Online Manual - BSA InfoBase - FFIEC
(USA PATRIOT Act or Patriot Act).1 The Patriot Act contained a host of different . costly to implement, especially for small banks; (2) the Know Your Customer program tion of the Patriot Act require every bank to implement a written CIP an alternative to documentary verification, it is often used to supplement. IntroductionAbout Customer Identification Programs (CIPs)When Is Proof This guide is intended to make you aware of the requirements for Rather, they are required as part of the PATRIOT Act to combat terrorism and money laundering. Under CIP requirements, if the bank or other financial institution is. The CIP rule implements section of the USA PATRIOT Act and requires each The CIP must be incorporated into the bank's BSA/AML compliance program, which is The CIP is intended to enable the bank to form a reasonable belief that it . We may also ask to see your driver's license or other identifying documents.
The implementation of a CIP by subsidiaries of banks is appropriate as a matter of safety and soundness and protection from reputational risks. Domestic subsidiaries other than functionally regulated subsidiaries subject to separate CIP rules of banks should comply with the CIP rule that applies to the parent bank when opening an account within the meaning of 31 CFR The CIP is intended to enable the bank to form a reasonable belief that it knows the true identity of each customer.Meet The Patriot Act 2.0
The CIP must include account opening procedures that specify the identifying information that will be obtained from each customer. It must also include reasonable and practical risk-based procedures for verifying the identity of each customer.
Banks should conduct a risk assessment of their customer base and product offerings, and in determining the risks, consider: The types of accounts offered by the bank. The types of identifying information available. Pursuant to the CIP rule, an "account" is a formal banking relationship to provide or engage in services, dealings, or other financial transactions, and includes a deposit account, a transaction or asset account, a credit account, or another extension of credit.
An account also includes a relationship established to provide a safe deposit box or other safekeeping services or to provide cash management, custodian, or trust services.
An account does not include: Products or services for which a formal banking relationship is not established with a person, such as check cashing, funds transfer, or the sale of a check or money order.
Any account that the bank acquires. This may include single or multiple accounts as a result of a purchase of assets, acquisition, merger, or assumption of liabilities.
Accounts opened to participate in an employee benefit plan established under the Employee Retirement Income Security Act of The CIP rule applies to a "customer. A customer does not include a person who does not receive banking services, such as a person whose loan application is denied.
Alternative means include showing that the bank has had an active and longstanding relationship with a particular person, as evidenced by such things as a history of account statements sent to the person, information sent to the Internal Revenue Service IRS about the person's accounts without issue, loans made and repaid, or other services performed for the person over a period of time.
However, the comparable procedures used to verify the identity detailed above might not suffice for persons that the bank has deemed to be higher risk. Excluded from the definition of customer are federally regulated banks, banks regulated by a state bank regulator, governmental entities, and publicly traded companies as described in 31 CFR Customer Information Required The CIP must contain account-opening procedures detailing the identifying information that must be obtained from each customer.
In contrast, when an account is opened by an agent on behalf of another person, the bank must obtain the identifying information of the person on whose behalf the account is being opened. At a minimum, the bank must obtain the following identifying information from each customer before opening the account: Date of birth for individuals. C Credit card accounts.
In connection with a customer who opens a credit card accounta bank may obtain the identifying information about a customer required under paragraph a 2 i A by acquiring it from a third-party source prior to extending credit to the customer. The CIP must contain procedures for verifying the identity of the customerusing information obtained in accordance with paragraph a 2 i of this section, within a reasonable time after the account is opened.
The procedures must describe when the bank will use documents, non-documentary methods, or a combination of both methods as described in this paragraph a 2 ii. A Verification through documents.
For a bank relying on documents, the CIP must contain procedures that set forth the documents that the bank will use. These documents may include: B Verification through non-documentary methods. For a bank relying on non-documentary methods, the CIP must contain procedures that describe the non-documentary methods the bank will use. C Additional verification for certain customers. The CIP must address situations where, based on the bank 's risk assessment of a new account opened by a customer that is not an individual, the bank will obtain information about individuals with authority or control over such accountincluding signatories, in order to verify the customer 's identity.
