[Federal Register Volume 67, Number 141 (Tuesday, July 23, 2002)]
[Proposed Rules]
[Pages 48290-48299]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 02-18191]



[[Page 48289]]

-----------------------------------------------------------------------


Part III

Department of the Treasury



31 CFR Part 103



Office of the Comptroller of the Currency

12 CFR Part 21



Office of Thrift Supervision

12 CFR Part 563



-----------------------------------------------------------------------
Federal Reserve System

12 CFR Parts 208 and 211



-----------------------------------------------------------------------
Federal Deposit Insurance Corporation

12 CFR Part 326



-----------------------------------------------------------------------
National Credit Union Administration

12 CFR Part 748



-----------------------------------------------------------------------
Commodity Futures Trading Commission

17 CFR Part 1



Securities and Exchange Commission

17 CFR Part 240



Transactions and Customer Identification Programs; Proposed Rules

  Federal Register / Vol. 67, No. 141 / Tuesday, July 23, 2002 / 
Proposed Rules  

[[Page 48290]]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 21

[Docket No. 02-11]

FEDERAL RESERVE SYSTEM

12 CFR Parts 208 and 211

[Docket No. R-1127]

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Part 326

DEPARTMENT OF THE TREASURY

Office of Thrift Supervision

12 CFR Part 563

[No. 2002-27]

NATIONAL CREDIT UNION ADMINISTRATION

12 CFR Part 748

DEPARTMENT OF THE TREASURY

31 CFR Part 103

RIN 1506-AA31


Customer Identification Programs for Banks, Savings Associations, 
and Credit Unions

AGENCIES: The Financial Crimes Enforcement Network, Treasury; Office of 
the Comptroller of the Currency, Treasury; Board of Governors of the 
Federal Reserve System; Federal Deposit Insurance Corporation; Office 
of Thrift Supervision, Treasury; National Credit Union Administration.

ACTION: Joint notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Department of the Treasury, through the Financial Crimes 
Enforcement Network (FinCEN), together with the Office of the 
Comptroller of the Currency (OCC), the Board of Governors of the 
Federal Reserve System (Board), the Federal Deposit Insurance 
Corporation (FDIC), the Office of Thrift Supervision (OTS), and the 
National Credit Union Administration (NCUA) (collectively, the 
Agencies) are jointly issuing a proposed regulation to implement 
section 326 of the Uniting and Strengthening America by Providing 
Appropriate Tools Required to Intercept and Obstruct Terrorism (USA 
PATRIOT) Act of 2001 (the Act). Section 326 requires the Secretary of 
the Treasury (Secretary) to jointly prescribe with each of the 
Agencies, the Securities and Exchange Commission (SEC), and the 
Commodity Futures Trading Commission (CFTC), a regulation that, at a 
minimum, requires financial institutions to implement reasonable 
procedures to verify the identity of any person seeking to open an 
account, to the extent reasonable and practicable; maintain records of 
the information used to verify the person's identity; and determine 
whether the person appears on any lists of known or suspected 
terrorists or terrorist organizations provided to the financial 
institution by any government agency. The proposed regulation applies 
to banks, savings associations, and credit unions.

DATES: Written comments on the proposed rule may be submitted on or 
before September 6, 2002.

ADDRESSES: Because paper mail in the Washington area may be subject to 
delay, commenters are encouraged to e-mail or fax comments. Comments 
should be sent by one method only. Financial institution commenters are 
encouraged to submit comments only to their Federal functional 
regulator. Non-financial institution commenters are encouraged to 
submit comments only to FinCEN. All comments will be considered by 
Treasury and the Agencies in formulating the final rule.
    OCC: Please direct your comments to: Office of the Comptroller of 
the Currency, 250 E Street, SW., Public Information Room, Mailstop 1-5, 
Washington, DC 20219, Attention; Docket No. 02-11; FAX number (202) 
874-4448; or Internet address: [email protected]. Comments 
may be inspected and photocopied at the OCC's Public Reference Room, 
250 E Street, SW., Washington, DC. You can make an appointment to 
inspect comments by calling (202) 874-5043.
    Board: Comments should refer to Docket No. R-1127 and may be mailed 
to Secretary, Board of Governors of the Federal Reserve System, 20th 
Street and Constitution Avenue, NW., Washington, DC 20551; sent by FAX 
to (202) 452-3819 or (202) 452-3102; or sent by e-mail to 
[email protected]. Members of the public may inspect 
comments in Room MP-500 between 9 a.m. and 5 p.m. on weekdays pursuant 
to section 261.12 (except as provided in section 261.14) of the Board's 
Rules Regarding Availability of Information, 12 CFR 261.12 and 261.14.
    FDIC: Comments should be directed to: Executive Secretary, 
Attention: Comments/OES, Federal Deposit Insurance Corporation, 550 
17th Street, NW., Washington, DC 20429. Comments may be hand-delivered 
to the guard station at the rear of the 550 17th Street Building 
(located on F Street), on business days between 7 a.m. and 5 p.m. In 
addition, comments may be sent by fax to (202) 898-3838, or by 
electronic mail to [email protected]. Comments may be inspected and 
photocopied in the FDIC Public Information Center, Room 100, 801 17th 
Street, NW., Washington, DC, between 9 a.m. and 4:30 p.m., on business 
days.
    OTS: Comments may be mailed to Regulation Comments, Chief Counsel's 
Office, Office of Thrift Supervision, 1700 G Street, NW., Washington, 
DC 20552, Attention: No. 2002-27; FAX number (202) 906-6518, Attention: 
No. 2002-27; or Internet address [email protected], 
Attention: No. 2002-27 and include your name and telephone number. 
Comments may also be hand delivered to the Guard's Desk, East Lobby 
Entrance, 1700 G Street, NW., from 9 a.m. to 4 p.m. on business days, 
Attention: Regulation Comments, Chief Counsel's Office, No. 2002-27. 
OTS will post comments and the related index on the OTS Internet Site 
at www.ots.treas.gov. In addition, you may inspect comments at the 
Public Reading Room, 1700 G St. NW., by appointment. To make an 
appointment for access, you may call (202) 906-5922, send an e-mail to 
public.info@ots.treas.gov">public.info@ots.treas.gov, or send a facsimile transmission to (202) 
906-7755. (Please identify the materials you would like to inspect to 
assist us in serving you.) We schedule appointments on business days 
between 10 a.m. and 4 p.m. In most cases, appointments will be 
available the business day after the date we receive a request.
    NCUA: Direct comments to the Secretary of the Board. Mail or hand-
deliver comments to: National Credit Union Administration, 1775 Duke 
Street, Alexandria, Virginia 22314-3428. You may fax comments to (703) 
518-6319, or e-mail comments to [email protected]. To inspect 
comments, please contact the Office of General Counsel, (703) 518-6540; 
or the Office of Examination and Insurance, (703) 518-6360.
    FinCEN: Comments may be mailed to FinCEN, Section 326 Bank Rule 
Comments, P.O. Box 39, Vienna, VA 22183, or sent to Internet address 
[email protected] with the caption ``Attention: Section 326 
Bank Rule Comments'' in the body of the text. Comments may be inspected 
at FinCEN between 10 a.m. and 4 p.m. in the FinCEN Reading Room in 
Washington,

[[Page 48291]]

DC. Persons wishing to inspect the comments submitted must request an 
appointment by telephoning (202) 354-6400 (not a toll-free number).

FOR FURTHER INFORMATION CONTACT:
    OCC: Office of the Chief Counsel (202) 874-3295.
    Board: Enforcement and Special Investigations Sections: (202) 452-
5235; (202) 728-5829; or (202) 452-2961.
    FDIC: Special Activities Section, Division of Supervision, and 
Legal Division at (202) 898-3671.
    OTS: Office of the Chief Counsel, (202) 906-6012.
    NCUA: Office of General Counsel, (703) 518-6540; or Office of 
Examination and Insurance, (703) 518-6360.
    Treasury: Office of the Chief Counsel (FinCEN), (703) 905-3590; 
Office of the Assistant General Counsel for Enforcement (Treasury), 
(202) 622-1927; or the Office of the Assistant General Counsel for 
Banking & Finance (Treasury), (202) 622-0480.

