1506-0026 Banks CIP Supporting Statement_8_29_2024 Final

1506-0026 Banks CIP Supporting Statement_8_29_2024 Final.docx

Customer Identification Program Regulatory Requirements for Banks

OMB: 1506-0026

Document [docx]
Download: docx | pdf

Supporting Statement
OMB Control Number 1506-0026

Customer Identification Program Regulatory Requirements for Banks

1. Circumstances necessitating collection of information.

The legislative framework generally referred to as the Bank Secrecy Act (BSA) consists of the Currency and Foreign Transactions Reporting Act of 1970, as amended by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)1 and other legislation, including the Anti-Money Laundering Act of 2020 (AML Act).2 The BSA is codified at 12 U.S.C. 1829b, 1951–1960 and 31 U.S.C. 5311–5314, 5316–5336, including notes thereto, with implementing regulations at 31 CFR chapter X.

The BSA authorizes the Secretary of the Treasury (Secretary) to, inter alia, require financial institutions to keep records and file reports that are determined to have a high degree of usefulness in criminal, tax, or regulatory matters, risk assessments or proceedings, or in the conduct of intelligence or counter-intelligence activities to protect against terrorism, and to implement anti-money laundering/countering the financing of terrorism (AML/CFT) programs and compliance procedures.3 The authority of the Secretary to administer the BSA has been delegated to the Director of FinCEN.4

31 U.S.C. 5318(l) requires the Secretary to issue regulations prescribing minimum standards for customer identification programs (CIPs) for financial institutions.5 Regulations implementing section 5318(l) are as follows: (1) banks (31 CFR 1020.220); (2) brokers-dealers (31 CFR 1023.220);6 (3) mutual funds (31 CFR 1024.220);7 and (4) futures commission merchants and introducing brokers in commodities (31 CFR 1026.220).8 Under the CIP regulations, the minimum requirements include: (1) implementation of a written customer identification program appropriate for the financial institution’s size and type of business; (2) identity verification procedures; (3) recordkeeping; (4) comparison with government lists; and (5) customer notice. This supporting statement applies to CIP requirements for banks.

2. Method of collection and use of data.

The collection of information is not reported to the Federal government. Instead, banks are required to document and maintain records reflecting their compliance with CIP requirements. These requirements will assist law enforcement in financial investigations, protect against terrorism and strengthen national security, improve financial institutions’ ability to assess and mitigate risk, help prevent evasion of financial sanctions, facilitate tax compliance, enhance financial transparency of legal entities, and advance U.S. compliance with international standards and commitments. Compliance with these requirements will be reviewed by Federal agencies during BSA examinations.

3. Use of improved information technology to reduce burden.

Banks, savings associations, credit unions, and banks without a Federal functional regulator are permitted to automate their systems to meet their requirements. There is no specific government mandate to do so.

4. Efforts to identify duplication.

There is no similar information available; thus, there is no duplication.

5. Methods to minimize burden on small businesses or other small entities.

All banks, savings associations, credit unions, and banks without a Federal functional regulator are required to document the identity of their customers and are permitted to use the method most suitable based upon their assessment of risk as it relates to their size and type of business.

6. Consequences to the Federal government of not collecting the information.

Without access to the information in question, the Federal government would be unable to fully evaluate the compliance of covered financial institutions with relevant U.S. law, as well as adversely impact law enforcement access to relevant information in financial investigations, protections against terrorism and strengthen national security, financial institutions’ ability to assess and mitigate risk, prevention of evasion of financial sanctions, facilitation of tax compliance, financial transparency of legal entities, and U.S. compliance with international standards and commitments. The Federal government requires reporting of this information only upon request by appropriate law enforcement agencies and supervisory agencies.

7. Special circumstances requiring data collection to be inconsistent with guidelines in 5 CFR 1320.5(d)(2).

Under 31 CFR 1010.430(d), all records that are required to be retained by 31 CFR Chapter X must be retained for a period of five years. These CIP records must be kept for five years to verify compliance with the requirements to maintain a CIP, as such records may relate to civil penalty actions that are subject to statutes of limitations longer than three years.

