each bank must have
risk-based procedures for verifying the
identity of a customer that take into
consideration the types of accounts that
banks maintain, the different methods of
opening accounts, and the types of
identifying information available. These
procedures must enable the bank to
form a reasonable belief that it knows
the true identity of the customer.
Under the proposed regulation, a bank
must first have procedures that specify

3 However, there may be situations involving the
transfer of accounts where it would be appropriate
for a bank to verify the identity of customers
associated with the accounts that it is acquiring.
Therefore, Treasury and the Agencies expect
procedures for transfers of accounts to be part of a
bank’s existing BSA program.

4 All insured depository institutions currently
must have a BSA program. See 12 CFR 21.21 (OCC),
12 CFR 208.63 (Board), 12 CFR 326.8 (FDIC), 12
CFR 563.177 (OTS), and 12 CFR 748.2 (NCUA). In
addition, all financial institutions are required by
31 U.S.C. 5318(h) to develop and implement an
anti-money laundering program.

PO 00000

Frm 00004

Fmt 4701

Sfmt 4702

E:\FR\FM\23JYP2.SGM

pfrm17

PsN: 23JYP2

Federal Register / Vol. 67, No. 141 / Tuesday, July 23, 2002 / Proposed Rules
the identifying information that the
bank must obtain from any customer.
The proposed regulation also sets forth
certain, minimal identifying information
that a bank must obtain prior to opening
an account or adding a signatory to an
account. Second, the bank must have
procedures describing how the bank
will verify the identifying information
provided. The bank must have
procedures that describe when it will
use documents for this purpose and
when it will use other methods, either
in addition or as an alternative to using
documents for the purpose of verifying
the identity of a customer.
While a bank’s CIP must contain the
identity verification procedures set forth
above, these procedures are to be riskbased. For example, a bank need not
verify the identifying information of an
existing customer seeking to open a new
account, or who becomes a signatory on
an account, if the bank (1) previously
verified the customer’s identity in
accordance with procedures consistent
with this regulation, and (2) continues
to have a reasonable belief that it knows
the true identity of the customer. The
proposal requires a bank to exercise
reasonable efforts to ascertain the
identity of each customer.
Although the main purpose of the Act
is to prevent and detect money
laundering and the financing of
terrorism, Treasury and the Agencies
anticipate that the proposed regulation
will ultimately benefit consumers. In
addition to deterring money laundering
and terrorist financing, requiring every
bank to establish comprehensive
procedures for verifying the identity of
customers should reduce the growing
incidence of fraud and identity theft
involving new accounts.5
Section 103.121(b)(2)(i) Information
Required. The proposed regulation
provides that a bank’s CIP must contain
procedures that specify the identifying
information the bank must obtain from
a customer. At a minimum, a bank must
obtain from each customer the following
information prior to opening an account
or adding a signatory to an account:
name; address; for individuals, date of
birth; and an identification number,
described in greater detail below. To
5 Last year, over 86,000 complaints were logged
into the Identity Theft Complaint database
established by the Federal Trade Commission
(FTC). Forms of identity theft commonly reported
included (1) credit card fraud, where one or more
new credit cards were opened in the victim’s name;
(2) bank fraud, where a new bank account was
opened in the victim’s name; and (3) fraudulent
loans, where a loan had been obtained in the
victim’s name. See Statement of J. Howard Beales,
Director, Bureau of Consumer Protection, FTC, to
the Senate Committee on the Judiciary,
Subcommittee on Technology, March 20, 2002.

VerDate Jul<19>2002

18:43 Jul 22, 2002

Jkt 197001

satisfy the requirement that a bank
obtain the address of a customer,
Treasury and the Agencies expect a
bank to obtain both the address of an
individual’s residence and, if different,
the individual’s mailing address. For
customers who are not individuals, the
bank should obtain an address showing
the customer’s principal place of
business and, if different, the customer’s
mailing address.
For U.S. persons a bank must obtain
a U.S. taxpayer identification number
(e.g., social security number, individual
taxpayer identification number, or
employer identification number). For
non-U.S. persons a bank must obtain
one or more of the following: a taxpayer
identification number; passport number
and country of issuance; alien
identification card number; or number
and country of issuance of any other
government-issued document
evidencing nationality or residence and
bearing a photograph or similar
safeguard. The basic information that
banks would be required to obtain
under this proposed regulation reflects
the type of information that financial
institutions currently obtain in the
account-opening process and is similar
to the identifying information currently
required for each deposit or share
account opened (see 31 CFR
103.34(a)(1)). The proposed regulation
uses the term ‘‘similar safeguard’’ to
permit the use of any biometric
identifiers that may be used in addition
to, or instead of, photographs.
Treasury and the Agencies recognize
that a new business may need access to
banking services, particularly a bank
account or an extension of credit, before
it has received an employer
identification number from the Internal
Revenue Service. For this reason, the
proposed regulation contains a limited
exception to the requirement that a
taxpayer identification number must be
provided prior to establishing or adding
a signatory to an account. Accordingly,
a CIP may permit a bank to open or add
a signatory to an account for a person
other than an individual (such as a
corporation, partnership, or trust) that
has applied for, but has not received, an
employer identification number.
However, in such a case, the CIP must
require that the bank obtain a copy of
the application before it opens or adds
a signatory to the account and obtain the
employee identification number within
a reasonable period of time after an
account is established or a signatory is
added to an account. Currently, the IRS
indicates that the issuance of an
employer identification number can
take up to five weeks. This length of
time, coupled with when the person

