[Federal Register Volume 85, Number 179 (Tuesday, September 15, 2020)]
[Rules and Regulations]
[Pages 57129-57138]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-20325]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

31 CFR Parts 1010 and 1020

RIN 1506-AB28


Financial Crimes Enforcement Network; Customer Identification 
Programs, Anti-Money Laundering Programs, and Beneficial Ownership 
Requirements for Banks Lacking a Federal Functional Regulator

AGENCY: Financial Crimes Enforcement Network (``FinCEN''), Treasury.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: FinCEN is issuing a final rule implementing sections 352, 326 
and 312 of the Uniting and Strengthening America by Providing 
Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 
2001 (``USA PATRIOT Act'') and removing the anti-money laundering 
program exemption for banks that lack a Federal functional regulator, 
including, but not limited to, private banks, non-federally insured 
credit unions, and certain trust companies. The Final Rule requires 
minimum standards for anti-money laundering programs for banks without 
a Federal functional regulator to ensure that all banks, regardless of 
whether they are subject to Federal regulation and oversight, are 
required to establish and implement anti-money laundering programs, and 
extends customer identification program requirements and beneficial 
ownership requirements to those banks not already subject to these 
requirements.

DATES: Effective Date: November 16, 2020.
    Compliance Date: The compliance date for anti-money laundering 
programs, customer identification programs, and beneficial ownership 
requirements for banks that lack a Federal functional regulator is 
March 15, 2021.

FOR FURTHER INFORMATION CONTACT: The FinCEN Resource Center at (800) 
767-2825 or email [email protected].

SUPPLEMENTARY INFORMATION:

I. Background

A. Statutory Provisions

    FinCEN exercises its regulatory functions primarily under the 
Currency and Financial Transactions Reporting Act of 1970, as amended 
by the Uniting and Strengthening America by Providing Appropriate Tools 
Required to Intercept and Obstruct Terrorism Act of 2001 (``USA PATRIOT 
Act'') (Public Law 107-56) and other legislation. This legislative 
framework is commonly referred to as the ``Bank Secrecy Act''

[[Page 57130]]

(``BSA'').\1\ The Secretary of the Treasury (``Secretary'') has 
delegated to the Director of FinCEN the authority to implement, 
administer, and enforce compliance with the BSA and associated 
regulations.\2\ Pursuant to this authority, FinCEN may issue 
regulations requiring financial institutions to keep records and file 
reports that ``have a high degree of usefulness in criminal, tax, or 
regulatory investigations or proceedings, or in the conduct of 
intelligence or counterintelligence activities, including analysis, to 
protect against international terrorism.'' \3\ Additionally, FinCEN is 
authorized to impose anti-money laundering (``AML'') program 
requirements for financial institutions.\4\
---------------------------------------------------------------------------

    \1\ The BSA is codified at 12 U.S.C. 1829b, 12 U.S.C. 1951-1959, 
31 U.S.C. 5311-5314 and 5316-5332, and notes thereto, with 
implementing regulations at 31 CFR Chapter X. See 31 CFR 
1010.100(e).
    \2\ Treasury Order 180-01 (Jan. 14, 2020).
    \3\ 31 U.S.C. 5311.
    \4\ 31 U.S.C. 5318(h).
---------------------------------------------------------------------------

    Section 352 of the USA PATRIOT Act requires financial institutions 
to establish AML programs that, at a minimum, include: (1) The 
development of internal policies, procedures, and controls; (2) the 
designation of a compliance officer; (3) an ongoing employee training 
program; and (4) an independent audit function to test programs.\5\ 
Section 352 of the USA PATRIOT Act authorizes FinCEN, in consultation 
with the appropriate Federal functional regulator (as defined by 15 
U.S.C. 6809), to prescribe minimum standards for AML programs. In 
developing this Final Rule, FinCEN consulted with the Federal 
functional regulators defined in 15 U.S.C. 6809, as well as the 
Commodity Futures Trading Commission (``CFTC'') (collectively referred 
to as ``Federal functional regulators'').\6\ In addition, FinCEN 
consulted with the Internal Revenue Service (``IRS''), which is the 
examining authority for all institutions regulated by FinCEN that do 
not have a Federal functional regulator. FinCEN also consulted with 
state bank supervisory authorities. Consultations with these Federal 
and state regulatory and supervisory agencies assisted FinCEN in 
determining the appropriate scope and nature of banks that are not 
directly regulated by Federal functional regulators and to adequately 
consider appropriate regulatory coverage for such institutions.
---------------------------------------------------------------------------

    \5\ Id.
    \6\ 31 CFR 1010.100(r) (defining Federal functional regulator to 
include the Board of Governors of the Federal Reserve System; the 
Office of the Comptroller of the Currency; the Board of Directors of 
the Federal Deposit Insurance Corporation; the Office of Thrift 
Supervision (which was merged into other regulatory agencies and 
ceased to exist in 2011); the National Credit Union Administration; 
the Securities and Exchange Commission; and the Commodity Futures 
Trading Commission).
---------------------------------------------------------------------------

    When prescribing minimum standards for AML programs, FinCEN must 
``consider the extent to which the requirements imposed [under section 
352 of the USA PATRIOT Act] are commensurate with the size, location, 
and activities of the financial institutions to which [the standards] 
apply.'' \7\ In addition, FinCEN may ``prescribe an appropriate 
exemption from a requirement [in the BSA] or regulations [issued under 
the BSA].'' \8\ FinCEN used this authority in 2002 to temporarily defer 
the requirement to establish an AML program for certain financial 
institutions identified in section 352 of the USA PATRIOT Act. The 
purpose of the temporary deferral was to give FinCEN and Treasury time 
to continue to study the money laundering risks posed by such financial 
institutions in order to develop appropriate AML program requirements.
---------------------------------------------------------------------------

    \7\ Public Law 107-56, title III, Sec. 352(c), 115 Stat. 322, 
codified at 31 U.S.C. 5318 note.
    \8\ 31 U.S.C. 5318(a)(6).
---------------------------------------------------------------------------

    Section 326 of the USA PATRIOT Act requires FinCEN to prescribe 
regulations that require financial institutions to establish procedures 
for account opening that, at a minimum, include: (1) Verifying the 
identity of any person seeking to open an account, to the extent 
reasonable and practicable; (2) maintaining records of the information 
used to verify the person's identity, including name, address, and 
other identifying information; and (3) determining whether the person 
appears on any lists of known or suspected terrorists or terrorist 
organizations provided to the financial institution by any government 
agency.\9\ These programs are referred to as Customer Identification 
Programs (``CIPs'').
---------------------------------------------------------------------------

    \9\ 31 U.S.C. 5318(l); see also Joint Final Rule--Customer 
Identification Programs for Banks, Savings Associations, Credit 
Unions and Certain Non-Federally Regulated Banks, 68 FR 25103 (May 
9, 2003) (codified at 31 CFR 1020.220(a)(4)) (``The CIP must include 
procedures for determining whether the customer appears on any list 
of known or suspected terrorists or terrorist organizations issued 
by any Federal government agency and designated as such by Treasury 
in consultation with the Federal functional regulators.'').
---------------------------------------------------------------------------

    When prescribing CIP regulations for financial institutions, FinCEN 
is required to do so jointly with the appropriate Federal functional 
regulator.\10\ The appropriate Federal functional regulator with which 
to promulgate joint CIP regulations is the particular agency that 
regulates and supervises the affected financial institutions.\11\ 
Because the financial institutions covered under this Final Rule do not 
have a Federal functional regulator, and there is no other Federal 
agency with comparable direct supervisory authority over such financial 
institutions, there is no other appropriate Federal agency with which 
FinCEN is required to issue the CIP rules jointly.\12\ Accordingly, 
FinCEN is issuing the CIP rule set forth here under its sole authority.
---------------------------------------------------------------------------

