1506-0034 BD CIP Supplemental Statement 8_29_2024

1506-0034 BD CIP Supplemental Statement 8_29_2024.docx

Customer Identification Program Regulatory Requirements for Broker or Dealers in Securities

OMB: 1506-0034

Document [docx]
Download: docx | pdf



Supplemental Statement

OMB Control Number 1506-0034

Customer Information Program Regulatory Requirements for Brokers or Dealers in Securities

1. Circumstances necessitating collection of information.

The legislative framework generally referred to as the Bank Secrecy Act (BSA) consists of the Currency and Foreign Transactions Reporting Act of 1970, as amended by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)1 and other legislation, including the Anti-Money Laundering Act of 2020 (AML Act).2 The BSA is codified at 12 U.S.C. 1829b, 1951–1960 and 31 U.S.C. 5311–5314, 5316–5336, including notes thereto, with implementing regulations at 31 CFR chapter X.

The BSA authorizes the Secretary of the Treasury (Secretary) to, inter alia, require financial institutions to keep records and file reports that are determined to have a high degree of usefulness in criminal, tax, or regulatory matters, risk assessments or proceedings, or in the conduct of intelligence or counter-intelligence activities to protect against terrorism, and to implement anti-money laundering/countering the financing of terrorism (AML/CFT) programs and compliance procedures.3 The authority of the Secretary to administer the BSA has been delegated to the Director of FinCEN.4

31 U.S.C. 5318(l) requires the Secretary to issue regulations prescribing minimum standards for customer identification programs (CIPs) for financial institutions.5 Regulations implementing section 5318(l) are as follows: (1) banks (31 CFR 1020.220); (2) brokers-dealers (31 CFR 1023.220);6 (3) mutual funds (31 CFR 1024.220);7 and (4) futures commission merchants and introducing brokers in commodities (31 CFR 1026.220).8 Under the CIP regulations, the minimum requirements include: (1) implementation of a written customer identification program appropriate for the financial institution’s size and type of business; (2) identity verification procedures; (3) recordkeeping; (4) comparison with government lists; and (5) customer notice. This supporting statement applies to CIP requirements for brokers or dealers in securities.

2. Method of collection and use of data.

The collection of information is not reported to the Federal government. Instead, brokers or dealers in securities are required to document and maintain records reflecting their compliance with CIP requirements. These requirements will assist law enforcement in financial investigations, protect against terrorism and strengthen national security, improve financial institutions’ ability to assess and mitigate risk, help prevent evasion of financial sanctions, facilitate tax compliance, enhance financial transparency of legal entities, and advance U.S. compliance with international standards and commitments. Compliance with these requirements will be reviewed by Federal agencies during BSA examinations.

3. Use of improved information technology to reduce burden.

Brokers or dealers in securities are permitted to automate their systems to meet their requirements. There is no specific government mandate to do so.

4. Efforts to identify duplication.

There is no similar information available; thus, there is no duplication.

5. Methods to minimize burden on small businesses or other small entities.

All broker or dealers in securities are required to document the identity of their customers and are permitted to use the method most suitable based upon their assessment of risk as it relates to their size and type of business.

6. Consequences to the Federal government of not collecting the information.

Without access to the information in question, the Federal government would be unable to fully evaluate the compliance of covered financial institutions with relevant U.S. law, as well as adversely impact law enforcement access to relevant information in financial investigations, protections against terrorism and strengthen national security, financial institutions’ ability to assess and mitigate risk, prevention of evasion of financial sanctions, facilitation of tax compliance, financial transparency of legal entities, and U.S. compliance with international standards and commitments. The Federal government requires reporting of this information only upon request by appropriate law enforcement agencies and supervisory agencies.

7. Special circumstances requiring data collection to be inconsistent with guidelines in 5 CFR 1320.5(d)(2).

Under 31 CFR 1010.430(d), all records that are required to be retained by 31 CFR Chapter X must be retained for a period of five years. These CIP records must be kept for five years to verify compliance with the requirements to maintain a CIP, as such records may relate to civil penalty actions that are subject to statutes of limitations longer than three years.

8. Consultation with individuals outside of the agency on availability of data, frequency of collection, and clarity of instructions and forms, and data elements.