PO 00000

Frm 00005

Fmt 4701

Sfmt 4702

48293

applied for the employer identification
number, should be considered by the
bank in determining the reasonable
period of time within which the person
should provide its employer
identification number to the bank.
Section 103.121(b)(2)(ii) Verification.
The proposed regulation provides that
the CIP must contain risk-based
procedures for verifying the information
that the bank obtains in accordance with
§ 103.121(b)(2)(i), within a reasonable
period of time after the account is
opened. Treasury and the Agencies
considered proposing that a customer’s
identity be verified before an account is
opened or within a specific time period
after the account is opened. However,
we recognize that such a position would
be unduly burdensome for both banks
and customers and therefore contrary to
the plain language of the statute, which
states that the procedures must be both
reasonable and practicable. The amount
of time it will take an institution to
verify identity may depend upon the
type of account opened, whether the
customer is physically present when the
account is opened, and the type of
identifying information available. In
addition, although an account may be
opened, it is common practice among
banks to place limits on the account,
such as by restricting the number of
transactions or the dollar value of
transactions, until a customer’s identity
is verified. Therefore, the proposed
regulation provides a bank with the
flexibility to use a risk-based approach
to determine how soon identity must be
verified.6
Section103.121(b)(2)(ii)(A)
Verification Through Documents. The
CIP must contain procedures describing
when the bank will verify identity
through documents and setting forth the
documents that the bank will use for
this purpose. For individuals, these
documents may include: unexpired
government-issued identification
evidencing nationality or residence and
bearing a photograph or similar
safeguard. For corporations,
partnerships, trusts, and other persons
that are not individuals, these may be
documents showing the existence of the
entity, such as registered articles of
incorporation, a government-issued
business license, partnership agreement,
or trust instrument.
Section 103.121(b)(2)(ii)(B) NonDocumentary Verification. The
proposed regulation provides that a
6 It is possible that a bank would, however,
violate other laws by permitting a customer to
transact business prior to verifying the customer’s
identity. See, e.g., 31 CFR 500, prohibiting
transactions involving designated foreign countries
or their nationals.

E:\FR\FM\23JYP2.SGM

pfrm17

PsN: 23JYP2

48294

Federal Register / Vol. 67, No. 141 / Tuesday, July 23, 2002 / Proposed Rules

bank’s CIP also must contain procedures
describing non-documentary methods
the bank will use to verify identity and
when these methods will be used in
addition to, or instead of, relying on
documents. For example, the
procedures must address situations
where an individual is unable to present
an unexpired government-issued
identification document that bears a
photograph or similar safeguard; the
bank is not familiar with the documents
presented; the account is opened
without obtaining documents; the
account is not opened in a face-to-face
transaction; and the type of account
increases the risk that the bank will not
be able to verify the true identity of the
customer through documents.
Treasury and the Agencies believe
that banks typically require documents
to be presented when an account is
opened face-to-face. Although
customers usually satisfy these
requirements by presenting governmentissued identification documents bearing
a photograph, such as a driver’s license
or passport, Treasury and the Agencies
recognize that some customers
legitimately may be unable to present
those customary forms of identification
when opening an account. For example,
an elderly person may not have a valid
driver’s license or passport. Under these
circumstances, Treasury and the
Agencies expect that banks will provide
products and services to those
customers and verify their identities
through other methods. Similarly, a
bank may be unable to obtain original
documents to verify a customer’s
identity when an account is opened by
telephone, by mail, and over the
Internet. Thus, when an account is
opened for a customer who is not
physically present, a bank will be
permitted to use other methods of
verification, to the extent set forth in the
CIP.
While other verification methods
must be used when a bank cannot
examine original documents, Treasury
and the Agencies also recognize that
original identification documents,
including those issued by a government
entity, may be obtained illegally and
may be fraudulent. In light of the recent
increase in identity fraud, banks are
encouraged to use other verification
methods, even when a customer has
provided original documents.
Obtaining sufficient information to
verify a customer’s identity can reduce
the risk that a bank will be used as a
conduit for money laundering and
terrorist financing. The risk that the
bank will not know the customer’s true
identity will be heightened for certain
types of accounts, such as accounts

VerDate Jul<19>2002

18:43 Jul 22, 2002

Jkt 197001

opened in the name of a corporation,
partnership, or trust that is created or
conducts substantial business in
jurisdictions that have been designated
by the United States as a primary money
laundering concern or have been
designated as non-cooperative by an
international body. As a bank’s identity
verification procedures should be riskbased, they should identify types of
accounts that pose a heightened risk,
and prescribe additional measures to
verify the identity of any person seeking
to open an account and the signatory for
such accounts.
The proposed regulation gives
examples of other non-documentary
verification methods that a bank may
use in the situations described above.
These methods could include contacting
a customer after the account is opened;
obtaining a financial statement;
comparing the identifying information
provided by the customer against fraud
and bad check databases to determine
whether any of the information is
associated with known incidents of
fraudulent behavior (negative
verification); comparing the identifying
information with information available
from a trusted third party source, such
as a credit report from a consumer
reporting agency (positive verification);
and checking references with other
financial institutions. The bank also
may wish to analyze whether there is
logical consistency between the
identifying information provided, such
as the customer’s name, street address,
ZIP code, telephone number, date of
birth, and social security number
(logical verification).7
Section 103.121(b)(2)(iii) Lack of
Verification. The proposed regulation
also states that a bank’s CIP must
include procedures for responding to
circumstances in which the bank cannot
form a reasonable belief that it knows
the true identity of a customer.
Generally, a bank should only
maintain an account for a customer
when it can form a reasonable belief that
it knows the customer’s true identity.8
Thus, a bank should have procedures
that specify the actions that it will take
when it cannot form a reasonable belief
that it knows the true identity of a
customer, including when an account
should not be opened. In addition, a
bank’s CIP should have procedures that
7 Treasury and the Agencies understand that most
banks currently make use of technology that
permits instantaneous negative, positive, and
logical verification of identity.
8 There are some exceptions to this basic rule. For
example, a bank may maintain an account, at the
direction of a law enforcement or intelligence
agency, although the bank does not know the true
identity of a customer.