SUPPLEMENTARY INFORMATION:

I. Background

A. Section 326 of the USA PATRIOT Act

    On October 26, 2001, President Bush signed into law the USA PATRIOT 
Act, Public Law 107-56. Title III of the Act, captioned ``International 
Money Laundering Abatement and Anti-terrorist Financing Act of 2001,'' 
adds several new provisions to the Bank Secrecy Act (BSA), 31 U.S.C. 
5311 et seq. These provisions are intended to facilitate the 
prevention, detection, and prosecution of international money 
laundering and the financing of terrorism.
    Section 326 of the Act adds a new subsection (l) to 31 U.S.C. 5318 
that requires the Secretary to prescribe regulations setting forth 
minimum standards for financial institutions that relate to the 
identification and verification of any person who applies to open an 
account.
    Section 326 applies to all ``financial institutions.'' This term is 
defined very broadly in the BSA to encompass a variety of entities 
including banks, agencies and branches of foreign banks in the United 
States, thrifts, credit unions, brokers and dealers in securities or 
commodities, insurance companies, travel agents, pawnbrokers, dealers 
in precious metals, check-cashers, casinos, and telegraph companies, 
among many others. See 31 U.S.C. 5312(a)(2).
    For any financial institution engaged in financial activities 
described in section 4(k) of the Bank Holding Company Act of 1956 
(section 4(k) institutions), the Secretary is required to prescribe the 
regulations issued under section 326 jointly with each of the Agencies, 
the SEC, and the CFTC (the Federal functional regulators). Final 
regulations implementing section 326 must be effective by October 25, 
2002.
    Section 326 of the Act provides that the regulations must contain 
certain requirements. At a minimum, the regulations must require 
financial institutions to implement reasonable procedures for (1) 
verifying the identity of any person seeking to open an account, to the 
extent reasonable and practicable; (2) maintaining records of the 
information used to verify the person's identity, including name, 
address, and other identifying information; and (3) determining whether 
the person appears on any lists of known or suspected terrorists or 
terrorist organizations provided to the financial institution by any 
government agency.
    In prescribing these regulations, the Secretary is directed to take 
into consideration the various types of accounts maintained by various 
types of financial institutions, the various methods of opening 
accounts, and the various types of identifying information available. 
The following proposal is being issued jointly by Treasury and the 
Agencies. It applies only to a financial institution that is a ``bank'' 
as defined in 31 CFR 103.11(c) that is subject to regulation by one of 
the Agencies,\1\ and any foreign branch of an insured bank. Regulations 
governing the applicability of section 326 to other financial 
institutions, including section 4(k) institutions regulated by the SEC 
and the CFTC, will be issued separately.
---------------------------------------------------------------------------

    \1\ Published elsewhere in this separate part of this issue of 
the Federal Register is a separate Treasury proposal implementing 
section 326 for banks that are not subject to regulation by a 
Federal functional regulator, including certain state-chartered 
uninsured trust companies and non-federally insured credit unions.
---------------------------------------------------------------------------

    Treasury, the Agencies, the SEC, and the CFTC consulted extensively 
in the development of all rules implementing section 326 of the Act. 
All of the participating agencies intend the effect of the rules to be 
uniform throughout the financial services industry.
    The Secretary has determined that the records required to be kept 
by section 326 of the Act have a high degree of usefulness in criminal, 
tax, or regulatory investigations or proceedings, or in the conduct of 
intelligence or counterintelligence activities, to protect against 
international terrorism.
    In addition, Treasury under its own authority is proposing 
conforming amendments to 31 CFR 103.34, which currently imposes 
requirements concerning the identification of bank customers.

B. Codification of the Joint Proposed Rule

    The substantive requirements of the joint proposed rule will be 
codified with other Bank Secrecy Act regulations as part of Treasury's 
regulations in 31 CFR part 103. To minimize potential confusion by 
affected entities regarding the scope of the joint proposed rule, each 
of the Agencies is also proposing to add a nonsubstantive provision in 
its own regulations in either 12 CFR part 21, 12 CFR parts 208 and 211, 
12 CFR part 326, 12 CFR part 563, or 12 CFR part 748, that will cross-
reference the regulations in 31 CFR part 103. Although no specific text 
is being proposed at this time, the cross-references will be included 
in individual final rules published concurrently with the joint final 
rule issued by Treasury and the Agencies implementing section 326 of 
the Act.

II. Section-by-Section Analysis

A. Regulations Implementing Section 326

Definitions
    Section 103.121(a)(1) Account. The proposed rule's definition of 
``account'' is based on the statutory definition of ``account'' that is 
used in section 311 of the Act. ``Account'' means each formal banking 
or business relationship established to provide ongoing services, 
dealings, or other financial transactions. For example, a deposit 
account, transaction or asset account, and a credit account or other 
extension of credit would each constitute an account.
    Section 311 of the Act does not require that this definition be 
used for regulations implementing section 326 of the Act. However, to 
the extent possible, Treasury and the Agencies propose to apply 
consistent definitions for each of the regulations implementing the Act 
to reduce confusion. ``Deposit accounts'' and ``transaction accounts,'' 
which as previously noted, are considered ``accounts'' for purposes of 
this rulemaking, are themselves defined terms. In addition, the term 
``account'' is limited to banking and business relationships 
established to provide ``ongoing'' services, dealings, or other 
financial transactions to make clear that this term is not intended to 
cover infrequent transactions such as the occasional purchase of a 
money order or a wire transfer.
    Section 103.121(a)(2) Bank. As discussed above, the proposal adopts 
the definition of ``bank'' already used in 31 CFR 103.11(c), which 
encompasses

[[Page 48292]]

virtually all of the financial institutions regulated by the Agencies, 
including banks, savings associations, and credit unions. Any branch, 
agency, or representative office of a foreign bank in the United 
States, as well as any Edge corporation, would be subject to this joint 
regulation under the existing definition of ``bank.''\2\ However, the 
definition is modified to include ``any foreign branch of an insured 
bank'' to make clear that the procedures required by this regulation 
must be implemented throughout the bank, no matter where its offices 
are located. These procedures also apply to bank subsidiaries to the 
same extent as existing BSA compliance program requirements. We note 
that securities broker-dealers, futures commission merchants, insurance 
companies, and investment companies will be subject to forthcoming 
rules implementing section 326, whether or not they are affiliated with 
a bank.
---------------------------------------------------------------------------

    \2\ Section 103.11(c) defines bank to include ``each agent, 
agency, branch, or office within the United States of any person 
doing business in one or more of the capacities listed below: * * *. 
(8) a bank organized under foreign law; (9) any national banking 
association or corporation acting under the provisions of section 
[25a] of the [Federal Reserve Act] (12 U.S.C. 611-32).''
---------------------------------------------------------------------------

    Section 103.121(a)(3) Customer. The proposed rule defines 
``customer'' to mean any person seeking to open a new account. 
Accordingly, the term ``customer'' includes a person applying to open 
an account, but would not cover a person seeking information about an 
account, such as rates charged or interest paid on an account, if the 
person does not actually open an account. ``Customer'' includes both 
individuals and other persons such as corporations, partnerships, and 
trusts. In addition, any person seeking to open an account at a bank, 
on or after the effective date of the final rule, will be a 
``customer,'' regardless of whether that person already has an account 
at the bank.
    The proposed rule also defines a ``customer'' to include any 
signatory on an account. Thus, for example, an individual with signing 
authority over a corporate account is a ``customer'' within the meaning 
of the proposed rule. A signatory can become a ``customer'' when the 
account is opened or when the signatory is added to an existing 
account.
    The requirements of section 326 of the Act apply to any person 
``seeking to open a new account.'' Accordingly, transfers of accounts 
from one bank to another, that are not initiated by the customer, for 
example, as a result of a merger, acquisition, or purchase of assets or 
assumption of liabilities, fall outside of the scope of section 326, 
and are not covered by the proposed regulation.\3\
---------------------------------------------------------------------------

