[Federal Register Volume 63, Number 234 (Monday, December 7, 1998)]
[Proposed Rules]
[Pages 67516-67524]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-32332]



[[Page 67515]]

_______________________________________________________________________

Part II

_______________________________________________________________________
Federal Reserve System
12 CFR Parts 208, 211, and 225
_______________________________________________________________________
Department of the Treasury
Office of the Comptroller of the Currency
12 CFR Part 21
_______________________________________________________________________
Federal Deposit Insurance Corporation
12 CFR Part 326
_______________________________________________________________________
Department of the Treasury
Office of Thrift Supervision
12 CFR Part 563
_______________________________________________________________________
Regulations H, K, and Y: State Banking Institutions Federal Reserve 
System Membership, International Banking Operations, and Bank Holding 
Companies and Bank Control Change; ``Know Your Customer'' Requirements; 
Minimum Security Devices and Procedures and Bank Secrecy Act 
Compliance; and the Development and Maintenance of ``Know Your 
Customer'' Programs to Deter and Detect Financial Crimes; Proposed 
Rules

  Federal Register / Vol. 63, No. 234 / Monday, December 7, 1998 / 
Proposed Rules  

[[Page 67516]]



FEDERAL RESERVE SYSTEM

12 CFR Parts 208, 211, and 225

[Regulations H, K and Y; Docket No. R-1019]


Membership of State Banking Institutions in the Federal Reserve 
System; International Banking Operations; Bank Holding Companies and 
Change in Bank Control

AGENCY: Board of Governors of the Federal Reserve System.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Board of Governors of the Federal Reserve System (Board) 
is requesting comments on proposed regulations requiring domestic and 
foreign banking organizations supervised by the Board to develop and 
maintain ``Know Your Customer'' programs. As proposed, the regulations 
would require each banking organization to develop a program designed 
to determine the identity of its customers; determine its customers' 
sources of funds; determine, understand and monitor the normal and 
expected transactions of its customers; and report appropriately any 
transactions of its customers that are determined to be suspicious, in 
accordance with the Board's existing suspicious activity reporting 
regulations. By requiring banking organizations to determine the 
identity of their customers, as well as to obtain knowledge regarding 
the legitimate activities of their customers, the proposed regulations 
will reduce the likelihood that banking organizations will become 
unwitting participants in illicit activities conducted or attempted by 
their customers.
    The proposed regulations also implement the provisions of 12 U.S.C. 
1818(s) by specifically requiring certain bank holding companies and 
their nonbank subsidiaries, Edge and Agreement corporations, and the 
U.S. branches and agencies and other offices of foreign banks 
supervised by the Board to establish and maintain procedures reasonably 
designed to ensure and monitor compliance with the Currency and Foreign 
Transaction Reporting Act (31 U.S.C. 5311 et seq.) and the accompanying 
regulations issued thereunder by the United States Department of the 
Treasury (31 CFR 103.11 et seq.)(collectively referred to as the Bank 
Secrecy Act).

DATES: Comments must be received by March 8, 1999 .

ADDRESSES: Comments should refer to Docket No. R-1019, and may be 
mailed to Jennifer J. Johnson, Secretary, Board of Governors of the 
Federal Reserve System, 20th and Constitution Avenue, N.W., Washington, 
D.C. 20551. Comments also may be delivered to Room B-2222 of the Eccles 
Building between 8:45 a.m. and 5:15 p.m. weekdays, or to the guard 
station in the Eccles Building courtyard on 20th Street, N.W. (between 
Constitution Avenue and C Street) at any time. Comments received will 
be available for inspection in Room MP-500 of the Martin Building 
between 9:00 a.m. and 5:00 p.m. weekdays, except as provided in 12 CFR 
261.14 of the Board's Rules Regarding Availability of Information.

FOR FURTHER INFORMATION CONTACT: Richard A. Small, Assistant Director, 
Division of Banking Supervision and Regulation, (202) 452-5235 or 
Pamela J. Johnson, Senior Anti-Money Laundering Coordinator, Division 
of Banking Supervision and Regulation, (202) 728-5829. For users of 
Telecommunications Devices for the Deaf (TDD) only contact Diane 
Jenkins, (202) 452-3544, Board of Governors of the Federal Reserve 
System, 20th Street and Constitution Avenue, N.W., Washington, D.C. 
20551.

SUPPLEMENTARY INFORMATION:

Background

    The integrity of the financial sector depends on the ability of 
banks and other financial institutions to attract and retain legitimate 
funds from legitimate customers. Banking organizations are able to 
attract and retain the business of legitimate customers because of the 
quality and reliability of the services being rendered and, as 
important, the sound and highly respected reputation of banking 
organizations. Illicit activities, such as money laundering, fraud, and 
other transactions designed to assist criminals in their illegal 
ventures, pose a serious threat to the integrity of financial 
institutions. When transactions at financial institutions involving 
illicit funds are revealed, these transactions invariably damage the 
reputation of the institution involved. While it is impossible to 
identify every transaction at a financial institution that is 
potentially illegal or is being conducted to assist criminals in the 
movement of illegally derived funds, it is fundamental for safe and 
sound operations that financial institutions take reasonable measures 
to identify their customers, understand the legitimate transactions to 
be conducted by those customers and, consequently, identify those 
transactions conducted by their customers that are suspicious in 
nature. By identifying and, when appropriate, reporting such 
transactions, in accordance with existing suspicious activity reporting 
requirements, financial institutions are protecting their integrity and 
are assisting the efforts of the bank regulatory agencies and law 
enforcement authorities to thwart illicit activities at financial 
institutions.
    The Board has long advocated that one of the most effective means 
by which a financial institution can both protect itself from engaging 
in transactions designed to facilitate illicit activities and ensure 
compliance with applicable suspicious activity reporting requirements 
is for the institution to have adequate ``Know Your Customer'' policies 
and procedures. While some customers may view ``Know Your Customer'' 
procedures as an unnecessary intrusion into their privacy, these 
procedures are important for complying with the Bank Secrecy Act and 
suspicious activity reporting requirements. The adoption of the 
proposed ``Know Your Customer'' requirements may also assist banks in 
ascertaining those banking services that will most effectively serve 
the customers' interests and for managing risks to the bank. Many 
financial institutions have already adopted policies and procedures 
that are consistent with the proposed ``Know Your Customer'' 
requirements. Additionally, such policies and procedures have enabled 
banks to better serve their clientele, as well as comply with existing 
regulatory requirements.
    The position of the Board is consistent with that of other 
countries throughout the world, as evidenced by the pronouncements of 
several international organizations.1 Numerous countries 
have adopted the idea of ``Know Your Customer'' and mandatory 
suspicious transaction reporting as the best means of protecting the 
financial sector from participating in the movement of illicit funds. 
Such ``Know Your Customer'' programs seek to stifle the criminal 
element, which tends to gravitate towards financial institutions that 
operate within poorly regulated and supervised jurisdictions, in its 
attempts to conduct transactions involving illegally derived funds.
---------------------------------------------------------------------------