PO 00000

Frm 00006

Fmt 4701

Sfmt 4702

address the terms under which a
customer may conduct transactions
while a customer’s identity is being
verified. The procedures also should
specify at what point, after attempts to
verify a customer’s identity have failed,
a customer’s account that has been
opened should be closed. Finally, if a
bank cannot form a reasonable belief
that it knows the identity of a customer,
the procedures should also include
determining whether a Suspicious
Activity Report should be filed in
accordance with applicable law and
regulation.
Section 103.121(b)(3) Recordkeeping.
Section 326 of the Act requires
reasonable procedures for maintaining
records of the information used to verify
a person’s name, address, and other
identifying information. The proposed
regulation sets forth recordkeeping
procedures that must be included in a
bank’s CIP. Under the proposal, a bank
is required to maintain a record of the
identifying information provided by the
customer. Where a bank relies upon a
document to verify identity, the bank
must maintain a copy of the document
that the bank relied on that clearly
evidences the type of document and any
identifying information it may contain.9
The bank also must record the methods
and result of any additional measures
undertaken to verify the identity of the
customer. Last, the bank must record the
resolution of any discrepancy in the
identifying information obtained. The
bank must retain all of these records for
five years after the date the account is
closed.
Treasury and the Agencies emphasize
that the collection and retention of
information about a customer, such as
an individual’s race or sex, as an
ancillary part of collecting identifying
information do not relieve a bank from
its obligations to comply with antidiscrimination laws or regulations, such
as the prohibition in the Equal Credit
Opportunity Act against discrimination
in any aspect of a credit transaction on
the basis of race, color, religion, national
origin, sex or marital status, age, or
other prohibited classifications.
Nothing in this proposed regulation
modifies, limits or supersedes section
101 of the Electronic Signatures in
Global and National Commerce Act,
Public Law 106–229, 114 Stat. 464 (15
U.S.C. 7001) (E-Sign Act). Thus, a bank
may use electronic records to satisfy the
requirements of this regulation, as long
as the records are accurate and remain
9 The bank need not keep a separate record of the
identifying information provided by the customer if
this information clearly appears on the copy of the
document maintained by the bank.

E:\FR\FM\23JYP2.SGM

pfrm17

PsN: 23JYP2

Federal Register / Vol. 67, No. 141 / Tuesday, July 23, 2002 / Proposed Rules
accessible in accordance with 31 CFR
103.38(d).
Section 103.121(b)(4) Comparison
with Government Lists. Section 326 of
the Act also requires reasonable
procedures for determining whether the
customer appears on any list of known
or suspected terrorists or terrorist
organizations provided to the bank by
any government agency. The proposed
rule implements this requirement and
clarifies that the requirement applies
only with respect to lists circulated by
the Federal government.
In addition, the proposed rule states
that the procedures must ensure that the
bank follows all Federal directives
issued in connection with such lists.
This provision makes clear that a bank
must have procedures for responding to
circumstances when the bank
determines that a customer is named on
a list.
Section 103.121(b)(5) Customer
Notice. Section 326 of the Act states that
customers of financial institutions shall
be required to comply with the identity
verification procedures described above
‘‘after being given adequate notice.’’
Therefore, a bank’s CIP must include
procedures for providing bank
customers with adequate notice that the
bank is requesting information to verify
their identity. A bank may satisfy the
notice requirement by generally
notifying its customers about the
procedures the bank must comply with
to verify their identities. For example,
the bank may post a sign in its lobby or
provide customers with any other form
of written or oral notice. If an account
is opened electronically, such as
through an Internet website, the bank
may also provide notice electronically.
Section 103.121(c) Exemptions.
Section 326 states that the Secretary
(and, in the case of section 4(k)
institutions, the appropriate Federal
functional regulator, as defined in
section 103.120(a)(2)), may by
regulation or order, exempt any
financial institution or type of account
from the requirements of this regulation
in accordance with such standards and
procedures as the Secretary may
prescribe.
Under the proposed rule, the
appropriate Federal functional
regulator, with the concurrence of
Treasury, may by order or regulation
exempt any bank or type of account
from the requirements of this section. In
issuing such exemptions, the Federal
functional regulator and the Treasury
shall consider whether the exemption is
consistent with the purposes of the
Bank Secrecy Act, consistent with safe
and sound banking, and in the public
interest. The Federal functional

VerDate Jul<19>2002

18:43 Jul 22, 2002

Jkt 197001

regulator and Treasury also may
consider other necessary and
appropriate factors.
Section 103.121(d) Other Information
Requirements Unaffected. This section
provides that nothing in section 103.121
shall be construed to relieve a bank of
its obligations to obtain, verify, or
maintain information in connection
with an account or transaction that is
required by another provision in part
103. For example, if an account is
opened with a deposit of more than
$10,000 in cash, the bank opening the
account must comply with the customer
identification requirements in section
103.121, as well as with the provisions
of section 103.22, which require that
certain information concerning the
transaction be reported by filing a Cash
Transaction Report (CTR).
B. Conforming Amendments to 31 CFR
103.34
Current section 103.34(a) sets forth
customer identification requirements
when certain types of deposit accounts
are opened. Generally, sections
103.34(a)(1) and (2) require a bank,
within 30 days after certain deposit
accounts are opened, to secure and
maintain a record of the taxpayer
identification number of the customer
involved. If the bank is unable to obtain
the taxpayer identification number
within 30 days (or a longer time if the
person has applied for a taxpayer
identification number), it need take no
further action under section 103.34
concerning the account if it maintains a
list of the names, addresses, and
account numbers of the persons for
which it was unable to secure taxpayer
identification numbers, and provides
that information to the Secretary upon
request. In the case of a non-resident
alien, the bank is required to record the
person’s passport number or a
description of some other government
document used to determine
identification. Treasury and the
Agencies believe that the requirements
of section 103.34(a)(1) and (2) are
inconsistent with the intent and
purpose of section 326 of the Act and
incompatible with proposed section
103.121.
Section 103.34(a)(3) currently
provides that a bank need not obtain a
taxpayer identification number with
respect to specified categories of
persons 10 opening certain deposit
10 The exemption applies to (i) agencies and
instrumentalities of Federal, State, local, or foreign
governments; (ii) judges, public officials, or clerks
of courts of record as custodians of funds in
controversy or under the control of the court; (iii)
aliens who are ambassadors; ministers; career
diplomatic or consular officers; naval, military, or

