Fed Allows Banks to Collect TINS through Third Parties

The Federal Reserve Board, with the concurrance of FinCEN, issued an Order allowing a bank "to use an alternative collection method to obtain [Taxpayer Identification Numbers ("TINs")] from a third-party rather than from the customer," provided they comply with all other requirements of the Customer Identification Program ("CIP") Rule.

The CIP Rule, established under Section 326 of the USA PATRIOT Act, requires banks to verify a customer's identity before opening an account. To comply, banks must collect specific identifying information—including the customer's name, date of birth, address and TIN—directly from the customer. Under this Order, the Fed requires a bank to implement written risk-based procedures tailored to each its specific risk profile. FinCEN found that this exemption, "when used appropriately, is consistent with the purposes of the BSA."

The regulators cited several reasons for exempting direct TIN collection, including:

1. The growth of digital and non-face-to-face banking has increased consumer reluctance to provide full TINs due to privacy and data breach concerns.
2. Modern, reliable third-party identity verification tools are now widely available and can effectively support risk-based customer identification.
3. The longstanding credit card exception to the CIP rule is evidence that third-party TIN collection can be used without increasing the risk of money laundering or other illicit finance activity.