    \3\ However, there may be situations involving the transfer of 
accounts where it would be appropriate for a bank to verify the 
identity of customers associated with the accounts that it is 
acquiring. Therefore, Treasury and the Agencies expect procedures 
for transfers of accounts to be part of a bank's existing BSA 
program.
---------------------------------------------------------------------------

    Section 103.121(a)(4) Federal functional regulator. The proposed 
rule defines ``Federal functional regulator'' by reference to 
Sec. 103.120(a)(2). Accordingly, this term means each of the Agencies 
(as well as the SEC and the CFTC)
    Section 103.121(a)(5) Person. The proposed rule defines ``person'' 
by reference to Sec. 103.11(z). This definition includes individuals, 
corporations, partnerships, trusts, estates, joint stock companies, 
associations, syndicates, joint ventures, other unincorporated 
organizations or groups, certain Indian Tribes, and all entities 
cognizable as legal personalities.
    Section 103.121(a)(6) U.S. Person. Under the proposed rule, for an 
individual, ``U.S. person'' means a U.S. citizen. For persons other 
than an individual, ``U.S. person'' means an entity established or 
organized under the laws of a State or the United States. A non-U.S. 
person is defined in Sec. 103.121(a)(7) as a person who does not 
satisfy these criteria.
    Section 103.121(a)(8) Taxpayer identification number. The proposed 
rule continues the provision in current Sec. 103.34(a)(4), which 
provides that the provisions of section 6109 of the Internal Revenue 
Code and the regulations of the Internal Revenue Service thereunder 
determine what constitutes a taxpayer identification number.
Customer Identification Program: Minimum Requirements
    Section 103.121(b)(1) General Rule. Section 326 of the Act requires 
Treasury and the Agencies to jointly issue a regulation that 
establishes minimum standards regarding the identity of any customer 
who applies to open an account. Section 326 then prescribes three 
procedures that Treasury and the Agencies must require institutions to 
implement as part of this process: (1) Identification and verification 
of persons seeking to open an account; (2) recordkeeping; and (3) 
comparison with government lists.
    Rather than imposing the same list of specific requirements on 
every bank, regardless of its circumstances, the proposed regulation 
requires all banks to implement a Customer Identification Program (CIP) 
that is appropriate given the bank's size, location, and type of 
business. The proposed regulation requires a bank's CIP to contain the 
statutorily prescribed procedures, describes these procedures, and 
details certain minimum elements that each of the procedures must 
contain.
    In addition, the proposed rule requires that the CIP be written and 
that it be approved by the bank's board of directors or a committee of 
the board. This latter requirement highlights the responsibility of a 
bank's board of directors to approve and exercise general oversight 
over the bank's CIP.
    Under the proposed regulation, the CIP must be incorporated into 
the bank's anti-money laundering (BSA) program.\4\ A bank's BSA program 
must include (1) internal policies, procedures, and controls to ensure 
ongoing compliance; (2) designation of a compliance officer; (3) an 
ongoing employee training program; and (4) an independent audit 
function to test programs. Each of these requirements also applies to a 
bank's CIP.
---------------------------------------------------------------------------

    \4\ All insured depository institutions currently must have a 
BSA program. See 12 CFR 21.21 (OCC), 12 CFR 208.63 (Board), 12 CFR 
326.8 (FDIC), 12 CFR 563.177 (OTS), and 12 CFR 748.2 (NCUA). In 
addition, all financial institutions are required by 31 U.S.C. 
5318(h) to develop and implement an anti-money laundering program.
---------------------------------------------------------------------------

    Unlike other sections of 31 CFR 103, the proposed regulation 
explicitly states that the CIP must be a part of a bank's BSA program. 
This language is included to make clear that the CIP is not a separate 
program. However, this statement should not be read to create any 
negative inference about a bank's need to establish and maintain a BSA 
program that is designed to ensure compliance with all other sections 
of 31 CFR 103.
    Section 103.121(b)(2) Identity Verification Procedures. Under 
section 326 of the Act, the regulations issued by Treasury and the 
Agencies must require banks to implement and comply with reasonable 
procedures for verifying the identity of any person seeking to open an 
account, to the extent reasonable and practicable. The proposed 
regulation implements this requirement by providing that each bank must 
have risk-based procedures for verifying the identity of a customer 
that take into consideration the types of accounts that banks maintain, 
the different methods of opening accounts, and the types of identifying 
information available. These procedures must enable the bank to form a 
reasonable belief that it knows the true identity of the customer.
    Under the proposed regulation, a bank must first have procedures 
that specify

[[Page 48293]]

the identifying information that the bank must obtain from any 
customer. The proposed regulation also sets forth certain, minimal 
identifying information that a bank must obtain prior to opening an 
account or adding a signatory to an account. Second, the bank must have 
procedures describing how the bank will verify the identifying 
information provided. The bank must have procedures that describe when 
it will use documents for this purpose and when it will use other 
methods, either in addition or as an alternative to using documents for 
the purpose of verifying the identity of a customer.
    While a bank's CIP must contain the identity verification 
procedures set forth above, these procedures are to be risk-based. For 
example, a bank need not verify the identifying information of an 
existing customer seeking to open a new account, or who becomes a 
signatory on an account, if the bank (1) previously verified the 
customer's identity in accordance with procedures consistent with this 
regulation, and (2) continues to have a reasonable belief that it knows 
the true identity of the customer. The proposal requires a bank to 
exercise reasonable efforts to ascertain the identity of each customer.
    Although the main purpose of the Act is to prevent and detect money 
laundering and the financing of terrorism, Treasury and the Agencies 
anticipate that the proposed regulation will ultimately benefit 
consumers. In addition to deterring money laundering and terrorist 
financing, requiring every bank to establish comprehensive procedures 
for verifying the identity of customers should reduce the growing 
incidence of fraud and identity theft involving new accounts.\5\
---------------------------------------------------------------------------

    \5\ Last year, over 86,000 complaints were logged into the 
Identity Theft Complaint database established by the Federal Trade 
Commission (FTC). Forms of identity theft commonly reported included 
(1) credit card fraud, where one or more new credit cards were 
opened in the victim's name; (2) bank fraud, where a new bank 
account was opened in the victim's name; and (3) fraudulent loans, 
where a loan had been obtained in the victim's name. See Statement 
of J. Howard Beales, Director, Bureau of Consumer Protection, FTC, 
to the Senate Committee on the Judiciary, Subcommittee on 
Technology, March 20, 2002.
---------------------------------------------------------------------------