PO 00000

Frm 00007

Fmt 4701

Sfmt 4702

48295

accounts. This proposed rule does not
contain any exemptions from the CIP
requirements.
Treasury and the Agencies are
requesting comments on whether any of
these exemptions should apply in the
context of the proposed CIP
requirements in light of the intent and
purpose of section 326 of the Act.
Section 103.34(a)(4) provides that
section 6109 of the Internal Revenue
Code and the rules and regulations of
the Internal Revenue Service (IRS)
promulgated thereunder shall determine
what constitutes a taxpayer
identification number. This provision is
continued in proposed section
103.121(a)(8). Section 103.34(a)(4) also
provides that IRS rules shall determine
whose number shall be obtained in the
case of multiple account holders.
Treasury and the Agencies believe that
this provision is inconsistent with
section 326 of the Act, which requires
that banks verify the identity of ‘‘any’’
person seeking to open an account.
For these reasons, Treasury, under its
own authority, is proposing to repeal
section 103.34(a).
Section 103.34(b) sets forth certain
recordkeeping requirements for banks.
Among other things, section
103.34(b)(1) requires a bank to keep
‘‘any notations, if such are normally
made, of specific identifying
information verifying the identity of [a
person with signature authority over an
account] (such as a driver’s license
number or credit card number).’’
Treasury and the Agencies believe that
the quoted language in section
103.34(b)(1) is inconsistent with the
requirements of proposed section
103.121. For this reason, Treasury,
under its own authority, is proposing to
delete the quoted language.
C. Technical Amendment to 31 CFR
103.11(j)
Section 103.11(j), which defines the
term ‘‘deposit account,’’ contains an
other attaches of foreign embassies and legations;
and members of their immediate families; (iv) aliens
who are accredited representatives of certain
international organizations, and their immediate
families; (v) aliens temporarily residing in the
United States for a period not to exceed 180 days;
(vi) aliens not engaged in a trade or business in the
United States who are attending a recognized
college or university, or any training program
supervised or conducted by an agency of the
Federal Government; (vii) unincorporated
subordinate units of a tax exempt central
organization that are covered by a group exemption
letter; (viii) a person under 18 years of age, with
respect to an account opened at part of a school
thrift savings program, provided the annual interest
is less than $10; (ix) a person opening a Christmas
club, vacation club, or similar installment savings
program, provided the annual interest is less than
$10; and (x) non-resident aliens who are not
engaged in a trade or business in the United States.

E:\FR\FM\23JYP2.SGM

pfrm17

PsN: 23JYP2

48296

Federal Register / Vol. 67, No. 141 / Tuesday, July 23, 2002 / Proposed Rules

obsolete reference to the definition of
‘‘transaction account,’’ which is defined
in section 103.11(hh). Under its own
authority, Treasury is proposing to
correct this reference.
III. Request for Comments
Treasury and the Agencies invite
comment on all aspects of this
rulemaking, and specifically seek
comment on the following issues:
1. Whether the proposed definition of
‘‘account’’ is appropriate and whether
other examples of accounts should be
added to the regulatory text.
2. How the proposed regulation
should apply to various types of
accounts that are designed to allow a
customer to transact business
immediately.
3. Whether the definition of ‘‘bank’’ in
the proposed regulation should be
amended with respect to the foreign
branches of banks by (i) excluding
foreign branches or (ii) clarifying that a
foreign branch must comply only to the
extent that the bank’s program does not
contravene applicable local law.
Treasury and the Agencies request that
commenters cite and describe any
potentially conflicting foreign laws that
may apply to the foreign branches of
banks.
Comment is requested on this issue
because Treasury and the Agencies
recognize that interpreting the BSA to
apply to the foreign branch of a U.S.
depository institution could cause
practical and legal problems for that
institution if the branch has a
conflicting obligation under applicable
local law. The regulation, if adopted as
proposed, may place a foreign branch in
a position of potentially violating local
law by implementing aspects of its
bank’s CIP, which is described more
fully in the Supplemental Information,
above.
4. Ways that banks can comply with
the requirement that a bank obtain both
the address of an individual’s residence,
and, if different, the individual’s
mailing address in situations involving
individuals who lack a permanent
address.
5. Whether non-U.S. persons that are
not individuals will be able to provide
a bank with the identifying information
required in section
103.121(b)(2)(i)(D)(2), or whether other
categories of identifying information
should be added to this section to
permit non-U.S. persons that are not
individuals to open accounts.
Commenters on this issue should
suggest other means of identification
that banks currently use or should use.
6. Whether the proposed regulation
will subject banks to conflicting State

