[Federal Register Volume 63, Number 234 (Monday, December 7, 1998)]
[Proposed Rules]
[Pages 67536-67542]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-32335]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of Thrift Supervision

12 CFR Part 563

[No. 98-114]
RIN 1550-AB15


Know Your Customer

AGENCY: Office of Thrift Supervision, Treasury.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Office of Thrift Supervision (OTS) is proposing to issue a 
regulation requiring savings associations to develop and maintain Know 
Your Customer programs to deter and detect financial crimes. The Board 
of Governors of the Federal Reserve System, the Federal Deposit 
Insurance Corporation, and the Office of the Comptroller of the 
Currency are proposing substantially similar rules in separately 
published notices. The proposed regulation would reduce the likelihood 
that savings associations will become unwitting participants in any 
customer's illicit activities by requiring savings associations to 
determine the true identities and legitimate activities of their 
customers. The proposal would require each savings association to 
determine the identity of its customers, to determine normal and 
expected transactions for its customers, to determine its customers' 
sources of funds, to identify transactions that are not normal or 
expected transactions for the customer, and to report suspicious 
transactions under existing suspicious activity reporting requirements. 
The proposal's flexible approach would allow each savings association 
to design a Know Your Customer program suitable for its own 
circumstances.

DATES: Comments must be received by March 8, 1999.

ADDRESSES: Send comments to Manager, Dissemination Branch, Information 
Management and Services Division, Office of Thrift Supervision, 1700 G 
Street, NW., Washington, DC 20552, Attention Docket No. 98-114. Hand 
deliver comments to Public Reference Room, 1700 G Street, NW., lower 
level, from 9:00 A.M. to 5:00 P.M. on business days. Send facsimile 
transmissions to FAX Number (202) 906-7755 or (202) 906-6956 (if the 
comment is over 25 pages). Send e-mails to [email protected] 
and include your name and telephone number. Interested persons may 
inspect comments at 1700 G Street, NW., from 9:00 A.M. until 4:00 P.M. 
on business days.

FOR FURTHER INFORMATION CONTACT: Larry A. Clark, Senior Manager, 
Compliance and Trust Programs, Compliance Policy, (202) 906-5628, Gary 
C. Jackson, Analyst, Compliance Policy, (202) 906-5653, Christine 
Harrington, Counsel (Banking and Finance), (202) 906-7957, or Karen 
Osterloh, Assistant Chief Counsel, (202) 906-6639, Office of Thrift 
Supervision, 1700 G Street, NW., Washington, DC 20552.

SUPPLEMENTARY INFORMATION:

I. Background

    The financial sector's integrity depends on depository 
institutions' ability to attract and retain legitimate funds from law 
abiding customers. Depository institutions' ability to do so rests on 
the quality and the reliability of their services and on their sound 
reputation within the financial sector. Illicit financial activities, 
such as money laundering and fraud, pose a serious threat to financial 
institutions' integrity. Illicit funds transactions can damage the 
reputations of the involved financial institution, may subject the 
institution to criminal liability,1 and may ultimately 
damage the reputation of the entire financial sector. While it is 
impossible to identify every transaction that is illegal or that 
assists criminals in moving illegally derived funds, financial 
institutions must take every reasonable step to detect such activity. 
When institutions identify their customers and determine what 
transactions are normal and expected for these customers, they are able 
to monitor transactions to identify unusual or suspicious transactions. 
By identifying and reporting unusual or suspicious transactions, 
financial institutions protect their integrity and assist the Federal 
banking agencies and law enforcement authorities in thwarting illicit 
activities.
---------------------------------------------------------------------------

    \1\ See 18 U.S.C. 1956 and 1957.
---------------------------------------------------------------------------

    The proposed regulation would implement 12 U.S.C. 1818(s). This 
statute requires the Federal banking agencies to prescribe regulations 
requiring depository institutions to establish and maintain procedures 
reasonably designed to ensure and monitor compliance with the Currency 
and Foreign Transaction Reporting Act (31 U.S.C. 5311 et seq.) 
Effective Know Your Customer programs should facilitate compliance with 
the Currency and Foreign Transaction Reporting Act and the regulations 
issued thereunder (31 CFR 103.11 et seq.) (collectively referred to as 
the Bank Secrecy Act).
    Accordingly, OTS is proposing to issue rules requiring savings 
associations to develop and maintain Know Your Customer programs to 
detect and deter financial crimes. The Federal Reserve Board, the 
Office of the Comptroller of the Currency, and the Federal Deposit 
Insurance Corporation are also proposing similar Know Your Customer 
regulations. OTS believes that similar rules applicable to different 
types of financial institutions will prevent competitive disparities 
between industries. OTS's proposal uses the plain language drafting 
techniques described in President Clinton's Memorandum on Plain 
Language in Government Writing (June 1, 1998), Vice President Gore's 
Memorandum Implementing the Presidential