    Section 103.121(b)(2)(i) Information Required. The proposed 
regulation provides that a bank's CIP must contain procedures that 
specify the identifying information the bank must obtain from a 
customer. At a minimum, a bank must obtain from each customer the 
following information prior to opening an account or adding a signatory 
to an account: name; address; for individuals, date of birth; and an 
identification number, described in greater detail below. To satisfy 
the requirement that a bank obtain the address of a customer, Treasury 
and the Agencies expect a bank to obtain both the address of an 
individual's residence and, if different, the individual's mailing 
address. For customers who are not individuals, the bank should obtain 
an address showing the customer's principal place of business and, if 
different, the customer's mailing address.
    For U.S. persons a bank must obtain a U.S. taxpayer identification 
number (e.g., social security number, individual taxpayer 
identification number, or employer identification number). For non-U.S. 
persons a bank must obtain one or more of the following: a taxpayer 
identification number; passport number and country of issuance; alien 
identification card number; or number and country of issuance of any 
other government-issued document evidencing nationality or residence 
and bearing a photograph or similar safeguard. The basic information 
that banks would be required to obtain under this proposed regulation 
reflects the type of information that financial institutions currently 
obtain in the account-opening process and is similar to the identifying 
information currently required for each deposit or share account opened 
(see 31 CFR 103.34(a)(1)). The proposed regulation uses the term 
``similar safeguard'' to permit the use of any biometric identifiers 
that may be used in addition to, or instead of, photographs.
    Treasury and the Agencies recognize that a new business may need 
access to banking services, particularly a bank account or an extension 
of credit, before it has received an employer identification number 
from the Internal Revenue Service. For this reason, the proposed 
regulation contains a limited exception to the requirement that a 
taxpayer identification number must be provided prior to establishing 
or adding a signatory to an account. Accordingly, a CIP may permit a 
bank to open or add a signatory to an account for a person other than 
an individual (such as a corporation, partnership, or trust) that has 
applied for, but has not received, an employer identification number. 
However, in such a case, the CIP must require that the bank obtain a 
copy of the application before it opens or adds a signatory to the 
account and obtain the employee identification number within a 
reasonable period of time after an account is established or a 
signatory is added to an account. Currently, the IRS indicates that the 
issuance of an employer identification number can take up to five 
weeks. This length of time, coupled with when the person applied for 
the employer identification number, should be considered by the bank in 
determining the reasonable period of time within which the person 
should provide its employer identification number to the bank.
    Section 103.121(b)(2)(ii) Verification. The proposed regulation 
provides that the CIP must contain risk-based procedures for verifying 
the information that the bank obtains in accordance with 
Sec. 103.121(b)(2)(i), within a reasonable period of time after the 
account is opened. Treasury and the Agencies considered proposing that 
a customer's identity be verified before an account is opened or within 
a specific time period after the account is opened. However, we 
recognize that such a position would be unduly burdensome for both 
banks and customers and therefore contrary to the plain language of the 
statute, which states that the procedures must be both reasonable and 
practicable. The amount of time it will take an institution to verify 
identity may depend upon the type of account opened, whether the 
customer is physically present when the account is opened, and the type 
of identifying information available. In addition, although an account 
may be opened, it is common practice among banks to place limits on the 
account, such as by restricting the number of transactions or the 
dollar value of transactions, until a customer's identity is verified. 
Therefore, the proposed regulation provides a bank with the flexibility 
to use a risk-based approach to determine how soon identity must be 
verified.\6\
---------------------------------------------------------------------------

    \6\ It is possible that a bank would, however, violate other 
laws by permitting a customer to transact business prior to 
verifying the customer's identity. See, e.g., 31 CFR 500, 
prohibiting transactions involving designated foreign countries or 
their nationals.
---------------------------------------------------------------------------

    Section103.121(b)(2)(ii)(A) Verification Through Documents. The CIP 
must contain procedures describing when the bank will verify identity 
through documents and setting forth the documents that the bank will 
use for this purpose. For individuals, these documents may include: 
unexpired government-issued identification evidencing nationality or 
residence and bearing a photograph or similar safeguard. For 
corporations, partnerships, trusts, and other persons that are not 
individuals, these may be documents showing the existence of the 
entity, such as registered articles of incorporation, a government-
issued business license, partnership agreement, or trust instrument.
    Section 103.121(b)(2)(ii)(B) Non-Documentary Verification. The 
proposed regulation provides that a

[[Page 48294]]

bank's CIP also must contain procedures describing non-documentary 
methods the bank will use to verify identity and when these methods 
will be used in addition to, or instead of, relying on documents. For 
example, the procedures must address situations where an individual is 
unable to present an unexpired government-issued identification 
document that bears a photograph or similar safeguard; the bank is not 
familiar with the documents presented; the account is opened without 
obtaining documents; the account is not opened in a face-to-face 
transaction; and the type of account increases the risk that the bank 
will not be able to verify the true identity of the customer through 
documents.
    Treasury and the Agencies believe that banks typically require 
documents to be presented when an account is opened face-to-face. 
Although customers usually satisfy these requirements by presenting 
government-issued identification documents bearing a photograph, such 
as a driver's license or passport, Treasury and the Agencies recognize 
that some customers legitimately may be unable to present those 
customary forms of identification when opening an account. For example, 
an elderly person may not have a valid driver's license or passport. 
Under these circumstances, Treasury and the Agencies expect that banks 
will provide products and services to those customers and verify their 
identities through other methods. Similarly, a bank may be unable to 
obtain original documents to verify a customer's identity when an 
account is opened by telephone, by mail, and over the Internet. Thus, 
when an account is opened for a customer who is not physically present, 
a bank will be permitted to use other methods of verification, to the 
extent set forth in the CIP.
    While other verification methods must be used when a bank cannot 
examine original documents, Treasury and the Agencies also recognize 
that original identification documents, including those issued by a 
government entity, may be obtained illegally and may be fraudulent. In 
light of the recent increase in identity fraud, banks are encouraged to 
use other verification methods, even when a customer has provided 
original documents.
    Obtaining sufficient information to verify a customer's identity 
can reduce the risk that a bank will be used as a conduit for money 
laundering and terrorist financing. The risk that the bank will not 
know the customer's true identity will be heightened for certain types 
of accounts, such as accounts opened in the name of a corporation, 
partnership, or trust that is created or conducts substantial business 
in jurisdictions that have been designated by the United States as a 
primary money laundering concern or have been designated as non-
cooperative by an international body. As a bank's identity verification 
procedures should be risk-based, they should identify types of accounts 
that pose a heightened risk, and prescribe additional measures to 
verify the identity of any person seeking to open an account and the 
signatory for such accounts.
    The proposed regulation gives examples of other non-documentary 
verification methods that a bank may use in the situations described 
above. These methods could include contacting a customer after the 
account is opened; obtaining a financial statement; comparing the 
identifying information provided by the customer against fraud and bad 
check databases to determine whether any of the information is 
associated with known incidents of fraudulent behavior (negative 
verification); comparing the identifying information with information 
available from a trusted third party source, such as a credit report 
from a consumer reporting agency (positive verification); and checking 
references with other financial institutions. The bank also may wish to 
analyze whether there is logical consistency between the identifying 
information provided, such as the customer's name, street address, ZIP 
code, telephone number, date of birth, and social security number 
(logical verification).\7\
---------------------------------------------------------------------------

    \7\ Treasury and the Agencies understand that most banks 
currently make use of technology that permits instantaneous 
negative, positive, and logical verification of identity.
---------------------------------------------------------------------------

    Section 103.121(b)(2)(iii) Lack of Verification. The proposed 
regulation also states that a bank's CIP must include procedures for 
responding to circumstances in which the bank cannot form a reasonable 
belief that it knows the true identity of a customer.
    Generally, a bank should only maintain an account for a customer 
when it can form a reasonable belief that it knows the customer's true 
identity.\8\ Thus, a bank should have procedures that specify the 
actions that it will take when it cannot form a reasonable belief that 
it knows the true identity of a customer, including when an account 
should not be opened. In addition, a bank's CIP should have procedures 
that address the terms under which a customer may conduct transactions 
while a customer's identity is being verified. The procedures also 
should specify at what point, after attempts to verify a customer's 
identity have failed, a customer's account that has been opened should 
be closed. Finally, if a bank cannot form a reasonable belief that it 
knows the identity of a customer, the procedures should also include 
determining whether a Suspicious Activity Report should be filed in 
accordance with applicable law and regulation.
---------------------------------------------------------------------------

    \8\ There are some exceptions to this basic rule. For example, a 
bank may maintain an account, at the direction of a law enforcement 
or intelligence agency, although the bank does not know the true 
identity of a customer.
---------------------------------------------------------------------------

