[Federal Register Volume 63, Number 234 (Monday, December 7, 1998)]
[Proposed Rules]
[Pages 67516-67524]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-32332]
[[Page 67515]]
_______________________________________________________________________
Part II
_______________________________________________________________________
Federal Reserve System
12 CFR Parts 208, 211, and 225
_______________________________________________________________________
Department of the Treasury
Office of the Comptroller of the Currency
12 CFR Part 21
_______________________________________________________________________
Federal Deposit Insurance Corporation
12 CFR Part 326
_______________________________________________________________________
Department of the Treasury
Office of Thrift Supervision
12 CFR Part 563
_______________________________________________________________________
Regulations H, K, and Y: State Banking Institutions Federal Reserve
System Membership, International Banking Operations, and Bank Holding
Companies and Bank Control Change; ``Know Your Customer'' Requirements;
Minimum Security Devices and Procedures and Bank Secrecy Act
Compliance; and the Development and Maintenance of ``Know Your
Customer'' Programs to Deter and Detect Financial Crimes; Proposed
Rules
��Federal Register / Vol. 63, No. 234 / Monday, December 7, 1998 /
Proposed Rules��
[[Page 67516]]
FEDERAL RESERVE SYSTEM
12 CFR Parts 208, 211, and 225
[Regulations H, K and Y; Docket No. R-1019]
Membership of State Banking Institutions in the Federal Reserve
System; International Banking Operations; Bank Holding Companies and
Change in Bank Control
AGENCY: Board of Governors of the Federal Reserve System.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: The Board of Governors of the Federal Reserve System (Board)
is requesting comments on proposed regulations requiring domestic and
foreign banking organizations supervised by the Board to develop and
maintain ``Know Your Customer'' programs. As proposed, the regulations
would require each banking organization to develop a program designed
to determine the identity of its customers; determine its customers'
sources of funds; determine, understand and monitor the normal and
expected transactions of its customers; and report appropriately any
transactions of its customers that are determined to be suspicious, in
accordance with the Board's existing suspicious activity reporting
regulations. By requiring banking organizations to determine the
identity of their customers, as well as to obtain knowledge regarding
the legitimate activities of their customers, the proposed regulations
will reduce the likelihood that banking organizations will become
unwitting participants in illicit activities conducted or attempted by
their customers.
The proposed regulations also implement the provisions of 12 U.S.C.
1818(s) by specifically requiring certain bank holding companies and
their nonbank subsidiaries, Edge and Agreement corporations, and the
U.S. branches and agencies and other offices of foreign banks
supervised by the Board to establish and maintain procedures reasonably
designed to ensure and monitor compliance with the Currency and Foreign
Transaction Reporting Act (31 U.S.C. 5311 et seq.) and the accompanying
regulations issued thereunder by the United States Department of the
Treasury (31 CFR 103.11 et seq.)(collectively referred to as the Bank
Secrecy Act).
DATES: Comments must be received by March 8, 1999 .
ADDRESSES: Comments should refer to Docket No. R-1019, and may be
mailed to Jennifer J. Johnson, Secretary, Board of Governors of the
Federal Reserve System, 20th and Constitution Avenue, N.W., Washington,
D.C. 20551. Comments also may be delivered to Room B-2222 of the Eccles
Building between 8:45 a.m. and 5:15 p.m. weekdays, or to the guard
station in the Eccles Building courtyard on 20th Street, N.W. (between
Constitution Avenue and C Street) at any time. Comments received will
be available for inspection in Room MP-500 of the Martin Building
between 9:00 a.m. and 5:00 p.m. weekdays, except as provided in 12 CFR
261.14 of the Board's Rules Regarding Availability of Information.
FOR FURTHER INFORMATION CONTACT: Richard A. Small, Assistant Director,
Division of Banking Supervision and Regulation, (202) 452-5235 or
Pamela J. Johnson, Senior Anti-Money Laundering Coordinator, Division
of Banking Supervision and Regulation, (202) 728-5829. For users of
Telecommunications Devices for the Deaf (TDD) only contact Diane
Jenkins, (202) 452-3544, Board of Governors of the Federal Reserve
System, 20th Street and Constitution Avenue, N.W., Washington, D.C.
20551.
SUPPLEMENTARY INFORMATION:
Background
The integrity of the financial sector depends on the ability of
banks and other financial institutions to attract and retain legitimate
funds from legitimate customers. Banking organizations are able to
attract and retain the business of legitimate customers because of the
quality and reliability of the services being rendered and, as
important, the sound and highly respected reputation of banking
organizations. Illicit activities, such as money laundering, fraud, and
other transactions designed to assist criminals in their illegal
ventures, pose a serious threat to the integrity of financial
institutions. When transactions at financial institutions involving
illicit funds are revealed, these transactions invariably damage the
reputation of the institution involved. While it is impossible to
identify every transaction at a financial institution that is
potentially illegal or is being conducted to assist criminals in the
movement of illegally derived funds, it is fundamental for safe and
sound operations that financial institutions take reasonable measures
to identify their customers, understand the legitimate transactions to
be conducted by those customers and, consequently, identify those
transactions conducted by their customers that are suspicious in
nature. By identifying and, when appropriate, reporting such
transactions, in accordance with existing suspicious activity reporting
requirements, financial institutions are protecting their integrity and
are assisting the efforts of the bank regulatory agencies and law
enforcement authorities to thwart illicit activities at financial
institutions.
The Board has long advocated that one of the most effective means
by which a financial institution can both protect itself from engaging
in transactions designed to facilitate illicit activities and ensure
compliance with applicable suspicious activity reporting requirements
is for the institution to have adequate ``Know Your Customer'' policies
and procedures. While some customers may view ``Know Your Customer''
procedures as an unnecessary intrusion into their privacy, these
procedures are important for complying with the Bank Secrecy Act and
suspicious activity reporting requirements. The adoption of the
proposed ``Know Your Customer'' requirements may also assist banks in
ascertaining those banking services that will most effectively serve
the customers' interests and for managing risks to the bank. Many
financial institutions have already adopted policies and procedures
that are consistent with the proposed ``Know Your Customer''
requirements. Additionally, such policies and procedures have enabled
banks to better serve their clientele, as well as comply with existing
regulatory requirements.
The position of the Board is consistent with that of other
countries throughout the world, as evidenced by the pronouncements of
several international organizations.1 Numerous countries
have adopted the idea of ``Know Your Customer'' and mandatory
suspicious transaction reporting as the best means of protecting the
financial sector from participating in the movement of illicit funds.