On June 20, 2024, FinCEN published in the Federal Register a notice and request for comments concerning its intention to renew, without change, information collection requirements related to CIP regulatory requirements for certain financial institutions.9 The comment period closed on August 19, 2024. FinCEN received three relevant comments in response to the notice.

One commenter suggested that all banks, whether online or with a physical location, should be required to conduct enhanced due diligence (EDD) on a customer before any new account is opened. The commenter asserted that requiring banks to conduct EDD on all new accounts would eliminate vast amounts of fraud and would save banks and the public money, as a result.

Another commenter suggested that FinCEN vastly underestimated the time and resources necessary for a financial institution to comply with CIP requirements. Specifically, the commenter noted that it takes the commenter itself much longer than ten hours annually to maintain and update its CIP; however, the commenter did not propose an alternative estimate for annually maintaining and updating a record of its CIP. The commenter also noted that FinCEN’s estimate of two minutes per new account opened to obtain and verify a customer’s identity is an underestimate; the commenter noted that the process may take more than two minutes, though typically under five minutes.

A third commenter agreed that FinCEN’s estimate of two minutes per new account to obtain and verify a customer’s identity underestimates the time it takes an institution to comply with the CIP rule. However, that commenter did not offer any additional information or opinion about what a more accurate estimate of time would be to obtain and verify a customer’s identity.

FinCEN notes that the Paperwork Reduction Act (PRA) specifically applies to, and requires agency disclosures related to, regulatory requirements that impose a collection of information. A collection of information is defined as “the obtaining, causing to be obtained, soliciting, or requiring the disclosure to an agency, third parties or the public of information by or for an agency by means of identical questions posed to, or identical reporting, recordkeeping, or disclosure requirements imposed on, ten or more persons, whether such collection of information is mandatory, voluntary, or required to obtain or retain a benefit.”10

The scope of the PRA burden associated with the CIP regulations is specific to the reporting, recordkeeping, and disclosure requirements in the CIP regulations. Other obligations arising from the CIP regulations do not necessarily fall within the scope of the PRA burden. In this context, the ten-hour burden estimate in this statement is specific to the collection of information of annually maintaining and updating the record of a CIP. The PRA implementation burden of obtaining, verifying, and recording customer identification information for each new account opened for which CIP requirements apply is accounted for on a time-per-account basis.

Given that two commenters suggested that obtaining, verifying, and recording customer identification information per new account opened, for which CIP is required, is more than two minutes per account, FinCEN is increasing the burden estimate per new account opened to three minutes per account, applicable to all new accounts annually across all financial institution types required to comply with CIP requirements.

In addition, given that one commenter specifically criticized as inaccurate FinCEN’s estimate of the number of new accounts opened annually by banks, for which FinCEN specifically requested comments, FinCEN has reconsidered its estimate of that number.11

That revision is, however, specific to banks and will not affect the estimated number of new accounts opened by other types of financial institutions required to comply with the CIP regulations. As always, however, FinCEN welcomes information relevant to the calculation of burden—ideally from sources and collection methods that provide sufficient transparency and reliability for FinCEN to be confident in using that information in its calculations.

More broadly, FinCEN always appreciates the feedback provided by commenters and takes into consideration any recommendations that it receives as part of future rulemakings. In addition, as noted in the 60-day notice to renew this information collection, in connection with a variety of initiatives FinCEN is undertaking to implement the AML Act, FinCEN intends to conduct, in the future, additional assessments of the PRA burden associated with BSA requirements. These assessments will offer the public additional opportunities for comment.

9. Explanation of decision to provide any payment or gift to respondents.

No payments or gifts were made to respondents.

10. Assurance of confidentiality of responses.

Any personally identifiable information collected under the BSA is strictly controlled as outlined in FinCEN’s Systems of Records Notice.12 Information collected under 31 U.S.C. 5318(l) may be made available to appropriate law enforcement agencies and supervisory agencies.

11. Justification of sensitive questions.

There are no questions of a sensitive nature in the collection of information.

12. Estimated burden of information collection.

Frequency: As required.

Estimated Number of Respondents: 3,478 brokers or dealers in securities.13

Table 1. Distribution of Financial Institutions and New Accounts Covered by This Notice, by Type of Financial Institution

Type of financial institution

Number of financial institutions

Number of new accounts opened annually

Brokers or dealers in securities

3,478a

28,000,000b

Total

3,478

28,000,000

a This estimate is based on a December 2023 file downloaded from data maintained by the U.S. Securities and Exchange Commission (SEC). SEC, Company Information About Active Broker-Dealers available at https://www.sec.gov/help/foiadocsbdfoia (accessed on Feb. 28, 2024).

b According to the SEC, there were approximately 28,000,000 new accounts opened by broker or dealers in securities in 2023, based on forms filed with the SEC.

