Regulators Let Banks Collect TINs from Third Parties
Commentary by Jeff Ziesman
The OCC, FDIC and the NCUA issued an Order allowing banks to collect Taxpayer Identification Numbers ("TINs") from third-party sources instead of directly from customers.
The agencies, with the concurrence of FinCEN, granted the exemption "for all accounts at all banks" under the jurisdiction of these agencies, from the Customer Identification Program ("CIP") Rule requirement related to a bank obtaining TINs information from the customer. According to the Order, banks can use alternative collection methods for TINs, provided they comply with all other CIP rule requirements. Further, the regulators stated that banks will still need to collect the full TIN before opening an account, follow risk-based procedures and ensure they could form a reasonable belief about the customer's identity.
The regulators explained that customers increasingly open accounts online or through mobile apps, and many are reluctant to share full TINs over the internet due to rising privacy and identity theft concerns. The regulators stated that advances in identity verification tools and the success of a similar exception for credit card accounts warranted the action.
Commentary
This Order provides an exemption from the method by which banks obtain taxpayer identification number ("TIN") information from customers before opening an account. Under the Order, banks have the option of using an alternative collection method to obtain TIN information from a third-party source rather than the customer, provided that the bank complies with the CIP rule requirements in that the methods used are risk-based and reasonable.
Essentially, this modernizes the methods by which banks can (but are not required to) obtain information about customers. So long as the methods by which the information obtained from third parties is risk-based and reasonable, it will be permitted under the Order.