8. Consultation with individuals outside of the agency on availability of data, frequency of collection, clarity of instructions and forms, and data elements.

On June 20, 2024, FinCEN published in the Federal Register a notice and request for comments concerning its intention to renew, without change, information collection requirements related to CIP regulatory requirements for certain financial institutions.9 The comment period closed on August 19, 2024. FinCEN received three relevant comments in response to the notice.

One commenter suggested that all banks, whether online or with a physical location, should be required to conduct enhanced due diligence (EDD) on a customer before any new account is opened. The commenter asserted that requiring banks to conduct EDD on all new accounts would eliminate vast amounts of fraud and would save banks and the public money as a result.

Another commenter suggested that FinCEN vastly underestimated the time and resources necessary for a financial institution to comply with CIP requirements. Specifically, the commenter noted that it takes the commenter itself much longer than ten hours annually to maintain and update its CIP; however, the commenter did not propose an alternative estimate for annually maintaining and updating a record of its CIP. The commenter also noted that FinCEN’s estimate of two minutes per new account opened to obtain and verify a customer’s identity is an underestimate; the commenter noted that the process may take more than two minutes, though typically under five minutes.

A third commenter agreed that FinCEN’s estimate of two minutes per new account to obtain and verify a customer’s identity underestimates the time it takes an institution to comply with the CIP rule. However, that commenter did not offer any additional information or opinion about what a more accurate estimate of time would be to obtain and verify a customer’s identity.

FinCEN notes that the Paperwork Reduction Act (PRA) specifically applies to, and requires agency disclosures related to, regulatory requirements that impose a collection of information. A collection of information is defined as “the obtaining, causing to be obtained, soliciting, or requiring the disclosure to an agency, third parties or the public of information by or for an agency by means of identical questions posed to, or identical reporting, recordkeeping, or disclosure requirements imposed on, ten or more persons, whether such collection of information is mandatory, voluntary, or required to obtain or retain a benefit.”10

The scope of the PRA burden associated with the CIP regulations is specific to the reporting, recordkeeping, and disclosure requirements in the CIP regulations. Other obligations arising from the CIP regulations do not necessarily fall within the scope of the PRA burden. In this context, the ten-hour burden estimate in this statement is specific to the collection of information of annually maintaining and updating the record of a CIP. The PRA implementation burden of obtaining, verifying, and recording customer identification information for each new account opened for which CIP requirements apply is accounted for on a time-per-account basis.

Given that two commenters suggested that obtaining, verifying, and recording customer identification information per new account opened, for which CIP is required, is more than two minutes per account, FinCEN is increasing the burden estimate per new account opened to three minutes per account, applicable to all new accounts annually across all financial institution types required to comply with CIP requirements.

In addition, given that one commenter specifically criticized as inaccurate FinCEN’s estimate of the number of new accounts opened annually by banks, for which FinCEN specifically requested comments, FinCEN has reconsidered its estimate of that number.11 The commenter noted that the estimate FinCEN relied on is associated with Bank On data. The commenter asserted that the Bank On report only counts the annual opening of new basic, low-cost deposit accounts that meet specialized criteria, and disputed that this source would produce an accurate estimate of new accounts. The commenter acknowledged that banks do not report the number of new accounts opened annually, but suggested that a variety of factors, including data from its members, information contained in the Reports on Conditions of Income (Call Reports) on deposit accounts reported to the FDIC, and prior studies conducted by the commenter, indicated that the number of new accounts opened annually by banks is an average of between 140 and 160 million new accounts per year.

However, the comment letter did not explain how the commenter derived its estimate of 140 to 160 million new bank accounts opened annually from the factors it cited. Moreover, only one of the factors the commenter cited to came from a specific public source: a comparison of Call Report data from 2022 and 2023 indicates that approximately 48 million new deposit accounts were opened between 2022 and 2023. FinCEN believes this is a more transparent and reliable source of information it can utilize to provide a more accurate estimate of the number of new bank accounts opened annually for which CIP requirements apply. For that reason, FinCEN is adjusting its estimate of the number of new bank accounts opened annually by banks with a Federal functional regulator (FFR) from 9,305,00012 to 53,300,000 (a new estimate of 48,000,000 new accounts for banks having a FFR, plus the number of new credit union accounts opened annually of 5,300,000, which would not be reflected in a number derived entirely from Call Report data). In addition, FinCEN continues to estimate 315,000 new bank accounts are opened annually by banks lacking an FFR. The combined total estimate of the number of new bank accounts opened annually be banks with and without a FFR is 53,615,000.