    \1\ See the Basle Committee on Banking Regulations and 
Supervisory Practices, ``Statement on the Prevention of Criminal Use 
of the Banking System for the Purpose of Money Laundering'' 
(December 1988), as well as the Committee's, ``Core Principles for 
Effective Banking Supervision'' (April 1997); the 1988 United 
Nations Vienna Convention Against Illicit Traffic in Narcotic Drugs 
and Psychotropic Substances; the 1990 Council of Europe Convention; 
and the Financial Action Task Force Forty Recommendations, issued in 
1989 and amended in 1996.
---------------------------------------------------------------------------

    The requirement to establish a ``Know Your Customer'' program 
should assist financial institutions in obtaining

[[Page 67517]]

information from their customers regarding the identity, the types of 
transactions to be conducted and the source of funds, among other 
things. The collection of such information will further assist 
financial institutions in making a risk-based determination on matters 
including the extent of identifying information necessary and the 
amount of monitoring required, by allowing institutions to categorize 
their customers into different groups based on the types of services 
being requested and the magnitude and extent of the transactions being 
conducted. Effective ``Know Your Customer'' programs will evidence the 
intent of state member banks, bank holding companies, Edge and 
Agreement corporations, and the U.S. branches and agencies of foreign 
banks to take all reasonable measures to thwart the facilitation of 
potential criminal activity.
    Effective ``Know Your Customer'' programs will necessarily require 
that banking organizations develop ``customer profiles'' to understand 
their customers'' intended relationships with the institution, and, 
thereafter, realistically determine when customers conduct transactions 
that are suspicious or potentially illegal. Banking organizations that 
already recognize the value of effective ``Know Your Customer'' 
programs and have implemented such programs may have found it difficult 
to convince customers of the need to provide certain information, 
especially when other financial institutions do not ask for such 
information. Because such programs will now be required by regulation, 
financial institutions will not be prejudiced or criticized for 
needlessly inquiring into the affairs of their customers. Moreover, 
legitimate customers should be more willing to provide the information 
requested by the financial institutions because they will be aware that 
a similar legal responsibility exists for all banking organizations 
supervised by the federal bank supervisory agencies.
    The Board recognizes that a ``Know Your Customer'' requirement will 
impose additional burdens on some banking organizations. Mindful of 
that fact, the Board is striving to impose only those requirements that 
are necessary to ensure that banking organizations have in place 
adequate ``Know Your Customer'' programs. In a supplemental document to 
be provided at the time these regulations become final, the Board, in 
coordination with the other federal bank supervisory agencies, will 
provide detailed guidance on specific steps that banking organizations 
may consider taking as they implement the regulations. The guidance is 
not intended to provide additional interpretive explanations of the 
regulations, but rather it will provide concrete examples of proven 
effective means to accomplish the requirements of the regulations, such 
as identifying customers and monitoring customer transactions. The 
Board believes that this approach will strike an appropriate balance 
that responds to requests for additional guidance in this area while 
preserving the flexibility for each institution to take steps 
appropriate for its customers.
    In order to ensure the effective implementation of ``Know Your 
Customer'' programs at each of the domestic and foreign banking 
organizations supervised by the Board, the proposal also implements the 
provisions of Section 8(s)(1) of the Federal Deposit Insurance Act, as 
amended (12 U.S.C. 1818(s)(1)). The ``Know Your Customer'' programs 
required by this proposal would be part of the Bank Secrecy Act-related 
procedures required to be adopted by the domestic and foreign banking 
organizations supervised by the Board.

Authority to Issue Regulations

    The proposed regulations are authorized pursuant to the Board's 
statutory authority under Section 8(s)(1) of the Federal Deposit 
Insurance Act, as amended by Section 2596(a)(2) of the Crime Control 
Act of 1990 (Pub.L. 101-647), which requires, inter alia, the Board to 
issue regulations requiring state member banks, as well as other 
domestic and foreign banking organizations operating in the United 
States supervised by the Board, to establish and maintain internal 
procedures reasonably designed to ensure and monitor compliance with 
the Bank Secrecy Act. Effective ``Know Your Customer'' programs serve 
to facilitate compliance with the Bank Secrecy Act.
    The regulations are also being proposed under the Board's general 
authority to prevent unsafe and unsound practices and to adopt 
regulations defining safe and sound conduct for banking organizations 
under its supervision, as well as under the Board's authority to 
prescribe specific operational and managerial standards for banks, as 
set forth in 12 U.S.C. 1831p-1(a)(2).

Proposal

    The Board proposes to revise 12 CFR Parts 208, 211, and 225 by 
requiring state member banks, certain bank holding companies and their 
nonbank subsidiaries, U.S. branches and agencies and nonbank 
subsidiaries of foreign banks, and Edge and Agreement corporations 
(collectively referred to as a ``bank'' or ``banks'') to develop and 
implement a ``Know Your Customer'' program within their 
institutions.2
---------------------------------------------------------------------------

    \2\ Generally, the ``Know Your Customer'' requirements set forth 
in this proposal will be applicable only to those bank holding 
companies and their nonbank subsidiaries that engage in business 
activities or transactions with the public and that are involved 
with the receipt or disbursal of customer funds.
---------------------------------------------------------------------------

    The requirements of the ``Know Your Customer'' program are set out 
in general terms, reflecting the Board's view that a ``Know Your 
Customer'' program that is appropriate for one institution may not be 
appropriate for another. Under the proposed regulations, the Board 
would expect each banking organization to design a program that is 
appropriate to that organization, given its size and complexity, the 
nature and extent of its activities, its customer base and the levels 
of risk associated with its various customers and their transactions. 
The Board believes that this approach is preferable to a detailed 
regulation that imposes the same list of specific requirements on every 
organization regardless of its specific circumstances or situation.
    The Office of the Comptroller of the Currency, the Federal Deposit 
Insurance Corporation, the Office of Thrift Supervision and the 
National Credit Union Administration are proposing to adopt 
substantially similar regulations covering national banks, federal 
branches and agencies of foreign banks, state nonmember banks, insured 
state chartered branches of foreign banks, savings associations and 
credit unions, respectively. The Board expects that federal regulators 
of non-bank financial institutions, such as broker-dealers, will 
propose similar rules in the future.
    The Board proposes to add a new paragraph (d) to section 208.63 of 
Regulation H of the Board (12 CFR 208.63). New paragraph 208.63(d) 
describes the requirements for a ``Know Your Customer Program'' at a 
state member bank. New sections 211.8(b) and 211.24(f)(2) of the 
Board's Regulation K and new section 225.4(g) of the Board's Regulation 
Y make all of section 208.63 of the Board's Regulation H, including the 
new ``Know Your Customer'' provisions of section 208.63(d), applicable 
to Edge and Agreement corporations, the U.S. branches and agencies of 
foreign banks (except a federal branch or federal agency or a state 
branch that is insured by the Federal Deposit Insurance Corporation), 
and certain bank holding

[[Page 67518]]

companies and their nonbank subsidiaries, respectively.