    \10\ 31 U.S.C. 5318(l)(4) (``Certain financial institutions.--In 
the case of any financial institution the business of which is 
engaging in financial activities described in section 4(k) of the 
Bank Holding Company Act of 1956 (including financial activities 
subject to the jurisdiction of the Commodity Futures Trading 
Commission), the regulations prescribed by the Secretary under 
paragraph (1) shall be prescribed jointly with each Federal 
functional regulator (as defined in section 509 of the Gramm-Leach-
Bliley Act, including the Commodity Futures Trading Commission) 
appropriate for such financial institution.''). The financial 
institutions subject to the CIP rule that will be covered by this 
Final Rule engage in financial activities within the meaning of 12 
U.S.C. 1843(k), in particular lending money and providing financial 
advisory services. See 12 U.S.C. 1843(k)(4)(A) and (C).
    \11\ See, e.g., 31 CFR 1020.210(a).
    \12\ See Notice of Proposed Rulemaking--Customer Identification 
Programs for Certain Banks Lacking a Federal Functional Regulator, 
68 FR 25163 (May 9, 2003).
---------------------------------------------------------------------------

    Section 312 of the USA PATRIOT Act requires each U.S. financial 
institution that establishes, maintains, administers, or manages a 
correspondent account or a private banking account in the United States 
for a non-U.S. person to subject such accounts to certain AML 
measures.\13\ In particular, financial institutions must establish 
appropriate, specific, and, where necessary, enhanced due diligence 
policies, procedures, and controls that are reasonably designed to 
enable the financial institution to detect and report instances of 
money laundering through these accounts. In addition to the general due 
diligence requirements, which apply to all correspondent accounts for 
non-U.S. persons, section 5318(i)(2) of the BSA specifies additional 
standards for correspondent accounts maintained for certain foreign 
banks. Section 5318(i) also sets forth minimum due diligence 
requirements for private banking accounts for non-U.S. persons. 
Specifically, a covered financial institution must take reasonable 
steps to ascertain the identity of the nominal and beneficial owners 
of, and the source of funds deposited into, private banking accounts, 
as necessary to guard against money laundering and to report suspicious 
transactions. The institution must also conduct enhanced

[[Page 57131]]

scrutiny of private banking accounts requested or maintained for, or on 
behalf of, senior foreign political figures (which includes family 
members or close associates). Enhanced scrutiny must be reasonably 
designed to detect and report transactions that may involve the 
proceeds of foreign corruption.
---------------------------------------------------------------------------

    \13\ These requirements are set forth and cross-referenced in 
sections 31 CFR1020.610 (cross-referencing to 31 CFR 1010.610) and 
31 CFR 1020.620 (cross-referencing to 31 CFR 1010.620).
---------------------------------------------------------------------------

B. Regulatory Background

    The following information describes the effect of certain previous 
rulemakings on banks, and specifically on banks lacking a Federal 
functional regulator.
AML Program Requirements
    Most banks became subject to an AML program requirement under the 
BSA when FinCEN issued an Interim Final Rule on April 29, 2002 
(``Interim Final Rule'').\14\ The Interim Final Rule stated that an 
institution regulated by a Federal functional regulator ``shall be 
deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if it 
implements and maintains an [AML] program that complies with the 
regulation of its Federal functional regulator governing such 
programs.'' \15\ ``Federal functional regulator'' is defined at 31 CFR 
1010.100(r) to include each of the Federal banking agencies, as well as 
the SEC and the CFTC.\16\
---------------------------------------------------------------------------

    \14\ See Interim Final Rule--Anti-Money Laundering Programs for 
Financial Institutions, 67 FR 21110 (Apr. 29, 2002). In 1987, 
Federal banking regulators issued regulations requiring federally 
insured depository institutions and credit unions to have anti-money 
laundering programs ``to assure and monitor compliance with the 
requirements of subchapter II of chapter 53 of Title 31, United 
States Code.'' Final Rule--Procedures for Monitoring Bank Secrecy 
Act Compliance, 52 FR 2858 (Jan. 27, 1987). The USA PATRIOT Act made 
developing and implementing an AML program a statutory requirement 
under the BSA in 2001.
    \15\ 67 FR at 21113. Since the issuance of the 2002 Interim 
Final Rule, FinCEN has reorganized its regulations under 31 CFR 
Chapter X. See Final Rule--Transfer and Reorganization of Bank 
Secrecy Act Regulations, 75 FR 65806 (Oct. 26, 2010). The cited AML 
program requirement can currently be found at 31 CFR 1020.210, with 
an added cross-reference to enhanced due diligence requirements 
imposed by rulemakings later than the Interim Final Rule.
    \16\ See supra note 6.
---------------------------------------------------------------------------

    The Interim Final Rule temporarily deferred AML program 
requirements for certain financial institutions, including ``private 
bankers.'' \17\ On November 6, 2002, FinCEN amended the Interim Final 
Rule to extend the exemption from the requirement to establish an AML 
program indefinitely for private bankers and to expand the exemption to 
other financial institutions, including any bank ``that is not subject 
to regulation by a Federal functional regulator.'' \18\
---------------------------------------------------------------------------

    \17\ ``Private banker'' is included in the list of financial 
institutions set out in the BSA. 12 U.S.C. 5312(a)(2)(C).
    \18\ Amendment of Interim Final Rule--Anti-Money Laundering 
Programs for Financial Institutions, 67 FR 67547 (Nov. 6, 2002) 
(codified at 31 CFR 1010.205).
---------------------------------------------------------------------------

    Although banks that lack a Federal functional regulator are exempt 
from the requirement to establish an AML program, they are required to 
comply with many other BSA requirements. For example, FinCEN 
regulations require all banks, regardless of whether they have a 
Federal functional regulator, to file currency transaction reports 
(``CTRs'') and suspicious activity reports (``SARs''), as well as to 
make and maintain certain records.\19\ In addition, like other covered 
financial institutions, banks that lack a Federal functional regulator 
are prohibited from maintaining correspondent accounts for foreign 
shell banks and are required to obtain and retain information on the 
ownership of foreign banks.\20\
---------------------------------------------------------------------------

    \19\ See 31 CFR 1010.306-315 (CTRs); 31 CFR 1020.320 (SAR rule 
for banks); 31 CFR 1010.410 (records to be made and retained by 
financial institutions).
    \20\ 31 CFR 1010.630 (governing prohibitions against 
establishing, maintaining, administering, or managing correspondent 
accounts for foreign shell companies and records required for 
correspondent accounts); 31 CFR 1010.670 (governing summons or 
subpoena of foreign bank records and termination of correspondent 
relationships); 31 CFR 1010.605(e)(2) (defining covered financial 
institutions to include institutions not regulated by a Federal 
functional regulator, including private banks, trust companies, and 
credit unions). By contrast, covered financial institutions for 
purposes of due diligence program requirements for correspondent 
accounts and private banking accounts do not include private banks. 
Rather, such due diligence program requirements apply only to 
federally insured banks and credit unions, as well as certain trust 
companies that are federally regulated and subject to an anti-money 
laundering program requirement. See 31 CFR 1010.605(e)(1) (covered 
financial institution); 31 CFR 1010.610 (correspondent accounts); 31 
CFR 1010.620 (private banking accounts).
---------------------------------------------------------------------------