This revision is specific to banks and will not affect the estimated number of new accounts opened by other types of financial institutions required to comply with the CIP regulations. As always, however, FinCEN welcomes information relevant to the calculation of burden—ideally from sources and collection methods that provide sufficient transparency and reliability for FinCEN to be confident in using that information in its calculations.

More broadly, FinCEN always appreciates the feedback provided by commenters and takes into consideration any recommendations that it receives as part of future rulemakings. In addition, as noted in the 60-day notice to renew this information collection, in connection with a variety of initiatives FinCEN is undertaking to implement the AML Act, FinCEN intends to conduct, in the future, additional assessments of the PRA burden associated with BSA requirements. These assessments will offer the public additional opportunities for comment.

9. Explanation of decision to provide any payment or gift to respondents.

No payments or gifts were made to respondents.

10. Assurance of confidentiality of responses.

Any personally identifiable information collected under the BSA is strictly controlled as outlined in FinCEN’s Systems of Records Notice.13 Information collected under 31 U.S.C. 5318(l) may be made available to appropriate law enforcement agencies and supervisory agencies.

11. Justification of sensitive questions.

There are no questions of a sensitive nature in the collection of information.

12. Estimated burden of information collection.

Frequency: As required.

Estimated Number of Respondents: 10,400 banks.14


Table 1. Distribution of Financial Institutions and New Accounts Covered by This Notice, by Type of Financial Institution


Type of financial institution

Number of financial institutions

Number of new accounts opened annually


Banks with a Federal functional regulator (FFR)

9,800a

53,300,000c


Banks lacking an FFR

600b

315,000d


Total

10,400

53,615,000

a This estimate is based on call report data, as publicly available for download at the end of June 2023, from the Federal Financial Institutions Examination Council (FFIEC) for certain types of banks, savings associations, thrifts, trust companies (https://cdr.ffiec.gov/public/pws/downloadbulkdata.aspx) and from the National Credit Union Association (NCUA) for credit unions (https://www.ncua.gov/analysis/credit-union-corporate-call-report-data).

b This estimate of active entries as of year-end 2023 incorporates data from both public and non-public sources, including: Call Reports; various State banking/financial institution regulators’ websites and directories; the Federal Reserve Board of Governors’ Master Account and Services database (https://federalreserve.gov/paymentsystems/master-account-and services-database-exisiting-access.htm); and data from the OCIF (Oficina del Comisionado de Instituciones Financieras); and was derived in consultation with staff from the Internal Revenue Service’s Small Business/Self-Employed Division.

c The current estimate is informed by consultation with staff from the NCUA, which estimated that there are approximately 5,300,000 new accounts opened annually by credit unions with an FFR (based on the ten-year annual average growth rate in credit union membership computed using year end data from 2014 to 2023, as reported by Federally insured credit unions (FICUs)). It also includes a revised estimate of 48,000,000 new accounts opened annually by banks with a FFR, based on a public comment citing to Call Report data, described in section 8 above. (5,300,000 plus 48,000,000 equals 53,300,000).

d This estimate was calculated by applying an estimated growth rate (3.8%) provided by the NCUA to the average new members per institute derived from 2023-year end data on credit unions lacking an FFR (13,806 new members/accounts opened annually). Applied to all banks lacking an FFR in the category (per financial institution new members annually: ((1,353,017/98) x 0.038) equals approximately 315,000 total new members annually per: 600 banks lacking an FFR multiplied by approximately 525 new members per financial institution.