VerDate Jul<19>2002

18:43 Jul 22, 2002

Jkt 197001

laws. Treasury and the Agencies request
that commenters cite and describe any
potentially conflicting State laws.
7. The extent to which the verification
procedures required by the proposed
regulation make use of information that
banks currently obtain in the account
opening process. Treasury and the
Agencies note that the legislative history
of section 326 indicates that Congress
intended ‘‘the verification procedures
prescribed by Treasury [to] make use of
information currently obtained by most
financial institutions in the account
opening process.’’ See H.R. Rep. No.
107–250, pt. 1, at 63 (2001).
8. Whether any of the exemptions
from the customer identification
requirements contained in current
section 103.34(a)(3) should be
continued in section 103.121(c). In this
regard, Treasury and the Agencies
request that commenters address the
standards set forth in proposed section
103.121(c) (as well as any other
appropriate factors).
IV. Solicitation of Comments on Use of
Plain Language
Section 722 of the Gramm-LeachBliley Act, Pub. L. 106–102, sec. 722,
113 Stat. 1338, 1471 (Nov. 12, 1999),
requires the OCC, Board, FDIC, and OTS
to use plain language in all proposed
and final rules published after January
1, 2000. Therefore, these agencies
specifically invite your comments on
how to make this proposal easier to
understand. For example:
• Have we organized the material to
suit your needs? If not, how could this
material be better organized?
• Are the requirements in the
proposed regulation clearly stated? If
not, how could the regulation be more
clearly stated?
• Does the proposed regulation
contain language or jargon that is not
clear? If so, which language requires
clarification?
• Would a different format (grouping
and order of sections, use of headings,
paragraphing) make the regulation
easier to understand? If so, what
changes to the format would make the
regulation easier to understand?
• What else could we do to make the
regulation easier to understand?
V. Regulatory Flexibility Act
When an agency issues a rulemaking
proposal, the Regulatory Flexibility Act
(RFA) requires the agency to ‘‘prepare
and make available for public comment
an initial regulatory flexibility analysis’’
unless the agency certifies that the rule
will not have a ‘‘significant economic

PO 00000

Frm 00008

Fmt 4701

Sfmt 4702

impact on a substantial number of small
entities.’’ 5 U.S.C. 603, 605(b).11
The Agencies have reviewed the
impact of this proposed rule on small
banks. Treasury and the Agencies certify
that the proposed rule will not have a
significant economic impact on a
substantial number of small entities.
The requirements of the proposed rule
closely parallel the requirements for
customer identification programs
mandated by section 326 of the Act.
Moreover, Treasury and the Agencies
believe that banks already have
implemented prudential business
practices and anti-money laundering
programs that involve the key controls
that would be required in a customer
identification program in accordance
with the proposed regulation. First, all
banks already undertake extensive
measures to verify the identity of their
customers as a matter of good business
practice. In addition, banks already
must have anti-money laundering
programs that include procedures for
identification, verification, and
documentation of customer
information.12
Second, banks already should have
compliance programs in place to check
lists provided by the Federal
government of known and suspected
terrorists and terrorist organizations.
Currently, banks are prohibited from
engaging in transactions involving
certain foreign countries or their
nationals under rules issued by the
Office of Foreign Assets Control
(OFAC). See 31 CFR 500. Banks should
already have compliance programs in
place to ensure that they do not violate
OFAC rules. Treasury and the Agencies
understand that many banks, including
small banks, have instituted programs to
check other lists provided to them by
the Federal government following the
events of September 11, 2001. Treasury
and the Agencies believe that all banks
have access to a variety of resources,
such as computer software packages,
that enable them to check lists provided
by the Federal government.
Third, Treasury and the Agencies
believe the provision in the proposed
rule that requires a bank to provide
adequate notice to its customers that it
is requesting information to verify their
11 The RFA defines the term ‘‘small entity’’ in 5
U.S.C. 601 by reference to the definitions published
by the Small Business Administration (SBA). The
SBA has defined a ‘‘small entity’’ for banking
purposes as a bank or savings institution with less
than $150 million in assets. See 13 CFR 121.201.
The NCUA defines ‘‘small credit union’’ as those
under $1 million in assets. Interpretive Ruling and
Policy Statement No. 87–2, Developing and
Reviewing Government Regulations (52 FR 35231,
September 18, 1987).
12 See footnote 3.

E:\FR\FM\23JYP2.SGM

pfrm17

PsN: 23JYP2

Federal Register / Vol. 67, No. 141 / Tuesday, July 23, 2002 / Proposed Rules
identity will impose minimal costs on
banks. Banks may elect to satisfy that
requirement through a variety of lowcost measures, such as by posting a sign
in the bank’s lobby or providing any
other form of written or oral notice.
The recordkeeping requirements
similarly may impose some costs on
banks, if, for example, some of the
information that must be maintained as
a consequence of implementing
customer identification programs is not
already retained. Treasury and the
Agencies believe that the compliance
burden, if any, is minimized for banks,
including small banks, because the
proposed regulation vests a bank with
the discretion to design and implement
appropriate recordkeeping procedures,
including allowing banks to maintain
electronic records in lieu of (or in
combination with) paper records.
Finally, Treasury and the Agencies
believe that the flexibility incorporated
into the proposed rule will permit each
bank to tailor its CIP to fit its own size
and needs. In this regard, Treasury and
the Agencies believe that expenditures
associated with establishing and
implementing a CIP will be
commensurate with the size of a bank.
If a bank is small, the burden to comply
with the proposed rule should be de
minimis.
VI. Paperwork Reduction Act
The proposed rule contains
recordkeeping and disclosure
requirements that are subject to the
Paperwork Reduction Act of 1995 (44
U.S.C. 3501 et seq.). In summary, the
proposed rule requires banks to
implement reasonable procedures to (1)
maintain records of the information
used to verify the person’s identity and
(2) provide notice of these procedures to
customers. These recordkeeping and
disclosure requirements are required
under section 326 of the Act.
The proposed rule applies only to a
financial institution that is a ‘‘bank’’ as
defined in 31 CFR 103.11(c),13 and any
foreign branch of an insured bank. The
proposed rule requires each bank to
establish a written CIP that must
include recordkeeping procedures
(proposed section 103.121(b)(3)) and
procedures for providing customers
with notice that the bank is requesting
information to verify their identity
(proposed section 103.121(b)(5)).
The proposed rule requires a bank to
maintain a record of (1) the identifying
information provided by the customer,
the type of identification document(s)
reviewed, if any, the identification
13 This definition includes banks, thrifts, and
credit unions.

