FinCEN Streamlines Customer Due Diligence Requirements

You may have heard that the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an Exceptive Order granting relief from the regulatory requirement to identify and verify information for business customers each time they open a new account.

First, a bit of background: Under the 2016 Customer Due Diligence (CDD) Rule (effective in 2018), credit unions and other covered financial institutions became subject to several enhanced due diligence requirements. Among other things, the rule required institutions to identify and verify the identities of the natural persons who were the beneficial owners of “legal entity customers” when they opened new accounts. Similar to the Customer Identification Program (CIP) requirements, the identifying information included the name, date of birth, address, and identification number of each legal entity customer.

For the purposes of the rule, a legal entity customer includes corporations, limited liability companies, and other entities that are created by the filing of a public document with a Secretary of State or other similar office, general partnerships, and any similar entities formed under the laws of a foreign jurisdiction that opens an account.

Under the FinCEN exceptive relief order released on February 13, 2026, credit unions no longer have to identify and verify beneficial owners of a legal entity customer, every time that customer opens a new account. Instead, the requirement only applies in the following three scenarios:

1. When a legal entity customer (business) first opens an account with that institution.
2. Any time afterwards when the financial institution has knowledge of facts that would call into question the reliability of beneficial ownership information previously obtained.
3. As needed, based on the financial institution's own risk-based procedures for conducting ongoing due diligence.

So, instead of requiring verification every time a new account is opened, the rule now ties beneficial ownership verification to the overall customer relationship and the institution’s risk assessment and defined risk appetite. In short, verification is now generally required only when the customer first opens an account, unless there is reason to believe the information has changed or is inaccurate, or the institution’s risk-based monitoring requires it. It should be added that the if/when the institution’s risk-based monitoring procedures requires re-verification of the identity of the beneficial owner(s) of a legal entity customer, the order indicates that the institution may rely on beneficial ownership information previously obtained - as long as the legal entity customer, confirms in writing or verbally - that the information is up-to-date and accurate.

Transition to a more flexible framework

In 2018, FinCEN issued three separate exceptive relief rulings because the 2016 CDD rule created uncertainty whether rollovers, renewals, modifications, and extensions of certain account types constituted “new accounts.” In these rulings, FinCEN determined that covered financial institutions do not need to collect and verify beneficial ownership information every time certain existing accounts automatically extend, renew, or roll-over but that beneficial ownership information still needed to be collected at the time the account is opened.

In contrast to the 2018 relief, the 2026 FinCEN relief is broader in that it is now not account-by-account but instead relationship-based. Beneficial ownership identity verification is now only required when the first account is opened at the institution, or when there is reason to doubt existing ownership information, or when required by the institution’s risk-based monitoring procedures. The recent exceptive regulatory relief order was effective upon release - February 13, 2026.

Going forward, credit unions may choose to take advantage of this exceptive relief, but doing so is optional; if the credit union wants to continue to verify and confirm beneficial ownership information every time an existing legal entity customer member opens another account it can continue to do so.

While the recently released relief reduces the need for repeated verification at each subsequent new account opening, credit unions should continue to maintain thorough records of beneficial ownership information collected when the account is first opened. Credit unions must still follow their risk-based due diligence procedures, monitor accounts for suspicious activity and update ownership information whenever there is reason to believe it may have changed or is inaccurate.

Another FinCEN order issued in 2025 (the CIP-TIN Exemption Order) permits credit unions and other covered financial institutions to obtain a customer’s Taxpayer Identification Number (TIN) from a third-party source rather than collecting the full number directly from the customer at account opening. Under this exemption, an institution may collect only partial identifying information (such as the last four digits of the Social Security Number) and then use a trusted third-party source to obtain and verify the full TIN. Institutions choosing to rely on this approach must maintain written, risk-based procedures that ensure the full TIN is obtained before account opening and that the institution has a reasonable belief that it knows the identity of the person opening the account. All other CIP requirements must still be met.

The CDD exceptive relief orders of 2018 and 2026 limit how often beneficial ownership information must be collected and reduce duplicative requirements. The 2025 CIP-TIN exemption order provides an optional method for satisfying identity verification requirements using third-party sources.

FinCEN’s actions in 2018, 2025, and 2026 demonstrate a turn toward modernization and pointed deregulatory efforts. Regardless, all credit unions must continue to comply with anti-money laundering and countering the financing of terrorism (AML/CFT) obligations under the Bank Secrecy Act (BSA) and its implementing regulations.