Such ``Know Your Customer'' programs seek to stifle the criminal
element, which tends to gravitate towards financial institutions that
operate within poorly regulated and supervised jurisdictions, in its
attempts to conduct transactions involving illegally derived funds.
---------------------------------------------------------------------------
\1\ See the Basle Committee on Banking Regulations and
Supervisory Practices, ``Statement on the Prevention of Criminal Use
of the Banking System for the Purpose of Money Laundering''
(December 1988), as well as the Committee's, ``Core Principles for
Effective Banking Supervision'' (April 1997); the 1988 United
Nations Vienna Convention Against Illicit Traffic in Narcotic Drugs
and Psychotropic Substances; the 1990 Council of Europe Convention;
and the Financial Action Task Force Forty Recommendations, issued in
1989 and amended in 1996.
---------------------------------------------------------------------------
The requirement to establish a ``Know Your Customer'' program
should assist financial institutions in obtaining
[[Page 67517]]
information from their customers regarding the identity, the types of
transactions to be conducted and the source of funds, among other
things. The collection of such information will further assist
financial institutions in making a risk-based determination on matters
including the extent of identifying information necessary and the
amount of monitoring required, by allowing institutions to categorize
their customers into different groups based on the types of services
being requested and the magnitude and extent of the transactions being
conducted. Effective ``Know Your Customer'' programs will evidence the
intent of state member banks, bank holding companies, Edge and
Agreement corporations, and the U.S. branches and agencies of foreign
banks to take all reasonable measures to thwart the facilitation of
potential criminal activity.
Effective ``Know Your Customer'' programs will necessarily require
that banking organizations develop ``customer profiles'' to understand
their customers'' intended relationships with the institution, and,
thereafter, realistically determine when customers conduct transactions
that are suspicious or potentially illegal. Banking organizations that
already recognize the value of effective ``Know Your Customer''
programs and have implemented such programs may have found it difficult
to convince customers of the need to provide certain information,
especially when other financial institutions do not ask for such
information. Because such programs will now be required by regulation,
financial institutions will not be prejudiced or criticized for
needlessly inquiring into the affairs of their customers. Moreover,
legitimate customers should be more willing to provide the information
requested by the financial institutions because they will be aware that
a similar legal responsibility exists for all banking organizations
supervised by the federal bank supervisory agencies.
The Board recognizes that a ``Know Your Customer'' requirement will
impose additional burdens on some banking organizations. Mindful of
that fact, the Board is striving to impose only those requirements that
are necessary to ensure that banking organizations have in place
adequate ``Know Your Customer'' programs. In a supplemental document to
be provided at the time these regulations become final, the Board, in
coordination with the other federal bank supervisory agencies, will
provide detailed guidance on specific steps that banking organizations
may consider taking as they implement the regulations. The guidance is
not intended to provide additional interpretive explanations of the
regulations, but rather it will provide concrete examples of proven
effective means to accomplish the requirements of the regulations, such
as identifying customers and monitoring customer transactions. The
Board believes that this approach will strike an appropriate balance
that responds to requests for additional guidance in this area while
preserving the flexibility for each institution to take steps
appropriate for its customers.
In order to ensure the effective implementation of ``Know Your
Customer'' programs at each of the domestic and foreign banking
organizations supervised by the Board, the proposal also implements the
provisions of Section 8(s)(1) of the Federal Deposit Insurance Act, as
amended (12 U.S.C. 1818(s)(1)). The ``Know Your Customer'' programs
required by this proposal would be part of the Bank Secrecy Act-related
procedures required to be adopted by the domestic and foreign banking
organizations supervised by the Board.
Authority to Issue Regulations
The proposed regulations are authorized pursuant to the Board's
statutory authority under Section 8(s)(1) of the Federal Deposit
Insurance Act, as amended by Section 2596(a)(2) of the Crime Control
Act of 1990 (Pub.L. 101-647), which requires, inter alia, the Board to
issue regulations requiring state member banks, as well as other
domestic and foreign banking organizations operating in the United
States supervised by the Board, to establish and maintain internal
procedures reasonably designed to ensure and monitor compliance with
the Bank Secrecy Act. Effective ``Know Your Customer'' programs serve
to facilitate compliance with the Bank Secrecy Act.
The regulations are also being proposed under the Board's general
authority to prevent unsafe and unsound practices and to adopt
regulations defining safe and sound conduct for banking organizations
under its supervision, as well as under the Board's authority to
prescribe specific operational and managerial standards for banks, as
set forth in 12 U.S.C. 1831p-1(a)(2).
Proposal
The Board proposes to revise 12 CFR Parts 208, 211, and 225 by
requiring state member banks, certain bank holding companies and their
nonbank subsidiaries, U.S. branches and agencies and nonbank
subsidiaries of foreign banks, and Edge and Agreement corporations
(collectively referred to as a ``bank'' or ``banks'') to develop and
implement a ``Know Your Customer'' program within their
institutions.2
---------------------------------------------------------------------------
\2\ Generally, the ``Know Your Customer'' requirements set forth
in this proposal will be applicable only to those bank holding
companies and their nonbank subsidiaries that engage in business
activities or transactions with the public and that are involved
with the receipt or disbursal of customer funds.
---------------------------------------------------------------------------
The requirements of the ``Know Your Customer'' program are set out
in general terms, reflecting the Board's view that a ``Know Your
Customer'' program that is appropriate for one institution may not be
appropriate for another. Under the proposed regulations, the Board
would expect each banking organization to design a program that is
appropriate to that organization, given its size and complexity, the
nature and extent of its activities, its customer base and the levels
of risk associated with its various customers and their transactions.
The Board believes that this approach is preferable to a detailed
regulation that imposes the same list of specific requirements on every
organization regardless of its specific circumstances or situation.
The Office of the Comptroller of the Currency, the Federal Deposit
Insurance Corporation, the Office of Thrift Supervision and the
National Credit Union Administration are proposing to adopt
substantially similar regulations covering national banks, federal
branches and agencies of foreign banks, state nonmember banks, insured
state chartered branches of foreign banks, savings associations and
credit unions, respectively. The Board expects that federal regulators
of non-bank financial institutions, such as broker-dealers, will
propose similar rules in the future.
The Board proposes to add a new paragraph (d) to section 208.63 of
Regulation H of the Board (12 CFR 208.63). New paragraph 208.63(d)
describes the requirements for a ``Know Your Customer Program'' at a
state member bank. New sections 211.8(b) and 211.24(f)(2) of the
Board's Regulation K and new section 225.4(g) of the Board's Regulation
Y make all of section 208.63 of the Board's Regulation H, including the
new ``Know Your Customer'' provisions of section 208.63(d), applicable
to Edge and Agreement corporations, the U.S. branches and agencies of
foreign banks (except a federal branch or federal agency or a state
branch that is insured by the Federal Deposit Insurance Corporation),
and certain bank holding
[[Page 67518]]
companies and their nonbank subsidiaries, respectively.