[[Page 67537]]

Memorandum on Plain Language (July 20, 1998), and the Federal Register 
Document Drafting Handbook.
    The Federal banking agencies' position regarding the importance of 
a Know Your Customer program is consistent with that of other 
countries, as evidenced by the pronouncements of several international 
organizations.2 Numerous countries have supported Know Your 
Customer programs and mandatory suspicious transaction reporting as the 
best means of protecting the financial sector. Criminal elements tend 
to gravitate towards financial institutions that operate within poorly 
regulated and poorly supervised jurisdictions. Know Your Customer 
programs work to stifle transactions involving illegally derived funds.
---------------------------------------------------------------------------

    \2\ See the Basle Committee on Banking Regulations and 
Supervisory Practices' December 1988 ``Statement on the Prevention 
of Criminal Use of the Banking System for the Purpose of Money 
Laundering,'' as well as the Committee's April 1997 ``Core 
Principles for Effective Banking Supervision;'' the 1988 United 
Nations Vienna Convention Against Illicit Traffic in Narcotic Drugs 
and Psychotropic Substances; the 1990 Council of Europe Convention; 
and the Financial Action Task Force Forty Recommendations, issued in 
1989 and amended in 1996.
---------------------------------------------------------------------------

    OTS recognizes that the proposed Know Your Customer requirements 
would impose additional burdens on some institutions. Consequently, OTS 
has proposed only the minimal requirements necessary to ensure that 
savings associations have adequate programs. Moreover, the proposed 
regulation is designed to be flexible so that savings associations can 
create Know Your Customer programs appropriate for their circumstances. 
In addition, the Federal banking agencies intend to publish 
interpretive guidance on Know Your Customer issuesat the same time as 
the regulations become final. This guidance, coupled with a flexible 
regulation, will aid savings associations in complying with the 
regulations.

Section-by-Section Analysis

    OTS proposes to add a new regulation at 12 CFR 563.178 that would 
require every savings association to develop and implement a Know Your 
Customer program. The proposed rule describes the basic requirements of 
a Know Your Customer program, but does not set forth specific mandates 
in a checklist style. Rather, the proposal would give each savings 
association the flexibility to design a Know Your Customer program that 
is appropriate for its size, the nature and complexity of its 
operations, and its risk of illicit activity. The proposed rule is 
summarized below.

Section 563.178(a)  Who Must Establish a Know Your Customer Program?

    Proposed paragraph (a) would require each savings association to 
establish and comply with a written Know Your Customer program. The 
savings association's board of directors or a committee of the board 
would be required to approve the program and record the approval in the 
official board minutes. These requirements would ensure that the same 
standards are applied throughout the savings association and would 
inform auditors and examiners of the program's requirements.
    OTS intends to allow savings associations a sufficient time after 
publication of a final rule to establish Know Your Customer programs. 
OTS proposes to make the final Know Your Customer rule effective on 
April 1, 2000. In this way, savings associations will have a sufficient 
period to establish and implement their Know Your Customer programs.

Section 563.178(b)  Why Must I Establish a Know Your Customer Program?

    Paragraph (b) of the proposed rule would explain why a savings 
association must establish a Know Your Customer program. Such programs 
serve several purposes: protecting the savings association's 
reputation; facilitating its compliance with the Bank Secrecy Act, the 
OTS's suspicious activity reporting regulations, and safe and sound 
practices; and protecting the savings association from becoming a 
vehicle for, or a victim of, illegal activities by its customers.

Section 563.178(c)  Who Is My Customer?

    The proposed rule defines ``customer'' to include any person or 
entity who has an account with a savings association that involves the 
receipt or disbursal of funds, and any person or entity on behalf of 
whom an account is maintained. The term includes direct and indirect 
beneficiaries of the account when the activity in the account involves 
the receipt or disbursal of funds. A ``customer'' would include an 
accountholder, a beneficial owner of an account, or a borrower. A 
``customer'' could include the beneficiary of a trust, an investment 
fund, a pension fund or a company whose assets are managed by an asset 
manager; a controlling shareholder of a closely held corporation; or 
the grantor of a trust established in an off-shore jurisdiction. The 
term ``customer'' does not include recipients of services for which the 
receipt or disbursal of customer funds is incidental, such as rental of 
safe deposit boxes.
    The proposed definition would include both existing and new 
customers. The effectiveness of a Know Your Customer program would be 
greatly reduced if all customer accounts in existence prior to the 
effective date of the regulations were excluded from its scope. 
However, the OTS does not believe that it is practicable for a savings 
association to conduct a large-scale information request from all its 
existing customers. Rather, a savings association could comply with the 
proposed regulation by determining its current customers' normal and 
expected transactions using available account data, and monitoring 
their transactions for suspicious activities. However, if existing 
customers and their transactions present unusual risk of illegal 
activity (for instance, transactions involving private banking 
customers), it may be necessary to fulfill all of the requirements of 
this regulation as if they were new customers.