Section-by-Section Analysis

Section 208.63--Procedures for Monitoring Bank Secrecy Act Compliance

Paragraph (d)(1)--Purpose
    The proposal makes it clear, by delineating the purposes for which 
a ``Know Your Customer'' program should be developed, that it is in 
each bank's own best interest to establish and implement such a 
program. The creation of a ``Know Your Customer'' program is intended 
to protect the reputation of the bank; facilitate the bank's compliance 
with all applicable statutes and regulations (including the Bank 
Secrecy Act and the Board's suspicious activity reporting regulations) 
and with safe and sound banking practices; and protect the bank from 
becoming a vehicle for or a victim of illegal activities perpetrated by 
its customers.
Paragraph (d)(2)--Definitions
    Because the text of the proposed regulations is set forth in 
Regulation H, the term ``bank'' is defined to mean a state member bank. 
Regulations K and Y will incorporate by reference the ``Know Your 
Customer'' provisions from Regulation H without repeating the entire 
text of the regulations and make them applicable to bank holding 
companies and their nonbank subsidiaries, foreign banks operating in 
the United States that are subject to the Bank Holding Company Act and 
their nonbank subsidiaries operating in the United States, Edge 
corporations, Agreement corporations, and branches and agencies of 
foreign banks in the United States, subject to Regulations K and Y. In 
most instances, however, banking organizations that do not engage in 
business transactions with the public will be excluded from the 
definition of bank, as set forth in paragraph (d)(2). For example, 
shell bank holding companies that solely own or control the shares of 
their subsidiary banks or thrifts and nonbank subsidiaries of bank 
holding companies that operate solely to service the activities of 
their affiliates and, in so doing, do not interact in any manner with 
any public customers will not be covered by this proposal. In addition, 
the proposed regulations will not apply to credit card banks, bankers 
banks or other banks that operate solely to service the activities of 
their affiliates.
    The proposed regulations define the term ``customer'' as the person 
or entity who has an account involving the receipt or disbursal of 
funds at a bank and any other person or entity on behalf of whom such 
an account is maintained. The term encompasses direct and indirect 
beneficiaries of deposit, loan and other accounts that involve the 
receipt or disbursal of funds. The term also encompasses a person or 
entity who owns or is represented by the customer. Under this 
definition, a ``customer'' would include an accountholder, a beneficial 
owner of an account or a borrower and could include the beneficiary of 
a trust, an investment fund, a pension fund or company whose assets are 
managed by an asset manager, a controlling shareholder of a closely 
held corporation or the grantor of a trust established in an off-shore 
jurisdiction. The term ``customer'' is not meant to include receipt of 
services from the bank for which no transaction involving the receipt 
or disbursal of customer funds occurs, such as a bank's provision of 
safe deposit boxes.
Paragraph (d)(3)--Establishment of Know Your Customer Program
    This section of the proposed regulations requires that each bank 
supervised by the Board establish a ``Know Your Customer'' program by 
April 1, 2000. Additionally, this section of the proposal will require 
that the ``Know Your Customer'' program be reduced to writing and 
approved by the board of directors of the bank, or a committee thereof, 
and the approval recorded in the official minutes of the board. For the 
U.S. offices of foreign banks, such approval may be obtained from the 
highest level management official in the United States.
Paragraph (d)(4)--Contents of Know Your Customer Program
    This section of the proposed regulations sets forth the specific 
requirements for the contents of the ``Know Your Customer'' program. 
Banks vary considerably in the way in which they conduct their business 
on a day-to-day basis. Therefore, the Board believes that to impose 
regulations that simply require each bank to follow a pre-designed, 
standardized checklist would not be appropriate. The proposed 
regulations allow each bank to develop and delineate a system that will 
comprise the ``Know Your Customer'' program, consistent with the 
banking practices of the particular bank that, when followed by the 
bank, will effectively meet the requirements and goals of the 
regulations. This will allow each bank to design a ``Know Your 
Customer'' program specifically suited to its own situation that 
appropriately reflects the size and complexity of the bank, the types 
of customers it serves and the nature and extent of their activities at 
the bank.
    Additionally, this section recognizes that each bank's ``Know Your 
Customer'' program may vary depending on the nature of the specific 
activity, the type of customers involved, the size of the transactions 
and other factors that reflect the bank's assessment of the risk 
presented. This section recognizes that it may be beneficial for banks 
to classify customers into varying risk-based categories that the banks 
can use in determining the amount and type of information, 
documentation and monitoring that is appropriate. While these proposed 
regulations will provide banking organizations with substantial 
flexibility in devising an appropriate ``Know Your Customer'' program, 
the Board believes that all ``Know Your Customer'' programs should 
contain certain critical features, which are set forth herein.
    Paragraph (d)(4)(i) of the proposed regulations also requires that 
the ``Know Your Customer'' program delineate acceptable documentation 
requirements and the due diligence procedures the bank will follow in 
meeting the requirements of the proposed regulations. The delineation 
of this information in the ``Know Your Customer'' program will ensure 
that the same standards are applied throughout the bank and will inform 
auditors and examiners of the bank's established standards for review 
of customer information.
    Paragraph (d)(4)(ii) of the proposal sets forth the minimum 
requirements for an acceptable ``Know Your Customer'' program. The 
proposed regulations require that, rather than following a 
``checklist'' approach, a bank may develop a ``system'' designed to 
meet the basic requirements of the regulations. The system approach 
allows each bank to design its own program, in accordance with its own 
business practices, that will best suit the bank. While this places 
some burden on the bank to develop the specifics of the ``Know Your 
Customer'' program, such an approach recognizes that each bank conducts 
business in accordance with its own policies, procedures, goals and 
objectives. The ``Know Your Customer'' program, in order to be the most 
effective, must be developed and implemented with the bank's regular 
and ordinary business practices in mind. Potentially, there can be a 
variety of ways in which a ``Know Your Customer'' program can be 
established and operated to best meet the needs of the bank while 
fulfilling the requirements of the regulations.