Section-by-Section Analysis
Section 208.63--Procedures for Monitoring Bank Secrecy Act Compliance
Paragraph (d)(1)--Purpose
The proposal makes it clear, by delineating the purposes for which
a ``Know Your Customer'' program should be developed, that it is in
each bank's own best interest to establish and implement such a
program. The creation of a ``Know Your Customer'' program is intended
to protect the reputation of the bank; facilitate the bank's compliance
with all applicable statutes and regulations (including the Bank
Secrecy Act and the Board's suspicious activity reporting regulations)
and with safe and sound banking practices; and protect the bank from
becoming a vehicle for or a victim of illegal activities perpetrated by
its customers.
Paragraph (d)(2)--Definitions
Because the text of the proposed regulations is set forth in
Regulation H, the term ``bank'' is defined to mean a state member bank.
Regulations K and Y will incorporate by reference the ``Know Your
Customer'' provisions from Regulation H without repeating the entire
text of the regulations and make them applicable to bank holding
companies and their nonbank subsidiaries, foreign banks operating in
the United States that are subject to the Bank Holding Company Act and
their nonbank subsidiaries operating in the United States, Edge
corporations, Agreement corporations, and branches and agencies of
foreign banks in the United States, subject to Regulations K and Y. In
most instances, however, banking organizations that do not engage in
business transactions with the public will be excluded from the
definition of bank, as set forth in paragraph (d)(2). For example,
shell bank holding companies that solely own or control the shares of
their subsidiary banks or thrifts and nonbank subsidiaries of bank
holding companies that operate solely to service the activities of
their affiliates and, in so doing, do not interact in any manner with
any public customers will not be covered by this proposal. In addition,
the proposed regulations will not apply to credit card banks, bankers
banks or other banks that operate solely to service the activities of
their affiliates.
The proposed regulations define the term ``customer'' as the person
or entity who has an account involving the receipt or disbursal of
funds at a bank and any other person or entity on behalf of whom such
an account is maintained. The term encompasses direct and indirect
beneficiaries of deposit, loan and other accounts that involve the
receipt or disbursal of funds. The term also encompasses a person or
entity who owns or is represented by the customer. Under this
definition, a ``customer'' would include an accountholder, a beneficial
owner of an account or a borrower and could include the beneficiary of
a trust, an investment fund, a pension fund or company whose assets are
managed by an asset manager, a controlling shareholder of a closely
held corporation or the grantor of a trust established in an off-shore
jurisdiction. The term ``customer'' is not meant to include receipt of
services from the bank for which no transaction involving the receipt
or disbursal of customer funds occurs, such as a bank's provision of
safe deposit boxes.
Paragraph (d)(3)--Establishment of Know Your Customer Program
This section of the proposed regulations requires that each bank
supervised by the Board establish a ``Know Your Customer'' program by
April 1, 2000. Additionally, this section of the proposal will require
that the ``Know Your Customer'' program be reduced to writing and
approved by the board of directors of the bank, or a committee thereof,
and the approval recorded in the official minutes of the board. For the
U.S. offices of foreign banks, such approval may be obtained from the
highest level management official in the United States.
Paragraph (d)(4)--Contents of Know Your Customer Program
This section of the proposed regulations sets forth the specific
requirements for the contents of the ``Know Your Customer'' program.
Banks vary considerably in the way in which they conduct their business
on a day-to-day basis. Therefore, the Board believes that to impose
regulations that simply require each bank to follow a pre-designed,
standardized checklist would not be appropriate. The proposed
regulations allow each bank to develop and delineate a system that will
comprise the ``Know Your Customer'' program, consistent with the
banking practices of the particular bank that, when followed by the
bank, will effectively meet the requirements and goals of the
regulations. This will allow each bank to design a ``Know Your
Customer'' program specifically suited to its own situation that
appropriately reflects the size and complexity of the bank, the types
of customers it serves and the nature and extent of their activities at
the bank.
Additionally, this section recognizes that each bank's ``Know Your
Customer'' program may vary depending on the nature of the specific
activity, the type of customers involved, the size of the transactions
and other factors that reflect the bank's assessment of the risk
presented. This section recognizes that it may be beneficial for banks
to classify customers into varying risk-based categories that the banks
can use in determining the amount and type of information,
documentation and monitoring that is appropriate. While these proposed
regulations will provide banking organizations with substantial
flexibility in devising an appropriate ``Know Your Customer'' program,
the Board believes that all ``Know Your Customer'' programs should
contain certain critical features, which are set forth herein.
Paragraph (d)(4)(i) of the proposed regulations also requires that
the ``Know Your Customer'' program delineate acceptable documentation
requirements and the due diligence procedures the bank will follow in
meeting the requirements of the proposed regulations. The delineation
of this information in the ``Know Your Customer'' program will ensure
that the same standards are applied throughout the bank and will inform
auditors and examiners of the bank's established standards for review
of customer information.
Paragraph (d)(4)(ii) of the proposal sets forth the minimum
requirements for an acceptable ``Know Your Customer'' program. The
proposed regulations require that, rather than following a
``checklist'' approach, a bank may develop a ``system'' designed to
meet the basic requirements of the regulations. The system approach
allows each bank to design its own program, in accordance with its own
business practices, that will best suit the bank. While this places
some burden on the bank to develop the specifics of the ``Know Your
Customer'' program, such an approach recognizes that each bank conducts
business in accordance with its own policies, procedures, goals and
objectives. The ``Know Your Customer'' program, in order to be the most
effective, must be developed and implemented with the bank's regular
and ordinary business practices in mind. Potentially, there can be a
variety of ways in which a ``Know Your Customer'' program can be
established and operated to best meet the needs of the bank while
fulfilling the requirements of the regulations.
[[Page 67519]]
Paragraph (d)(4)(ii)(A) of the proposed regulations requires that
the ``Know Your Customer'' program provide a system for determining the
identity of customers maintaining accounts at the bank, as defined. It
is imperative that a bank establish, to its own satisfaction, that it
is dealing with a legitimate person, whether the person is a natural
person, corporation or other business entity. The nature and extent of
the identification process should be commensurate with the types of
transactions anticipated by the customer and the risks associated with
such transactions.