Estimated Total Burden Hours:

For all covered financial institutions, FinCEN continues estimating the incremental annual PRA recordkeeping burden associated with maintaining and updating the CIP (“maintenance”) at ten hours per financial institution. This estimate covers: (1) an average of approximately nine hours per financial institution per year associated with the burden of updating the records necessary to demonstrate compliance with CIP requirements to take into consideration any regulatory changes and any modifications required as a result of a financial institution making changes to the type of accounts maintained, the methods used to open accounts, and the types of documentary or non-documentary methods for verifying identifying information the financial institution intends to use; and (2) an average of approximately one hour per financial institution associated with the burden of presenting the updated CIP to the appropriate level of management within the financial institution and obtaining approval.

In addition, FinCEN continues estimating the incremental annual PRA recordkeeping burden associated with providing customers with notification of the CIP (“notification”) at one hour per financial institution.

As noted above, FinCEN is revising its estimate of the incremental annual PRA recordkeeping burden associated with obtaining and verifying a customer’s identity (e.g., verification and recordkeeping requirements, and consulting government lists) (“implementation”) to three minutes per new account opened.

Under these assumptions, FinCEN’s estimate of the annual incremental PRA burden is 2,795,150 hours, as detailed in Tables 2 and 3.15

Table 2 – Incremental annual burden associated with updating and maintaining the CIP and customer notification for all covered financial institutions

Type of financial institution

Number of financial institutions16

Time per financial institution

Burden hours per step

Total burden hours


Maintenance

Notification

Maintenance

Notification


Banks with an FFR

9,800

10 hours

1 hour

98,000

9,800

107,800

Banks lacking an FFR

600

10 hours

1 hour

6,000

600

6,600

Totals

10,400


104,000

10,400

114,400









Table 3 – Incremental annual burden associated with implementing the identity verification, recordkeeping, and consulting government lists requirements for all covered financial institutions

Type of financial institution

Number of financial institutions17

New accounts opened per year

Time per new account (minutes)

Total burden in minutes

Total burden converted to hours

Banks with an FFR

9,800

53,300,000

3 minutes

159,900,000

2,665,000

Banks lacking an FFR

600

315,000

3 minutes

945,000

15,750

Totals

10,400

53,615,000


106,845,000

2,680,750

13. Estimated total annual cost burden of information collection.

Estimated Total Annual Recordkeeping Cost:

FinCEN is utilizing the same fully-loaded composite hourly wage rate of $106.30 that is utilized in other OMB control number renewals and notices of proposed rulemakings (NPRMs) currently opened to public review and comment.18

The total estimated cost of the annual PRA burden19 is $297,124,445.00 as reflected in Table 4 below:













Table 4 – Total cost of annual PRA burden

Steps

Hourly burden

Hourly cost

Total cost

Maintaining and updating the CIP

104,000

$106.30

$11,055,200.00

Notifying customers of CIP requirements

10,400

$106.30

$1,105,520.00

Implementing the CIP (identifying and verifying customer information, maintaining records, and consulting government lists)

2,680,750

$106.30

$284,963,725.00

Total cost

$297,124,445.00

14. Estimated annual cost to the Federal government.

There is no cost to the government; this is a recordkeeping requirement only.

15. Reasons for change in burden.

The estimated total annual burden hours increased from 116,413 hours since the 2020 control number renewal to 2,795,150 hours in 2024. The burden estimates for maintenance (10 hours) and notification (one hour) of CIP remained the same in the 2020 and 2024 renewals. However, the implementation of CIP increased from two minutes per account in 2020 to three minutes per account in 2024. The number of banks in the 2020 renewal was 10,583 and the number of banks in 2024 is 10,400. The primary reason for the increase in burden is because FinCEN was able to obtain an estimate of the number of new bank accounts opened per year (53,615,000) for the 2024 renewal. FinCEN did not have this estimate for banks in the 2020 renewal, so in 2024 there is an increase in burden hours for banks applicable to CIP implementation of 2,680,750 hours.

16. Plans for tabulation, statistical analysis, and publication.

The collection of information will not be tabulated or compiled for publication.





17. Request not to display the expiration date of the OMB control number.

FinCEN requests that it not be required to display the expiration date so that the regulations will not have to be amended for the new expiration date every three years. This request will not affect the normal three-year PRA renewal process.