This verification method applies only when the bank cannot verify the customer 's true identity using the verification methods described in paragraphs a 2 ii A and B of this section. The CIP must include procedures for responding to circumstances in which the bank cannot form a reasonable belief that it knows the true identity of a customer. These procedures should describe: A When the bank should not open an account ; B The terms under which a customer may use an account while the bank attempts to verify the customer 's identity; C When the bank should close an accountafter attempts to verify a customer 's identity have failed; and D When the bank should file a Suspicious Activity Report in accordance with applicable law and regulation.
The CIP must include procedures for making and maintaining a record of all information obtained under the procedures implementing paragraph a of this section. At a minimum, the record must include: One suggested that the rule not require a residential address since some persons may not have such an address. One suggested that the rule allow accounts to be opened even if all the required identifying information is not obtained, provided the broker-dealer has a reasonable belief that it knows the true identity of the customer.
One suggested that the requirement be risk-based. Three commenters addressed the requirement to check customers against terrorist lists. One suggested that FinCEN act as a clearinghouse for such lists. One suggested that the rule identify the lists that must be checked and specify which agencies can provide them.
Joint Final Rule: Customer Identification Programs For Broker-Dealers
One suggested permitting the lists to be checked within a reasonable time after an account is opened and that the lists be provided in a single electronic format. One commenter addressed the proposed rule's definitions of "U. It requested an exemption from the FCRA for such searches. We have modified the proposed rule in light of many of these comments and comments made with respect to the customer identification and verification rules being adopted for other financial institutions.
The section-by-section analysis that follows discusses the comments and the modifications that we have made to the rule. It applies to any person that is registered or required to be registered with the Commission as a broker or dealer under the Securities Exchange Act of Exchange Act6 except persons who register solely for the purpose of effecting transactions in securities futures products.
The final rule being adopted today falls directly within the scope of Rule 17a-8, and will be examined for, and enforced, by the Commission and appropriate self-regulatory organizations. Final rules governing the applicability of section to certain other financial institutions, including banks, thrifts, credit unions, mutual funds and futures commission merchants, are being issued separately.
Customer Identification Program
These participating agencies intend the effect of the final rules to be uniform throughout the financial services industry. Treasury intends to issue separate rules under section for certain non-bank financial institutions that are not regulated by one of the Federal Functional regulators.
Compliance Date Many commenters requested that broker-dealers be given adequate time to develop and implement the requirements of any final rule implementing section The transition periods suggested by commenters ranged from 90 days to two years after the publication of a final rule. The final rule modifies various aspects of the proposed rule and eliminates some of the requirements that commenters identified as being most burdensome.
omarcafini.info | Anti-Money Laundering (AML) Source Tool for Broker-Dealers
Nonetheless, we recognize that some broker-dealers will need time to develop and implement the customer identification program CIP required under the rule, as doing so may include various measures, such as training staff, reprinting forms, and programming automated systems.
Accordingly, although this rule will be effective 30 days after publication, broker-dealers will have a transition period to implement the rule. Broker-dealers must fully implement their CIPs under the final rule by October 1, We proposed to define "account" as any formal business relationship with a broker-dealer established to effect financial transactions in securities, including, but not limited to, the purchase or sale of securities, securities loan and borrowed activity or the holding of securities or other assets for safekeeping or as collateral.
The bank rules limited the definition of "account" to "ongoing transactions" to specifically address situations where a person obtains certain services or products from a bank such as cashing or buying a check or purchasing a wire transfer or money order.
In the final rules being issued by Treasury and the banking agencies, the definition of account no longer contains the term "ongoing.
Moreover, they generally are covered by other provisions of the BSA. Thus, we did not include the term "ongoing" in the definition of account or adopt the specific exclusions included in the bank rule. We believe these transactions can give rise to an account relationship and, therefore, have not excluded them specifically from the definition of account.