Section 563.178(d)  What Transactions Are Covered Under This Section?

    The regulation would define ``transaction'' to include any 
transaction by a customer that is conducted at a savings association's 
facilities or that involves the savings association, regardless of 
where the transaction is conducted.

Section 563.178(e)  What Must My Know Your Customer Program Contain?

    Proposed paragraph (e) sets forth the basic requirements for Know 
Your Customer programs. Savings associations vary considerably in how 
they conduct their day-to-day business. OTS believes that requiring 
each savings association to follow a standard checklist would be of 
little value. Accordingly, the proposed regulation would allow each 
savings association to develop an individualized Know Your Customer 
program. Such individualized programs would more appropriately reflect 
the size and complexity of the savings association, the types of 
customers it serves, the nature and extent of its customers' 
activities, and its risks of illicit activity. In particular, proposed 
paragraph (e) would allow a savings association to develop ``customer 
profiles'' for classifying customers into risk-based categories to 
determine the information and monitoring that is appropriate for those 
customers and to determine when customers' transactions may be 
suspicious.

[[Page 67538]]

    While the proposed regulation would provide savings associations 
with substantial flexibility to devise individualized Know Your 
Customer programs, all Know Your Customer programs must contain certain 
critical features. First, proposed Sec. 563.178(e)(1) would require 
each savings association to determine the identities of its prospective 
customers. For existing customers, a savings association also would be 
required to determine their identity if it has reason to believe that 
it lacks adequate information to know their identity.
    Each savings association would need to establish, to its own 
satisfaction, that it is dealing with a legitimate person or entity, 
and must verify its customer's identity. The nature and extent of the 
identification process should be commensurate with the anticipated 
transactions and the risks of illegal activity associated with such 
transactions.
    If a prospective customer refuses to provide any requested 
information, sound practices would require that the savings association 
not establish the customer relationship. Similarly, if an established 
customer refuses to provide requested information, sound practices 
would require the savings association to consider terminating the 
relationship.
    The best documents for verifying the identity of a prospective 
customer are the ones that are the most difficult to obtain illicitly 
and the most difficult to counterfeit. Because no single form of 
identification can be guaranteed to be genuine, a savings association 
should use a cumulative identification process and should obtain enough 
information and documentation to ensure that it has properly identified 
its customer. In addition to the customer's name, key identifying 
information may include the customer's address, place of business, and 
telephone number. A savings association may find it appropriate to 
verify addresses by physically observing the locations, and to verify 
telephone numbers by calling the numbers. Extra steps may be 
appropriate for customers outside a savings association's normal 
service area.
    If a customer is a natural person, acceptable forms of 
identification would include a document with a photograph, a 
description of the person, the person's signature, and an easily 
recognizable identification issued by a government entity. While not an 
exhaustive list, examples of acceptable identification issued by a 
government entity include a driver's license or an identification card 
with a photograph issued by the State where the savings association is 
located, or a United States passport or alien registration card. Other 
forms of identification, while not sufficient without corroboration, 
can serve as helpful cumulative information. Examples of such 
information include an employer or student identification card, an out-
of-State driver's license, a credit card, or a customer's current home 
utility bills.
    For corporate or business customers, a savings association should 
verify that the corporation or business entity exists and engages in 
its stated business. A savings association should obtain evidence of a 
business's legal status, such as an incorporation document, a 
partnership agreement, association documents, or a business license. In 
some instances, it may also be appropriate to obtain information on the 
business's controlling owners. Additionally, a savings association 
should obtain a business customer's financial statements, a description 
of the business, and a description of its primary areas of trade. To 
verify information, a savings association may also obtain information 
related to a business's customers and suppliers.
    At a minimum, for both natural persons and corporate or business 
customers, the savings association's records should indicate the type 
of identification obtained. If no legal impediment exists, the savings 
association should duplicate and maintain a copy of the documentation.
    Establishing a customer relationship without face to face contact 
(e.g., by mail, Internet, or other electronic operations) poses 
difficulties in identifying customers. Even though photographic 
identification may be impractical, other acceptable means of 
identifying the customer are available. In such circumstances, a 
savings association should carefully verify a customer's address and 
telephone number. The savings association may use other commercially 
available data, such as credit reports and traditional information 
sources, to compare items such as a customer's name with his or her 
date of birth and social security number.
    Introductions or referrals of prospective customers by established 
customers can provide extremely valuable background information about a 
prospective customer. The savings association should, of course, 
document details regarding the introduction or referral to assist in 
verifying the prospective customer's identity. Introductions and 
referrals cannot, however, take the place of the identification 
required under the proposed regulation.
    Private banking accounts pose unique risks because customers may 
use them to protect or conceal their identities by using such account 
vehicles as personal investment companies, trusts, personal mutual 
investment funds, or a financial advisor's account. However, OTS and 
other Federal banking agencies believe that properly identifying 
private banking customers is necessary to depository institutions' safe 
and sound operation. Procedures for identifying private banking 
customers should be no different than the procedures for identifying 
other customers. A savings association can address private banking 
customers' confidentiality needs by developing special protections that 
limit access to information that could reveal the beneficial owners of 
these accounts.3
---------------------------------------------------------------------------