    Section 103.121(b)(3) Recordkeeping. Section 326 of the Act 
requires reasonable procedures for maintaining records of the 
information used to verify a person's name, address, and other 
identifying information. The proposed regulation sets forth 
recordkeeping procedures that must be included in a bank's CIP. Under 
the proposal, a bank is required to maintain a record of the 
identifying information provided by the customer. Where a bank relies 
upon a document to verify identity, the bank must maintain a copy of 
the document that the bank relied on that clearly evidences the type of 
document and any identifying information it may contain.\9\ The bank 
also must record the methods and result of any additional measures 
undertaken to verify the identity of the customer. Last, the bank must 
record the resolution of any discrepancy in the identifying information 
obtained. The bank must retain all of these records for five years 
after the date the account is closed.
---------------------------------------------------------------------------

    \9\ The bank need not keep a separate record of the identifying 
information provided by the customer if this information clearly 
appears on the copy of the document maintained by the bank.
---------------------------------------------------------------------------

    Treasury and the Agencies emphasize that the collection and 
retention of information about a customer, such as an individual's race 
or sex, as an ancillary part of collecting identifying information do 
not relieve a bank from its obligations to comply with anti-
discrimination laws or regulations, such as the prohibition in the 
Equal Credit Opportunity Act against discrimination in any aspect of a 
credit transaction on the basis of race, color, religion, national 
origin, sex or marital status, age, or other prohibited 
classifications.
    Nothing in this proposed regulation modifies, limits or supersedes 
section 101 of the Electronic Signatures in Global and National 
Commerce Act, Public Law 106-229, 114 Stat. 464 (15 U.S.C. 7001) (E-
Sign Act). Thus, a bank may use electronic records to satisfy the 
requirements of this regulation, as long as the records are accurate 
and remain

[[Page 48295]]

accessible in accordance with 31 CFR 103.38(d).
    Section 103.121(b)(4) Comparison with Government Lists. Section 326 
of the Act also requires reasonable procedures for determining whether 
the customer appears on any list of known or suspected terrorists or 
terrorist organizations provided to the bank by any government agency. 
The proposed rule implements this requirement and clarifies that the 
requirement applies only with respect to lists circulated by the 
Federal government.
    In addition, the proposed rule states that the procedures must 
ensure that the bank follows all Federal directives issued in 
connection with such lists. This provision makes clear that a bank must 
have procedures for responding to circumstances when the bank 
determines that a customer is named on a list.
    Section 103.121(b)(5) Customer Notice. Section 326 of the Act 
states that customers of financial institutions shall be required to 
comply with the identity verification procedures described above 
``after being given adequate notice.'' Therefore, a bank's CIP must 
include procedures for providing bank customers with adequate notice 
that the bank is requesting information to verify their identity. A 
bank may satisfy the notice requirement by generally notifying its 
customers about the procedures the bank must comply with to verify 
their identities. For example, the bank may post a sign in its lobby or 
provide customers with any other form of written or oral notice. If an 
account is opened electronically, such as through an Internet website, 
the bank may also provide notice electronically.
    Section 103.121(c) Exemptions. Section 326 states that the 
Secretary (and, in the case of section 4(k) institutions, the 
appropriate Federal functional regulator, as defined in section 
103.120(a)(2)), may by regulation or order, exempt any financial 
institution or type of account from the requirements of this regulation 
in accordance with such standards and procedures as the Secretary may 
prescribe.
    Under the proposed rule, the appropriate Federal functional 
regulator, with the concurrence of Treasury, may by order or regulation 
exempt any bank or type of account from the requirements of this 
section. In issuing such exemptions, the Federal functional regulator 
and the Treasury shall consider whether the exemption is consistent 
with the purposes of the Bank Secrecy Act, consistent with safe and 
sound banking, and in the public interest. The Federal functional 
regulator and Treasury also may consider other necessary and 
appropriate factors.
    Section 103.121(d) Other Information Requirements Unaffected. This 
section provides that nothing in section 103.121 shall be construed to 
relieve a bank of its obligations to obtain, verify, or maintain 
information in connection with an account or transaction that is 
required by another provision in part 103. For example, if an account 
is opened with a deposit of more than $10,000 in cash, the bank opening 
the account must comply with the customer identification requirements 
in section 103.121, as well as with the provisions of section 103.22, 
which require that certain information concerning the transaction be 
reported by filing a Cash Transaction Report (CTR).

B. Conforming Amendments to 31 CFR 103.34

    Current section 103.34(a) sets forth customer identification 
requirements when certain types of deposit accounts are opened. 
Generally, sections 103.34(a)(1) and (2) require a bank, within 30 days 
after certain deposit accounts are opened, to secure and maintain a 
record of the taxpayer identification number of the customer involved. 
If the bank is unable to obtain the taxpayer identification number 
within 30 days (or a longer time if the person has applied for a 
taxpayer identification number), it need take no further action under 
section 103.34 concerning the account if it maintains a list of the 
names, addresses, and account numbers of the persons for which it was 
unable to secure taxpayer identification numbers, and provides that 
information to the Secretary upon request. In the case of a non-
resident alien, the bank is required to record the person's passport 
number or a description of some other government document used to 
determine identification. Treasury and the Agencies believe that the 
requirements of section 103.34(a)(1) and (2) are inconsistent with the 
intent and purpose of section 326 of the Act and incompatible with 
proposed section 103.121.
    Section 103.34(a)(3) currently provides that a bank need not obtain 
a taxpayer identification number with respect to specified categories 
of persons \10\ opening certain deposit accounts. This proposed rule 
does not contain any exemptions from the CIP requirements.
---------------------------------------------------------------------------

    \10\ The exemption applies to (i) agencies and instrumentalities 
of Federal, State, local, or foreign governments; (ii) judges, 
public officials, or clerks of courts of record as custodians of 
funds in controversy or under the control of the court; (iii) aliens 
who are ambassadors; ministers; career diplomatic or consular 
officers; naval, military, or other attaches of foreign embassies 
and legations; and members of their immediate families; (iv) aliens 
who are accredited representatives of certain international 
organizations, and their immediate families; (v) aliens temporarily 
residing in the United States for a period not to exceed 180 days; 
(vi) aliens not engaged in a trade or business in the United States 
who are attending a recognized college or university, or any 
training program supervised or conducted by an agency of the Federal 
Government; (vii) unincorporated subordinate units of a tax exempt 
central organization that are covered by a group exemption letter; 
(viii) a person under 18 years of age, with respect to an account 
opened at part of a school thrift savings program, provided the 
annual interest is less than $10; (ix) a person opening a Christmas 
club, vacation club, or similar installment savings program, 
provided the annual interest is less than $10; and (x) non-resident 
aliens who are not engaged in a trade or business in the United 
States.
---------------------------------------------------------------------------

    Treasury and the Agencies are requesting comments on whether any of 
these exemptions should apply in the context of the proposed CIP 
requirements in light of the intent and purpose of section 326 of the 
Act.
    Section 103.34(a)(4) provides that section 6109 of the Internal 
Revenue Code and the rules and regulations of the Internal Revenue 
Service (IRS) promulgated thereunder shall determine what constitutes a 
taxpayer identification number. This provision is continued in proposed 
section 103.121(a)(8). Section 103.34(a)(4) also provides that IRS 
rules shall determine whose number shall be obtained in the case of 
multiple account holders. Treasury and the Agencies believe that this 
provision is inconsistent with section 326 of the Act, which requires 
that banks verify the identity of ``any'' person seeking to open an 
account.
    For these reasons, Treasury, under its own authority, is proposing 
to repeal section 103.34(a).
    Section 103.34(b) sets forth certain recordkeeping requirements for 
banks. Among other things, section 103.34(b)(1) requires a bank to keep 
``any notations, if such are normally made, of specific identifying 
information verifying the identity of [a person with signature 
authority over an account] (such as a driver's license number or credit 
card number).'' Treasury and the Agencies believe that the quoted 
language in section 103.34(b)(1) is inconsistent with the requirements 
of proposed section 103.121. For this reason, Treasury, under its own 
authority, is proposing to delete the quoted language.