The Board does not believe that it is practicable for a financial
institution to conduct a large-scale information request from all its
existing customers. Rather, the Board contemplates that a financial
institution will be able to comply with the proposed regulation with
respect to its existing customers by determining their normal and
expected transactions using available account data, monitoring their
transactions for potentially suspicious activities, and obtaining and
documenting additional information from them in order to explain
unusual transactions or when otherwise needed. However, for some
customers, depending on the severity of the risk associated with such
customers and their transactions, it may be necessary to fulfill all of
the requirements of these regulations as if these were new customers.
The identity of a prospective customer should be satisfactorily
established before a customer relationship with the bank is permanently
established. If a prospective customer refuses to provide any of the
requested information the customer relationship should not be
established. Similarly, if additional or follow-up information is not
forthcoming consideration should be given to terminating the
relationship.
The best identification documents available for verifying the
identity of prospective customers are those which are the most
difficult to obtain illicitly and the most difficult to counterfeit. No
single form of identification can be guaranteed to be genuine, however,
and, therefore, the identification process should be cumulative,
obtaining enough information and documentation to assure the bank that
it has properly identified the prospective customer.
As an example, an integral part of the identification process
should be the prospective customer's address or place of business and
telephone number. Verification of this information for some customers
could include physical observation of the location at the address
provided and return telephone calls, or ``call backs,'' to determine
the authenticity of the telephone number provided. Extra consideration
may be required when it is determined that a prospective customer is
situated outside of the area normally served by the bank.
The identification process for natural persons wishing to establish
a customer relationship should, when appropriate and practicable,
include the review of appropriate identification documentation. In
these instances, acceptable forms of documentation should include
within the document a photograph and description of the individual,
along with the signature of the individual. The documentation should
also be easily recognizable identification issued by a government
entity. While not an exhaustive list, some examples of acceptable
identification documentation could include: driver's license with
photograph issued by the State in which the bank is located;
3 State identity card with photograph issued by the State in
which the bank is located; and United States passport or alien
registration card. Other forms of identification, while not sufficient
to be used without corroboration, are satisfactory as forms of
secondary identification that could be used in conjunction with the
types of identification documentation described above to assist in
identifying or verifying the identity of the prospective customer. Some
examples, again while not an exhaustive list, could include: employer
identification card; student identification card; out-of-State driver's
license; credit card; and current utility bills from place of
residence. At a minimum, the accepted forms of identification should be
recorded and, if no legal impediment exists, duplicated and maintained
in the customer's ``file'' at the bank.
---------------------------------------------------------------------------
\3\ For customers that are located in a multi-state regional
area, such as the Washington, D.C. metropolitan region, which
encompasses parts of Maryland and Virginia, identification documents
from a neighboring state would be acceptable.
---------------------------------------------------------------------------
Similarly, for prospective corporate or business customers, the
customer identification process should include the review of
appropriate documentation that allows for a means to verify that the
corporation or other business entity does exist and does engage in the
business, as stated. In establishing the identity of a corporate or
business customer, the prospective customer should provide evidence of
legal status, such as an incorporation document, a partnership
agreement, association documents, or a business license. In some
instances, it may also be necessary to obtain information on the
controlling owners of the business or legal entities. Additionally, the
prospective customer should provide a financial statement of the
business, a description of the business to include such information as
whether the business is in the wholesale or retail markets, and a
description of the business's primary area of trade. It also may be
appropriate to obtain information related to customers and suppliers of
the prospective customer for purposes of verifying information
presented by the prospective customer. At a minimum, all documentation
reviewed, as well as verifications of the information contained
therein, should be recorded and maintained within the customer's
``file'' at the bank.
Any practice of a bank that allows for the establishment of a
customer relationship without face to face contact with bank personnel,
such as banking by mail or Internet banking, poses difficulties in the
identification of the prospective customer by use of the traditionally
accepted practice of obtaining identification documentation to include
photographic identification. Even though photographic identification in
such circumstances will be impractical, other accepted means of
identifying a customer are still viable. In such circumstances, special
care should be given to verification of address and telephone number,
as well as the use of commercially available data to compare such items
as name with date of birth and social security number.
Introductions or referrals of prospective customers by established
customers of the bank, while extremely valuable in providing background
information about the prospective customer, cannot take the place of
identification requirements that should be set forth in the bank's
``Know Your Customer'' program. Details regarding the introduction or
referral should be documented so that the information obtained can be
effectively used to assist in the verification of the prospective
customer.
The proposed regulations allow each bank to determine what
documentation will be appropriate and acceptable in light of
circumstances regarding that particular bank. If the identification
process will allow for the possibility of exceptions to the established
practice, for, as an example, accounts being established for senior
citizens or minors, the possible exceptions should be delineated within
the ``Know Your Customer'' program.
Heightened interest in the marketing of private banking activities
by banks, as well as the heightened interest by banking customers, in
the benefits
[[Page 67520]]
derived from using private banking services has lead to a demonstrable
increase in the number of private banking clients.4 As the
market for private banking grows, so does the level of competition
among institutions that provide private banking services. Accordingly,
there is increased pressure to obtain new customers, increase the
assets under management, and contribute a greater percentage to the net
income of the bank.5 Emphasizing customer growth, without
adopting appropriate procedures to understand a customer's personal and
business background, source of funds and intended use of the private
banking services, may well certainly lead to increased reputational and
legal risks.
---------------------------------------------------------------------------
\4\ For an in-depth discussion of private banking and sound
practices associated with the administration of private banking
activities, see the July 1997 Guidance on Sound Risk Management
Practices Governing Private Banking Activities, prepared by the
Federal Reserve Bank of New York and issued by the Board
(hereinafter referred to as the ``Sound Practices Paper''). The
Sound Practices Paper was distributed, or made available, to banking
organizations supervised by the Board by the Federal Reserve Banks
pursuant to the Board's Division of Banking Supervision and
Regulation SR Letter 97-19 (SUP). Copies of the Sound Practices
Paper and SR Letter are available on the Board's public Internet web
site (www.federalreserve.gov).
\5\ See Sound Practices Paper at page 2.
---------------------------------------------------------------------------
Typically, private banking customers make use of such account
vehicles as personal investment companies (PICs), trusts, personal
mutual investment funds, or are clients of financial advisors. The
establishment of such accounts serves the stated purposes of protecting
the legitimate confidentiality and financial privacy of the customers
that use such accounts. However, banks need to identify properly the
beneficial owners of such accounts, through an effective ``Know Your
Customer'' program. Therefore, ``Know Your Customer'' procedures for
identifying the beneficial owners of such accounts should be no
different than the procedures for identifying other customers of the
bank. Any needed confidentiality required by customers of a bank's
private bank can be addressed by the development of special protections
to limit access to information that would generally reveal the
beneficial owners of these accounts.6
---------------------------------------------------------------------------
\6\ For a more specific discussion of suggested ``Know Your
Customer'' procedures appropriate for private banking operations see
generally Sound Practices Paper.