    \3\ For an in-depth discussion of private banking and sound 
practices associated with the administration of private banking 
activities, see the July 1997 Guidance on Sound Risk Management 
Practices Governing Private Banking Activities, prepared by the 
Federal Reserve Bank of New York and issued by the Federal Reserve 
Board. It is available on the Federal Reserve Board's public 
Internet website (www.federalreserve.gov/).
---------------------------------------------------------------------------

    A savings association must also identify beneficial owners of 
assets bought, sold or managed through the savings association. Such 
transactions often occur at the behest of intermediaries, such as asset 
managers. The ``customer'' in these situations would include the 
beneficiaries of the transactions, not just the intermediaries. The 
amount of information necessary to fulfill Know Your Customer 
obligations would depend on the risk of illicit activity. Risk depends 
on matters such as the type, duration, and size of the transactions 
that a customer will conduct. Savings associations should address the 
type and amount of information necessary as a part of their Know Your 
Customer programs.
    Where there is little risk of illegal activities by customers, 
savings associations would not be required to identify those indirect 
customers or monitor their transactions. For example, if the customer 
is a widely-held mutual fund or asset management fund whose shares are 
traded on a public exchange, there is little risk that the customer's 
shareholders would conduct illegal acts at the savings association. 
Similarly, if a savings association's customer is a regulated financial 
institution for whom the savings association is an intermediary in 
check clearing or funds transfer processing, there is little risk that 
the financial institution's customers would conduct illegal acts at the 
savings association. On the other hand, if the savings association's 
customer is a mutual fund established in an off-shore

[[Page 67539]]