C. Technical Amendment to 31 CFR 103.11(j)

    Section 103.11(j), which defines the term ``deposit account,'' 
contains an

[[Page 48296]]

obsolete reference to the definition of ``transaction account,'' which 
is defined in section 103.11(hh). Under its own authority, Treasury is 
proposing to correct this reference.

III. Request for Comments

    Treasury and the Agencies invite comment on all aspects of this 
rulemaking, and specifically seek comment on the following issues:
    1. Whether the proposed definition of ``account'' is appropriate 
and whether other examples of accounts should be added to the 
regulatory text.
    2. How the proposed regulation should apply to various types of 
accounts that are designed to allow a customer to transact business 
immediately.
    3. Whether the definition of ``bank'' in the proposed regulation 
should be amended with respect to the foreign branches of banks by (i) 
excluding foreign branches or (ii) clarifying that a foreign branch 
must comply only to the extent that the bank's program does not 
contravene applicable local law. Treasury and the Agencies request that 
commenters cite and describe any potentially conflicting foreign laws 
that may apply to the foreign branches of banks.
    Comment is requested on this issue because Treasury and the 
Agencies recognize that interpreting the BSA to apply to the foreign 
branch of a U.S. depository institution could cause practical and legal 
problems for that institution if the branch has a conflicting 
obligation under applicable local law. The regulation, if adopted as 
proposed, may place a foreign branch in a position of potentially 
violating local law by implementing aspects of its bank's CIP, which is 
described more fully in the Supplemental Information, above.
    4. Ways that banks can comply with the requirement that a bank 
obtain both the address of an individual's residence, and, if 
different, the individual's mailing address in situations involving 
individuals who lack a permanent address.
    5. Whether non-U.S. persons that are not individuals will be able 
to provide a bank with the identifying information required in section 
103.121(b)(2)(i)(D)(2), or whether other categories of identifying 
information should be added to this section to permit non-U.S. persons 
that are not individuals to open accounts. Commenters on this issue 
should suggest other means of identification that banks currently use 
or should use.
    6. Whether the proposed regulation will subject banks to 
conflicting State laws. Treasury and the Agencies request that 
commenters cite and describe any potentially conflicting State laws.
    7. The extent to which the verification procedures required by the 
proposed regulation make use of information that banks currently obtain 
in the account opening process. Treasury and the Agencies note that the 
legislative history of section 326 indicates that Congress intended 
``the verification procedures prescribed by Treasury [to] make use of 
information currently obtained by most financial institutions in the 
account opening process.'' See H.R. Rep. No. 107-250, pt. 1, at 63 
(2001).
    8. Whether any of the exemptions from the customer identification 
requirements contained in current section 103.34(a)(3) should be 
continued in section 103.121(c). In this regard, Treasury and the 
Agencies request that commenters address the standards set forth in 
proposed section 103.121(c) (as well as any other appropriate factors).

IV. Solicitation of Comments on Use of Plain Language

    Section 722 of the Gramm-Leach-Bliley Act, Pub. L. 106-102, sec. 
722, 113 Stat. 1338, 1471 (Nov. 12, 1999), requires the OCC, Board, 
FDIC, and OTS to use plain language in all proposed and final rules 
published after January 1, 2000. Therefore, these agencies specifically 
invite your comments on how to make this proposal easier to understand. 
For example:
     Have we organized the material to suit your needs? If not, 
how could this material be better organized?
     Are the requirements in the proposed regulation clearly 
stated? If not, how could the regulation be more clearly stated?
     Does the proposed regulation contain language or jargon 
that is not clear? If so, which language requires clarification?
     Would a different format (grouping and order of sections, 
use of headings, paragraphing) make the regulation easier to 
understand? If so, what changes to the format would make the regulation 
easier to understand?
     What else could we do to make the regulation easier to 
understand?

V. Regulatory Flexibility Act

    When an agency issues a rulemaking proposal, the Regulatory 
Flexibility Act (RFA) requires the agency to ``prepare and make 
available for public comment an initial regulatory flexibility 
analysis'' unless the agency certifies that the rule will not have a 
``significant economic impact on a substantial number of small 
entities.'' 5 U.S.C. 603, 605(b).\11\
---------------------------------------------------------------------------

    \11\ The RFA defines the term ``small entity'' in 5 U.S.C. 601 
by reference to the definitions published by the Small Business 
Administration (SBA). The SBA has defined a ``small entity'' for 
banking purposes as a bank or savings institution with less than 
$150 million in assets. See 13 CFR 121.201. The NCUA defines ``small 
credit union'' as those under $1 million in assets. Interpretive 
Ruling and Policy Statement No. 87-2, Developing and Reviewing 
Government Regulations (52 FR 35231, September 18, 1987).
---------------------------------------------------------------------------

    The Agencies have reviewed the impact of this proposed rule on 
small banks. Treasury and the Agencies certify that the proposed rule 
will not have a significant economic impact on a substantial number of 
small entities. The requirements of the proposed rule closely parallel 
the requirements for customer identification programs mandated by 
section 326 of the Act.
    Moreover, Treasury and the Agencies believe that banks already have 
implemented prudential business practices and anti-money laundering 
programs that involve the key controls that would be required in a 
customer identification program in accordance with the proposed 
regulation. First, all banks already undertake extensive measures to 
verify the identity of their customers as a matter of good business 
practice. In addition, banks already must have anti-money laundering 
programs that include procedures for identification, verification, and 
documentation of customer information.\12\
---------------------------------------------------------------------------

    \12\ See footnote 3.
---------------------------------------------------------------------------

    Second, banks already should have compliance programs in place to 
check lists provided by the Federal government of known and suspected 
terrorists and terrorist organizations. Currently, banks are prohibited 
from engaging in transactions involving certain foreign countries or 
their nationals under rules issued by the Office of Foreign Assets 
Control (OFAC). See 31 CFR 500. Banks should already have compliance 
programs in place to ensure that they do not violate OFAC rules. 
Treasury and the Agencies understand that many banks, including small 
banks, have instituted programs to check other lists provided to them 
by the Federal government following the events of September 11, 2001. 
Treasury and the Agencies believe that all banks have access to a 
variety of resources, such as computer software packages, that enable 
them to check lists provided by the Federal government.
    Third, Treasury and the Agencies believe the provision in the 
proposed rule that requires a bank to provide adequate notice to its 
customers that it is requesting information to verify their

[[Page 48297]]

identity will impose minimal costs on banks. Banks may elect to satisfy 
that requirement through a variety of low-cost measures, such as by 
posting a sign in the bank's lobby or providing any other form of 
written or oral notice.
    The recordkeeping requirements similarly may impose some costs on 
banks, if, for example, some of the information that must be maintained 
as a consequence of implementing customer identification programs is 
not already retained. Treasury and the Agencies believe that the 
compliance burden, if any, is minimized for banks, including small 
banks, because the proposed regulation vests a bank with the discretion 
to design and implement appropriate recordkeeping procedures, including 
allowing banks to maintain electronic records in lieu of (or in 
combination with) paper records.
    Finally, Treasury and the Agencies believe that the flexibility 
incorporated into the proposed rule will permit each bank to tailor its 
CIP to fit its own size and needs. In this regard, Treasury and the 
Agencies believe that expenditures associated with establishing and 
implementing a CIP will be commensurate with the size of a bank. If a 
bank is small, the burden to comply with the proposed rule should be de 
minimis.