[[Page 67519]]

    Paragraph (d)(4)(ii)(A) of the proposed regulations requires that 
the ``Know Your Customer'' program provide a system for determining the 
identity of customers maintaining accounts at the bank, as defined. It 
is imperative that a bank establish, to its own satisfaction, that it 
is dealing with a legitimate person, whether the person is a natural 
person, corporation or other business entity. The nature and extent of 
the identification process should be commensurate with the types of 
transactions anticipated by the customer and the risks associated with 
such transactions.
    The Board does not believe that it is practicable for a financial 
institution to conduct a large-scale information request from all its 
existing customers. Rather, the Board contemplates that a financial 
institution will be able to comply with the proposed regulation with 
respect to its existing customers by determining their normal and 
expected transactions using available account data, monitoring their 
transactions for potentially suspicious activities, and obtaining and 
documenting additional information from them in order to explain 
unusual transactions or when otherwise needed. However, for some 
customers, depending on the severity of the risk associated with such 
customers and their transactions, it may be necessary to fulfill all of 
the requirements of these regulations as if these were new customers.
    The identity of a prospective customer should be satisfactorily 
established before a customer relationship with the bank is permanently 
established. If a prospective customer refuses to provide any of the 
requested information the customer relationship should not be 
established. Similarly, if additional or follow-up information is not 
forthcoming consideration should be given to terminating the 
relationship.
    The best identification documents available for verifying the 
identity of prospective customers are those which are the most 
difficult to obtain illicitly and the most difficult to counterfeit. No 
single form of identification can be guaranteed to be genuine, however, 
and, therefore, the identification process should be cumulative, 
obtaining enough information and documentation to assure the bank that 
it has properly identified the prospective customer.
    As an example, an integral part of the identification process 
should be the prospective customer's address or place of business and 
telephone number. Verification of this information for some customers 
could include physical observation of the location at the address 
provided and return telephone calls, or ``call backs,'' to determine 
the authenticity of the telephone number provided. Extra consideration 
may be required when it is determined that a prospective customer is 
situated outside of the area normally served by the bank.
    The identification process for natural persons wishing to establish 
a customer relationship should, when appropriate and practicable, 
include the review of appropriate identification documentation. In 
these instances, acceptable forms of documentation should include 
within the document a photograph and description of the individual, 
along with the signature of the individual. The documentation should 
also be easily recognizable identification issued by a government 
entity. While not an exhaustive list, some examples of acceptable 
identification documentation could include: driver's license with 
photograph issued by the State in which the bank is located; 
3 State identity card with photograph issued by the State in 
which the bank is located; and United States passport or alien 
registration card. Other forms of identification, while not sufficient 
to be used without corroboration, are satisfactory as forms of 
secondary identification that could be used in conjunction with the 
types of identification documentation described above to assist in 
identifying or verifying the identity of the prospective customer. Some 
examples, again while not an exhaustive list, could include: employer 
identification card; student identification card; out-of-State driver's 
license; credit card; and current utility bills from place of 
residence. At a minimum, the accepted forms of identification should be 
recorded and, if no legal impediment exists, duplicated and maintained 
in the customer's ``file'' at the bank.
---------------------------------------------------------------------------

    \3\ For customers that are located in a multi-state regional 
area, such as the Washington, D.C. metropolitan region, which 
encompasses parts of Maryland and Virginia, identification documents 
from a neighboring state would be acceptable.
---------------------------------------------------------------------------

    Similarly, for prospective corporate or business customers, the 
customer identification process should include the review of 
appropriate documentation that allows for a means to verify that the 
corporation or other business entity does exist and does engage in the 
business, as stated. In establishing the identity of a corporate or 
business customer, the prospective customer should provide evidence of 
legal status, such as an incorporation document, a partnership 
agreement, association documents, or a business license. In some 
instances, it may also be necessary to obtain information on the 
controlling owners of the business or legal entities. Additionally, the 
prospective customer should provide a financial statement of the 
business, a description of the business to include such information as 
whether the business is in the wholesale or retail markets, and a 
description of the business's primary area of trade. It also may be 
appropriate to obtain information related to customers and suppliers of 
the prospective customer for purposes of verifying information 
presented by the prospective customer. At a minimum, all documentation 
reviewed, as well as verifications of the information contained 
therein, should be recorded and maintained within the customer's 
``file'' at the bank.
    Any practice of a bank that allows for the establishment of a 
customer relationship without face to face contact with bank personnel, 
such as banking by mail or Internet banking, poses difficulties in the 
identification of the prospective customer by use of the traditionally 
accepted practice of obtaining identification documentation to include 
photographic identification. Even though photographic identification in 
such circumstances will be impractical, other accepted means of 
identifying a customer are still viable. In such circumstances, special 
care should be given to verification of address and telephone number, 
as well as the use of commercially available data to compare such items 
as name with date of birth and social security number.
    Introductions or referrals of prospective customers by established 
customers of the bank, while extremely valuable in providing background 
information about the prospective customer, cannot take the place of 
identification requirements that should be set forth in the bank's 
``Know Your Customer'' program. Details regarding the introduction or 
referral should be documented so that the information obtained can be 
effectively used to assist in the verification of the prospective 
customer.
    The proposed regulations allow each bank to determine what 
documentation will be appropriate and acceptable in light of 
circumstances regarding that particular bank. If the identification 
process will allow for the possibility of exceptions to the established 
practice, for, as an example, accounts being established for senior 
citizens or minors, the possible exceptions should be delineated within 
the ``Know Your Customer'' program.
    Heightened interest in the marketing of private banking activities 
by banks, as well as the heightened interest by banking customers, in 
the benefits

[[Page 67520]]

derived from using private banking services has lead to a demonstrable 
increase in the number of private banking clients.4 As the 
market for private banking grows, so does the level of competition 
among institutions that provide private banking services. Accordingly, 
there is increased pressure to obtain new customers, increase the 
assets under management, and contribute a greater percentage to the net 
income of the bank.5 Emphasizing customer growth, without 
adopting appropriate procedures to understand a customer's personal and 
business background, source of funds and intended use of the private 
banking services, may well certainly lead to increased reputational and 
legal risks.
---------------------------------------------------------------------------

    \4\ For an in-depth discussion of private banking and sound 
practices associated with the administration of private banking 
activities, see the July 1997 Guidance on Sound Risk Management 
Practices Governing Private Banking Activities, prepared by the 
Federal Reserve Bank of New York and issued by the Board 
(hereinafter referred to as the ``Sound Practices Paper''). The 
Sound Practices Paper was distributed, or made available, to banking 
organizations supervised by the Board by the Federal Reserve Banks 
pursuant to the Board's Division of Banking Supervision and 
Regulation SR Letter 97-19 (SUP). Copies of the Sound Practices 
Paper and SR Letter are available on the Board's public Internet web 
site (www.federalreserve.gov).
    \5\ See Sound Practices Paper at page 2.
---------------------------------------------------------------------------

    Typically, private banking customers make use of such account 
vehicles as personal investment companies (PICs), trusts, personal 
mutual investment funds, or are clients of financial advisors. The 
establishment of such accounts serves the stated purposes of protecting 
the legitimate confidentiality and financial privacy of the customers 
that use such accounts. However, banks need to identify properly the 
beneficial owners of such accounts, through an effective ``Know Your 
Customer'' program. Therefore, ``Know Your Customer'' procedures for 
identifying the beneficial owners of such accounts should be no 
different than the procedures for identifying other customers of the 
bank. Any needed confidentiality required by customers of a bank's 
private bank can be addressed by the development of special protections 
to limit access to information that would generally reveal the 
beneficial owners of these accounts.6
---------------------------------------------------------------------------