jurisdiction that has a limited number of shareholders, the risk of 
illegal activity is higher. In that case, the savings association would 
be required to identify and monitor the customers of the mutual fund.
    In addition to identifying each customer as a part of the Know Your 
Customer program, proposed Sec. 563.178(e)(2) would require a savings 
association to identify its customer's sources of funds for 
transactions at the savings association. For purposes of determining 
and documenting the sources of funds, the amount of information 
necessary will depend on the type of customer. A savings association 
may categorize customers and obtain more or less information depending 
on the risks of illicit activities in the category. For example, many 
customers with demand deposit accounts obtain their funds from payroll 
deposits. Thus, a savings association may identify and document these 
customers' sources of funds relatively easily. On the other hand, a 
savings association would be required to obtain more documentation for 
customers with multiple deposits from a variety of sources. The 
proposed regulation would allow, and OTS would encourage, savings 
associations to categorize customers that share common characteristics 
in order to collect pertinent information with the least burden.
    Proposed Sec. 563.178(e)(3) would require a savings association to 
determine its customers' normal and expected transactions. This 
determination forms the basis for identifying transactions that are out 
of the ordinary, unexpected, and possibly suspicious. A savings 
association cannot completely determine a customer's normal and 
expected transactions when it first establishes a customer 
relationship. Accordingly, an effective Know Your Customer program 
should include procedures for periodically reviewing a savings 
association's original determination to determine whether the same 
transactions are still normal and expected.
    OTS encourages savings associations to design flexible Know Your 
Customer programs. This proposed rule would allow savings associations 
to determine normal and expected transactions for categories or classes 
of customers that share common characteristics. Associations may use 
this flexibility to focus their efforts on areas with the greatest risk 
of illicit activity. For example, customers with demand deposit 
accounts funded by payroll deposits will, most likely, use the accounts 
for depositing salaries and for ordinary living expenses. Such accounts 
would require little analysis. Conversely, business accounts or private 
banking customers' accounts may require more in-depth analysis of the 
customers' intended use of the accounts.
    Proposed Sec. 563.178(e)(4) would require a savings association to 
monitor customers' transactions to determine if transactions are normal 
and expected for individual customers or for categories or classes of 
customers. While monitoring is critical, a savings association would 
not be required to monitor every transaction of every customer. 
Similarly, OTS does not suggest that savings associations must purchase 
expensive, sophisticated computer hardware or software to comply with 
the proposed rule. Rather, OTS encourages each savings association to 
design an effective monitoring program that is appropriate for that 
institution and that corresponds to the risk of illegal activities by 
its customers. For example, a savings association may categorize, for 
monitoring purposes, by account type, transaction type, account size, 
or number and size of transactions in accounts. A savings association 
may choose to monitor only those transactions that meet established 
parameters, such as dollar size, frequency, or source of funds, for a 
particular category of account. Whatever the method, savings 
associations should focus their monitoring on areas with the greatest 
risk of illegal activity. The Federal banking agencies are working on 
interpretive guidance to help institutions in this area. OTS will give 
deference to a savings association's monitoring program.
    For some categories or classes of accounts, a savings association 
may have to monitor each transaction. For example, a savings 
association should understand the nature of and monitor each 
significant private banking transaction. Because one of the goals of 
private banking is to offer highly individualized service through the 
use of relationship managers, OTS does not believe that the burden of 
monitoring each transaction of private banking customers is 
significant.
    In many instances, savings associations already monitor their 
customers' transactions. For example, savings associations monitor 
transactions in order to comply with suspicious activity reporting 
requirements. Similarly, savings associations monitor for large cash 
transactions, check kiting and attempted withdrawals from accounts with 
insufficient funds or from closed accounts. Savings associations' 
experience in monitoring these transactions should ease the impact of 
Know Your Customer monitoring requirements.
    Proposed Sec. 563.178(e)(4) would require savings associations to 
identify customer transactions that are not normal and expected. Under 
this proposed rule, a savings association would not be required to 
detect every abnormal or unexpected transaction. Rather, a savings 
association would be required to identify those monitored transactions 
that were not consistent with its determination of what is normal and 
expected for a particular customer.
    Under proposed Sec. 563.178(e)(5), the savings association would be 
required to determine whether each identified transaction is unusual or 
suspicious. If the transaction is suspicious, the association would be 
required to report the transaction under OTS's existing suspicious 
activities reporting requirements at 12 CFR 563.180. The proposed Know 
Your Customer regulation would impose no additional reporting 
requirements.

Section 563.178(f)  How Do I Ensure Compliance With My Know Your 
Customer Program?

    Under proposed Sec. 563.178(f), a savings association must follow 
its Know Your Customer program. To do so, a savings association would 
have to establish internal controls to ensure ongoing compliance. In 
addition, the savings association would be required to use either 
outside parties or independent employees to test its compliance. The 
proposed rule would also require each savings association to designate 
at least one individual to be responsible for coordinating and 
monitoring day-to-day compliance. Finally, a savings association would 
be required to train the appropriate personnel in the Know Your 
Customer program at least annually.
    These requirements are very similar to OTS's procedures for 
monitoring Bank Secrecy Act compliance.4 Savings 
associations are familiar with, and regularly use, the Bank Secrecy Act 
procedures. Where appropriate, a savings association may charge its 
Bank Secrecy Act compliance officer with the responsibility for its 
Know Your Customer program. This should ease the burdens associated 
with complying with the new Know Your Customer regulation.
---------------------------------------------------------------------------

    \4\ 12 CFR 563.177(c) (1998).

---------------------------------------------------------------------------

[[Page 67540]]

Section 563.178(g)  How Do I Document My Compliance With My Know Your 
Customer Program?

    Proposed section 563.178(g) would require a savings association to 
maintain information and documents demonstrating that it has complied 
with all of the requirements of the Know Your Customer regulation, 
including the internal control, independent testing, and training 
requirements listed under the compliance requirements. The proposed 
rule would further require a savings association to make all Know Your 
Customer documents available to OTS within 48 hours of a request, 
unless OTS specifies a different time period.
    In addition, if a savings association maintains information or 
documents at a location other than where it maintains a customer's 
account or where it renders financial services, it must also establish 
and follow procedures designed to ensure that its employees review, on 
an ongoing basis, information and documents to ensure that it has 
complied with the Know Your Customer requirements.

