Last month the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) proposed new rules which would require non-federally regulated banks to implement Customer Identification Program (CIP) requirements related to the collection and verification of customer information. Financial institutions have until October 24, 2016, to comment on the proposed rule, which, if adopted, is estimated to affect more than 700 financial institutions across the country.

Who will be affected by the proposed rules?

The new rules would affect a large number of financial institutions lacking a “Federal functional regulator.” While non-federally regulated banks have other obligations under the Bank Secrecy Act, they are not currently covered under FinCEN’s anti-money laundering (AML) regulations. The proposed rules seek to close that regulatory gap.

The proposed rules identify the following five categories of non-federally regulated financial institutions which fall within the scope of the new regulations:

1. State-chartered non-depository trust companies
2. Non-federally insured credit unions
3. Private banks
4. Non-federally insured state banks and savings associations
5. International banking entities

What are the CIP requirements?

Pursuant to Section 326 of the USA Patriot Act, FinCEN has promulgated a number of regulations requiring financial institutions to establish CIPs to prevent the use of the financial system for illicit purposes. In order to comply with CIP requirements, financial institutions are required to implement procedures for account opening that, at a minimum:

• Verify the identity of any person seeking to open an account, to the extent reasonable and practicable;
• Maintain records of the information used to verify the person’s identity, including name, address, and other identifying information; and
• Determine whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency.

According to FinCEN, “[b]anks without a Federal functional regulator may be as vulnerable to the risks of money laundering and terrorist financing as banks with one.”

New Uniform Requirements

The proposed rules would also impose uniform regulatory requirements on all banks, including AML program requirements and the recent Customer Due Diligence (CDD) Rule.

Under the new CDD Rule, financial institutions lacking a federal regulator would be required, among other things, to collect and verify information on beneficial owners of accounts opened in the name of a legal entity. The CDD Rule also requires covered financial institutions to monitor accounts and identify suspicious activity utilizing customer risk profiles to enhance detection of suspicious transactions. Under the CDD Rule, covered financial institutions will need to formulate updated procedures and guidelines for identifying suspicious activities to include reasonable consideration of customer risk profiles.

FinCEN’s proposed expansion of the CIP, as well as uniform AML and CDD requirements, could present significant operational challenges for the more than 700 affected financial institutions related to establishing procedures for the gathering, storage, and effective utilization of customer and beneficial owner information. Stay tuned for further developments, as we continue to monitor the proposed rule during and after the October 24, 2016, comment period.