VerDate Jul<19>2002

18:43 Jul 22, 2002

Jkt 197001

number of the document(s), and a copy
of the identification document(s); (2) the
means and results of any additional
measures undertaken to verify the
identity of the customer; and (3) the
resolution of any discrepancy in the
identifying information obtained. These
records must be maintained at the bank
for five years after the date the account
is closed (proposed section
103.121(b)(3)). Treasury and the
Agencies believe that little burden is
associated with the recordkeeping
requirements outlined in proposed
section 103.121(b)(2), because such
recordkeeping is a usual and customary
business practice. In addition, banks
already must keep similar records to
comply with existing regulations in 31
CFR part 103 (see, e.g., 31 CFR 103.34,
requiring certain records for each
deposit or share account opened).
The proposed rule also requires banks
to give customers ‘‘adequate notice’’ of
the identity verification procedures
(proposed section 103.121(b)(5)). A bank
may satisfy the notice requirement by
posting a sign in the lobby or providing
customers with any other form of
written or oral notice. If the account is
opened electronically, the bank may
provide the notice electronically.
Treasury and the Agencies believe that
nominal burden is associated with the
disclosure requirement outlined in
proposed section 103.121(b)(5). This
section requires a bank to notify its
customers about the procedures the
bank has implemented to verify their
identities. However, a bank may choose
among a variety of methods of providing
adequate notice and may select the least
burdensome method, given the
circumstances under which customers
seek to open new accounts.
A person is not required to respond to
a collection of information unless it
displays a currently valid Office of
Management and Budget (OMB) control
number. The collection of information
requirements contained in the proposed
rule have been submitted to the OMB by
Treasury in accordance with the
Paperwork Reduction Act of 1995 (44
U.S.C. 3507).
The institutions subject to these
requirements include national banks
and Federal branches and agencies
(OCC financial institutions); state
member banks and branches and
agencies of foreign banks (Board
financial institutions); insured state
nonmember banks (FDIC financial
institutions); savings associations (OTS
financial institutions); and federally
insured credit unions (NCUA financial
institutions).
Estimated number of OCC financial
institutions: 2,289.

PO 00000

Frm 00009

Fmt 4701

Sfmt 4702

48297

Estimated number of Board financial
institutions: 1,188.
Estimated number of FDIC financial
institutions: 5,500.
Estimated number OTS financial
institutions: 1,020.
Estimated number of NCUA financial
institution: 9,944.
Estimated average annual burden for
the recordkeeping requirements of the
proposed rule per each financial
institution respondent: 10 hours.
Estimated average annual burden for
the disclosure requirements of the
proposed rule per each financial
institution respondent: 1 hour.
Estimated total annual recordkeeping
and disclosure burden: 219,351 hours.
Treasury and the Agencies request
public comment on all aspects of the
recordkeeping and disclosure
requirements contained in this proposed
rule, including how burdensome it
would be for banks to comply with
these requirements. Also, Treasury and
the Agencies request comment on
whether the banks are currently
maintaining the records requested in
proposed section 103.121(b)(2).
Treasury and the Agencies also invite
comment on:
(1) Whether the collections of
information contained in the notice of
proposed rulemaking are necessary for
the proper performance of each agency’s
functions, including whether the
information has practical utility;
(2) The accuracy of each agency’s
estimate of the burden of the proposed
information collections;
(3) Ways to enhance the quality,
utility, and clarity of the information to
be collected;
(4) Ways to minimize the burden of
the information collections on
respondents, including the use of
automated collection techniques or
other forms of information technology;
and
(5) Estimates of capital or start-up
costs and costs of operation,
maintenance, and purchases of services
to provide information.
Comments concerning the
recordkeeping and disclosure
requirements in the proposed rule
should be sent (preferably by fax (202–
395–6974)) to Desk Officer for the
Department of the Treasury, Office of
Information and Regulatory Affairs,
Office of Management and Budget,
Paperwork Reduction Project (1506),
Washington, DC 20503 (or by the
Internet to jlackeyj@omb.eop.gov), with
a copy to FinCEN by mail or the Internet
at the addresses previously specified.