VI. Paperwork Reduction Act

    The proposed rule contains recordkeeping and disclosure 
requirements that are subject to the Paperwork Reduction Act of 1995 
(44 U.S.C. 3501 et seq.). In summary, the proposed rule requires banks 
to implement reasonable procedures to (1) maintain records of the 
information used to verify the person's identity and (2) provide notice 
of these procedures to customers. These recordkeeping and disclosure 
requirements are required under section 326 of the Act.
    The proposed rule applies only to a financial institution that is a 
``bank'' as defined in 31 CFR 103.11(c),\13\ and any foreign branch of 
an insured bank. The proposed rule requires each bank to establish a 
written CIP that must include recordkeeping procedures (proposed 
section 103.121(b)(3)) and procedures for providing customers with 
notice that the bank is requesting information to verify their identity 
(proposed section 103.121(b)(5)).
---------------------------------------------------------------------------

    \13\ This definition includes banks, thrifts, and credit unions.
---------------------------------------------------------------------------

    The proposed rule requires a bank to maintain a record of (1) the 
identifying information provided by the customer, the type of 
identification document(s) reviewed, if any, the identification number 
of the document(s), and a copy of the identification document(s); (2) 
the means and results of any additional measures undertaken to verify 
the identity of the customer; and (3) the resolution of any discrepancy 
in the identifying information obtained. These records must be 
maintained at the bank for five years after the date the account is 
closed (proposed section 103.121(b)(3)). Treasury and the Agencies 
believe that little burden is associated with the recordkeeping 
requirements outlined in proposed section 103.121(b)(2), because such 
recordkeeping is a usual and customary business practice. In addition, 
banks already must keep similar records to comply with existing 
regulations in 31 CFR part 103 (see, e.g., 31 CFR 103.34, requiring 
certain records for each deposit or share account opened).
    The proposed rule also requires banks to give customers ``adequate 
notice'' of the identity verification procedures (proposed section 
103.121(b)(5)). A bank may satisfy the notice requirement by posting a 
sign in the lobby or providing customers with any other form of written 
or oral notice. If the account is opened electronically, the bank may 
provide the notice electronically. Treasury and the Agencies believe 
that nominal burden is associated with the disclosure requirement 
outlined in proposed section 103.121(b)(5). This section requires a 
bank to notify its customers about the procedures the bank has 
implemented to verify their identities. However, a bank may choose 
among a variety of methods of providing adequate notice and may select 
the least burdensome method, given the circumstances under which 
customers seek to open new accounts.
    A person is not required to respond to a collection of information 
unless it displays a currently valid Office of Management and Budget 
(OMB) control number. The collection of information requirements 
contained in the proposed rule have been submitted to the OMB by 
Treasury in accordance with the Paperwork Reduction Act of 1995 (44 
U.S.C. 3507).
    The institutions subject to these requirements include national 
banks and Federal branches and agencies (OCC financial institutions); 
state member banks and branches and agencies of foreign banks (Board 
financial institutions); insured state nonmember banks (FDIC financial 
institutions); savings associations (OTS financial institutions); and 
federally insured credit unions (NCUA financial institutions).
    Estimated number of OCC financial institutions: 2,289.
    Estimated number of Board financial institutions: 1,188.
    Estimated number of FDIC financial institutions: 5,500.
    Estimated number OTS financial institutions: 1,020.
    Estimated number of NCUA financial institution: 9,944.
    Estimated average annual burden for the recordkeeping requirements 
of the proposed rule per each financial institution respondent: 10 
hours.
    Estimated average annual burden for the disclosure requirements of 
the proposed rule per each financial institution respondent: 1 hour.
    Estimated total annual recordkeeping and disclosure burden: 219,351 
hours.
    Treasury and the Agencies request public comment on all aspects of 
the recordkeeping and disclosure requirements contained in this 
proposed rule, including how burdensome it would be for banks to comply 
with these requirements. Also, Treasury and the Agencies request 
comment on whether the banks are currently maintaining the records 
requested in proposed section 103.121(b)(2). Treasury and the Agencies 
also invite comment on:
    (1) Whether the collections of information contained in the notice 
of proposed rulemaking are necessary for the proper performance of each 
agency's functions, including whether the information has practical 
utility;
    (2) The accuracy of each agency's estimate of the burden of the 
proposed information collections;
    (3) Ways to enhance the quality, utility, and clarity of the 
information to be collected;
    (4) Ways to minimize the burden of the information collections on 
respondents, including the use of automated collection techniques or 
other forms of information technology; and
    (5) Estimates of capital or start-up costs and costs of operation, 
maintenance, and purchases of services to provide information.
    Comments concerning the recordkeeping and disclosure requirements 
in the proposed rule should be sent (preferably by fax (202-395-6974)) 
to Desk Officer for the Department of the Treasury, Office of 
Information and Regulatory Affairs, Office of Management and Budget, 
Paperwork Reduction Project (1506), Washington, DC 20503 (or by the 
Internet to [email protected]), with a copy to FinCEN by mail or the 
Internet at the addresses previously specified.

[[Page 48298]]

VII. Executive Order 12866

    Treasury, the OCC, and OTS have determined that this proposal is 
not a ``significant regulatory action'' under Executive Order 12866. 
The rule follows closely the requirements of section 326 of the Act.
    Treasury, the OCC, and OTS believe that national banks and savings 
associations already have procedures in place that fulfill most of the 
requirements of the proposed regulation. First, the procedures are a 
matter of good business practice. Second, national banks and savings 
associations already are required to have BSA compliance programs that 
address many of the requirements detailed in this notice of proposed 
rulemaking. Third, banks and savings associations should already have 
compliance programs in place to ensure they comply with OFAC rules 
prohibiting transactions with certain foreign countries or their 
nationals.
    Treasury, the OCC, and OTS invite national banks, the thrift 
industry, and the public to provide any cost estimates and related data 
that they think would be useful in evaluating the overall costs of the 
rule.
    For these reasons, and for the reasons discussed elsewhere in this 
preamble, Treasury, the OCC, and OTS believe that the burden stemming 
from this rulemaking will not cause the proposed rule to be a 
``significant regulatory action.''

Lists of Subjects in 31 CFR Part 103

    Administrative practice and procedure, Authority delegations 
(Government agencies), Banks, banking, Brokers, Currency, Foreign 
banking, Foreign currencies, Gambling, Investigations, Law enforcement, 
Penalties, Reporting and recordkeeping requirements, Securities.

Authority and Issuance

    For the reasons set forth in the preamble, part 103 of title 31 of 
the Code of Federal Regulations is proposed to be amended as follows:

PART 103--FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND 
FOREIGN TRANSACTIONS

    1. The authority citation for part 103 is revised to read as 
follows:

    Authority: 12 U.S.C. 1786(q), 1818, 1829b and 1951-1959; 31 
U.S.C. 5311-5332; title III, secs. 312, 313, 314, 319, 326, 352, Pub 
L. 107-56, 115 Stat. 307.

    2. Section 103.11(j) is amended by removing ``paragraph (q)'' and 
adding ``paragraph (hh)''.
    3. Section 103.34 is amended as follows:
    a. By removing paragraph (a);
    b. By redesignating paragraph (b) introductory text and paragraphs 
(b)(1) through (b)(13) as introductory text and paragraphs (a) through 
(m), respectively.
    c. In newly redesignated introductory text, by removing '', in 
addition,'' in the first sentence; and
    d. In newly redesignated paragraph (a), by removing '', including 
any notations, if such are normally made, of specific identifying 
information verifying the identity of the signer (such as a driver's 
license number or credit card number)''.
    4. Subpart I of part 103 is amended by adding new Sec. 103.121 to 
read as follows:


Sec. 103.121  Customer Identification Programs for banks, savings 
associations, and credit unions.