18. Exceptions to the certification statement.

There are no exceptions to the certification statement.

1 USA PATRIOT Act, Pub. L. 107-56, 115 Stat. 272 (2001).

2 The AML Act was enacted as Division F, sections 6001-6511 of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. 116-283, 134 Stat. 3388.

3 See 31 U.S.C. 5311.

4 Treasury Order 180–01 (Jan. 14, 2020); see also 31 U.S.C. 310(b)(2)(I) (providing that the FinCEN Director shall “[a]dminister the requirements of subchapter II of chapter 53 of this title, chapter 2 of title I of Public Law 91–508, and section 21 of the Federal Deposit Insurance Act, to the extent delegated such authority by the Secretary.”).

5 Section 5318(l)(2) prescribes that the regulations, at a minimum, require financial institutions to implement reasonable procedures for: (1) verifying the identity of any person seeking to open an account, to the extent reasonable and practicable; (2) maintaining records of the information used to verify the person’s identity, including name, address, and other identifying information; and (3) determining whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency. Section 5318(l)(3) further directs that the regulations take into consideration the types of accounts maintained by financial institutions, the methods of opening accounts, and the types of identifying information available.

6 “Broker-dealer” means a person registered or required to be registered as a broker or dealer with the Commission under the Securities Exchange Act of 1934 (15 U.S.C. 77a et seq.), except persons who register pursuant to 15 U.S.C. 78o(b)(11). 31 CFR 1023.100(b).

7 Mutual fund” means an “investment company” (as the term is defined in section 3 of the Investment Company Act (15 U.S.C. 80a-3)) that is an “open-end company” (as that term is defined in section 5 of the Investment Company Act (15 U.S.C. 80a-5)) that is registered or is required to register with the Commission under section 8 of the Investment Company Act (15 U.S.C. 80a-8). 31 CFR 1010.100(gg).

8 “Futures commissions merchants” means any person registered or required to be registered as a futures commission merchant with the Commodity Futures Trading Commission (CFTC) under the Commodity Exchange Act (7 U.S.C. 1 et seq.), except persons who register pursuant to Section 4f(a)(2) of the Commodity Exchange Act (7 U.S.C. 6f(a)(2)). 31 CFR 1026.100(f). “Introducing broker” means any person registered or required to be registered as an introducing broker with the CFTC under the Commodity Exchange Act (7 U.S.C. 1 et seq.), except persons who register pursuant to Section 4f(a)(2) of the Commodity Exchange Act (7 U.S.C. 6f(a)(2)). 31 CFR 1026.100(g).

9 See FinCEN, Agency Information Collection Activities; Proposed Renewal; Comment Request: Renewal Without Change of Customer Identification Program Regulatory Requirements for Certain Financial Institutions, 89 FR 51940 (June 20, 2024).

10 5 CFR 1320.3.

11 See FinCEN, Agency Information Collection Activities; Proposed Renewal; Comment Request; Renewal Without Change of Customer Identification Program Regulatory Requirements for Certain Financial Institutions, 89 FR 51942 (June 20, 2024) Table 1, note f.

12 Id.

13 See FinCEN, Privacy Act of 1974, Systems of Records Notice, 79 FR 20969 (Apr. 14, 2014).

14 Table 1 sets forth a distribution of the types of financial institutions covered by this notice.

15 The total estimate of the annual PRA burden is the summation of the total hourly burden of CIP maintenance (104,000), notification (10,400) and implementation (2,680,750) as set out in Table 2 and 3, for a total of 2,795,150 hours.

16 See supra Table 1.

17 See supra Table 1.

18 See, e.g., FinCEN and SEC, NPRM Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers, 89 FR 44571 (May 21, 2024).

19 The total estimated cost of the annual PRA burden should not be interpreted as an estimate of the total cost of compliance with all aspects of the regulation under which the information collection arises, or of any aspects of the regulation other than those specific to the information collection itself.

5


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleSupplemental Statement
AuthorStephR
File Modified0000-00-00
File Created2024-09-06

© 2024 OMB.report | Privacy Policy