    \6\ For a more specific discussion of suggested ``Know Your 
Customer'' procedures appropriate for private banking operations see 
generally Sound Practices Paper.
---------------------------------------------------------------------------

    Equally important is the identification of beneficial owners of 
assets bought, sold or managed through a relationship with a bank. Such 
transactions often occur at the behest of intermediaries, such as asset 
managers, who may or may not be registered investment advisors, who 
deal with banks on behalf of one or more of their clients. For purposes 
of the proposed regulations, the ``customer'' of the bank in these 
types of situations would include the beneficiaries of the transactions 
and not just the intermediaries. The extent of the information 
regarding the customer that may be necessary to fulfill the bank's 
``Know Your Customer'' obligations should depend on a risk-based 
assessment of the customer and the transactions that will occur, such 
as the type, duration and size of the transactions, and should be 
addressed within the bank's ``Know Your Customer'' program.
    Ultimately, the amount of information necessary to identify 
adequately the beneficial owner of an account should be the result of a 
risk assessment of the customer and the intended transactions of the 
customer. The bank's ``Know Your Customer'' program should provide the 
flexibility to group or categorize customers in a manner that allows 
the bank to better determine the amount of information necessary for 
such groups or categories. In some instances, however, it may not be 
necessary to determine the identity of the beneficiaries of the bank's 
customers, because the identity of these customers has already been 
satisfactorily established. For example, if the bank's customer is a 
widely-held mutual fund or asset management fund, a bank does not have 
to ``know'' all of the customer's shareholders and certainly does not 
have to monitor the shareholders' individual transactions that may 
occur through the bank. Similarly, in the event that a bank's customer 
is a financial institution supervised by the Board or another federal 
or state financial institutions supervisory agency and the bank is 
acting as an intermediary for the financial institution that is the 
bank's customer in such activities as check clearing or funds transfer 
processing, the bank is under no obligation to ``know'' the customers 
of the financial institution or monitor the transactions of the 
financial institution's customers. On the other hand, if the bank's 
customer is a mutual fund established in an off-shore jurisdiction that 
has a limited number of shareholders, the bank will be required to 
``know'' the customers of the mutual fund.
    Paragraph (d)(4)(ii)(B) of the proposed regulations requires that 
the ``Know Your Customer'' program provide a system for determining the 
source of funds of customers. An effective ``Know Your Customer'' 
program requires that a bank understand the nature and source of the 
funds being placed in the bank by the customer including the types of 
instruments used and from where the funds or assets were derived or 
generated. Under standards that currently exist in criminal law, 
failure to obtain knowledge that is readily available, such as the 
source of funds of a particular customer, because of a desire to avoid 
the perceived embarrassment of having to obtain such information, can 
lead to the prosecution for a money laundering violation when it is 
later determined that the funds in question were derived from illicit 
activity.7 Adoption of, and adherence to, a ``Know Your 
Customer'' program can substantially minimize the risks to a bank.
---------------------------------------------------------------------------

    \7\ See 18 U.S.C. 1956 and 1957.
---------------------------------------------------------------------------

    For purposes of determining and documenting the source of funds, 
the amount of information necessary can depend on the type of customer 
in question. As an example, for a majority of retail banking customers 
that maintain transaction accounts, where practically the only source 
of funds comes from payroll deposits, it is a relatively simple task to 
identify and document the source of funds as payroll deposits. On the 
other hand, a more detailed analysis, with a more extensive 
documentation process, would necessarily be required for high net worth 
customers with multiple deposits from a variety of sources. For these 
reasons, among others, it may be beneficial for banks to classify 
customers into varying categories, based on such factors as the types 
of accounts maintained and the types of transactions conducted and the 
potential risk of illicit activities associated with such accounts and 
transactions. Banks could then develop procedures, as part of the 
``Know Your Customer'' programs, to obtain necessary information and 
documentation based on the risk assessment for the various categories 
or classes established by a bank.
    Paragraph (d)(4)(ii)(C) of the proposed regulations requires that 
the ``Know Your Customer'' program provide a system for determining 
customers'' normal and expected transactions involving the bank. The 
primary objective of such a process is to enable the bank to predict 
with relative certainty the types of transactions in which a customer 
is likely to be engaged. Without an understanding of the normal and 
expected transactions of the customers of the bank is virtually 
impossible to determine if any particular transaction conducted by a 
customer is suspicious.
    Understanding a customer's normal and expected transactions is not 
a task

[[Page 67521]]

