This article was updated April 1, 2024.
Should banks be allowed to collect just a piece of an individual’s social security number prior to account opening to satisfy a key obligation under Bank Secrecy Act rules? Treasury’s financial crimes enforcement arm wants to know.
The Financial Crimes Enforcement Network (FinCEN) has a request for information (RFI) published Friday Friday in the Federal Register that discusses the idea of revising the agency’s customer identification program (CIP) rule under the Bank Secrecy Act (BSA) to permit banks to collect just part of an individual’s social security number (SSN), instead of the full SSN, prior to account opening. This is permitted currently for credit cards alone.
Comments are due May 28, 2024, the Register notice states.
In its notice, FinCEN notes some of the practical reasoning behind the current exception for credit cards, noting, for example, that customers often open credit card accounts at the point of sale; it includes similar discussion regarding buy now, pay later programs that extend credit at the point of sale.
FinCEN said its RFI – issued in consultation staff at the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corp. (FDIC), the National Credit Union Administration (NCUA), and the Federal Reserve Board – seeks information and comment on the potential risks, benefits, and safeguards around banks collecting partial SSNs for U.S. individuals directly from the customer “and subsequently using reputable third-party sources to obtain a full SSN prior to account opening.” It said it is also gathering information about current industry practices regarding SSN collection.
“To allow FinCEN to evaluate comments more effectively, FinCEN requests that, where possible, comments include any suggested use of FinCEN authorities, or changes to FinCEN regulations or guidance, including the nature of the requested change and supporting data or other information on impacts, costs, and benefits,” the agency said.
It offers a detailed list of suggested topics on which it would like to receive input, including what types of safeguards would be needed if such a change to the CIP rule were implemented; related practices and procedures; due diligence; and, among other things, the impact of the current requirement to collect the full SSN from a customer at account opening (including on a bank’s anti-money laundering, or AML, program). It also invites input on whether banks should be permitted to collect other customer identifying information from a third-party source.
FinCEN Seeks Comments on Customer Identification Program Requirement