    FinCEN has incrementally eliminated the Interim Final Rule's 
temporary exemption and promulgated AML program rules for certain other 
institutions, including insurance companies, certain loan or finance 
companies, and dealers in precious metals, precious stones, or jewels. 
FinCEN determined that the gap in AML coverage between banks with and 
without a Federal functional regulator presented a vulnerability to the 
U.S. financial system that could be exploited by bad actors, prompting 
this rulemaking. In the 2016 U.S. Mutual Evaluation, the Financial 
Action Task Force (FATF) recommended that three categories of non-
Federal state-chartered banks be subject to an AML program requirement 
in addition to their reporting obligations.\21\ The rulemaking covers 
non-Federal state chartered banks. Further, subsequent to the 2016 
notice of proposed rulemaking to amend the AML, CIP, and beneficial 
ownership regulations to include coverage for banks lacking a Federal 
functional regulator, and according to the 2020 National Strategy for 
Combatting Terrorist and Other Illicit Financing, law enforcement 
identified specific instances of illicit actors taking advantage of 
this lack of regulatory coverage.\22\
---------------------------------------------------------------------------

    \21\ See page 136 of the 2016 U.S. Mutual Evaluation at https://www.fatf-gafi.org/media/fatf/documents/reports/mer4/MER-United-States-2016.pdf.
    \22\ See page 41 of the 2020 National Strategy for Combatting 
Terrorist and Other Illicit Financing at https://home.treasury.gov/system/files/136/National-Strategy-to-Counter-Illicit-Financev2.pdf.
---------------------------------------------------------------------------

Customer Identification Program Requirements
    CIP requirements were finalized, through a joint final rule, for 
banks, savings associations, credit unions, and certain non-federally 
regulated banks on May 9, 2003. With this action, certain banks that 
lack a Federal functional regulator--namely, private banks, non-
federally insured credit unions and trust companies lacking a federal 
functional regulator--were required to comply with CIP 
requirements.\23\ On the same day, FinCEN published a notice of 
proposed rulemaking (``NPRM'') that would have imposed CIP requirements 
on all other banks without a Federal functional regulator that were not 
already included in the joint rule.\24\ The 2003 NPRM was never 
finalized.
---------------------------------------------------------------------------

    \23\ See 68 FR 25090 (May 9, 2003) (codified at 31 CFR 
1020.220).
    \24\ See supra note 12.
---------------------------------------------------------------------------

Beneficial Ownership Requirement
    On May 11, 2016, FinCEN published a final rule (``CDD Rule'') \25\ 
to clarify and strengthen customer due diligence requirements for 
certain financial institutions, including federally regulated banks. 
Specifically, the CDD Rule requires these financial institutions to 
identify and verify the identity of the beneficial owners of their 
legal entity customers, subject to certain exclusions and exemptions. 
The CDD Rule also amended the AML program requirements for these 
financial institutions. For purposes of regulatory consistency and for 
the reasons noted above, FinCEN believes it is necessary that these 
requirements apply to non-federally regulated banks as well.
---------------------------------------------------------------------------

    \25\ See Customer Due Diligence Requirements for Financial 
Institutions, 81 FR 29398 (May 11, 2016) (codified at 31 CFR 
1010.230).

---------------------------------------------------------------------------

[[Page 57132]]

II. Notice of Proposed Rulemaking

    On August 25, 2016, FinCEN issued an NPRM proposing to amend 
certain definitions and to amend the AML, CIP, and beneficial ownership 
regulations to include coverage for banks lacking a Federal functional 
regulator.\26\ FinCEN proposed amending the definition of ``bank'' in 
31 CFR 1020 specifically to include, at a minimum, the following 
categories: (1) State-chartered non-depository trust companies; (2) 
non-federally insured credit unions; (3) private banks; (4) non-
federally insured state banks and savings associations; and (5) 
international banking entities. In the NPRM, FinCEN noted that the gap 
in AML coverage between banks with and without a Federal functional 
regulator presented a vulnerability to the U.S. financial system that 
could be exploited by bad actors, prompting this rulemaking. Subsequent 
to the NPRM, law enforcement has identified to FinCEN specific 
instances of illicit actors taking advantage of this lack of coverage. 
This activity has involved different types of institutions that would 
be subject to this rule, and includes multiple investigations related 
to terrorist financing, espionage, narcotics trafficking, and public 
corruption. FinCEN further proposed technical amendments to the 
definition of the term ``bank'' to create one standard definition to be 
used throughout the regulations. FinCEN did not propose any amendments 
to the definition of ``financial institution,'' because the amendments 
proposed in the NPRM would not impact how that term is defined in 31 
CFR 1010.100(t).
---------------------------------------------------------------------------

    \26\ See 81 FR 58425 (Aug. 25, 2016).
---------------------------------------------------------------------------

    In addition, FinCEN proposed amending the existing rules to impose 
standards and requirements for banks lacking a Federal functional 
regulator that are identical to those in FinCEN's AML, CIP, and 
beneficial ownership regulations for banks with a Federal functional 
regulator. Specifically, the NPRM proposed requiring any entity meeting 
the definition of ``bank'' in 31 CFR 1010.100(d), whether or not 
regulated by a Federal functional regulator, to establish AML and CIP 
programs and to comply with beneficial ownership requirements.
    Finally, because there would no longer be a need to exclude banks 
without a Federal functional regulator from AML and CIP requirements if 
the proposal were finalized, FinCEN also proposed removing 31 CFR 
1020.100(b) and (d). FinCEN also invited comment on all aspects of the 
NPRM.

III. Comments on the NPRM--Overview and General Issues

    The comment period on the NPRM ended on October 24, 2016. FinCEN 
received eight comments. Comments were submitted by one anonymous 
source, three industry representatives, and four trade associations. 
FinCEN has reviewed and considered all the comments to the extent they 
addressed aspects of the proposed rulemaking. All the comments 
supported the issuance of this Final Rule. The Final Rule adopts the 
proposal in its entirety, but establishes a later date by which 
affected banks must be in compliance. One commenter requested a two-
year implementation period. Another suggested an implementation date in 
May 2018, to coincide with that of the CDD Rule. A third commenter 
suggested an implementation period of six months to a year, and a 
fourth commenter suggested a minimum of six months.
    As FinCEN emphasized in the NPRM, and described in more detail 
above, banks lacking a Federal functional regulator are already 
obligated to comply with a number of BSA regulations. In addition, 
banks lacking a Federal functional regulator generally are required by 
state banking regulation and guidance to have policies, management 
oversight, personnel training, and internal compliance review and 
various procedures and systems in place to comply with regulation and 
guidance. Even banks not subject to these state regulatory requirements 
must develop such policies and procedures to properly function and 
comply with their BSA obligations and state banking regulations. FinCEN 
views the existence of such policies and procedures as minimizing the 
amount of time needed to prepare for implementation of the Final Rule's 
requirements. Accordingly, FinCEN does not expect the transition to 
compliance with the Final Rule to be unreasonably difficult or costly, 
and does not believe a two-year implementation period is needed or 
warranted. However, in light of these comments, FinCEN has determined 
that it would be appropriate to provide affected banks more time to 
comply with the Final Rule. Banks lacking a Federal functional 
regulator, therefore, will have 180 days from the day the Final Rule is 
published to be in compliance. FinCEN believes that this time frame is 
reasonable and adequate to ensure compliance with these requirements, 
given the framework that these banks are expected to already have in 
place.

IV. Section-by-Section Analysis

A. Section 1010.100 General Definitions

    Because the definition of bank in Part 1010 makes no distinction as 
to whether a bank has a Federal functional regulator, FinCEN did not 
propose any changes to the definition of bank in paragraph 1010.100(d). 
Likewise, there were no proposed changes to the general definition of 
financial institution in paragraph 1010.100(t). Because these existing 
definitions do not make distinctions based on whether a bank has a 
Federal functional regulator, they will be used for Part 1020. There 
were no objections to this general formulation, and FinCEN is adopting 
it as proposed.