Comments Sought

    OTS specifically seeks comments on the following questions:
    1. Is the proposed definition of ``customer'' sufficient to include 
all persons who benefit from an account opened at a savings 
association, such as persons who establish off-shore shell companies, 
or entities that otherwise conduct their business through 
intermediaries?
    2. Is the proposed definition of ``customer'' too broad, 
unnecessarily reaching persons who pose a minimal risk of illicit 
activities at savings associations?
    3. Should ``customer'' include savings associations' counterparties 
in wholesale financial transactions? Should ``customer'' include 
correspondent banking relationships? Would a different standard be more 
appropriate for those transactions or relationships?
    4. Would the benefits of implementing Know Your Customer 
requirements outweigh the costs involved? Are there alternatives that 
would better balance these costs and benefits?
    5. Would the proposed regulation place savings associations at a 
competitive disadvantage with respect to other financial entities 
offering similar services that are not subject to similar requirements? 
Please cite specific examples.
    6. Would the added compliance benefits of this proposal outweigh 
the actual or perceived invasion of personal privacy interests?
    7. Should OTS waive Know Your Customer requirements for accounts 
below a minimum size threshold? If so, where should OTS set the 
threshold?

Executive Order 12866

    The Director of OTS has determined that this proposed rule does not 
constitute a ``significant regulatory action'' for the purposes of 
Executive Order 12866.

Regulatory Flexibility Act

    Under the Regulatory Flexibility Act, OTS must either provide an 
Initial Regulatory Flexibility Analysis (IRFA) with this proposed rule, 
or certify that the proposed rule would not have a significant economic 
impact on a substantial number of small entities. This proposed rule is 
designed to be flexible so that each savings association could design a 
Know Your Customer program appropriate for its circumstances. While 
advantageous to savings associations, this flexibility makes it 
difficult to predict the economic impact of the proposed rule. OTS 
cannot, at this time, determine whether the proposed rule would have a 
significant economic impact on a substantial number of small 
institutions. OTS, therefore, includes this IRFA.

A. Reasons for and Objectives of the Proposed Rule

    The proposed Know Your Customer rule is designed to deter and 
detect financial crimes, such as money laundering, tax evasion, and 
fraud. Financial crimes conducted at or through savings associations, 
even where savings associations are not parties to the transactions, 
can damage the reputations of the institutions involved, and possibly 
of the entire thrift industry. Under current law, savings associations 
are required to report suspicious activities to law enforcement 
authorities, but are not required to specifically search for suspicious 
activities. As a result, suspicious activities may go unreported, and 
illegal activity may go undetected. Know Your Customer programs would 
better enable savings associations to alert law enforcement authorities 
to potential criminal conduct and help deter criminal conduct in the 
thrift industry.
    OTS has two primary objectives for this proposed rulemaking: (1) 
increasing savings associations' detection and reporting of suspicious 
customer activities; and (2) deterring financial crimes at savings 
associations.
    The proposed rule would apply to large and small savings 
associations. Small savings associations are generally defined, for 
Regulatory Flexibility Act purposes, as those with assets under $100 
million.5 This proposed rule would apply to approximately 
600 small savings associations.
---------------------------------------------------------------------------

    \5\ 13 CFR 121.201, Division H (1998).
---------------------------------------------------------------------------

B. Requirements of the Proposed Rule

    The proposed rule would require savings associations to identify 
their customers, determine their customers' normal and expected 
transactions, determine their customers' sources of funds, monitor 
transactions to find those that are not normal and expected, and, for 
transactions that are not normal and expected, identify which are 
suspicious. Savings associations are required to report any suspicious 
transactions under current law, and this proposed rule would have no 
additional reporting requirements.
    The impact of the proposed regulation on an institution's 
resources, and the skills necessary to comply with it, will vary from 
one institution to another because the proposed regulation is designed 
to take into account each institution's size and resources. Because 
each institution would be able to design an individualized Know Your 
Customer program, it is difficult to specify the type of professional 
skills necessary for preparing any required records or reports. Large 
institutions may be more likely to use computerized Know Your Customer 
programs, and in that event would be more likely to need professional 
computer skills. Small institutions that choose to automate their Know 
Your Customer programs would need professional computer skills.
    Know Your Customer monitoring would be similar to monitoring that 
savings associations already do. For example, savings associations 
monitor customer transactions to ensure that cash transactions 
exceeding $10,000 are reported under the Bank Secrecy Act, to ensure 
that customers do not overdraw their accounts, and to ensure that loan 
payments are accurate and timely. Thus, Know Your Customer monitoring 
would rely, at least in part, on computer and other skills that savings 
association personnel already have and regularly use.

