Regulators Issue CIP Exemption Order; FinCEN Launches COMMAND

CIP Exemption

As America’s Credit Unions reported last week, the federal financial institution regulators (i.e., NCUA, OCC, FDIC) issued an order granting an exemption from the Customer Identification Program (CIP) Rule’s requirement to obtain Taxpayer Identification Number (TIN) information directly from a customer. The order specifically permits the use of an alternative collection method to obtain TIN information from a third-party rather than from the customer, provided that the credit union otherwise complies with the CIP Rule’s requirements. The regulators developed the order in coordination with the Financial Crimes Enforcement Network (FinCEN).

Why the change? Since the CIP Rule was issued in 2003, there have been significant changes in the ways consumers access financial services (e.g., online and mobile banking), along with a rise in consumers’ reluctance to provide their full TIN due to data security and identity theft concerns. This change offers credit unions flexibility to change their method of TIN collection based on an assessment of the relevant risks. However, note that the use of this exemption is optional. There is no requirement to use the exemptive relief, as smaller institutions expressed concerns regarding the operational costs associated with utilizing third-party TIN verification services.

Background

As directed by the USA PATRIOT Act, the CIP Rule sets forth minimum standards for customer identification and verification by requiring each financial institution to implement written CIP procedures that enable the institution to form a reasonable belief that it knows the true identity of each customer, which includes verifying the identity of the customer to the extent reasonable and practicable. For purposes of the rule, a “customer” is a person who opens a new account (formal banking relationship) at a financial institution, or in the credit union context, a prospective member establishing a share account at a credit union.

CIP procedures must specify the identifying information that an institution will obtain from each customer prior to opening an account, including, at a minimum, the customer’s name, date of birth (for an individual), address, and identification number, which is a TIN for U.S. persons. Generally, to fulfill the CIP Rule’s identification number requirement, a credit union must obtain TIN information from the “customer,” except with respect to credit card accounts.

An institution’s CIP must also include procedures to verify a customer’s identity through documentary methods (e.g., checking government-issued identification documents); non-documentary methods (e.g., information obtained from a consumer reporting agency, public database, checking references, or  a financial statement), or a combination of both methods, within a reasonable time after the account is opened.

The New Exemption

The exemption permits a credit union to use an alternative collection method to obtain TIN information from a third-party rather than directly from the “customer” for all types of accounts (not just credit cards), provided that the institution otherwise complies with the CIP Rule which requires written procedures that:

i.    Enable the credit union to obtain TIN information prior to opening an account; 
ii.    Are based on the credit union’s assessment of the relevant risks; and 
iii.    Are risk-based for the purpose of verifying the identity of each customer to the extent reasonable and practicable, enabling the credit union to form a reasonable belief that it knows the true identity of each customer.

FinCEN Launches “COMMAND”

In other news, FinCEN launched a new series entitled “Combating and Obstructing Money Movements Associated with Narcotics and Drug Trafficking Organizations” (COMMAND). COMMAND supports Executive Order (EO) 14157, which called for the designation of drug cartels and other foreign organizations as foreign terrorist organizations (FTOs) or specially designated global terrorists (SDGTs) in an effort to combat drug trafficking and dismantle foreign criminal networks, including those operating across the U.S.-Mexico border.

FinCEN’s COMMAND mobilizes community and regional financial institutions through the FinCEN Exchange Program in the fight against narcotics and drug trafficking organizations, including cartels. The FinCEN Exchange Program began in 2017 and was codified as part of the Anti-Money Laundering Act of 2020. The Program facilitates a voluntary public-private information-sharing partnership between law enforcement agencies, national security agencies, financial institutions, and FinCEN to combat money laundering, terrorism financing, organized crime and other financial crimes.

FinCEN led COMMAND events on June 24 and June 27 in McAllen and El Paso, Texas, respectively. According to the FinCEN announcement, because of their proximity to the U.S. southwest border, these cities are exposed to cartels and other activities involving Transnational Criminal Organizations (TCOs). This is the second FinCEN Exchange event in El Paso, Texas in less than a year.

Questions? Suggestions for future blog posts? Contact the Compliance Team at compliance@americascreditunions.org.