---------------------------------------------------------------------------
Equally important is the identification of beneficial owners of
assets bought, sold or managed through a relationship with a bank. Such
transactions often occur at the behest of intermediaries, such as asset
managers, who may or may not be registered investment advisors, who
deal with banks on behalf of one or more of their clients. For purposes
of the proposed regulations, the ``customer'' of the bank in these
types of situations would include the beneficiaries of the transactions
and not just the intermediaries. The extent of the information
regarding the customer that may be necessary to fulfill the bank's
``Know Your Customer'' obligations should depend on a risk-based
assessment of the customer and the transactions that will occur, such
as the type, duration and size of the transactions, and should be
addressed within the bank's ``Know Your Customer'' program.
Ultimately, the amount of information necessary to identify
adequately the beneficial owner of an account should be the result of a
risk assessment of the customer and the intended transactions of the
customer. The bank's ``Know Your Customer'' program should provide the
flexibility to group or categorize customers in a manner that allows
the bank to better determine the amount of information necessary for
such groups or categories. In some instances, however, it may not be
necessary to determine the identity of the beneficiaries of the bank's
customers, because the identity of these customers has already been
satisfactorily established. For example, if the bank's customer is a
widely-held mutual fund or asset management fund, a bank does not have
to ``know'' all of the customer's shareholders and certainly does not
have to monitor the shareholders' individual transactions that may
occur through the bank. Similarly, in the event that a bank's customer
is a financial institution supervised by the Board or another federal
or state financial institutions supervisory agency and the bank is
acting as an intermediary for the financial institution that is the
bank's customer in such activities as check clearing or funds transfer
processing, the bank is under no obligation to ``know'' the customers
of the financial institution or monitor the transactions of the
financial institution's customers. On the other hand, if the bank's
customer is a mutual fund established in an off-shore jurisdiction that
has a limited number of shareholders, the bank will be required to
``know'' the customers of the mutual fund.
Paragraph (d)(4)(ii)(B) of the proposed regulations requires that
the ``Know Your Customer'' program provide a system for determining the
source of funds of customers. An effective ``Know Your Customer''
program requires that a bank understand the nature and source of the
funds being placed in the bank by the customer including the types of
instruments used and from where the funds or assets were derived or
generated. Under standards that currently exist in criminal law,
failure to obtain knowledge that is readily available, such as the
source of funds of a particular customer, because of a desire to avoid
the perceived embarrassment of having to obtain such information, can
lead to the prosecution for a money laundering violation when it is
later determined that the funds in question were derived from illicit
activity.7 Adoption of, and adherence to, a ``Know Your
Customer'' program can substantially minimize the risks to a bank.
---------------------------------------------------------------------------
\7\ See 18 U.S.C. 1956 and 1957.
---------------------------------------------------------------------------
For purposes of determining and documenting the source of funds,
the amount of information necessary can depend on the type of customer
in question. As an example, for a majority of retail banking customers
that maintain transaction accounts, where practically the only source
of funds comes from payroll deposits, it is a relatively simple task to
identify and document the source of funds as payroll deposits. On the
other hand, a more detailed analysis, with a more extensive
documentation process, would necessarily be required for high net worth
customers with multiple deposits from a variety of sources. For these
reasons, among others, it may be beneficial for banks to classify
customers into varying categories, based on such factors as the types
of accounts maintained and the types of transactions conducted and the
potential risk of illicit activities associated with such accounts and
transactions. Banks could then develop procedures, as part of the
``Know Your Customer'' programs, to obtain necessary information and
documentation based on the risk assessment for the various categories
or classes established by a bank.
Paragraph (d)(4)(ii)(C) of the proposed regulations requires that
the ``Know Your Customer'' program provide a system for determining
customers'' normal and expected transactions involving the bank. The
primary objective of such a process is to enable the bank to predict
with relative certainty the types of transactions in which a customer
is likely to be engaged. Without an understanding of the normal and
expected transactions of the customers of the bank is virtually
impossible to determine if any particular transaction conducted by a
customer is suspicious.
Understanding a customer's normal and expected transactions is not
a task
[[Page 67521]]
that can be accomplished entirely at the inception of the account
relationship. While it should be a simple task to obtain and record
information as to a customer's expectations at the time of account
opening, only after reviewing the customer's activity for a given
period of time can a determination as to the customer's normal
transactions be made. For this reason, effective ``Know Your Customer''
procedures for determining the normal and expected transactions for a
bank's customers should envision an amount of time adequate to make
these assessments.
The ``Know Your Customer'' procedures for determining normal and
expected transactions should also take into consideration the type of
account that is being established. As an example, a demand deposit
account associated with a payroll deposit will not require an
inordinate effort to determine that the customer will, most likely, use
the account for ordinary living expenses and the deposit of the
customer's salary. Conversely, a business account or an account
maintained by a private banking customer may require a more in-depth
analysis of the customer's intended use of the account coupled with a
heightened ongoing review of account activity to determine if, in fact,
the customer has acted in accordance with the expectations developed at
the inception of the account relationship.
Paragraph (d)(4)(ii)(D) of the proposed regulations requires that
the ``Know Your Customer'' program provide a system for monitoring, on
an ongoing basis, the transactions conducted by customers to determine
if their transactions are consistent with the normal and expected
transactions for particular customers or for customers in the same or
similar categories or classes. The proposed regulations do not require
that every transaction of every customer be reviewed on a daily basis.
However, banks must develop and implement effective monitoring systems,
commensurate with the risks presented by the types of accounts
maintained at the bank and the types of transactions conducted through
those accounts.
The Board is not suggesting that banks must expend considerable
resources to purchase sophisticated computer hardware or software as a
means of complying with the proposed regulations. The effectiveness of
the monitoring system of a bank's ``Know Your Customer'' program will
be based on that particular bank's ability to monitor transactions
consistent with the volume and types of transactions conducted at the
bank.
There are numerous means by which a system can be developed to
carry out the ongoing monitoring of the transactions being conducted by
the customers of the bank. Therefore, it would be appropriate for a
bank to design a monitoring system that would correspond to the risk
associated with the types of accounts maintained and the types of
transactions conducted through those accounts.