C. Significant Alternatives

1. No Know Your Customer Requirements
    OTS considered recommending rather than requiring Know Your 
Customer

[[Page 67541]]

procedures. OTS decided to propose this rulemaking, however, because of 
the risks that savings associations face from customers who attempt 
illegal activities. Illegal activities would harm an association's 
reputation and that of the entire thrift industry. Requiring Know Your 
Customer programs significantly reduces the likelihood that some 
savings associations would not establish or adhere to such programs. In 
addition, because other Federal banking agencies are proposing Know 
Your Customer rules, OTS believes that criminals would quickly move 
their illegal funds transfers into savings associations without Know 
Your Customer programs, thus increasing those savings associations' 
exposure to illegal activity.
    For these reasons, merely recommending Know Your Customer programs 
would interfere with OTS's goals of increasing savings associations' 
detection and reporting of suspicious customer activities, and 
deterring financial crimes at savings associations.
2. Exemption for Small Savings Associations
    OTS considered exempting small institutions from Know Your Customer 
requirements. However, this alternative has the disadvantage of 
possibly creating a haven for criminal activity. It is likely that 
criminals would concentrate their activity at those institutions not 
subject to any Know Your Customer requirements. An exemption for small 
savings associations would conflict with OTS's goals of increasing 
savings associations' detection and reporting of suspicious customer 
activities and deterring financial crimes at savings associations.
3. Flexible Know Your Customer Requirements
    OTS proposes requiring all savings associations to establish and 
follow Know Your Customer programs, but proposes allowing each 
institution to develop a program appropriate for its circumstances, 
including but not limited to its size and resources. This approach is 
preferable to the first two alternatives because it does not allow 
criminals to choose a savings association without Know Your Customer 
requirements to conduct illegal activities. A flexible alternative also 
avoids requirements beyond the means of small institutions. Small 
institutions could use simpler, less costly, and less burdensome 
programs than larger institutions.

D. Other Matters

    OTS has statutory authority to promulgate these proposed 
regulations.6 There are no federal rules that duplicate, 
overlap, or conflict with this proposed rule. The proposed rule 
complement OTS rules implementing the Bank Secrecy Act at 12 CFR 
563.178 and the suspicious activity reporting requirements at 12 CFR 
563.180.
---------------------------------------------------------------------------

    \6\ 12 U.S.C. 1464(a)(1), 1464(d)(6)(A), 1818(s)(1).
---------------------------------------------------------------------------

    OTS encourages comments on all aspects of this initial regulatory 
flexibility analysis, including comments on any significant economic 
impacts the proposed rule would have on small entities.

Unfunded Mandates Act of 1995

    Section 202 of the Unfunded Mandates Reform Act of 1995, Pub. L. 
104-4 (Unfunded Mandates Act), requires that an agency prepare a 
budgetary impact statement before promulgating a rule that includes a 
federal mandate that may result in expenditure by state, local, and 
tribal governments, in the aggregate, or by the private sector, of $100 
million or more in any one year. If a budgetary impact statement is 
required, section 205 of the Unfunded Mandates Act also requires an 
agency to identify and consider a reasonable number of regulatory 
alternatives before promulgating a rule. OTS has determined that the 
proposed rule will not result in expenditures by state, local, or 
tribal governments or by the private sector of $100 million or more. 
Accordingly, this rulemaking is not subject to section 202 of the 
Unfunded Mandates Act.

Paperwork Reduction Act

    OTS invites comment on:
    Whether the proposed information collection contained in this 
proposal is necessary for the proper performance of OTS's functions, 
including whether the information has practical utility;
    The accuracy of OTS's estimate of the burden of the proposed 
information collection;
    (1) Ways to enhance the quality, utility, and clarity of the 
information to be collected; Ways to minimize the burden of the 
information collection on respondents, including through the use of 
automated collection techniques or other forms of information 
technology; and
    Estimates of capital and start-up costs of operation, maintenance 
and purchases of services to provide information.
    Respondents/recordkeepers are not required to respond to this 
collection of information unless it displays a currently valid OMB 
control number.
    OTS has submitted the collection of information requirements 
contained in this proposal to the Office of Management and Budget for 
review in accordance with the Paperwork Reduction Act of 1995 (44 
U.S.C. 3507(d)). Send comments on the collections of information to the 
Office of Management and Budget, Paperwork Reduction Project (1550), 
Washington, D.C. 20503, with copies to the Regulations and Legislation 
Division (1550), Chief Counsel's Office, Office of Thrift Supervision, 
1700 G Street, N.W., Washington, D.C. 20552.
    The collection of information requirements in this proposed rule 
are found in 12 CFR 563.178. OTS requires this information for the 
proper supervision of savings associations' compliance with the Bank 
Secrecy Act. The likely respondents/recordkeepers are savings 
associations.
    Estimated average annual burden hours per respondent/recordkeeper: 
8.
    Estimated number of respondents: 1191.
    Estimated total annual reporting and recordkeeping burden: 9528.
    Start up costs to respondents: None.