    (a) Definitions. For purposes of this section:
    (1) Account means each formal banking or business relationship 
established to provide ongoing services, dealings, or other financial 
transactions. For example, a deposit account, a transaction or asset 
account, and a credit account or other extension of credit would each 
constitute an account.
    (2) Bank means a bank, as that term is defined in Sec. 103.11(c), 
that is subject to regulation by a Federal functional regulator, and 
any foreign branch of an insured bank.
    (3) Customer means:
    (i) Any person seeking to open a new account; and
    (ii) Any signatory on the account at the time the account is 
opened, and any new signatory added thereafter.
    (4) Federal functional regulator has the same meaning as provided 
in Sec. 103.120(a)(2).
    (5) Person has the same meaning as provided in Sec. 103.11(z).
    (6) U.S. person means:
    (i) A U.S. citizen; or
    (ii) A corporation, partnership, trust, or person (other than an 
individual) that is established or organized under the laws of a State 
or the United States.
    (7) Non-U.S. person means a person that is not a U.S. person.
    (8) Taxpayer identification number. The provisions of section 6109 
of the Internal Revenue Code of 1986 (26 U.S.C. 6109) and the 
regulations of the Internal Revenue Service promulgated thereunder 
shall determine what constitutes a taxpayer identification number.
    (b) Customer Identification Program: minimum requirements. (1) In 
general. A bank must implement a written Customer Identification 
Program (Program) that, at a minimum, includes each of the components 
of this section. The Program should be tailored to the bank's size, 
location and type of business. The bank's board of directors or a 
committee of the board must approve the Program. The Program must be a 
part of the bank's anti-money laundering program required under the 
regulations implementing 31 U.S.C. 5318(h), 12 U.S.C. 1818(s), and 12 
U.S.C. 1786(q)(1).
    (2) Identity verification procedures. The Program must include 
procedures for verifying the identity of each customer, to the extent 
reasonable and practicable. The procedures must be based on the bank's 
assessment of the risks presented by the various types of accounts 
maintained by the bank, the various methods of opening accounts 
provided by the bank, and the type of identifying information 
available, and must enable the bank to form a reasonable belief that it 
knows the true identity of the customer.
    (i) Information required. (A) In general. The Program must contain 
procedures that specify the identifying information that the bank must 
obtain from each customer. Except as permitted by paragraph 
(b)(2)(i)(B) of this section, at a minimum, a bank must obtain the 
following information prior to opening or adding a signatory to an 
account:
    (1) Name;
    (2) For individuals, date of birth;
    (3) (i) For individuals, residence and, if different, mailing 
address; or
    (ii) For persons other than individuals, such as corporations, 
partnerships, and trusts: principal place of business and, if 
different, mailing address;
    (4) (i) For U.S. persons, a U.S. taxpayer identification number 
(e.g., social security number, individual taxpayer identification 
number, or employer identification number); or
    (ii) For non-U.S. persons, one or more of the following: a U.S. 
taxpayer identification number; passport number and country of 
issuance; alien identification card number; or number and country of 
issuance of any other government-issued document evidencing nationality 
or residence and bearing a photograph or similar safeguard.
    (B) Limited exception. The Program may permit the bank to open or 
add a signatory to an account for a person other than an individual 
(such as a corporation, partnership, or trust) that has applied for, 
but has not received, an employer identification number. However, in 
such a case, the bank must obtain a copy of the application before

[[Page 48299]]

it opens or adds a signatory to the account and obtain the employer 
identification number within a reasonable period of time after it opens 
or adds a signatory to the account.
    (ii) Verification. The Program must contain risk-based procedures 
for verifying the information obtained pursuant to paragraph 
(b)(2)(i)(A) of this section within a reasonable time after the account 
is established or a signatory is added to the account. A bank need not 
verify the information about an existing customer seeking to open a new 
account or who becomes a signatory on an account, if the bank 
previously verified the customer's identity in accordance with 
procedures consistent with this section, and continues to have a 
reasonable belief that it knows the true identity of the customer.
    (A) Verification through documents. The Customer Identification 
Program must contain procedures describing when the bank will verify 
identity through documents and setting forth the documents that the 
bank will use for this purpose. These documents may include:
    (1) For individuals: unexpired government-issued identification 
evidencing nationality or residence and bearing a photograph or similar 
safeguard; and
    (2) For corporations, partnerships, trusts and persons other than 
individuals: documents showing the existence of the entity, such as 
registered articles of incorporation, a government-issued business 
license, partnership agreement, or trust instrument.
    (B) Non-documentary verification methods. The Program must contain 
procedures that describe non-documentary methods the bank will use to 
verify identity and when these methods will be used in addition to, or 
instead of, relying on documents. These procedures must address 
situations where an individual is unable to present an unexpired 
government-issued identification document that bears a photograph or 
similar safeguard; the bank is not familiar with the documents 
presented; the account is opened without obtaining documents; the 
account is not opened in a face-to-face transaction; and the type of 
account increases the risk that the bank will not be able to verify the 
true identity of the customer through documents. Other verification 
methods may include contacting a customer; independently verifying 
documentary information through credit bureaus, public databases, or 
other sources; checking references with other financial institutions; 
and obtaining a financial statement.
    (iii) Lack of verification. The Program must include procedures for 
responding to circumstances in which the bank cannot form a reasonable 
belief that it knows the true identity of a customer.
    (3) Recordkeeping. (i) The Program must include procedures for 
maintaining a record of all information obtained under the procedures 
implementing paragraph (b)(1) of this section. The record must include:
    (A) All identifying information provided by a customer pursuant to 
paragraphs (b)(2)(i)(A) and (B) of this section;
    (B) A copy of any document that was relied on pursuant to paragraph 
(b)(2)(ii)(A) of this section that clearly evidences the type of 
document and any identification number it may contain;
    (C) The methods and result of any measures undertaken to verify the 
identity of the customer pursuant to paragraph (b)(2)(ii)(B) of this 
section; and
    (D) The resolution of any discrepancy in the identifying 
information obtained.
    (ii) The bank must retain all records for five years after the date 
the account is closed.
    (4) Comparison with government lists. The Program must include 
procedures for determining whether the customer appears on any list of 
known or suspected terrorists or terrorist organizations provided to 
the bank by any federal government agency. The procedures must also 
ensure that the bank follows all federal directives issued in 
connection with such lists.
    (5) Customer notice. The Program must include procedures for 
providing bank customers with adequate notice that the bank is 
requesting information to verify their identity.
    (c) Exemptions. The appropriate Federal functional regulator with 
the concurrence of the Secretary, may by order or regulation, exempt 
any bank or type of account from the requirements of this section. In 
issuing such exemptions, the Federal functional regulator and the 
Secretary shall consider whether the exemption is consistent with the 
purposes of the Bank Secrecy Act and with safe and sound banking, and 
is in the public interest. The Federal functional regulator and the 
Secretary also may consider other appropriate factors.
    (d) Other information requirements unaffected. Nothing in this 
section shall be construed to relieve a bank of its obligation to 
comply with any other provision in this part concerning information 
that must be obtained, verified, or maintained in connection with any 
account or transaction.

    Dated: July 15, 2002.
James F. Sloan,
Director, Financial Crimes Enforcement Network.
    Dated: July 2, 2002.
John D. Hawke, Jr.,
Comptroller of the Currency.
    By order of the Board of Governors of the Federal Reserve 
System, July 10, 2002.
Jennifer J. Johnson,
Secretary of the Board.
    By order of the Board of Directors of the Federal Deposit 
Insurance Corporation this 3rd day of July, 2002.
Valerie J. Best,
Assistant Executive Secretary.
    Dated: July 5, 2002. In concurrence, by the Office of Thrift 
Supervision.
James E. Gilleran,
Director.
    Dated: July 3, 2002.
Becky Baker,
Secretary of the Board, National Credit Union Administration.
[FR Doc. 02-18191 Filed 7-22-02; 8:45 am]
BILLING CODE 4810-02-P