Estimated Total Burden Hours:

For all covered financial institutions, FinCEN continues estimating the incremental annual PRA recordkeeping burden associated with maintaining and updating the CIP (“maintenance”) at ten hours per financial institution. This estimate covers: (1) an average of approximately nine hours per financial institution per year associated with the burden of updating the records necessary to demonstrate compliance with CIP requirements to take into consideration any regulatory changes and any modifications required as a result of a financial institution making changes to the type of accounts maintained, the methods used to open accounts, and the types of documentary or non-documentary methods for verifying identifying information the financial institution intends to use; and (2) an average of approximately one hour per financial institution associated with the burden of presenting the updated CIP to the appropriate level of management within the financial institution and obtaining approval.

In addition, FinCEN continues estimating the incremental annual PRA recordkeeping burden associated with providing customers with notification of the CIP (“notification”) at one hour per financial institution.

As noted above, FinCEN is revising its estimate of the incremental annual PRA recordkeeping burden associated with obtaining and verifying a customer’s identity (e.g., verification and recordkeeping requirements, and consulting government lists) (“implementation”) to three minutes per new account opened.

Under these assumptions, FinCEN’s estimate of the annual incremental PRA burden is 1,438,258 hours, as detailed in Tables 2 and 3.14

Table 2 – Incremental annual burden associated with updating and maintaining the CIP and customer notification for all covered financial institutions

Type of financial institution

Number of financial institutions15

Time per financial institution

Burden hours per step

Total burden hours


Maintenance

Notification

Maintenance

Notification


Brokers or dealers in securities

3,478

10 hours

1 hour

34,780

3,478

38,258

Totals

3,478


34,780

3,478

38,258









Table 3 – Incremental annual burden associated with implementing the identity verification, recordkeeping, and consulting government lists requirements for all covered financial institutions

Type of financial institution

Number of financial institutions16

New accounts opened per year

Time per new account (minutes)

Total burden in minutes

Total burden converted to hours

Brokers or dealers in securities

3,478

28,000,000

3 minutes

84,000,000

1,400,000

Total

3,478




1,400,000

13. Estimated total annual cost burden of information collection.

Estimated Total Annual Recordkeeping Cost:

FinCEN is utilizing the same fully-loaded composite hourly wage rate of $106.30 that is utilized in other OMB control number renewals and notices of proposed rulemakings (NPRMs) currently opened to public review and comment.17

The total estimated cost of the annual PRA burden18 is $152,886,825.40 as reflected in Table 4 below:

















Table 4 – Total cost of annual PRA burden

Steps

Hourly burden

Hourly cost

Total cost

Maintaining and updating the CIP

34,780

$106.30

$3,697,114.00

Notifying customers of CIP requirements

3,478

$106.30

$369,711.40

Implementing the CIP (identifying and verifying customer information, maintaining records, and consulting government lists)

1,400,000

$106.30

$148,820,000.00

Total cost

$152,886,825.40

14. Estimated annual cost to the Federal government.

There is no cost to the government; this is a recordkeeping requirement only.

15. Reason for change in burden.

The estimated total annual burden hours increased from 340,040 hours since the 2020 control number renewal to 1,438,258 hours in 2024. The burden estimates for maintenance (10 hours) and notification (one hour) of CIP remained the same in the 2020 and the 2024 renewals. However, the implementation of CIP increased from two minutes per account in 2020 to three minutes in 2024. The number of brokers or dealers in securities in the 2020 renewal was 3,640 and the number of brokers or dealers in securities in 2024 is 3,478. The primary reason for the increase in burden is because FinCEN was able to obtain an estimate of the number of new accounts opened per year by brokers or dealers in securities (28,000,000 accounts) for the 2024 renewal. FinCEN did not have this estimate for brokers or dealers in securities in the 2020 renewal, so in 2024 there is an increase in burden hours for brokers or dealers in securities applicable to CIP implementation of 1,400,000 hours.