However, changes we made to the reliance and recordkeeping sections of the rule address many of the concerns raised by these commenters. This change is made to clarify further that the rule applies to relationships established for the purpose of effecting securities transactions as opposed to general business dealings, such as those established in connection with a broker-dealer's own operations or premises. The definition of "account" in the proposed rule contained a second sentence setting forth examples of the types of accounts that would constitute an "account" for the purposes of the rule.
These types of accounts remain "accounts" for the purposes of the final rule. However, the final rule text no longer specifically cites them as examples in order to make clear that the list was not exhaustive. Customers do not initiate these transfers and, therefore, the accounts do not fall within the scope of section These accounts are less susceptible to be used for the financing of terrorism and money laundering because, among other reasons, they are funded through payroll deductions in connection with employment plans that must comply with federal regulations.
These regulations impose, among other requirements, low contribution limits and strict distribution requirements. We proposed to define "broker-dealer" as any person registered or required to be registered with the Commission, except persons who register solely to effect transactions in securities futures products. We proposed "customer" to mean any person who opens a new account with a broker-dealer, and any person granted authority to effect transactions in an account.
Nine commenters suggested that the definition not include persons with authority over accounts. Some suggested that these persons be excluded from the definition entirely while others proposed using a risk-based approach. Seven commenters suggested that the sponsors of employee benefit plans be considered customers, rather than the beneficiaries.
Three commenters suggested that the definition of "customer" exclude beneficiaries of trust and escrow accounts. Three commenters suggested that the definition exclude beneficiaries of omnibus accounts. Two commenters suggested that the definition exclude persons who are allocated portions of delivery-versus-payment securities transactions at the direction of an investment advisor.
One commenter suggested that the definition may not capture registered owners of an account if someone else undertook the necessary steps to open the account for the owners. One commenter suggested that the definition exclude banks, government agencies and public companies. We have addressed most of these comments and other issues through revisions to the definition of customer and through changes made to other sections of the rule. For consistency with the Act, the final rule defines "customer" as "a person that opens a new account.
It does not refer to persons who fill out the account opening paperwork or provide information necessary to set up an account, if such persons are not the accountholder as well. Thus, under this rule, a broker-dealer is not required to look through a trust, or similar account to its beneficiaries, and is required only to verify the identity of the named accountholder.
Commenters asserted that the proposal in this respect was overbroad and unduly burdensome, and would not further the goals of the statute. After revisiting this component of the "customer" definition, we have determined that requiring limited resources to be expended on verifying the identities of persons with authority over accounts could interfere with a broker-dealer's ability to focus on identifying customers and accounts that present a higher risk of not being properly identified.
Accordingly, the final rule does not include persons with authority over accounts in the definition of "customer. The definition of "customer" has been revised to clarify the treatment of minors and informal groups non-legal entities with a common interest e. Generally, this will be the person who fills out the account opening paperwork and provides the information necessary to set up the account in the name of the minor or group. In order to make the rule less burdensome, the final rule excludes from the definition of "customer" certain readily identifiable entities, including: These excluded persons include entities such as governmental agencies and instrumentalities and companies that are publicly traded.
We have added a definition of "Federal functional regulator" to the final rule. The final rule uses the definition of "Federal functional regulator" in section We have added a definition of "financial institution" to the final rule. This is a more expansive definition of "financial institution" than that in section The proposed rule contained a definition of "taxpayer identification number" because that term is used later in the rule with respect to the types of information broker-dealers must collect from customers.
There were no comments on this approach and, therefore, we have adopted it as proposed. The proposed rule defined "U. We believe that the proposed definitions of "U. Adoption of the IRS definition of "U. Under the proposed definition, a broker-dealer will not necessarily need to establish whether a potential customer is a U. The broker-dealer will have to ask each customer for a U. If a customer cannot provide one, the broker-dealer may then accept alternative forms of identification.
Therefore, the definitions are adopted as proposed. We proposed to require that each broker-dealer establish, document, and maintain a written CIP as part of its required anti-money laundering AML program, 44 and that the procedures of the CIP enable the broker-dealer to form a reasonable belief that it knows the true identity of a customer.