E:\FR\FM\23JYP2.SGM

pfrm17

PsN: 23JYP2

48298

Federal Register / Vol. 67, No. 141 / Tuesday, July 23, 2002 / Proposed Rules

VII. Executive Order 12866
Treasury, the OCC, and OTS have
determined that this proposal is not a
‘‘significant regulatory action’’ under
Executive Order 12866. The rule follows
closely the requirements of section 326
of the Act.
Treasury, the OCC, and OTS believe
that national banks and savings
associations already have procedures in
place that fulfill most of the
requirements of the proposed
regulation. First, the procedures are a
matter of good business practice.
Second, national banks and savings
associations already are required to have
BSA compliance programs that address
many of the requirements detailed in
this notice of proposed rulemaking.
Third, banks and savings associations
should already have compliance
programs in place to ensure they
comply with OFAC rules prohibiting
transactions with certain foreign
countries or their nationals.
Treasury, the OCC, and OTS invite
national banks, the thrift industry, and
the public to provide any cost estimates
and related data that they think would
be useful in evaluating the overall costs
of the rule.
For these reasons, and for the reasons
discussed elsewhere in this preamble,
Treasury, the OCC, and OTS believe that
the burden stemming from this
rulemaking will not cause the proposed
rule to be a ‘‘significant regulatory
action.’’
Lists of Subjects in 31 CFR Part 103
Administrative practice and
procedure, Authority delegations
(Government agencies), Banks, banking,
Brokers, Currency, Foreign banking,
Foreign currencies, Gambling,
Investigations, Law enforcement,
Penalties, Reporting and recordkeeping
requirements, Securities.
Authority and Issuance
For the reasons set forth in the
preamble, part 103 of title 31 of the
Code of Federal Regulations is proposed
to be amended as follows:
PART 103—FINANCIAL
RECORDKEEPING AND REPORTING
OF CURRENCY AND FOREIGN
TRANSACTIONS
1. The authority citation for part 103
is revised to read as follows:
Authority: 12 U.S.C. 1786(q), 1818, 1829b
and 1951–1959; 31 U.S.C. 5311–5332; title
III, secs. 312, 313, 314, 319, 326, 352, Pub L.
107–56, 115 Stat. 307.

2. Section 103.11(j) is amended by
removing ‘‘paragraph (q)’’ and adding
‘‘paragraph (hh)’’.

VerDate Jul<19>2002

18:43 Jul 22, 2002

Jkt 197001

3. Section 103.34 is amended as
follows:
a. By removing paragraph (a);
b. By redesignating paragraph (b)
introductory text and paragraphs (b)(1)
through (b)(13) as introductory text and
paragraphs (a) through (m), respectively.
c. In newly redesignated introductory
text, by removing ’’, in addition,’’ in the
first sentence; and
d. In newly redesignated paragraph
(a), by removing ’’, including any
notations, if such are normally made, of
specific identifying information
verifying the identity of the signer (such
as a driver’s license number or credit
card number)’’.
4. Subpart I of part 103 is amended by
adding new § 103.121 to read as follows:
§ 103.121 Customer Identification
Programs for banks, savings associations,
and credit unions.

(a) Definitions. For purposes of this
section:
(1) Account means each formal
banking or business relationship
established to provide ongoing services,
dealings, or other financial transactions.
For example, a deposit account, a
transaction or asset account, and a
credit account or other extension of
credit would each constitute an account.
(2) Bank means a bank, as that term
is defined in § 103.11(c), that is subject
to regulation by a Federal functional
regulator, and any foreign branch of an
insured bank.
(3) Customer means:
(i) Any person seeking to open a new
account; and
(ii) Any signatory on the account at
the time the account is opened, and any
new signatory added thereafter.
(4) Federal functional regulator has
the same meaning as provided in
§ 103.120(a)(2).
(5) Person has the same meaning as
provided in § 103.11(z).
(6) U.S. person means:
(i) A U.S. citizen; or
(ii) A corporation, partnership, trust,
or person (other than an individual) that
is established or organized under the
laws of a State or the United States.
(7) Non-U.S. person means a person
that is not a U.S. person.
(8) Taxpayer identification number.
The provisions of section 6109 of the
Internal Revenue Code of 1986 (26
U.S.C. 6109) and the regulations of the
Internal Revenue Service promulgated
thereunder shall determine what
constitutes a taxpayer identification
number.
(b) Customer Identification Program:
minimum requirements. (1) In general.
A bank must implement a written
Customer Identification Program

PO 00000

Frm 00010

Fmt 4701

Sfmt 4702

(Program) that, at a minimum, includes
each of the components of this section.
The Program should be tailored to the
bank’s size, location and type of
business. The bank’s board of directors
or a committee of the board must
approve the Program. The Program must
be a part of the bank’s anti-money
laundering program required under the
regulations implementing 31 U.S.C.
5318(h), 12 U.S.C. 1818(s), and 12
U.S.C. 1786(q)(1).
(2) Identity verification procedures.
The Program must include procedures
for verifying the identity of each
customer, to the extent reasonable and
practicable. The procedures must be
based on the bank’s assessment of the
risks presented by the various types of
accounts maintained by the bank, the
various methods of opening accounts
provided by the bank, and the type of
identifying information available, and
must enable the bank to form a
reasonable belief that it knows the true
identity of the customer.
(i) Information required. (A) In
general. The Program must contain
procedures that specify the identifying
information that the bank must obtain
from each customer. Except as
permitted by paragraph (b)(2)(i)(B) of
this section, at a minimum, a bank must
obtain the following information prior
to opening or adding a signatory to an
account:
(1) Name;
(2) For individuals, date of birth;
(3) (i) For individuals, residence and,
if different, mailing address; or
(ii) For persons other than
individuals, such as corporations,
partnerships, and trusts: principal place
of business and, if different, mailing
address;
(4) (i) For U.S. persons, a U.S.
taxpayer identification number (e.g.,
social security number, individual
taxpayer identification number, or
employer identification number); or
(ii) For non-U.S. persons, one or more
of the following: a U.S. taxpayer
identification number; passport number
and country of issuance; alien
identification card number; or number
and country of issuance of any other
government-issued document
evidencing nationality or residence and
bearing a photograph or similar
safeguard.
(B) Limited exception. The Program
may permit the bank to open or add a
signatory to an account for a person
other than an individual (such as a
corporation, partnership, or trust) that
has applied for, but has not received, an
employer identification number.
However, in such a case, the bank must
obtain a copy of the application before