that can be accomplished entirely at the inception of the account 
relationship. While it should be a simple task to obtain and record 
information as to a customer's expectations at the time of account 
opening, only after reviewing the customer's activity for a given 
period of time can a determination as to the customer's normal 
transactions be made. For this reason, effective ``Know Your Customer'' 
procedures for determining the normal and expected transactions for a 
bank's customers should envision an amount of time adequate to make 
these assessments.
    The ``Know Your Customer'' procedures for determining normal and 
expected transactions should also take into consideration the type of 
account that is being established. As an example, a demand deposit 
account associated with a payroll deposit will not require an 
inordinate effort to determine that the customer will, most likely, use 
the account for ordinary living expenses and the deposit of the 
customer's salary. Conversely, a business account or an account 
maintained by a private banking customer may require a more in-depth 
analysis of the customer's intended use of the account coupled with a 
heightened ongoing review of account activity to determine if, in fact, 
the customer has acted in accordance with the expectations developed at 
the inception of the account relationship.
    Paragraph (d)(4)(ii)(D) of the proposed regulations requires that 
the ``Know Your Customer'' program provide a system for monitoring, on 
an ongoing basis, the transactions conducted by customers to determine 
if their transactions are consistent with the normal and expected 
transactions for particular customers or for customers in the same or 
similar categories or classes. The proposed regulations do not require 
that every transaction of every customer be reviewed on a daily basis. 
However, banks must develop and implement effective monitoring systems, 
commensurate with the risks presented by the types of accounts 
maintained at the bank and the types of transactions conducted through 
those accounts.
    The Board is not suggesting that banks must expend considerable 
resources to purchase sophisticated computer hardware or software as a 
means of complying with the proposed regulations. The effectiveness of 
the monitoring system of a bank's ``Know Your Customer'' program will 
be based on that particular bank's ability to monitor transactions 
consistent with the volume and types of transactions conducted at the 
bank.
    There are numerous means by which a system can be developed to 
carry out the ongoing monitoring of the transactions being conducted by 
the customers of the bank. Therefore, it would be appropriate for a 
bank to design a monitoring system that would correspond to the risk 
associated with the types of accounts maintained and the types of 
transactions conducted through those accounts.
    The design of such a monitoring system, for example, could involve 
the classification of accounts into various categories based on such 
factors as the type of account, the types of transactions conducted in 
the various types of accounts, the size of the account, the number and 
size of transactions conducted through the account, and the risk of 
illicit activity associated with the type of account and the 
transactions conducted through the account. For certain classes or 
categories of accounts, which may be the majority of accounts at some 
banks, it may be sufficient for an effective monitoring system to 
establish parameters for which the transactions within these accounts 
will normally occur. Rather than monitoring each transaction, an 
effective monitoring system could entail monitoring only for those 
transactions that exceed the established parameters for that particular 
class or category of accounts. Under the proposed regulations, a bank's 
determination as to how to monitor its various accounts based on the 
risks associated with those accounts will be given great deference by 
the Board.
    In many instances, monitoring is already occurring. As an example, 
monitoring of transactions already occurs as a means of complying with 
existing suspicious activity reporting regulations. Similarly, 
monitoring occurs for such things as large cash transactions, check 
kiting and attempted withdrawals from accounts with insufficient funds 
or from closed accounts.
    For other categories or classes of accounts, it may be necessary to 
monitor most, if not all, transactions conducted. One such example are 
transactions conducted by private banking customers. As a general 
proposition, transactions of private banking customers usually involve 
large sums of money. For this reason alone, it is important that a bank 
understands the nature of these transactions and reviews these 
transactions to ensure that the transactions are consistent with the 
normal and expected transactions for that particular customer or for 
customers in the same or similar categories or classes. It is the 
Board's experience that relationship managers are very aware of 
transactions conducted by a private banking customer and, in most 
instances, assist the private banking customer in conducting the 
transactions. Therefore, there should be little, if any, hardship 
associated with reviewing transactions to ensure that they are 
consistent with the normal and expected transactions for that 
particular customer.
    Many banks already engage in sufficient account monitoring 
activities. These practices should be formalized in a sound ``Know Your 
Customer'' program, which will ensure that banks have identified and 
implemented procedures that adequately monitor a broad range of account 
activity while providing flexibility in defining the requisite 
monitoring activity in light of the risks associated with particular 
customers and the transactions being conducted.
    Paragraphs (d)(4)(ii)(E) of the proposed regulations require that 
the ``Know Your Customer'' program provide a system for determining if 
a transaction is suspicious and making a report, when necessary, in 
accordance with the Board's suspicious activity reporting regulations. 
In identifying reportable transactions, a bank should not conclude that 
every transaction that falls outside what is expected for a given 
customer, or for categories or classes of customers, should be 
reported. Rather, a bank should focus on patterns of inconsistent 
transactions and isolated transactions that present risk factors that 
warrant further review.
Paragraph (d)(5)--Compliance With Know Your Customer Program
    Paragraph (d)(5) of the proposed regulations sets forth the 
requirements a bank must follow to ensure that it is in compliance with 
its ``Know Your Customer'' program. The requirements include that a 
bank provide for and document a system of internal controls to ensure 
ongoing compliance, as well as provide for and document independent 
testing for compliance with the ``Know Your Customer'' program. 
Additionally, the bank must designate an individual responsible for 
coordinating and monitoring day-to-day compliance and provide for and 
document training to all appropriate personnel of the content and 
requirements of the ``Know Your Customer'' program.
Paragraph (d)(6)--Availability of Documentation
    Paragraph (d)(6) of the proposed regulations requires, for all 
accounts opened or maintained in the United States, that all 
information and documentation necessary to comply

[[Page 67522]]

with the regulations be made available for examination and inspection, 
at a location specified by a Board or Reserve Bank representative, 
within 48 hours of a request for the provision of such information and 
documentation. In instances where the information and documentation is 
at a location other than where the customer's account is maintained or 
the financial services are rendered, the bank must include, as part of 
its ``Know Your Customer'' program, specific procedures designed to 
ensure that the information and documentation is reviewed on an ongoing 
basis by appropriate bank personnel.
    Issues may arise, on occasion, concerning whether foreign laws 
permit a bank to disclose certain customer information to bank 
supervisory agencies, such as the Board. The Board believes that 
nondisclosure provisions that may exist in foreign, if they exist, 
should not, in any event, present a bar to the disclosure of such 
information and documentation. In instances where foreign laws have 
been raised as creating a prohibition to the disclosure of information 
that is required by the proposed regulations, the Board's experience is 
that the information already exists within the banking organization in 
the United States because the information is used by the relationship 
manager, who resides in the United States, as well as other components 
of the bank, to provide banking services to the customer. Moreover, in 
other instances where banks have raised foreign law disclosure issues, 
the banks, at the Board's suggestion, have obtained from their 
customers waivers to any perceived prohibition to disclosure of the 
information and documentation. Therefore, in the opinion of the Board, 
there is no prohibition or insurmountable bar to the disclosure of the 
required information and documentation.

Comments Sought

    In addition to other comments that commenters may feel are 
appropriate, the Board is seeking comments specific to the following:
    1. Whether the proposed definition of ``customer'' is sufficient to 
include all persons who benefit from the transactions conducted at the 
bank, such as persons who establish off-shore shell companies or 
entities or otherwise conduct their business through intermediaries.
    2. Whether the proposed definition of ``customer'' is too broad and 
will unnecessarily include persons that pose a minimal ``Know Your 
Customer'' risk.
    3. Whether a bank's ``Know Your Customer'' program should apply to 
a bank's counterparty relationships with respect to transactions in 
wholesale financial markets (e.g., sales or purchases involving foreign 
exchange or securities) and correspondent banking relationships or if, 
in such markets, a different standard than that applicable to retail 
relationships would be more appropriate and, if such a distinction is 
appropriate, how the definition of ``customer'' can be distinguished 
between transactional counterparty customers, correspondents and retail 
customers.
    4. Whether the proposed regulations will create a competitive 
disadvantage with respect to other financial sector entities offering 
similar services that may not be subject to the proposed regulations 
(citing, where possible, specific examples).
    5. Whether the proposed regulations will create a competitive 
disadvantage with respect to other financial entities offering similar 
services that may not be subject to similar regulations.
    6. Whether the actual or perceived invasion of personal privacy 
interests is outweighed by the additional compliance benefits 
anticipated by this proposal.
    7. Whether there would be a minimum account size threshold below 
which the ``Know Your Customer'' requirements would be waived.

Regulatory Flexibility Act

    Pursuant to section 605(b) of the Regulatory Flexibility Act (RFA) 
(5 U.S.C. 605(b)), the initial regulatory flexibility analysis 
otherwise required under section 603 of the RFA (5 U.S.C. 603) is not 
required if the head of the agency certifies that the rule will not 
have a significant economic impact on a substantial number of small 
entities and the agency publishes such certification and a succinct 
statement explaining the reasons for such certification in the Federal 
Register along with its general notice of proposed rulemaking.
    The Board hereby certifies that the proposal will not have a 
significant economic impact on a substantial number of small entities. 
The proposal should result in a net benefit to banks regardless of size 
because it establishes uniform rules relating to the identification of 
customers for all banking organizations supervised by the Board. Most 
banking organizations, from small to large, already have policies and 
procedures aimed at collecting, retaining and reviewing the types of 
information required by this proposal, and there should, thus, be 
little economic impact from this proposal.

