WASHINGTON--The Federal Deposit Insurance Corporation, the Office of Comptroller of the Currency, and NCUA, with the concurrence of the Financial Crimes Enforcement Network, issued an order Friday granting an exemption from a requirement of the Customer Identification Program (CIP) Rule implementing Section 326 of the USA PATRIOT Act.
The CIP Rule requires a bank or credit union to obtain taxpayer identification number (TIN) information from its customer before opening an account, and the exemption permits a bank or credit union to use an alternative collection method to obtain TIN information from a third-party rather than from the customer, the agencies stated in a joint release.
The order applies to accounts at all entities supervised by the agencies.
"Since the CIP Rule was issued initially in 2003, there has been a significant evolution in the ways consumers access financial services, along with a rise in reported customer reluctance to provide their full TIN due, in part, to data breaches and identity theft concerns. Accordingly, this exemption provides flexibility to those entities supervised by the agencies that must comply with the CIP Rule. The exemption does not change the underlying requirement for banks and credit unions to have risk-based CIP procedures that enable them to form a reasonable belief they know the true identity of each customer," the agencies said.
This exemption is optional, and entities are not required to use an alternative collection method to obtain a customer’s TIN information, the agencies noted.
DCUC Responds
"As the leading voice for credit unions serving those who serve our country, the Defense Credit Union Council believes this exemption order will greatly benefit military service members and their families," the trade group stated. "Since the CIP rule’s initial adoption in 2003, financial services have evolved and consumers have grown more reluctant to provide their full Social Security numbers or TINs due to pervasive data breaches and identity theft concerns. These concerns are often pronounced in the military community, where operational security and personal privacy are paramount. By permitting financial institutions to securely retrieve necessary identification data from reputable third-party databases instead of requiring members to directly divulge sensitive information, regulators have provided much-needed flexibility to improve the member experience."
DCUC noted the change does not dilute the rigor of identity verification – banks and credit unions must still employ risk-based CIP procedures to form a reasonable belief of each customer’s true identity.
"In short, the order offers a new avenue to meet CIP obligations without putting an added burden on members who may be uncomfortable sharing personal identifiers, especially through electronic channels," DCUC said.
"We are grateful for the regulators’ responsiveness and collaboration in delivering this common sense reform. DCUC and our member credit unions remain fully committed to safeguarding the financial security of our communities – and thanks to this exemption, we can do so with even greater efficiency and member-focus,” said Anthony Hernandez, DCUC president/CEO. “We look forward to working with NCUA and the other agencies to implement this change and continue ensuring that our nation’s heroes and their families receive the best possible access to safe, affordable financial services.”