E:\FR\FM\23JYP2.SGM

pfrm17

PsN: 23JYP2

Federal Register / Vol. 67, No. 141 / Tuesday, July 23, 2002 / Proposed Rules
it opens or adds a signatory to the
account and obtain the employer
identification number within a
reasonable period of time after it opens
or adds a signatory to the account.
(ii) Verification. The Program must
contain risk-based procedures for
verifying the information obtained
pursuant to paragraph (b)(2)(i)(A) of this
section within a reasonable time after
the account is established or a signatory
is added to the account. A bank need
not verify the information about an
existing customer seeking to open a new
account or who becomes a signatory on
an account, if the bank previously
verified the customer’s identity in
accordance with procedures consistent
with this section, and continues to have
a reasonable belief that it knows the true
identity of the customer.
(A) Verification through documents.
The Customer Identification Program
must contain procedures describing
when the bank will verify identity
through documents and setting forth the
documents that the bank will use for
this purpose. These documents may
include:
(1) For individuals: unexpired
government-issued identification
evidencing nationality or residence and
bearing a photograph or similar
safeguard; and
(2) For corporations, partnerships,
trusts and persons other than
individuals: documents showing the
existence of the entity, such as
registered articles of incorporation, a
government-issued business license,
partnership agreement, or trust
instrument.
(B) Non-documentary verification
methods. The Program must contain
procedures that describe nondocumentary methods the bank will use
to verify identity and when these
methods will be used in addition to, or
instead of, relying on documents. These
procedures must address situations
where an individual is unable to present
an unexpired government-issued
identification document that bears a
photograph or similar safeguard; the
bank is not familiar with the documents
presented; the account is opened
without obtaining documents; the
account is not opened in a face-to-face
transaction; and the type of account
increases the risk that the bank will not
be able to verify the true identity of the
customer through documents. Other
verification methods may include
contacting a customer; independently
verifying documentary information
through credit bureaus, public
databases, or other sources; checking
references with other financial

VerDate Jul<19>2002

18:43 Jul 22, 2002

Jkt 197001

institutions; and obtaining a financial
statement.
(iii) Lack of verification. The Program
must include procedures for responding
to circumstances in which the bank
cannot form a reasonable belief that it
knows the true identity of a customer.
(3) Recordkeeping. (i) The Program
must include procedures for
maintaining a record of all information
obtained under the procedures
implementing paragraph (b)(1) of this
section. The record must include:
(A) All identifying information
provided by a customer pursuant to
paragraphs (b)(2)(i)(A) and (B) of this
section;
(B) A copy of any document that was
relied on pursuant to paragraph
(b)(2)(ii)(A) of this section that clearly
evidences the type of document and any
identification number it may contain;
(C) The methods and result of any
measures undertaken to verify the
identity of the customer pursuant to
paragraph (b)(2)(ii)(B) of this section;
and
(D) The resolution of any discrepancy
in the identifying information obtained.
(ii) The bank must retain all records
for five years after the date the account
is closed.
(4) Comparison with government lists.
The Program must include procedures
for determining whether the customer
appears on any list of known or
suspected terrorists or terrorist
organizations provided to the bank by
any federal government agency. The
procedures must also ensure that the
bank follows all federal directives
issued in connection with such lists.
(5) Customer notice. The Program
must include procedures for providing
bank customers with adequate notice
that the bank is requesting information
to verify their identity.
(c) Exemptions. The appropriate
Federal functional regulator with the
concurrence of the Secretary, may by
order or regulation, exempt any bank or
type of account from the requirements
of this section. In issuing such
exemptions, the Federal functional
regulator and the Secretary shall
consider whether the exemption is
consistent with the purposes of the
Bank Secrecy Act and with safe and
sound banking, and is in the public
interest. The Federal functional
regulator and the Secretary also may
consider other appropriate factors.
(d) Other information requirements
unaffected. Nothing in this section shall
be construed to relieve a bank of its
obligation to comply with any other
provision in this part concerning
information that must be obtained,

PO 00000

Frm 00011

Fmt 4701

Sfmt 4702

48299

verified, or maintained in connection
with any account or transaction.
Dated: July 15, 2002.
James F. Sloan,
Director, Financial Crimes Enforcement
Network.
Dated: July 2, 2002.
John D. Hawke, Jr.,
Comptroller of the Currency.
By order of the Board of Governors of the
Federal Reserve System, July 10, 2002.
Jennifer J. Johnson,
Secretary of the Board.
By order of the Board of Directors of the
Federal Deposit Insurance Corporation this
3rd day of July, 2002.
Valerie J. Best,
Assistant Executive Secretary.
Dated: July 5, 2002. In concurrence, by the
Office of Thrift Supervision.
James E. Gilleran,
Director.
Dated: July 3, 2002.
Becky Baker,
Secretary of the Board, National Credit Union
Administration.
[FR Doc. 02–18191 Filed 7–22–02; 8:45 am]
BILLING CODE 4810–02–P

DEPARTMENT OF THE TREASURY
31 CFR Part 103
RIN 1506–AA31

Financial Crimes Enforcement
Network; Customer Identification
Programs for Certain Banks (Credit
Unions, Private Banks and Trust
Companies) That Do Not Have a
Federal Functional Regulator
AGENCIES: The Financial Crimes
Enforcement Network, Treasury.
ACTION: Notice of proposed rulemaking.
SUMMARY: FinCEN is issuing a proposed
regulation to implement section 326 of
the Uniting and Strengthening America
by Providing Appropriate Tools
Required to Intercept and Obstruct
Terrorism (USA PATRIOT) Act of
2001(the Act) for credit unions and trust
companies that do not have a federal
functional regulator. The proposed rule
provides the same rules for these
financial institutions as are provided in
a companion notice of proposed
rulemaking being issued jointly by
FinCEN and the Federal bank regulators
published elsewhere in this separate
part of this issue of the Federal Register.
DATES: Written comments on the
proposed rule may be submitted on or
before September 6, 2002.
ADDRESSES: Because paper mail in the
Washington area may be subject to

E:\FR\FM\23JYP2.SGM

pfrm17

PsN: 23JYP2