B. Section 1010.605 Definition

    The beneficial ownership rule refers to the definition of covered 
financial institution set forth in paragraph 1010.605(e)(1), which 
excludes certain financial institutions lacking a Federal functional 
regulator. To ensure that all banks are subject to the beneficial 
ownership requirements under section 1010.230, FinCEN proposed amending 
the definition in paragraph 1010.605(e)(1) by replacing paragraphs (i) 
through (vii) with a single paragraph (e)(1)(i) to include all banks 
within the rule's definition of ``covered financial institution.'' With 
these changes, all banks will now be required to comply with the 
beneficial ownership requirements to identify and verify the beneficial 
owners of legal entity customers, regardless of whether they are 
federally regulated. As with the previous sections, there were no 
objections to this general formulation, and FinCEN is adopting it as 
proposed.

C. Section 1020.100 Definitions

    FinCEN proposed removing paragraph 1020.100(b), because the 
definition of bank for purposes of complying with CIP requirements only 
included banks subject to regulation by a Federal functional regulator. 
There were no objections to this general formulation, and FinCEN is 
removing the definition as proposed.
    Likewise, FinCEN proposed removing paragraphs 1020.100(d)(1) and 
(2), because the definitions of financial institution for purposes of 
complying with AML and CIP requirements only included banks subject to 
regulation by a Federal functional regulator. There were no objections 
to this general formulation, and FinCEN is removing these paragraphs as 
proposed.

[[Page 57133]]

D. Amendments to Section 1010.205

    FinCEN proposed amending section 1010.205 to reflect the removal 
of: (1) The exemption for private bankers (paragraph 
1010.205(b)(1)(vi)); (2) the broader exemption for banks that lack a 
Federal functional regulator (paragraph 1010.205(b)(2)); and (3) the 
exemption for persons subject to supervision by a state banking 
authority (paragraph 1010.205(b)(3)). There were no objections to this 
amendment, and FinCEN is adopting it as proposed.

E. Amendments to Section 1020.210

    FinCEN proposed amending the title for this section to reflect that 
all banks, regardless of whether they are subject to Federal regulation 
and oversight, are required to establish and implement AML programs. 
There were no objections to this amendment, and FinCEN is adopting it 
as proposed. The title for this section now reads: ``Anti-money 
laundering program requirements for banks.''
    FinCEN proposed amending the introductory paragraph in 1020.210 and 
redesignating the introductory paragraph as paragraph (a) in order to 
detail the AML program requirements specific to banks regulated only by 
a Federal functional regulator, including banks, savings associations, 
and credit unions. FinCEN also proposed removing from the introductory 
paragraph in 1020.210 the reference to regulation by a self-regulatory 
organization. There were no objections to these amendments, and FinCEN 
is adopting them as proposed.
    FinCEN proposed adding new paragraph 1020.210(b) to detail the AML 
program requirements specific to banks that lack a Federal functional 
regulator, including, but not limited to, private banks, non-federally 
insured credit unions, and certain trust companies. Paragraph 
1020.210(b)(2) requires banks that lack a Federal functional regulator 
to establish and implement AML programs under the specified minimum 
standards. Paragraph 1020.210(b)(3) requires banks that lack a Federal 
functional regulator to obtain approval of the AML program by their 
board of directors, or an equivalent governing body, and to make the 
AML program available to FinCEN or its designee upon request. There 
were no objections to these amendments, and FinCEN is adopting them as 
proposed.

F. Amendments to Section 1020.220

    FinCEN proposed amending the title for this section to reflect 
that, going forward, CIP requirements would apply to all banks. There 
were no objections to this amendment, and FinCEN is adopting it as 
proposed.

V. Final Regulatory Flexibility Act Analysis

    When an agency issues a rulemaking proposal, the Regulatory 
Flexibility Act (``RFA'') requires the agency to ``prepare and make 
available for public comment an initial regulatory flexibility 
analysis'' that will ``describe the impact of the proposed rule on 
small entities.'' 5 U.S.C. 603(a). Section 605 of the RFA allows an 
agency to certify a rule, in lieu of preparing an analysis, if the 
proposed rulemaking is not expected to have a significant economic 
impact on a substantial number of small entities.

A. Reasons Why Action by the Agency Is Being Considered

The Anti-Money Laundering Program
    The statutory mandate that all financial institutions establish AML 
programs is a key element in the national effort to prevent and detect 
money laundering and the financing of terrorism. Banks without a 
Federal functional regulator are at least as vulnerable to the risks of 
money laundering and terrorist financing as banks with one. The Final 
Rule eliminates the present regulatory gap in AML coverage between 
banks with and without a Federal functional regulator. FinCEN expects 
that uniform regulatory requirements for all banks will reduce the 
opportunity for criminals to seek out and exploit banks subject to less 
rigorous AML requirements.
Customer Identification Program
    For the reasons of regulatory consistency and protection against 
the systemic vulnerability discussed above in connection with AML 
programs, FinCEN believes that CIP requirements should also apply to 
all banks, regardless of whether they are federally regulated. In May 
2003, FinCEN issued a Notice of Proposed Rulemaking to ensure that 
there would be no gaps in the scope of the CIP obligations as they 
apply to banks. However, this proposal was never finalized.
Beneficial Ownership Requirements
    As noted above, the beneficial ownership requirements of the CDD 
Rule require that from and after May 11, 2018, federally regulated 
banks and certain other financial institutions identify, and verify the 
identity of, the beneficial owners of their legal entity customers, as 
set forth in section 1010.230. For purposes of regulatory consistency, 
and protection against the systemic vulnerability discussed above in 
connection with AML programs, FinCEN believes that this requirement 
should apply to non-federally regulated banks as well.

B. Objectives of, and Legal Basis for, the Final Rule

    Section 352 of the USA PATRIOT Act requires financial institutions 
to establish AML programs that, at a minimum, include: (1) The 
development of internal policies, procedures, and controls; (2) the 
designation of a compliance officer; (3) an ongoing employee training 
program; and (4) an independent audit function to test programs. In 
addition, the CDD Rule described above added an explicit requirement to 
understand the nature and purpose of customer relationships; to conduct 
ongoing monitoring to identify and report suspicious transactions; and, 
on a risk basis, to maintain and update customer information.\27\
---------------------------------------------------------------------------

    \27\ 31 CFR 1020.210(b)(5).
---------------------------------------------------------------------------

    Section 326 of the USA PATRIOT Act requires FinCEN to prescribe 
regulations that require financial institutions to establish programs 
for account opening that, at a minimum, include: (1) Verifying the 
identity of any person seeking to open an account, to the extent 
reasonable and practicable; (2) maintaining records of the information 
used to verify the person's identity, including name, address, and 
other identifying information; and (3) determining whether the person 
appears on any lists of known or suspected terrorists or terrorist 
organizations provided to the financial institution by any government 
agency.
    Section 312 of the USA PATRIOT Act requires each U.S. financial 
institution that establishes, maintains, administers, or manages a 
correspondent account or a private banking account in the United States 
for a non-U.S. person to subject such accounts to certain AML measures.

