0026 Banks CIP Supporting Statement 20201125 Final

Supporting Statement

OMB Control Number 1506-0026

Customer Identification Programs for Banks

1. Circumstances necessitating collection of information.

The Financial Crimes Enforcement Network (“FinCEN”) exercises regulatory functions primarily under the Currency and Financial Transactions Reporting Act of 1970, as amended by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001¹ (“USA PATRIOT Act”) and other legislation.  This legislative framework is commonly referred to as the “Bank Secrecy Act” (“BSA”).²  The Secretary of the Treasury has delegated to the Director of FinCEN the authority to implement, administer, and enforce compliance with the BSA and associated regulations.³  Pursuant to this authority, FinCEN may issue regulations requiring financial institutions to keep records and file reports that “have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism.”⁴

Section 326 of the USA PATRIOT Act added subsection (l) to 31 U.S.C. 5318 of the BSA. Pursuant to section 326, FinCEN issued joint regulations with the federal bank regulatory agencies that require banks, savings associations, credit unions, and certain non-federally regulated banks to establish a written customer identification program and to maintain records related to verifying the identity of customers.⁵ Under the customer identification program (“CIP”) regulations, the minimum requirements include: 1) implementation of a written customer identification program appropriate for the financial institution’s size and type of business; 2) identity verification procedures; 3) recordkeeping; 4) comparison with government lists; and 5) customer notice.

On September 14, 2020, FinCEN issued a final rule implementing sections 352, 326 and 312 of the USA PATRIOT Act and removing the anti-money laundering (“AML”) program exemption for banks that lack a Federal functional regulator, including, but not limited to, private banks, non-federally insured credit unions, and certain trust companies (the “Gap Final Rule”).⁶ The Gap Final Rule requires minimum standards for AML programs for banks without a Federal functional regulator to ensure that all banks, regardless of whether they are subject to Federal regulation and oversight, are required to establish and implement AML programs, and extends CIP requirements and beneficial ownership requirements to those banks not already subject to these requirements.

2. Method of collection and use of data.

The information will be used to verify the identity of persons seeking to open accounts at banks, savings associations, credit unions, and banks without a Federal functional regulator, in an effort to prevent and detect money laundering and the financing of terrorism. The information on the customer’s identification maintained by banks, savings associations, credit unions, and banks without a Federal functional regulator is made available to appropriate government authorities only upon request. Compliance with these requirements will be reviewed by Federal agencies during the course of BSA examinations.

3. Use of improved information technology to reduce burden.

Banks, savings associations, credit unions, and banks without a Federal functional regulator are permitted to automate their systems to meet their requirements. There is no specific government mandate to do so.

4. Efforts to identify duplication.

There is no similar information available; thus, there is no duplication.

5. Methods to minimize burden on small businesses or other small entities.

All banks, savings associations, credit unions, and banks without a Federal functional regulator are required to document the identity of their customers and are permitted to use the method most suitable based upon their assessment of risk as it relates to their size and type of business.

6. Consequences to the Federal government of not collecting the information.

The Federal government requires reporting of this information only upon request.

7. Special circumstances requiring data collection to be inconsistent with guidelines in 5 CFR 1320.5(d)(2).

Under 31 CFR 1010.430(d), all records that are required to be retained by 31 CFR Chapter X must be retained for a period of five years. Records must be kept for five years because such records may relate to substantive violations of law that are subject to statutes of limitation longer than three years.

8. Consultation with individuals outside of the agency on availability of data, frequency of collection, clarity of instructions and forms, and data elements.

The 60-day notice was published on August 13, 2020.⁷ The notice requested public comments on the proposed renewal, without change, of currently approved information collections relating to CIP regulatory requirements for certain financial institutions, including banks. Although no changes were proposed to the information collections themselves, the notice proposed for review and comment (a) a renewal of the portion of the Paperwork Reduction Act (“PRA”) burden that has been subject to notice and comment in the past (the “traditional annual PRA burden”), and (b) an expansion of the scope of the PRA burden in the future (the “supplemental annual PRA burden”).

As explained in the notice, FinCEN does not have the necessary information to provide a tentative estimate of these supplemental annual PRA hourly burden and cost within the current notice. FinCEN also recognizes that it does not have all the necessary information to precisely estimate the traditional annual PRA burden. For that reason, FinCEN is relying on estimates used in prior renewals of OMB control numbers and applicable regulations. FinCEN further recognizes that after receiving public comments, the burden and cost estimates for the traditional annual PRA burden may vary significantly. FinCEN intends to conduct more granular studies of the actions included in the proposed scope of a supplemental annual PRA burden in the near future, to arrive at accurate estimates of net BSA hourly burden and cost.⁸ The data obtained in these studies also may result in a significant variation in the estimated traditional annual PRA hourly burden.

FinCEN received six public comments in response to this notice. Commenters were generally supportive of FinCEN’s effort to more accurately estimate the cost and burden associated with the CIP regulatory requirements. One commenter provided an overview of the resources its institution dedicates to CIP and an estimate of the annual cost of complying with specific elements of CIP, in an effort to provide relevant information to assist FinCEN with calculating an estimate of the supplemental annual PRA hourly burden and cost.

A few commenters recommended that FinCEN survey industry to develop a representative sample of all types and sizes of financial institutions from all geographies to develop a more precise calculation of the estimated resource and monetary cost of compliance with CIP requirements.

Another commenter recommended that financial institutions utilize geolocation technology to verify the identity of customers and authenticate digital transactions.

FinCEN appreciates the recommendations and intends to use that information as part of a larger project FinCEN is undertaking to better understand the PRA hourly burden and cost of the BSA as a whole.

9. Explanation of decision to provide any payment or gift to respondents.

No payments or gifts were made to respondents.

10. Assurance of confidentiality of responses.

Information collected under 31 U.S.C. 5318(l) may be made available to appropriate law enforcement agencies and supervisory agencies.

11. Justification of sensitive questions.

There are no questions of a sensitive nature in the collection of information. Any personally identifiable information collected under the BSA is strictly controlled as outlined in FinCEN’s Systems of Records Notice. See https://www.gpo.gov/fdsys/pkg/FR-2014-04-14/pdf/2014-08254.pdf.

12 & 13. Estimated burden & cost of information collection.

• Estimated Number of Respondents: 10,583.⁹

• Estimated Total Annual Burden Hours: 116,413 hours.

• Estimated Total Annual Cost:

Board Approval of CIP Program: 10,583 hours¹⁰ x $133 per hour¹¹ = $1,407,539

Maintenance of the CIP Program: 95,247 hours¹² x $48 per hour¹³ = $4,571,856.

Notification to Customers of CIP Requirements: 10,583 hours x $32 per hour¹⁴ = $338,656.

Total: $6,318,051.

Hourly burden associated with maintaining and updating the CIP and customer notification for all banks

There are no non-labor costs associated with this collection of information.

14. Estimated annual cost to the Federal government.

There is no cost to the government; this is a recordkeeping requirement only.

15. Reasons for change in burden.

The estimated total annual burden hours decreased from 178,205 hours since the last control number renewal in 2018 to 116,413 hours. Although the burden estimate per bank remains the same, at 11 hours per bank, the number of banks decreased from 16,001 banks in 2018 to 10,593 banks, based on 2020 data.

16. Plans for tabulation, statistical analysis, and publication.

This collection of information will not be published.

17. Request not to display the expiration date of the OMB control number.

FinCEN requests that it not be required to display the expiration date so that the regulations will not have to be amended for the new expiration date every three years.

18. Exceptions to the certification statement.

There are no exceptions to the certification statement.