The design of such a monitoring system, for example, could involve
the classification of accounts into various categories based on such
factors as the type of account, the types of transactions conducted in
the various types of accounts, the size of the account, the number and
size of transactions conducted through the account, and the risk of
illicit activity associated with the type of account and the
transactions conducted through the account. For certain classes or
categories of accounts, which may be the majority of accounts at some
banks, it may be sufficient for an effective monitoring system to
establish parameters for which the transactions within these accounts
will normally occur. Rather than monitoring each transaction, an
effective monitoring system could entail monitoring only for those
transactions that exceed the established parameters for that particular
class or category of accounts. Under the proposed regulations, a bank's
determination as to how to monitor its various accounts based on the
risks associated with those accounts will be given great deference by
the Board.
In many instances, monitoring is already occurring. As an example,
monitoring of transactions already occurs as a means of complying with
existing suspicious activity reporting regulations. Similarly,
monitoring occurs for such things as large cash transactions, check
kiting and attempted withdrawals from accounts with insufficient funds
or from closed accounts.
For other categories or classes of accounts, it may be necessary to
monitor most, if not all, transactions conducted. One such example are
transactions conducted by private banking customers. As a general
proposition, transactions of private banking customers usually involve
large sums of money. For this reason alone, it is important that a bank
understands the nature of these transactions and reviews these
transactions to ensure that the transactions are consistent with the
normal and expected transactions for that particular customer or for
customers in the same or similar categories or classes. It is the
Board's experience that relationship managers are very aware of
transactions conducted by a private banking customer and, in most
instances, assist the private banking customer in conducting the
transactions. Therefore, there should be little, if any, hardship
associated with reviewing transactions to ensure that they are
consistent with the normal and expected transactions for that
particular customer.
Many banks already engage in sufficient account monitoring
activities. These practices should be formalized in a sound ``Know Your
Customer'' program, which will ensure that banks have identified and
implemented procedures that adequately monitor a broad range of account
activity while providing flexibility in defining the requisite
monitoring activity in light of the risks associated with particular
customers and the transactions being conducted.
Paragraphs (d)(4)(ii)(E) of the proposed regulations require that
the ``Know Your Customer'' program provide a system for determining if
a transaction is suspicious and making a report, when necessary, in
accordance with the Board's suspicious activity reporting regulations.
In identifying reportable transactions, a bank should not conclude that
every transaction that falls outside what is expected for a given
customer, or for categories or classes of customers, should be
reported. Rather, a bank should focus on patterns of inconsistent
transactions and isolated transactions that present risk factors that
warrant further review.
Paragraph (d)(5)--Compliance With Know Your Customer Program
Paragraph (d)(5) of the proposed regulations sets forth the
requirements a bank must follow to ensure that it is in compliance with
its ``Know Your Customer'' program. The requirements include that a
bank provide for and document a system of internal controls to ensure
ongoing compliance, as well as provide for and document independent
testing for compliance with the ``Know Your Customer'' program.
Additionally, the bank must designate an individual responsible for
coordinating and monitoring day-to-day compliance and provide for and
document training to all appropriate personnel of the content and
requirements of the ``Know Your Customer'' program.
Paragraph (d)(6)--Availability of Documentation
Paragraph (d)(6) of the proposed regulations requires, for all
accounts opened or maintained in the United States, that all
information and documentation necessary to comply
[[Page 67522]]
with the regulations be made available for examination and inspection,
at a location specified by a Board or Reserve Bank representative,
within 48 hours of a request for the provision of such information and
documentation. In instances where the information and documentation is
at a location other than where the customer's account is maintained or
the financial services are rendered, the bank must include, as part of
its ``Know Your Customer'' program, specific procedures designed to
ensure that the information and documentation is reviewed on an ongoing
basis by appropriate bank personnel.
Issues may arise, on occasion, concerning whether foreign laws
permit a bank to disclose certain customer information to bank
supervisory agencies, such as the Board. The Board believes that
nondisclosure provisions that may exist in foreign, if they exist,
should not, in any event, present a bar to the disclosure of such
information and documentation. In instances where foreign laws have
been raised as creating a prohibition to the disclosure of information
that is required by the proposed regulations, the Board's experience is
that the information already exists within the banking organization in
the United States because the information is used by the relationship
manager, who resides in the United States, as well as other components
of the bank, to provide banking services to the customer. Moreover, in
other instances where banks have raised foreign law disclosure issues,
the banks, at the Board's suggestion, have obtained from their
customers waivers to any perceived prohibition to disclosure of the
information and documentation. Therefore, in the opinion of the Board,
there is no prohibition or insurmountable bar to the disclosure of the
required information and documentation.
Comments Sought
In addition to other comments that commenters may feel are
appropriate, the Board is seeking comments specific to the following:
1. Whether the proposed definition of ``customer'' is sufficient to
include all persons who benefit from the transactions conducted at the
bank, such as persons who establish off-shore shell companies or
entities or otherwise conduct their business through intermediaries.
2. Whether the proposed definition of ``customer'' is too broad and
will unnecessarily include persons that pose a minimal ``Know Your
Customer'' risk.
3. Whether a bank's ``Know Your Customer'' program should apply to
a bank's counterparty relationships with respect to transactions in
wholesale financial markets (e.g., sales or purchases involving foreign
exchange or securities) and correspondent banking relationships or if,
in such markets, a different standard than that applicable to retail
relationships would be more appropriate and, if such a distinction is
appropriate, how the definition of ``customer'' can be distinguished
between transactional counterparty customers, correspondents and retail
customers.
4. Whether the proposed regulations will create a competitive
disadvantage with respect to other financial sector entities offering
similar services that may not be subject to the proposed regulations
(citing, where possible, specific examples).
5. Whether the proposed regulations will create a competitive
disadvantage with respect to other financial entities offering similar
services that may not be subject to similar regulations.
6. Whether the actual or perceived invasion of personal privacy
interests is outweighed by the additional compliance benefits
anticipated by this proposal.
7. Whether there would be a minimum account size threshold below
which the ``Know Your Customer'' requirements would be waived.
Regulatory Flexibility Act
Pursuant to section 605(b) of the Regulatory Flexibility Act (RFA)
(5 U.S.C. 605(b)), the initial regulatory flexibility analysis
otherwise required under section 603 of the RFA (5 U.S.C. 603) is not
required if the head of the agency certifies that the rule will not
have a significant economic impact on a substantial number of small
entities and the agency publishes such certification and a succinct
statement explaining the reasons for such certification in the Federal
Register along with its general notice of proposed rulemaking.
The Board hereby certifies that the proposal will not have a
significant economic impact on a substantial number of small entities.
