Banks and credit unions may now rely on third parties to provide a consumer’s Social Security or Taxpayer Identification Number, according to an order issued by the FDIC, OCC and the NCUA with the consent of the Financial Crimes Enforcement Network (FinCEN).

The Customer Identification Program  Rule (“CIP rule”) implements part of the USA PATRIOT Act. The “CIP rule requires a bank or credit union to obtain taxpayer identification number (TIN) information from its customer before opening an account, and the exemption permits a bank or credit union to use an alternative collection method to obtain TIN information from a third-party rather than from the customer,” the order states.

FinCEN concurred with the order.

“We recognize that the way customers interact with banks and receive financial services has changed significantly since 2001, when the initial requirement was enacted into law under the USA PATRIOT Act,” said FinCEN Director Andrea Gacki. “This order reduces burden by providing banks with greater flexibility in determining how to fulfill their existing regulatory obligations without presenting a heightened risk of money laundering, terrorist financing, or other illicit finance activity.”

The exemption does not affect the requirement for financial institutions to have risk-based CIP procedures that allow them to have a reasonable belief that they know the true identity of each customer.

This exemption is optional, and entities are not required to use an alternative collection method to obtain a customer’s TIN information.  

The order takes into account the comments received on a March 2024 interagency request for information.