List of Subjects in 12 CFR Part 563

    Accounting, Advertising, Crime, Currency, Investments, Reporting 
and recordkeeping requirements, Savings associations, Securities, 
Surety bonds.

    Accordingly, the Office of Thrift Supervision proposes to amend 
Title 12, Chapter V as set forth below:

PART 563--[AMENDED]

    1. The authority citation for part 563 is revised to read as 
follows:

    Authority: 12 U.S.C. 375b, 1462, 1462a, 1463, 1464, 1467a, 1468, 
1817, 1818, 1820, 1828, 1831p-1, 3806; 42 U.S.C. 4106.

    2. Section 563.178 is added to read as follows:


Sec. 563.178  Know your customer.

    (a) Who must establish a Know Your Customer program? Each savings 
association (``you'') must establish and comply with a written Know 
Your Customer program that describes your procedures for complying with 
this section. Your board of directors, or a committee of your board, 
must approve your Know Your Customer program and must record that 
approval in your official board minutes.
    (b) Why must I establish a Know Your Customer program? These 
procedures: protect your reputation; facilitate your compliance with 
the Bank Secrecy Act, the suspicious activity reporting

[[Page 67542]]

requirements of Sec. 563.180, and safe and sound practices; and protect 
you from becoming a vehicle for, or a victim of, your customers' 
illegal activities.
    (c) Who is my customer? Your customer is any person or entity who 
has an account with you involving the receipt or disbursal of funds, 
and any person or entity on behalf of whom such an account is 
maintained.
    (d) What transactions are covered under this section? A transaction 
is any transaction by a customer that is conducted at your facilities 
or that involves you, regardless of where the transaction is conducted.
    (e) What must my Know Your Customer program contain? Your Know Your 
Customer program may vary in scope and complexity according to 
categories or classes of customers that you establish, and the 
potential risk of illicit activities associated with your customers' 
accounts and transactions. Under your Know Your Customer program, you 
must do all of the following:
    (1) Determine your prospective customers' identities. You must also 
determine the identities of your existing customers if you have reason 
to believe that you lack adequate information to know the identities of 
those customers.
    (2) Identify the sources of funds for your customers' transactions. 
You may make this determination for a customer individually, or for 
categories or classes of customers that share common characteristics.
    (3) Determine the types of transactions that you expect your 
customers to normally conduct (``normal and expected transactions''). 
You may make this determination for a customer individually, or you may 
determine what types of transactions are normal and expected for 
categories or classes of customers that share common characteristics.
    (4) Monitor your customers' transactions and identify transactions 
that are not consistent with your customers' normal or expected 
transactions as determined under paragraph (e) (2) and (3) of this 
section. You may monitor transactions for each customer individually, 
or you may monitor transactions for categories or classes of customers 
that share common characteristics.
    (5) Determine whether transactions identified under paragraph 
(e)(4) of this section are unusual or suspicious. If any are 
suspicious, you must follow OTS's suspicious activity reporting 
regulations at 12 CFR 563.180.
    (f) How do I ensure compliance with my Know Your Customer program? 
To ensure compliance, you must do all of the following:
    (1) Establish internal controls to ensure your ongoing compliance.
    (2) Independently test your compliance. Your employees or outside 
parties may conduct the testing.
    (3) Designate an individual(s) responsible for coordinating and 
monitoring day-to-day compliance.
    (4) Train all appropriate personnel on your program at least 
annually.
    (g) How do I document my compliance with my Know Your Customer 
program? (1) You must maintain information and documents demonstrating 
that you have complied with all of the requirements of this section, 
including internal control, independent testing, and training 
requirements of paragraph (f) of this section.
    (2) You must provide all information and documents demonstrating 
your compliance with this section to OTS for examination and inspection 
within 48 hours of an OTS request, unless OTS specifies a different 
time period.
    (3) If you maintain information or documents at a location other 
than where you maintain a customer's account or where you render 
financial services, you must establish and follow procedures designed 
to ensure that your employees review, on an ongoing basis, information 
and documents to ensure that you comply with this section.

    Dated: November 9, 1998.

    By the Office of Thrift Supervision.
Ellen Seidman,
Director.
[FR Doc. 98-32335 Filed 12-4-98; 8:45 am]
BILLING CODE 6720-01-P