Today, the Office of the Comptroller of the Currency (OCC), alongside the Federal Deposit Insurance Corporation (FDIC) and the National Credit Union Administration (NCUA) (collectively, the agencies), with concurrence from the Financial Crimes Enforcement Network (FinCEN), issued an order granting an exemption from a specific requirement of the Customer Identification Program (CIP) Rule under § 326 of the USA PATRIOT Act. This exemption allows financial institutions to use alternative methods to collect Taxpayer Identification Number (TIN), (e.g., Social Security Number, individual taxpayer identification number, or employer identification number) information from third-party sources rather than directly from customers. The order applies to accounts at all entities supervised by the agencies.

Background

Since the enactment of § 326 of the USA PATRIOT Act in 2001, the landscape of financial services has evolved dramatically. The traditional method of collecting TIN information directly from customers has become less critical due to advancements in identity verification technologies. Recognizing these changes, FinCEN and the agencies initiated a CIP Request for Information (CIP RFI) in March 2024 to explore the potential risks and benefits of alternative TIN collection methods (discussed here). The feedback received highlighted the success of existing exceptions, such as those for credit card accounts, and the innovation in customer verification methods.

Regulatory Framework

The Bank Secrecy Act (BSA), amended by the USA PATRIOT Act, mandates financial institutions to establish risk-based programs to combat money laundering and terrorism financing. The CIP Rule, implemented in 2003, sets minimum standards for customer identification and verification. Usually, for a U.S. customer this requires financial institutions to collect a full TIN. This new exemption allows financial institutions to leverage third-party sources for TIN information, provided they adhere to risk-based procedures that ensure the true identity of each customer is known.

Findings Supporting the Exemption

FinCEN and the agencies have observed a rise in consumer reluctance to provide full TINs due to privacy concerns. The exemption is supported by evidence from the credit card exception, which has demonstrated that alternative collection methods can be effective without increasing illicit finance risks. The exemption is optional, allowing financial institutions to choose whether to adopt these alternative methods based on their assessment of relevant risks.

Potential Risks and Considerations

While alternative TIN collection methods offer flexibility, concerns remain regarding increased fraud risks and operational costs, particularly for smaller financial institutions. Financial institutions must ensure their procedures are robust and risk-based to mitigate potential fraud risks.

Our Take

This has been a long-awaited change for financial institutions and fintechs. The exemption should decrease customer friction in the account application process. Financial institutions and fintechs should review their policies and procedures and make edits accordingly if they intend to utilize the exemption.