In the final rule, paragraph b 1 continues to set forth the general requirement that a broker-dealer must establish, document, and maintain a written CIP as part of its required AML program.
It now provides that the CIP should be appropriate for the broker-dealer's size and business and that, at a minimum, it must contain the requirements set forth in paragraphs b 1 through b 5 which are discussed below.
The final rule was re-organized in order to be structurally consistent with the rules being issued by the banking agencies. Thus, requirements that had been set forth in paragraphs cdefg and h in the proposed rule are now contained in paragraphs b 2 through b 5 of the final rule to the extent they have been adopted.
Finally, the reference to risk factors has been moved to paragraph b 2 of the final rule, which requires broker-dealers to establish identity verification procedures. This change was made to highlight that the risk factors should be considered specifically when developing identification verification procedures. We proposed to require that a broker-dealer's CIP include procedures for verifying the identity of customers, to the extent reasonable and practicable, using information specified in the rule, and that such verification occur within a reasonable time before or after the customer's account is opened or the customer is granted authority to effect transactions with respect to an account.
The final rule continues to strike a balance between flexibility and detailed guidance, and we are adopting the provisions on identity verification procedures substantially as proposed. The proposed rule would have required a broker-dealer's CIP to require the firm to obtain certain identifying information about each customer, including, at a minimum: One commenter pointed out that certain persons may not have permanent residential addresses because they are military personnel living overseas or are living on boats.
This commenter suggested the rule only require that a mailing address be obtained. Another commenter suggested that the rule permit broker-dealers to open an account even if all the minimum identifying information is not obtained, provided the broker-dealer has a reasonable belief that it knows the customer's true identity.
The final commenter suggested the rule be risk-based with respect to the required minimum information. This commenter also stated that the rule should require a mailing address only. We are adopting the customer information provisions substantially as proposed with changes to accommodate individuals who may not have physical addresses.
Accordingly, prior to opening an account, a broker-dealer must obtain, at a minimum, a customer's 1 name; 2 date of birth, for an individual; 3 address; and 4 identification number. The proposed rule would have required the broker-dealer to retain a copy of the customer's application for a taxpayer identification number.
We proposed to require that a broker-dealer's CIP include procedures for verifying the identity of customers, to the extent reasonable and practicable, using the information obtained under the rule.
Two of these commenters also pointed out that a second account is not created when a customer changes a cash account into a margin account. Accordingly, they argued that the changing of a cash account into a margin account should not be considered the opening of a new account. As discussed above, the definition of "customer" in the final rule has been changed to exclude persons who have an existing account at the broker-dealer, provided the broker-dealer has a reasonable belief that it knows the customer's true identity.
Accordingly, broker-dealers will not be required to verify the identities of such persons. One commenter also suggested that the rule should not require broker-dealers to verify the identities of personal acquaintances. The final rule adopts the customer verification requirements substantially as proposed, with modifications that conform this provision of the final rule to the revised definition of "customer," described above.
The final rule requires that the CIP contain procedures for verifying the identity of the customer, using the customer information obtained in accordance with paragraph b 2 iwithin a reasonable time before or after the account is opened. As stated in the NPRM, broker-dealers must reasonably exercise the flexibility to undertake verification before or after an account is opened. The amount of time may depend on various factors, such as the type of account opened, whether the customer opens the account in-person, and the type of identifying information that is available.
The CIP should set forth guidelines describing when documents, non-documentary methods, or a combination of both will be used. These guidelines should be based on the broker-dealer's assessment of the relevant risk factors. Finally, with respect to the comment on personal acquaintances, we believe it would be inappropriate to provide special treatment for such customers. The rule is sufficiently flexible to make their verification as unobtrusive as possible.
We proposed to require that a broker-dealer's CIP describe documents that the firm will use to verify customers' identities. Three commenters submitted comments on this aspect of the rule. Two commenters sought clarification that broker-dealers will not be responsible for ensuring the validity of verifying documents.