C. Small Entities Subject to the Final Rule

    Based upon available data, for the purposes of the RFA, FinCEN 
estimates that these rules will impact approximately 297 state-
chartered non-depository trust companies, 228 non-federally insured 
credit unions, 12 non-federally insured state-chartered banks and 
savings and loan or building and loan associations, 1 private bank, and 
29 international banking entities.\28\

[[Page 57134]]

FinCEN's expectation, as expressed in the NPRM, is that many of the 
banks without a Federal functional regulator are small entities. No 
comments received in response to the NPRM indicated anything to the 
contrary. Therefore, FinCEN concludes that the Final Rule applies to a 
substantial number of small entities.
---------------------------------------------------------------------------

    \28\ The Small Business Administration (``SBA'') size standards 
define a trust company as a small business if it has assets of $38.5 
million or less. The SBA defines a depository institution (including 
a credit union) as a small business if it has assets of $550 million 
or less. FinCEN was unable to find an authoritative figure on the 
number of non-federally regulated depository institutions that would 
meet the definition of small entity.
---------------------------------------------------------------------------

D. Projected Reporting, Recordkeeping, and Other Compliance 
Requirements of the Final Rule

    The Final Rule prescribes minimum standards for AML programs for 
banks without a Federal functional regulator to ensure that all banks, 
regardless of whether they are subject to Federal regulation and 
oversight, are required to establish and implement written AML 
programs, including conducting ongoing customer due diligence, and to 
identify and verify the identity of the beneficial owners of their 
legal entity customers. The changes also extend customer identification 
program requirements to those banks not already subject to these 
requirements.
    Banks lacking a Federal functional regulator are currently required 
to comply with many existing requirements under the BSA. All banks, 
including those not subject to Federal supervision, are already 
required to file CTRs and SARs, which necessarily requires a bank to 
establish a process to detect unusual activity. In addition, certain 
banks lacking a Federal functional regulator--namely, private banks, 
non-federally insured credit unions, and certain trust companies--must 
maintain CIPs.\29\
---------------------------------------------------------------------------

    \29\ See 31 CFR 1020.220.
---------------------------------------------------------------------------

    With respect to the beneficial ownership requirement, the Final 
Rule requires banks lacking a Federal functional regulator to obtain 
and maintain identifying information for each beneficial owner from 
each legal entity customer that opens a new account, including name, 
address, date of birth, and identification number. The financial 
institution is also required to verify the identity of such persons by 
documentary or non-documentary methods and to maintain in its records 
for five years a description of (i) any document relied on for 
verification, (ii) any such non-documentary methods and results of such 
measures undertaken, and (iii) the resolution of any substantive 
discrepancies discovered in verifying the identification information.
    The burden on a small non-federally regulated bank at account 
opening resulting from the Final Rule would be a function of the number 
of beneficial owners of each legal entity customer opening a new 
account, the additional time required to identify and verify each 
beneficial owner, and the number of new accounts opened for legal 
entities by the small banks during a specified period.
    None of the small businesses that commented on the CDD Rule's 
Initial Regulatory Flexibility Analysis (``IRFA'') included an estimate 
of the amount of time to open a legal entity account; rather, only one 
noted the number of such accounts it opens per year (70). As a result 
of the comments FinCEN received to the CDD Rule's regulatory impact 
assessment (``RIA''), FinCEN concluded in its Final Regulatory 
Flexibility Analysis (``FRFA'') \30\ that the estimated time for 
financial institutions to open accounts ranges from 20 to 40 
minutes.\31\ On December 30, 2019, FinCEN published in the Federal 
Register a notice of intent to renew without change, information 
collection requirements in connection with beneficial ownership 
requirements for legal entity customers.\32\ As a result of public 
comments received on the notice, FinCEN increased its estimate of the 
burden from an average of 30 minutes to an average of 80 minutes per 
new account opened for a legal entity customer.
---------------------------------------------------------------------------

    \30\ See 81 FR at 29448.
    \31\ See id. As a result of the comments FinCEN received to the 
draft RIA from other commenters, FinCEN increased the estimated time 
for financial institutions to open accounts, from a range of 15 to 
30 minutes in the IRFA, to a range of 20 to 40 minutes.
    \32\ See 84 FR 72137 (Dec. 30, 2019).
---------------------------------------------------------------------------

E. Overlapping or Conflicting Federal Rules

    FinCEN is unaware of any existing Federal regulations that would 
overlap or conflict with the Final Rule.

F. Consideration of Significant Alternatives

    FinCEN has not identified any alternative means for bringing these 
categories of non-Federally regulated banks into compliance with the 
same standards as all other banks in the United States. Were FinCEN to 
exempt small entities from this requirement, those entities would 
potentially be at greater risk of abuse by criminals, terrorists, and 
other bad actors and would expose the U.S. financial system to money 
laundering, terrorist financing, proliferation financing, and other 
serious illicit finance threats.
    With respect to beneficial ownership requirements in the CDD Rule, 
FinCEN considered several alternatives to the requirements proposed. As 
described in greater detail in the preamble to the final CDD Rule,\33\ 
these alternatives included exempting small financial institutions 
below a certain asset or legal entity customer threshold from the 
requirements, as well as utilizing a lower or higher threshold for the 
minimum level of equity ownership for the definition of beneficial 
owner. FinCEN determined, however, that identifying the beneficial 
owner of a financial institution's legal entity customers and verifying 
that identity are necessary requirements to strengthen financial 
transparency and to combat the misuse of companies to engage in illicit 
activities. Were FinCEN to exempt from this requirement small entities 
or entities that establish a limited number of accounts for legal 
entities, those financial institutions would be at greater risk of 
abuse by criminals, terrorists, and other bad actors and would expose 
the U.S. financial system to money laundering, terrorist financing, 
proliferation financing, and other serious illicit finance threats.
---------------------------------------------------------------------------

    \33\ See 81 FR at 29450.
---------------------------------------------------------------------------

    FinCEN also considered increasing the threshold for ownership of 
equity interests in the definition of beneficial ownership to 50 
percent or more of the equity interests. Although this higher threshold 
would reduce the maximum number of individuals whose identity would 
need to be verified from five to three, thus reducing marginally the 
onboarding time, this change would not impact the training or IT costs 
and, therefore, would not substantially reduce the overall costs of the 
rule and also would provide less useful information. After considering 
all the alternatives, FinCEN concluded that an ownership threshold of 
25 percent is appropriate to maximize the benefits of the requirement 
while minimizing the burden.\34\
---------------------------------------------------------------------------

    \34\ Id. at 29410.
---------------------------------------------------------------------------

    To minimize burden to covered financial institutions, which would 
apply to banks covered under this Final Rule, FinCEN did exempt such 
financial institutions from the beneficial ownership requirements in 
connection with legal entity customers opening certain low risk 
accounts.\35\
---------------------------------------------------------------------------

    \35\ 31 CFR 1010.230(h); see also FIN-2018-R004, ``Exceptive 
Relief from Beneficial Ownership Requirements for Legal Entity 
Customers of Rollovers, Renewals, Modifications, and Extensions of 
Certain Accounts,'' (Sept. 7, 2018).
---------------------------------------------------------------------------

    FinCEN believes, based on its exposure to other similarly regulated 
businesses that are required to comply

[[Page 57135]]

with AML and CIP programs and beneficial ownership requirements, that 
banks lacking a Federal functional regulator will be able to build on 
their existing compliance policies and procedures and prudential 
business practices to ensure compliance with this Final Rule with 
relatively minimal cost and effort. As FinCEN has done with the other 
industries subject to the requirements of the BSA, FinCEN will actively 
engage with banks lacking a Federal functional regulator to provide 
guidance and feedback, and endeavor to make compliance with the 
regulations as cost-effective and efficient as possible for all 
affected banks.
    FinCEN believes that the flexibility incorporated into the Final 
Rule permits each bank lacking a Federal functional regulator to take a 
risk-based approach to tailor its AML and CIP programs to fit its own 
size, needs, and operational risks. In this regard, FinCEN believes 
that expenditures associated with establishing and implementing an AML 
program will be commensurate with a bank's size, complexity, and risk 
profile. Based on inherent risks, some banks may deem it appropriate to 
implement more comprehensive policies, procedures, and internal 
controls than others. FinCEN does not intend for each bank lacking a 
Federal functional regulator to have identical policies and procedures 
for their AML and CIP programs. The AML regulations are risk-based. 
Accordingly, each bank has broad discretion to design and implement 
programs that reflect and respond to the bank's unique money 
laundering, terrorist and proliferation financing, and other serious 
illicit finance risks. As with other financial institutions subject to 
the requirements of the BSA, if a bank lacking a Federal functional 
regulator is small or does not have high-risk customers, or does not 
engage in high-risk transactions, the burden to comply with the Final 
Rule likely will be commensurately minimal. FinCEN anticipates that the 
impact of the AML and CIP program and beneficial ownership requirements 
and the assessment of associated risks will not be significant for 
covered banks lacking a Federal functional regulator.