Paperwork Reduction Act

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3506; 5 CFR 1320 Appendix A.1), the Board reviewed the proposed rule 
under the authority delegated to the Board by the Office of Management 
and Budget.
    The collection of information requirements in this proposed 
regulation are found in 12 CFR 208, 211, and 225. This information is 
required to evidence compliance with section 8(s) of the Federal 
Deposit Insurance Act. The recordkeepers are for-profit financial 
institutions, including small businesses. Records must be retained for 
five years for inspection under the institution's established standards 
for review of customer information and pursuant to the Bank Secrecy 
Act.
    The OMB control number for the information collection contained in 
the proposed rule is 7100-0212. The Board may not conduct or sponsor, 
and an organization is not required to respond to, this information 
collection unless it displays a currently valid OMB control number.
    Recordkeepers for this information collection include all state 
member banks, U.S. branches and agencies of foreign banks, Edge and 
agreement corporations supervised by the Board, and certain bank 
holding companies and nonbank subsidiaries of bank holding companies. 
8 The Federal Reserve estimates there will be 3,500 
recordkeepers in the first year; in subsequent years, the recordkeepers 
will consist of newly-chartered institutions subject to the rule. The 
majority of the paperwork burden associated with the proposed rule is 
the one-time cost of developing a plan and implementing written 
policies and procedures. In the normal course of business, most 
institutions likely already have sufficient information about their 
customers in their files and would only need to organize and review 
such information. Because each institution would design its own program 
in accordance with its own business practices, the Federal Reserve 
estimates that the burden of the proposed rule would vary considerably 
and may range from ten to thirty hours.
---------------------------------------------------------------------------

    \8\ The proposed rule will not apply to shell bank holding 
companies.
---------------------------------------------------------------------------

    The proposed rule is not expected to significantly increase the 
ongoing annual burden for the recordkeepers because most of the ongoing 
burden is incurred and accounted for under other existing information 
collections.

[[Page 67523]]

Ongoing costs include gathering the required information about 
customers (to the extent that the bank does not already possess such 
information), monitoring customer transactions, and reporting unusual 
or suspicious transactions. Institutions likely perform most, if not 
all, of these tasks currently as part of their fraud prevention 
procedures, as part of their monitoring of transactions for reporting 
on the Department of the Treasury's Currency Transaction Reports (OMB 
No.1545-0183), and as part of their procedures to detect violations or 
suspicious activity reported on the Suspicious Activity Report. Because 
the records would be maintained at the subject organizations and are 
not provided to the Board, no issue of confidentiality under the 
Freedom of Information Act arises.
    Comments are invited on: (a) whether the proposed collection of 
information is necessary for the proper performance of the Federal 
Reserve's functions, including whether the information has practical 
utility; (b) the accuracy of the Board's estimate of the burden of the 
proposed information collection, including the cost of compliance; (c) 
ways to enhance the quality, utility, and clarity of the information to 
be collected; and (d) ways to minimize the burden of information 
collection on respondents, including through the use of automated 
collection techniques or other forms of information technology. 
Comments on the collection of information should be sent to Mary M. 
McLaughlin, Chief, Financial Reports Section, Division of Research and 
Statistics, Mail Stop 97, Board of Governors of the Federal Reserve 
System, Washington, DC 20551, with copies of such comments to be sent 
to the Office of Management and Budget, Paperwork Reduction Project 
(7100-0212), Washington, DC 20503.

List of Subjects

12 CFR Part 208

    Accounting, Agriculture, Banks, banking, Confidential business 
information, Crime, Currency, Federal Reserve System, Flood insurance, 
Mortgages, Reporting and recordkeeping requirements, Securities.

12 CFR Part 211

    Exports, Federal Reserve System, Foreign banking, Holding 
companies, Investments, Reporting and recordkeeping requirements.

12 CFR Part 225

    Administrative practice and procedure, Banks, banking, Federal 
Reserve System, Holding companies, Reporting and recordkeeping 
requirements, Securities.

    For the reasons set forth in the preamble, parts 208, 211, and 225 
of chapter II of title 12 of the Code of Federal Regulations are 
proposed to be amended as set forth below:

PART 208--MEMBERSHIP OF STATE BANKING INSTITUTIONS IN THE FEDERAL 
RESERVE SYSTEM (REGULATION H)

    1. The authority citation for 12 CFR Part 208 continues to read as 
follows:

    Authority: 12 U.S.C. 24, 36, 92a, 93a, 248(a), 248(c), 321-338a, 
371d, 461, 481-486, 601, 611, 1814, 1816, 1818, 1823(j), 1828(o), 
1831o, 1831p-1, 3105, 3310, 3331-3351, and 3906-3909; 15 U.S.C. 78b, 
78l(b), 78l(g), 78l(i), 78o-4(c)(5), 78o-5, 78q, 78q-1, and 78w; 31 
U.S.C. 5318; 42 U.S.C. 4012a, 4104a, 4104b, 4106, and 4128.

    2. Section 208.63 is amended by adding a new paragraph (d) to read 
as follows:


Sec. 208.63  Procedures for monitoring Bank Secrecy Act Compliance.

