Comment Letter

CSBS Comments on FinCEN Taxpayer ID Number Collection Requirement

May 28, 2024

Download the Full Comment Letter [PDF]

Financial Crimes Enforcement Network 
Policy Division 
P.O. Box 39 
Vienna, VA 22183 

FINCEN-2024-0009 

Re: Request for Information and Comment on Customer Identification Program Rule Taxpayer Identification Number Collection Requirement 

Dear Sir or Madam, 

The Conference of State Bank Supervisors (“CSBS”)1 provides the following comments on the notice and request for information (“RFI”) issued by the Financial Crimes Enforcement Network (“FinCEN”) titled “Request for Information and Comment on Customer Identification Program Rule Taxpayer Identification Number Collection Requirement.” 

CSBS appreciates FinCEN soliciting public comment on questions pertinent to the Customer Identification Program Rule (“CIP”), and the potential risks and benefits of permitting banks to collect partial Social Security number (“SSN”) information directly from the customer for U.S. individuals and subsequently use reputable third-party sources to obtain the full SSN prior to account opening. State regulators agree that technological innovations in the financial services industry and identity verification warrant review of the current CIP requirements.  

Our letter notes the following: 

  • State regulators examine for BSA/AML across a broad range of bank and nonbank financial services companies.
  • Banks, as well as their third-party service provider (“TSP”) partners, are subject to the same CIP
    requirements irrespective of their regulator.
  • Technological innovations may warrant a change in how banks and their TSP partners collect and verify SSN information from customers, and state regulators encourage FinCEN to further analyze such options and apply any changes in a consistent manner.

State regulators examine for BSA/AML across a broad range of bank and nonbank financial
services companies.

State regulators supervise the largest number of financial institutions, both banks and nonbanks, subject to BSA/AML requirements, and their broad supervisory portfolio provides them with a unique perspective of BSA/AML risks. State regulators charter and supervise more than 3,600 banks, representing 79% of all U.S. banks. During 2023 alone, state regulators conducted more than 1,000 BSA compliance exams of state-chartered banks. Moreover, unlike any single federal prudential regulator, most state banking departments regulate multiple financial intermediaries in the U.S. payments system, including banks and money services businesses (“MSBs”). Collectively, state-chartered banks and state licensed MSBs filed over 1.5 million Suspicious Activity Reports (“SARs”) during 2023. As such, state financial regulators have extensive experience recognizing BSA/AML risks at a variety of financial institutions and have seen how critical the CIP is to keeping our financial system safe from malicious actors. 

Banks, as well as their third-party service provider (“TSP”) partners, are subject to the same CIP requirements irrespective of their regulator.

In recent years, state regulators have encountered some misunderstandings and misperceptions from industry participants who believe different regulators have differing CIP requirements. In one example, a financial technology (“fintech”) provider told its partner bank that if the bank did not allow it to continue its practice of initially gathering only the last four SSN digits from customers, the fintech would take its business to a competing bank whose federal regulator allowed this practice.  

State regulators and their federal banking agency counterparts are obligated to supervise for and enforce the same CIP requirements. In cases where banks partner with TSPs for customer acquisition, regulators have made clear that banks are ultimately responsible for their TSP partner’s CIP compliance. State regulators will continue to enforce the CIP for state-chartered banks and their partners and encourage FinCEN to continue clarifying that the same requirements apply to both banks and their TSP partners.  

Technological innovations may warrant a change in how banks and their TSP partners collect and verify SSN information from customers, and state regulators encourage FinCEN to further analyze such options and apply any changes in a consistent manner.

State regulators believe it is appropriate for FinCEN to review SSN collection practices and requirements under the CIP rule, and that it apply any potential changes consistently. Since the rule went into effect in 2003, important technological innovations, identity verification capabilities, and shifts in consumer preference have occurred that warrant further review and analysis by FinCEN. Additionally, FinCEN has already granted an exemption for banks when opening credit card accounts, and many of today’s account opening practices are functionally similar to that of credit cards.   

Conclusion 

State regulators share FinCEN’s goal of fostering a regulatory environment that allows for innovation in BSA/AML compliance. Consistent CIP requirements across banks, their TSP partners, and regulators provides the market with certainty and security. Moreover, state regulators encourage FinCEN to further explore and analyze revisions to how banks and their partners collect customers’ SSN information at account opening, and to apply any potential revisions consistently. 

Sincerely, 

Brandon Milhorn 
President and CEO 

Endnotes

1 - CSBS is the nationwide organization of state banking and financial regulators from all 50 states, the District of Columbia, and the U.S. territories. 

2 - FinCEN, RFI, Request for Information and Comment on Customer Identification Program Rule Taxpayer Identification Number Collection Requirement, 89 Fed. Reg. 22231 (March 29, 2024). 
 

Back To Top