G. Certification

    The additional burden under the Final Rule is a requirement to 
maintain AML and CIP programs and comply with beneficial ownership 
requirements. As discussed above, FinCEN anticipates that the impact 
from these requirements will not be significant. Accordingly, FinCEN 
certifies that the Final Rule will not have a significant economic 
impact on small entities.

VI. Unfunded Mandates Act

    Section 202 of the Unfunded Mandates Reform Act of 1995 (``Unfunded 
Mandates Act''), Public Law 104-4 (March 22, 1995), requires that an 
agency prepare a budgetary impact statement before promulgating a rule 
that may result in expenditure by State, local, and tribal governments, 
in the aggregate, or by the private sector, of $100 million or more in 
any one year. If a budgetary impact statement is required, section 202 
of the Unfunded Mandates Act also requires an agency to identify and 
consider a reasonable number of regulatory alternatives before 
promulgating a rule. Taking into account the factors noted above and 
using conservative estimates of average labor costs in evaluating the 
cost of the burden imposed by the proposed regulation, FinCEN has 
determined that it is not required to prepare a written statement under 
section 202.

VII. Executive Orders 13563 and 12866

    Executive Orders 13563 and 12866 direct agencies to assess costs 
and benefits of available regulatory alternatives and, if regulation is 
necessary, to select regulatory approaches that maximize net benefits 
(including potential economic, environmental, public health and safety 
effects, distributive impacts, and equity). Executive Order 13563 
emphasizes the importance of quantifying both costs and benefits, of 
reducing costs, of harmonizing rules, and of promoting flexibility. 
This Final Rule has been designated a ``significant regulatory 
action,'' although not economically significant, under section 3(f) of 
Executive Order 12866. Accordingly, the Final Rule has been reviewed by 
the Office of Management and Budget (``OMB''). As noted above, FinCEN 
believes the new requirements imposed on banks without a Federal 
functional regulator, as a result of this Final Rule, will result in a 
minimal additional compliance burden for such banks for the following 
reasons:
     Banks lacking a Federal functional regulator are currently 
required to comply with many existing requirements under the BSA, 
including the requirements to file CTRs and SARs, which necessarily 
require a bank to establish a process to detect unusual activity.
     Certain banks lacking a Federal functional regulator--
namely, private banks, non-federally insured credit unions, and certain 
trust companies--must maintain CIPs.
     Banks lacking a Federal functional regulator generally are 
required by state banking regulation and guidance to have policies, 
management oversight, personnel training, internal compliance review, 
and various procedures and systems in place to comply with regulation 
and guidance. Even banks not subject to these state regulatory 
requirements must develop such policies and procedures to properly 
function and comply with their BSA obligations and state banking 
regulations.

VIII. Paperwork Reduction Act

    The collections of information contained in the Final Rule were 
submitted to OMB for review in accordance with the Paperwork Reduction 
Act of 1995 (``PRA'').\36\ The information collections have been 
approved under OMB control numbers 1506-0035 (Anti-money laundering 
program requirements for banks), 1506-0026 (Customer identification 
program requirements for banks), and 1506-0070 (Beneficial ownership 
requirements for legal entity customers).
---------------------------------------------------------------------------

    \36\ 44 U.S.C. 3507(d).
---------------------------------------------------------------------------

    In accordance with the requirements of the PRA, and its 
implementing regulations, 5 CFR part 1320, the following information 
concerning the collection of information is presented. The information 
collections in this Final Rule are contained in 31 CFR 1020.210 (Anti-
money laundering program requirements for banks), 31 CFR 1020.220 
(Customer identification program requirements for banks), and 31 CFR 
1010.230 (Beneficial ownership requirements for legal entity 
customers). The information will be used by examining agencies to 
verify compliance with these provisions. The collection of information 
is mandatory. Records required to be retained under the BSA must be 
retained for five years.

a. 31 CFR 1020.210--Anti-Money Laundering Program Requirements for 
Banks

    Under this Final Rule, banks that lack a Federal functional 
regulator are required to establish and implement written AML programs 
under the specified minimum standards. All financial institutions are 
required to document their AML programs and are permitted to use the 
method most suitable to their requirements. In addition, banks that 
lack a Federal functional regulator are required to obtain approval of 
their AML program by their board of directors, or an equivalent 
governing body.
    Description of Recordkeepers: Banks that lack a Federal functional 
regulator, including, but not limited to, state-

[[Page 57136]]

chartered non-depository trust companies, non-federally insured credit 
unions, non-federally insured state-chartered banks and savings and 
loan or building and loan associations, private banks, and 
international banking entities.
    Estimated Number of Recordkeepers: 567 financial institutions.\37\
---------------------------------------------------------------------------

    \37\ Approximately 297 state-chartered non-depository trust 
companies, 228 non-federally insured credit unions, 12 non-federally 
insured state-chartered banks and savings and loan or building and 
loan associations, 1 private bank, and 29 international banking 
entities will be required to implement written AML programs as a 
result of this Final Rule.
---------------------------------------------------------------------------

    Estimated Annual Records: 567 AML programs.
    Estimated Annual Burden Hours: 1,134 hours.\38\
---------------------------------------------------------------------------

    \38\ The estimated average burden associated with the 
development of a written AML program is one hour per recordkeeper 
annually. Although this is a new requirement for banks lacking a 
Federal functional regulator, they are already obligated to comply 
with a number of BSA regulations and state banking regulations. For 
example, FinCEN regulations require all banks, regardless of whether 
they have a Federal functional regulator, to file CTRs and SARs, as 
well as to make and maintain certain records. These banks likely 
maintain procedures to comply with such BSA and state banking 
regulations. For that reason, FinCEN estimates that the burden 
associated with the development of a written AML program is one hour 
because the impacted financial institutions will be able to 
incorporate existing applicable procedures. In addition, the 
estimated average burden associated with obtaining board approval of 
the AML program is one hour per recordkeeper annually. This equates 
to 2 hours of annual burden per impacted financial institution to 
comply with these requirements (567 financial institutions x 2 hours 
= 1,134 hours).
---------------------------------------------------------------------------

    Estimated Total Annual Burden for AML Program Requirements: 1,134 
hours.
    This burden is added to the existing burden listed under OMB 
control number 1506-0035 currently titled ``Anti-Money Laundering 
Programs for Insurance Companies and Non-Bank Residential Mortgage 
Lenders and Originators.'' The new title for this control number will 
be ``Anti-Money Laundering Programs for Insurance Companies, Non-Bank 
Residential Mortgage Lenders and Originators, and Banks Lacking a 
Federal Functional Regulator.'' The new total estimated annual burden 
for this control number is 33,334 hours.\39\
---------------------------------------------------------------------------

    \39\ The current annual burden hours estimate for OMB control 
number 1506-0035 is 32,200. One thousand one hundred thirty four 
(1,134) burden hours will be added to this control number as a 
result of this Final Rule (32,200 + 1,134 = 33,334).
---------------------------------------------------------------------------

b. 31 CFR 1020.220--Customer Identification Program Requirements for 
Banks

    Under the CIP requirements, financial institutions are required to 
implement risk-based, written CIPs that address the following: (1) 
Procedures for verifying the identify of each new customer; (2) 
procedures for making and maintaining a record of all information 
obtained under the customer identification program; (3) procedures for 
determining whether a new customer appears on any list of known or 
suspected terrorist organizations issued by the Federal government; and 
(4) procedures for providing customers adequate notice that the 
financial institution is requesting information to verify their 
identities.
    Description of Recordkeepers: Banks that lack a Federal functional 
regulator, such as non-federally insured state-chartered banks and 
savings and loan or building and loan associations, and international 
banking entities.\40\
---------------------------------------------------------------------------