The proposal should result in a net benefit to banks regardless of size
because it establishes uniform rules relating to the identification of
customers for all banking organizations supervised by the Board. Most
banking organizations, from small to large, already have policies and
procedures aimed at collecting, retaining and reviewing the types of
information required by this proposal, and there should, thus, be
little economic impact from this proposal.
Paperwork Reduction Act
In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C.
3506; 5 CFR 1320 Appendix A.1), the Board reviewed the proposed rule
under the authority delegated to the Board by the Office of Management
and Budget.
The collection of information requirements in this proposed
regulation are found in 12 CFR 208, 211, and 225. This information is
required to evidence compliance with section 8(s) of the Federal
Deposit Insurance Act. The recordkeepers are for-profit financial
institutions, including small businesses. Records must be retained for
five years for inspection under the institution's established standards
for review of customer information and pursuant to the Bank Secrecy
Act.
The OMB control number for the information collection contained in
the proposed rule is 7100-0212. The Board may not conduct or sponsor,
and an organization is not required to respond to, this information
collection unless it displays a currently valid OMB control number.
Recordkeepers for this information collection include all state
member banks, U.S. branches and agencies of foreign banks, Edge and
agreement corporations supervised by the Board, and certain bank
holding companies and nonbank subsidiaries of bank holding companies.
8 The Federal Reserve estimates there will be 3,500
recordkeepers in the first year; in subsequent years, the recordkeepers
will consist of newly-chartered institutions subject to the rule. The
majority of the paperwork burden associated with the proposed rule is
the one-time cost of developing a plan and implementing written
policies and procedures. In the normal course of business, most
institutions likely already have sufficient information about their
customers in their files and would only need to organize and review
such information. Because each institution would design its own program
in accordance with its own business practices, the Federal Reserve
estimates that the burden of the proposed rule would vary considerably
and may range from ten to thirty hours.
---------------------------------------------------------------------------
\8\ The proposed rule will not apply to shell bank holding
companies.
---------------------------------------------------------------------------
The proposed rule is not expected to significantly increase the
ongoing annual burden for the recordkeepers because most of the ongoing
burden is incurred and accounted for under other existing information
collections.
[[Page 67523]]
Ongoing costs include gathering the required information about
customers (to the extent that the bank does not already possess such
information), monitoring customer transactions, and reporting unusual
or suspicious transactions. Institutions likely perform most, if not
all, of these tasks currently as part of their fraud prevention
procedures, as part of their monitoring of transactions for reporting
on the Department of the Treasury's Currency Transaction Reports (OMB
No.1545-0183), and as part of their procedures to detect violations or
suspicious activity reported on the Suspicious Activity Report. Because
the records would be maintained at the subject organizations and are
not provided to the Board, no issue of confidentiality under the
Freedom of Information Act arises.
Comments are invited on: (a) whether the proposed collection of
information is necessary for the proper performance of the Federal
Reserve's functions, including whether the information has practical
utility; (b) the accuracy of the Board's estimate of the burden of the
proposed information collection, including the cost of compliance; (c)
ways to enhance the quality, utility, and clarity of the information to
be collected; and (d) ways to minimize the burden of information
collection on respondents, including through the use of automated
collection techniques or other forms of information technology.
Comments on the collection of information should be sent to Mary M.
McLaughlin, Chief, Financial Reports Section, Division of Research and
Statistics, Mail Stop 97, Board of Governors of the Federal Reserve
System, Washington, DC 20551, with copies of such comments to be sent
to the Office of Management and Budget, Paperwork Reduction Project
(7100-0212), Washington, DC 20503.
List of Subjects
12 CFR Part 208
Accounting, Agriculture, Banks, banking, Confidential business
information, Crime, Currency, Federal Reserve System, Flood insurance,
Mortgages, Reporting and recordkeeping requirements, Securities.
12 CFR Part 211
Exports, Federal Reserve System, Foreign banking, Holding
companies, Investments, Reporting and recordkeeping requirements.
12 CFR Part 225
Administrative practice and procedure, Banks, banking, Federal
Reserve System, Holding companies, Reporting and recordkeeping
requirements, Securities.
For the reasons set forth in the preamble, parts 208, 211, and 225
of chapter II of title 12 of the Code of Federal Regulations are
proposed to be amended as set forth below:
PART 208--MEMBERSHIP OF STATE BANKING INSTITUTIONS IN THE FEDERAL
RESERVE SYSTEM (REGULATION H)
1. The authority citation for 12 CFR Part 208 continues to read as
follows:
Authority: 12 U.S.C. 24, 36, 92a, 93a, 248(a), 248(c), 321-338a,
371d, 461, 481-486, 601, 611, 1814, 1816, 1818, 1823(j), 1828(o),
1831o, 1831p-1, 3105, 3310, 3331-3351, and 3906-3909; 15 U.S.C. 78b,
78l(b), 78l(g), 78l(i), 78o-4(c)(5), 78o-5, 78q, 78q-1, and 78w; 31
U.S.C. 5318; 42 U.S.C. 4012a, 4104a, 4104b, 4106, and 4128.
2. Section 208.63 is amended by adding a new paragraph (d) to read
as follows:
Sec. 208.63 Procedures for monitoring Bank Secrecy Act Compliance.
* * * * *
(d) Know your customer program--(1) Purpose. This paragraph (d)
requires that member banks establish and regularly maintain procedures
reasonably designed to determine the identity of their customers, as
well as their customers' normal and expected transactions and sources
of funds involving the bank. These procedures (referred to as the
``Know Your Customer'' program) are intended to: protect the reputation
of the bank; facilitate the bank's compliance with all applicable
statutes and regulations (including the Bank Secrecy Act and the
suspicious activity reporting requirements of 12 CFR 208.20) and with
safe and sound banking practices; and protect the bank from becoming a
vehicle for or a victim of illegal activities perpetrated by its
customers. In general, the ``Know Your Customer'' rules apply to all
state member banks, however, the rules do not apply to credit card
banks, bankers' banks, or banks that operate solely to service the
activities of their affiliates.
(2) Definitions. For the purposes of this paragraph (d):
(i) Bank means a state member bank.
(ii) Customer means:
(A) Any person or entity who has an account involving the receipt
or disbursal of funds with a bank; and
(B) Any person or entity on behalf of whom such an account is
maintained.
(3) Establishment of Know Your Customer program. By April 1, 2000,
each bank shall develop and provide for the continued administration of
a Know Your Customer program. The Know Your Customer program shall be
reduced to writing and approved by the board of directors (or a
committee thereof) with the approval recorded in the official minutes
of the board.