16. Plans for tabulation, statistical analysis, and publication.

The collection of information will not be tabulated or compiled for publication.

17. Request not to display the expiration date of the OMB control number.

FinCEN requests that it not be required to display the expiration date so that the regulations will not have to be amended for the new expiration date every three years. This request will not affect the normal three-year PRA renewal process.

18. Exceptions to the certification statement.

There are no exceptions to the certification statement.

1 USA PATRIOT Act, Pub. L. 107-56, 115 Stat. 272 (2001).

2 The AML Act was enacted as Division F, sections 6001-6511 of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. 116-283, 134 Stat. 3388.

3 See 31 U.S.C. 5311.

4 Treasury Order 180–01 (Jan. 14, 2020); see also 31 U.S.C. 310(b)(2)(I) (providing that the FinCEN Director shall “[a]dminister the requirements of subchapter II of chapter 53 of this title, chapter 2 of title I of Public Law 91–508, and section 21 of the Federal Deposit Insurance Act, to the extent delegated such authority by the Secretary.”).

5 Section 5318(l)(2) prescribes that the regulations, at a minimum, require financial institutions to implement reasonable procedures for: (1) verifying the identity of any person seeking to open an account, to the extent reasonable and practicable; (2) maintaining records of the information used to verify the person’s identity, including name, address, and other identifying information; and (3) determining whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency. Section 5318(l)(3) further directs that the regulations take into consideration the types of accounts maintained by financial institutions, the methods of opening accounts, and the types of identifying information available.

6 “Broker-dealer” means a person registered or required to be registered as a broker or dealer with the Commission under the Securities Exchange Act of 1934 (15 U.S.C. 77a et seq.), except persons who register pursuant to 15 U.S.C. 78o(b)(11). 31 CFR 1023.100(b).

7 Mutual fund” means an “investment company” (as the term is defined in section 3 of the Investment Company Act (15 U.S.C. 80a-3)) that is an “open-end company” (as that term is defined in section 5 of the Investment Company Act (15 U.S.C. 80a-5)) that is registered or is required to register with the Commission under section 8 of the Investment Company Act (15 U.S.C. 80a-8). 31 CFR 1010.100(gg).

8 “Futures commissions merchants” means any person registered or required to be registered as a futures commission merchant with the Commodity Futures Trading Commission (CFTC) under the Commodity Exchange Act (7 U.S.C. 1 et seq.), except persons who register pursuant to Section 4f(a)(2) of the Commodity Exchange Act (7 U.S.C. 6f(a)(2)). 31 CFR 1026.100(f). “Introducing broker” means any person registered or required to be registered as an introducing broker with the CFTC under the Commodity Exchange Act (7 U.S.C. 1 et seq.), except persons who register pursuant to Section 4f(a)(2) of the Commodity Exchange Act (7 U.S.C. 6f(a)(2)). 31 CFR 1026.100(g).

9 See FinCEN, Agency Information Collection Activities; Proposed Renewal; Comment Request: Renewal Without Change of Customer Identification Program Regulatory Requirements for Certain Financial Institutions, 89 FR 51940 (June 20, 2024).

10 5 CFR 1320.3.

11 See FinCEN, Agency Information Collection Activities; Proposed Renewal; Comment Request; Renewal Without Change of Customer Identification Program Regulatory Requirements for Certain Financial Institutions, 89 FR 51942 (June 20, 2024) Table 1, note f.

12 See FinCEN, Privacy Act of 1974, Systems of Records Notice, 79 FR 20969 (Apr. 14, 2014).

13 Table 1 sets forth a distribution of the types of financial institutions covered by this supporting statement.

14 The total estimate of the annual PRA burden is the summation of the total hourly burden of CIP maintenance (34,780), notification (3,478) and implementation (1,400,000) as set out in Table 2 and 3, for a total of 1,438,258 hours.

15 See supra Table 1.

16 See supra Table 1.

17 See, e.g., FinCEN and SEC, NPRM Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers, 89 FR 44571 (May 21, 2024).

18 The total estimated cost of the annual PRA burden should not be interpreted as an estimate of the total cost of compliance with all aspects of the regulation under which the information collection arises, or of any aspects of the regulation other than those specific to the information collection itself.

5


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleSupplemental Statement
AuthorStephR
File Modified0000-00-00
File Created2024-09-06

© 2024 OMB.report | Privacy Policy