    \40\ FinCEN has previously implemented CIP requirements for 
credit unions, private banks, and trust companies that do not have a 
Federal functional regulator. See 31 CFR 1020.220. For that reason, 
the CIP requirements in this Final Rule only apply to the non-
federally insured state-chartered banks and savings and loan or 
building and loan associations and international banking entities.
---------------------------------------------------------------------------

1. Implementing Written CIP Procedures
    Estimated Number of Recordkeepers: 41 financial institutions. \41\
---------------------------------------------------------------------------

    \41\ Approximately 12 non-federally insured state-chartered 
banks and savings and loan or building and loan associations and 29 
international banking entities depository institutions will be 
required to implement CIP requirements as a result of this Final 
Rule.
---------------------------------------------------------------------------

    Estimated Annual Records: 41 written CIP programs.
    Estimated Annual Burden Hours: 41 hours.\42\
---------------------------------------------------------------------------

    \42\ The estimated average burden associated with the 
development of written CIP procedures is one hour per recordkeeper 
annually. Although this is a new requirement for some banks lacking 
a Federal functional regulator, they are already obligated to comply 
with a number of BSA regulations and state banking regulations. 
These banks likely maintain procedures to comply with such BSA and 
state banking regulations. Further, certain identity verification 
documents for new customers are collected as standard practice for 
the financial industry. For that reason, FinCEN estimates that the 
burden associated with the development of written CIP procedures is 
one hour because it will incorporate existing applicable procedures.
---------------------------------------------------------------------------

2. Recording Information Required To Identify and Verify New Customers
    Estimated Number of Recordkeepers: 41 financial institutions.
    Estimated Annual Records: 30,750 records on new accounts.\43\
---------------------------------------------------------------------------

    \43\ FinCEN estimates that, on average, small financial 
institutions, such as those covered by this Final Rule, will open 
approximately 3 new accounts per business day. There are 250 
business days per year. (41 financial institutions x 3 accounts per 
day x 250 business days = 30,750 records per year).
---------------------------------------------------------------------------

    Estimated Annual Burden Hours: 2,563 hours.\44\
---------------------------------------------------------------------------

    \44\ In past PRA burden analysis, FinCEN estimated that the 
burden to collect account information as a result of CIP 
requirements for other types of financial institutions was 2 minutes 
per new account. However, because CIP is a new regulatory 
requirement for the financial institutions impacted by this Final 
Rule, FinCEN will conservatively estimate that the time it takes to 
collect and document identification and verification information for 
purposes of CIP is 5 minutes per new account opened. (30,750 records 
on new accounts x 5 minutes per account and converted to hours = 
2,563 annual burden hours).
---------------------------------------------------------------------------

3. Providing Customers Notice of Identification Requirements
    Estimated Number of Recordkeepers: 41 financial institutions.
    Estimated Annual Records: 41 disclosure notices.
    Estimated Annual Burden Hours: 41 hours.\45\
---------------------------------------------------------------------------

    \45\ FinCEN estimates that it will take each financial 
institutions impacted by this Final Rule 1 hour to draft and post a 
CIP disclosure notification for customers (41 financial institutions 
x 1 hour = 41 hours).
---------------------------------------------------------------------------

4. Total Annual Burden Applicable to CIP Requirements
    Estimated Total Annual Burden Hours for CIP Requirements: 2,645 
hours (41 + 2,563 + 41).
     41 hours--Implementing written CIP procedures.
     2,563 hours--Recording information required to identify 
and verify new customers.
     41 hours--Providing customers notice of identification 
requirements.
    This burden is added to the existing burden listed under OMB 
control number 1506-0026 currently titled ``Customer Identification 
Programs for Banks, Savings Associations, Credit Unions, and Certain 
Non-Federally Regulated Banks.'' The new title for this control number 
will be ``Customer Identification Program Requirements for Banks.'' The 
new total estimated annual burden for this control number is 178,205 
hours.\46\
---------------------------------------------------------------------------

    \46\ The current annual burden hours estimate for OMB control 
number 1506-0026 is 175,560, and 2,645 burden hours will be added to 
this control number as a result of this rulemaking (175,560 + 2,645 
= 178,205).
---------------------------------------------------------------------------

c. 31 CFR 1010.230--Beneficial Ownership Requirements for Legal Entity 
Customers

    Under 31 CFR 1010.230, financial institutions are required to 
establish and maintain written procedures that are reasonably designed 
to identify and verify beneficial owners of new accounts opened by 
legal entity customers and to include such procedures in their AML 
programs. Financial institutions may obtain the required identifying 
information by either using the optional certification form from the 
individual opening the account on behalf of a legal entity

[[Page 57137]]

customer, or by obtaining from the individual the information required 
by the form by another means, provided the individual certifies the 
accuracy of the information. Financial institutions must also maintain 
a record of the identifying information obtained, as well as a 
description of any document relied on, of any non-documentary methods 
and results of any measures undertaken, and the resolutions of 
substantive discrepancies.
    Description of Recordkeepers: Banks that lack a Federal functional 
regulator, including, but not limited to, state-chartered non-
depository trust companies, non-federally insured credit unions, non-
federally insured state-chartered banks and savings and loan or 
building and loan associations, private banks, and international 
banking entities.
1. Develop and Maintain Beneficial Ownership Identification Procedures
    Estimated Number of Recordkeepers: 567 financial institutions.\47\
---------------------------------------------------------------------------

    \47\ Approximately 297 state-chartered non-depository trust 
companies, 228 non-federally insured credit unions, 12 non-federally 
insured state-chartered banks and savings and loan or building and 
loan associations, 1 private bank, and 29 international banking 
entities will be required to implement beneficial ownership 
identification procedures as a result of this Final Rule.
---------------------------------------------------------------------------

    Estimated Annual Records: 567 beneficial ownership identification 
procedures.
    Estimated Annual Burden Hours: 22,680 hours.\48\
---------------------------------------------------------------------------

    \48\ The beneficial ownership final rule recognized a burden of 
56 hours to develop the initial procedures (40 hours for small 
entities). See 81 FR at 29451. Based on FinCEN's data, banks lacking 
a Federal functional regulator are generally considered small 
entities. For that reason, FinCEN estimates it will take 40 hours 
for financial institutions impacted by this Final Rule to develop 
and document initial beneficial ownership identification procedures. 
(567 x 40 = 22,680).
---------------------------------------------------------------------------

2. Customer Identification, Verification, and Review and Recordkeeping 
of the Beneficial Ownership Information
    Estimated Number of Recordkeepers: 567 financial institutions.
    Estimated Annual Records: 212,625 beneficial ownership 
identification records.\49\
---------------------------------------------------------------------------

    \49\ The beneficial ownership final rule recognized a burden of 
20 to 40 minutes (average of 30 minutes) to obtain identification 
records for each legal entity customer. The final rule also 
estimated that a financial institution would open 1.5 new legal 
entity accounts per business day. There are 250 business days per 
year. See id. at 29451 n.191. On December 30, 2019, FinCEN published 
in the Federal Register a notice of intent to renew without change, 
information collection requirements in connection with beneficial 
ownership requirements for legal entity customers. See supra note 
30. As a result of public comments received on the notice, FinCEN 
increased its estimate of the burden from an average of 30 minutes 
to an average of 80 minutes per new account opened for a legal 
entity customer. (1.5 accounts per day x 250 days per year = 375 
accounts per financial institution). (567 financial institutions x 
375 accounts per year = 212,625 accounts per year).
---------------------------------------------------------------------------