* * * * *
    (d) Know your customer program--(1) Purpose. This paragraph (d) 
requires that member banks establish and regularly maintain procedures 
reasonably designed to determine the identity of their customers, as 
well as their customers' normal and expected transactions and sources 
of funds involving the bank. These procedures (referred to as the 
``Know Your Customer'' program) are intended to: protect the reputation 
of the bank; facilitate the bank's compliance with all applicable 
statutes and regulations (including the Bank Secrecy Act and the 
suspicious activity reporting requirements of 12 CFR 208.20) and with 
safe and sound banking practices; and protect the bank from becoming a 
vehicle for or a victim of illegal activities perpetrated by its 
customers. In general, the ``Know Your Customer'' rules apply to all 
state member banks, however, the rules do not apply to credit card 
banks, bankers' banks, or banks that operate solely to service the 
activities of their affiliates.
    (2) Definitions. For the purposes of this paragraph (d):
    (i) Bank means a state member bank.
    (ii) Customer means:
    (A) Any person or entity who has an account involving the receipt 
or disbursal of funds with a bank; and
    (B) Any person or entity on behalf of whom such an account is 
maintained.
    (3) Establishment of Know Your Customer program. By April 1, 2000, 
each bank shall develop and provide for the continued administration of 
a Know Your Customer program. The Know Your Customer program shall be 
reduced to writing and approved by the board of directors (or a 
committee thereof) with the approval recorded in the official minutes 
of the board.
    (4) Contents of Know Your Customer program. The Know Your Customer 
program may vary in complexity and scope depending on different 
categories or classes of customers established by the bank and the 
potential risk of illicit activities associated with those customers' 
accounts and transactions. Components of the program should include the 
following:
    (i) Appropriate documentation requirements and due diligence 
procedures established by the bank to comply with this paragraph (d); 
and
    (ii) A system for:
    (A) Determining the identity of the bank's new customers and if the 
bank has reasonable cause to believe that it lacks adequate information 
to know the identity of existing customers, determining the identity of 
those existing customers;
    (B) Determining the customer's sources of funds for transactions 
involving the bank;
    (C) Determining the particular customer's normal and expected 
transactions involving the bank;
    (D) Monitoring customer transactions and identifying transactions 
that are inconsistent with normal and expected transactions for that 
particular customer or for customers in the same or similar categories 
or classes, as established by the bank; and
    (E) Determining if a transaction is suspicious, in accordance with 
the Board's suspicious activity reporting regulations and reporting 
accordingly.
    (5) Compliance with Know Your Customer program. The bank shall 
comply with its Know Your Customer program. To ensure compliance, the 
bank shall:
    (i) Provide for and document a system of internal controls;
    (ii) Provide for and document independent testing for compliance to 
be conducted by bank personnel or by an outside party on a regular 
basis;
    (iii) Designate an individual or individuals responsible for 
coordinating and monitoring day-to-day compliance; and
    (iv) Provide for and document training to all appropriate 
personnel, on at least an annual basis, of the content and required 
procedures of the Know Your Customer program.
    (6) Availability of documentation. For all accounts opened or 
maintained in the United States, each bank must

[[Page 67524]]

ensure that all information and documentation sufficient to comply with 
the requirements of this paragraph (d) are available for examination 
and inspection, at a location specified by a Board or Reserve Bank 
representative, within 48 hours of a Board or Reserve Bank 
representative's request for such information and documentation. In 
instances where the information and documentation is maintained at a 
location other than where the customer's account is maintained or the 
financial services are rendered, the bank must include, as part of its 
Know Your Customer program, specific procedures designed to ensure that 
the information and documentation is reviewed on an ongoing basis by 
appropriate bank personnel in order to comply with this paragraph (d).

PART 211--INTERNATIONAL BANKING OPERATIONS (REGULATION K)

    1. The authority citation for 12 CFR part 211 continues to read as 
follows:

    Authority: 12 U.S.C. 221 et seq., 1818, 1835a, 1841 et seq., 
3101 et seq., 3901 et seq.

    2. A new Sec. 211.9 would be added to read as follows:


Sec. 211.9  Procedures for monitoring Bank Secrecy Act compliance.

    (a) Each Edge corporation or any branch or subsidiary thereof, 
Agreement corporation or branch or subsidiary thereof, shall, by April 
1, 2000, in accordance with the provisions of Sec. 208.63 of the 
Board's Regulation H, 12 CFR 208.63, develop and provide for the 
continued administration of:
    (1) A program reasonably designed to ensure and monitor compliance 
with the provisions of subchapter II of chapter 53 of title 31, United 
States Code, the Bank Secrecy Act, and the implementing regulations 
promulgated thereunder by the Department of the Treasury at 31 CFR part 
103; and
    (2) A ``Know Your Customer'' program reasonably designed to 
identify customers of the Edge or Agreement corporation or subsidiary 
thereof, including customers' normal and expected transactions at or 
through the institution.
    3. Section 211.24 is amended as follows:
    a. Paragraph (f) is redesignated as paragraph (f)(1); and
    b. A new paragraph (f)(2) is added.
    The addition would read as follows:


Sec. 211.24  Approval of officers of foreign banks; procedures for 
applications; standards for approval; representative-office activities 
and standards for approval; preservation of existing authority; reports 
of crimes and suspected crimes; government securities sales practices.

* * * * *
    (f) Reports of crimes and suspected crimes.--(1) * * *
    (2) Procedures for monitoring Bank Secrecy Act compliance. Each 
branch and agency of a foreign bank (except a federal branch or a 
federal agency or a state branch that is insured by the Federal Deposit 
Insurance Corporation) in the United States shall, by April 1, 2000, in 
accordance with the provisions of Sec. 208.63 of the Board's Regulation 
H, 12 CFR 208.63, develop and provide for the continued administration 
of:
    (i) A program reasonably designed to ensure and monitor compliance 
with the provisions of subchapter II of chapter 53 of title 31, United 
States Code, the Bank Secrecy Act, and the implementing regulations 
promulgated thereunder by the Department of the Treasury at 31 CFR part 
103; and
    (ii) A ``Know Your Customer'' program reasonably designed to 
identify customers of the branch or agency, including customers' normal 
and expected transactions at or through the institution.

PART 225--BANK HOLDING COMPANIES AND CHANGE IN BANK CONTROL 
(REGULATION Y)

    1. The authority citation for 12 CFR part 225 continues to read as 
follows:

    Authority: 12 U.S.C. 1817(j)(13), 1818, 1828(o), 1831i, 1831p-1, 
1843(c)(8), 1844(b), 1972(l), 3106, 3108, 3310, 3331-3351, 3907, and 
3909.

    2. Section 225.4 is amended by adding a new paragraph (g) to read 
as follows:


Sec. 225.4   Corporate practices.

* * * * *
    (g) Procedures for Monitoring Bank Secrecy Act Compliance.--(1) By 
April 1, 2000, each company described in paragraph (g)(2) of this 
section, shall, in accordance with the provisions of Sec. 208.63 of the 
Board's Regulation H, 12 CFR 208.63, develop and provide for the 
continued administration of:
    (i) A program reasonably designed to ensure and monitor compliance 
with the provisions of subchapter II of chapter 53 of title 31, United 
States Code, the Bank Secrecy Act, and the implementing regulations 
promulgated thereunder by the Department of the Treasury at 31 CFR part 
103; and
    (ii) A ``Know Your Customer'' program reasonably designed to 
identify customers of the company, subsidiary, or foreign bank 
including customers' normal and expected transactions at or through the 
institution.
    (2) Paragraph (g)(1) of this section shall apply to each company 
that:
    (i)(A) Is a bank holding company or a nonbank subsidiary thereof; 
or
    (B) Is a nonbank company operating in the United States that is a 
subsidiary of a foreign bank that is a bank holding company or that is 
subject to the BHC Act by virtue of section 8(a) of the International 
Banking Act (12 U.S.C. 3106(a)); and
    (ii) Holds accounts involving the receipt or disbursal of funds for 
persons other than affiliates.

    By order of the Board of Governors of the Federal Reserve 
System, December 1, 1998.
Jennifer J. Johnson,
Secretary of the Board.
[FR Doc. 98-32332 Filed 12-4-98; 8:45 am]
BILLING CODE 6210-01-P