(4) Contents of Know Your Customer program. The Know Your Customer
program may vary in complexity and scope depending on different
categories or classes of customers established by the bank and the
potential risk of illicit activities associated with those customers'
accounts and transactions. Components of the program should include the
following:
(i) Appropriate documentation requirements and due diligence
procedures established by the bank to comply with this paragraph (d);
and
(ii) A system for:
(A) Determining the identity of the bank's new customers and if the
bank has reasonable cause to believe that it lacks adequate information
to know the identity of existing customers, determining the identity of
those existing customers;
(B) Determining the customer's sources of funds for transactions
involving the bank;
(C) Determining the particular customer's normal and expected
transactions involving the bank;
(D) Monitoring customer transactions and identifying transactions
that are inconsistent with normal and expected transactions for that
particular customer or for customers in the same or similar categories
or classes, as established by the bank; and
(E) Determining if a transaction is suspicious, in accordance with
the Board's suspicious activity reporting regulations and reporting
accordingly.
(5) Compliance with Know Your Customer program. The bank shall
comply with its Know Your Customer program. To ensure compliance, the
bank shall:
(i) Provide for and document a system of internal controls;
(ii) Provide for and document independent testing for compliance to
be conducted by bank personnel or by an outside party on a regular
basis;
(iii) Designate an individual or individuals responsible for
coordinating and monitoring day-to-day compliance; and
(iv) Provide for and document training to all appropriate
personnel, on at least an annual basis, of the content and required
procedures of the Know Your Customer program.
(6) Availability of documentation. For all accounts opened or
maintained in the United States, each bank must
[[Page 67524]]
ensure that all information and documentation sufficient to comply with
the requirements of this paragraph (d) are available for examination
and inspection, at a location specified by a Board or Reserve Bank
representative, within 48 hours of a Board or Reserve Bank
representative's request for such information and documentation. In
instances where the information and documentation is maintained at a
location other than where the customer's account is maintained or the
financial services are rendered, the bank must include, as part of its
Know Your Customer program, specific procedures designed to ensure that
the information and documentation is reviewed on an ongoing basis by
appropriate bank personnel in order to comply with this paragraph (d).
PART 211--INTERNATIONAL BANKING OPERATIONS (REGULATION K)
1. The authority citation for 12 CFR part 211 continues to read as
follows:
Authority: 12 U.S.C. 221 et seq., 1818, 1835a, 1841 et seq.,
3101 et seq., 3901 et seq.
2. A new Sec. 211.9 would be added to read as follows:
Sec. 211.9 Procedures for monitoring Bank Secrecy Act compliance.
(a) Each Edge corporation or any branch or subsidiary thereof,
Agreement corporation or branch or subsidiary thereof, shall, by April
1, 2000, in accordance with the provisions of Sec. 208.63 of the
Board's Regulation H, 12 CFR 208.63, develop and provide for the
continued administration of:
(1) A program reasonably designed to ensure and monitor compliance
with the provisions of subchapter II of chapter 53 of title 31, United
States Code, the Bank Secrecy Act, and the implementing regulations
promulgated thereunder by the Department of the Treasury at 31 CFR part
103; and
(2) A ``Know Your Customer'' program reasonably designed to
identify customers of the Edge or Agreement corporation or subsidiary
thereof, including customers' normal and expected transactions at or
through the institution.
3. Section 211.24 is amended as follows:
a. Paragraph (f) is redesignated as paragraph (f)(1); and
b. A new paragraph (f)(2) is added.
The addition would read as follows:
Sec. 211.24 Approval of officers of foreign banks; procedures for
applications; standards for approval; representative-office activities
and standards for approval; preservation of existing authority; reports
of crimes and suspected crimes; government securities sales practices.
* * * * *
(f) Reports of crimes and suspected crimes.--(1) * * *
(2) Procedures for monitoring Bank Secrecy Act compliance. Each
branch and agency of a foreign bank (except a federal branch or a
federal agency or a state branch that is insured by the Federal Deposit
Insurance Corporation) in the United States shall, by April 1, 2000, in
accordance with the provisions of Sec. 208.63 of the Board's Regulation
H, 12 CFR 208.63, develop and provide for the continued administration
of:
(i) A program reasonably designed to ensure and monitor compliance
with the provisions of subchapter II of chapter 53 of title 31, United
States Code, the Bank Secrecy Act, and the implementing regulations
promulgated thereunder by the Department of the Treasury at 31 CFR part
103; and
(ii) A ``Know Your Customer'' program reasonably designed to
identify customers of the branch or agency, including customers' normal
and expected transactions at or through the institution.
PART 225--BANK HOLDING COMPANIES AND CHANGE IN BANK CONTROL
(REGULATION Y)
1. The authority citation for 12 CFR part 225 continues to read as
follows:
Authority: 12 U.S.C. 1817(j)(13), 1818, 1828(o), 1831i, 1831p-1,
1843(c)(8), 1844(b), 1972(l), 3106, 3108, 3310, 3331-3351, 3907, and
3909.
2. Section 225.4 is amended by adding a new paragraph (g) to read
as follows:
Sec. 225.4 Corporate practices.
* * * * *
(g) Procedures for Monitoring Bank Secrecy Act Compliance.--(1) By
April 1, 2000, each company described in paragraph (g)(2) of this
section, shall, in accordance with the provisions of Sec. 208.63 of the
Board's Regulation H, 12 CFR 208.63, develop and provide for the
continued administration of:
(i) A program reasonably designed to ensure and monitor compliance
with the provisions of subchapter II of chapter 53 of title 31, United
States Code, the Bank Secrecy Act, and the implementing regulations
promulgated thereunder by the Department of the Treasury at 31 CFR part
103; and
(ii) A ``Know Your Customer'' program reasonably designed to
identify customers of the company, subsidiary, or foreign bank
including customers' normal and expected transactions at or through the
institution.
(2) Paragraph (g)(1) of this section shall apply to each company
that:
(i)(A) Is a bank holding company or a nonbank subsidiary thereof;
or
(B) Is a nonbank company operating in the United States that is a
subsidiary of a foreign bank that is a bank holding company or that is
subject to the BHC Act by virtue of section 8(a) of the International
Banking Act (12 U.S.C. 3106(a)); and
(ii) Holds accounts involving the receipt or disbursal of funds for
persons other than affiliates.
By order of the Board of Governors of the Federal Reserve
System, December 1, 1998.
Jennifer J. Johnson,
Secretary of the Board.
[FR Doc. 98-32332 Filed 12-4-98; 8:45 am]
BILLING CODE 6210-01-P