    Estimated Annual Burden Hours: 283,500 hours.\50\
---------------------------------------------------------------------------

    \50\ (212,625 accounts x 80 minutes per account and converted to 
hours = 283,500 hours).
---------------------------------------------------------------------------

3. Total Annual Burden Applicable to Beneficial Ownership Requirements
    Estimated Total Annual Burden Hours for Beneficial Ownership 
Requirements: 306,180 hours (22,680 + 283,500).
     22,680 hours--Develop and maintain beneficial ownership 
identification procedures.
     283,500 hours--Customer identification, verification, and 
review and recordkeeping of the beneficial ownership information.
    This burden is added to the existing burden listed under OMB 
control number 1506-0070 titled Beneficial Ownership Requirements for 
Legal Entity Customers. The new total estimated annual burden for this 
control number is 12,190,880 hours.\51\
---------------------------------------------------------------------------

    \51\ The current annual burden hours estimate for OMB control 
number 1506-0070 is 11,884,700. 306,180 burden hours will be added 
to this control number as a result of this Final Rule (11,884,700 + 
306,180 = 12,190,880).
---------------------------------------------------------------------------

    Total Estimated Annual Burden Hours as a Result of this Final Rule: 
309,959 hours (1,134 + 2,645 + 306,180).
     Anti-money laundering program requirements for banks--
1,134 hours.
     Customer identification program requirements for banks--
2,645 hours.
     Beneficial ownership requirements for legal entity 
customers--306,180 hours.

List of Subjects in 31 CFR Parts 1010 and 1020

    Administrative practice and procedure, Banks, Banking, Currency, 
Foreign banking, Foreign currencies, Investigations, Penalties, 
Reporting and recordkeeping requirements, Terrorism.

Authority and Issuance

    For the reasons set forth in the preamble, Parts 1010 and 1020 of 
Chapter X of Title 31 of the Code of Federal Regulations are amended as 
follows:

PART 1010--GENERAL PROVISIONS

0
1. The authority citation for part 1010 continues to read as follows:

    Authority:  12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 
and 5316-5332; title III, sec. 314, Pub. Law 107-56, 115 Stat. 307; 
sec. 701, Pub. L. 114-74, 129 Stat. 599.


Sec.  1010.205   [Amended]

0
2. Section 1010.205 is amended by:
0
a. Removing paragraph (b)(1)(vi);
0
b. Redesignating paragraphs (b)(1)(vii) through (ix) as paragraphs 
(b)(1)(vi) through (viii); and
0
c. Removing and reserving paragraphs (b)(2) and (b)(3).
0
3. Section 1010.605 is amended by:
0
a. Revising paragraph (e)(1)(i);
0
b. Removing paragraphs (e)(1)(ii) through (vii); and
0
c. Redesignating paragraphs (e)(1)(viii) through (x) as paragraphs 
(e)(1)(ii) through (iv).
    The revision reads as follows:


Sec.  1010.605   Definitions

* * * * *
    (e) * * *
    (1) * * *
    (i) A bank required to have an anti-money laundering compliance 
program under the regulations implementing 31 U.S.C. 5318(h), 12 U.S.C. 
1818(s), or 12 U.S.C. 1786(q)(1);
* * * * *

PART 1020--RULES FOR BANKS

0
4. The authority citation for part 1020 continues to read as follows:

    Authority:  12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 
and 5316-5332; title III, sec. 314, Pub. Law 107-56, 115 Stat. 307.


Sec.  1020.100   [Amended]

0
5. Section 1020.100 is amended by:
0
a. Removing paragraphs (b) and (d); and
0
b. Redesignating paragraph (c) as paragraph (b).

0
6. Section 1020.210 is revised to read as follows:


Sec.  1020.210   Anti-money laundering program requirements for banks.

    (a) Anti-money laundering program requirements for banks regulated 
by a Federal functional regulator, including banks, savings 
associations, and credit unions. A bank regulated by a Federal 
functional regulator shall be deemed to satisfy the requirements of 31 
U.S.C. 5318(h)(1) if it implements and maintains an anti-money 
laundering program that:
    (1) Complies with the requirements of Sec. Sec.  1010.610 and 
1010.620 of this chapter;
    (2) Includes, at a minimum:
    (i) A system of internal controls to assure ongoing compliance;
    (ii) Independent testing for compliance to be conducted by bank 
personnel or by an outside party;
    (iii) Designation of an individual or individuals responsible for 
coordinating and monitoring day-to-day compliance;

[[Page 57138]]

    (iv) Training for appropriate personnel; and
    (v) Appropriate risk-based procedures for conducting ongoing 
customer due diligence, to include, but not be limited to:
    (A) Understanding the nature and purpose of customer relationships 
for the purpose of developing a customer risk profile; and
    (B) Conducting ongoing monitoring to identify and report suspicious 
transactions and, on a risk basis, to maintain and update customer 
information. For purposes of this paragraph, customer information shall 
include information regarding the beneficial owners of legal entity 
customers (as defined in Sec.  1010.230 of this chapter); and
    (3) Complies with the regulation of its Federal functional 
regulator governing such programs.
    (b) Anti-money laundering program requirements for banks lacking a 
Federal functional regulator including, but not limited to, private 
banks, non-federally insured credit unions, and certain trust 
companies. A bank lacking a Federal functional regulator shall be 
deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if the bank 
establishes and maintains a written anti-money laundering program that:
    (1) Complies with the requirements of Sec. Sec.  1010.610 and 
1010.620 of this chapter; and
    (2) Includes, at a minimum:
    (i) A system of internal controls to assure ongoing compliance with 
the Bank Secrecy Act and the regulations set forth in 31 CFR Chapter X;
    (ii) Independent testing for compliance to be conducted by bank 
personnel or by an outside party;
    (iii) Designation of an individual or individuals responsible for 
coordinating and monitoring day-to-day compliance;
    (iv) Training for appropriate personnel; and
    (v) Appropriate risk-based procedures for conducting ongoing 
customer due diligence, to include, but not be limited to:
    (A) Understanding the nature and purpose of customer relationships 
for the purpose of developing a customer risk profile; and
    (B) Conducting ongoing monitoring to identify and report suspicious 
transactions and, on a risk basis, to maintain and update customer 
information. For purposes of this paragraph, customer information shall 
include information regarding the beneficial owners of legal entity 
customers (as defined in Sec.  1010.230); and
    (3) Is approved by the board of directors or, if the bank does not 
have a board of directors, an equivalent governing body within the 
bank. The bank shall make a copy of its anti-money laundering program 
available to the Financial Crimes Enforcement Network or its designee 
upon request.

0
7. Amend Sec.  1020.220 by revising the section heading and paragraph 
(a)(1) to read as follows:


Sec.  1020.220   Customer identification program requirements for 
banks.

    (a) * * *
    (1) In general. A bank required to have an anti-money laundering 
compliance program under the regulations implementing 31 U.S.C. 
5318(h), 12 U.S.C. 1818(s), or 12 U.S.C. 1786(q)(1) must implement a 
written Customer Identification Program (CIP) appropriate for the 
bank's size and type of business that, at a minimum, includes each of 
the requirements of paragraphs (a)(1) through (5) of this section. The 
CIP must be a part of the anti-money laundering compliance program.
* * * * *

Michael Mosier,
Deputy Director, Financial Crimes Enforcement Network.
[FR Doc. 2020-20325 Filed 9-14-20; 8:45 am]
BILLING CODE 4810-02-P