Financial Crimes Enforcement Network; Customer Identification Programs, Anti-Money Laundering Programs, and Beneficial Ownership Requirements for Banks Lacking a Federal Functional Regulator

AGENCY:

Financial Crimes Enforcement Network (“FinCEN”), Treasury.

ACTION:

Final rule.

SUMMARY:

FinCEN is issuing a final rule implementing sections 352, 326 and 312 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (“USA PATRIOT Act”) and removing the anti-money laundering program exemption for banks that lack a Federal functional regulator, including, but not limited to, private banks, non-federally insured credit unions, and certain trust companies. The Final Rule requires minimum standards for anti-money laundering programs for banks without a Federal functional regulator to ensure that all banks, regardless of whether they are subject to Federal regulation and oversight, are required to establish and implement anti-money laundering programs, and extends customer identification program requirements and beneficial ownership requirements to those banks not already subject to these requirements.

DATES:

Effective Date: November 16, 2020.

Compliance Date: The compliance date for anti-money laundering programs, customer identification programs, and beneficial ownership requirements for banks that lack a Federal functional regulator is March 15, 2021.

FOR FURTHER INFORMATION CONTACT:

The FinCEN Resource Center at (800) 767-2825 or email frc@fincen.gov.

SUPPLEMENTARY INFORMATION:

I. Background

A. Statutory Provisions

FinCEN exercises its regulatory functions primarily under the Currency and Financial Transactions Reporting Act of 1970, as amended by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (“USA PATRIOT Act”) (Public Law 107-56) and other legislation. This legislative framework is commonly referred to as the “Bank Secrecy Act” (“BSA”). The Secretary of the Treasury (“Secretary”) has delegated to the Director of FinCEN the authority to implement, administer, and enforce compliance with the BSA and associated regulations. Pursuant to this authority, FinCEN may issue regulations requiring financial institutions to keep records and file reports that “have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism.” Additionally, FinCEN is authorized to impose anti-money laundering (“AML”) program requirements for financial institutions.

Section 352 of the USA PATRIOT Act requires financial institutions to establish AML programs that, at a minimum, include: (1) The development of internal policies, procedures, and controls; (2) the designation of a compliance officer; (3) an ongoing employee training program; and (4) an independent audit function to test programs. Section 352 of the USA PATRIOT Act authorizes FinCEN, in consultation with the appropriate Federal functional regulator (as defined by 15 U.S.C. 6809), to prescribe minimum standards for AML programs. In developing this Final Rule, FinCEN consulted with the Federal functional regulators defined in 15 U.S.C. 6809, as well as the Commodity Futures Trading Commission (“CFTC”) (collectively referred to as “Federal functional regulators”). In addition, FinCEN consulted with the Internal Revenue Service (“IRS”), which is the examining authority for all institutions regulated by FinCEN that do not have a Federal functional regulator. FinCEN also consulted with state bank supervisory authorities. Consultations with these Federal and state regulatory and supervisory agencies assisted FinCEN in determining the appropriate scope and nature of banks that are not directly regulated by Federal functional regulators and to adequately consider appropriate regulatory coverage for such institutions.

When prescribing minimum standards for AML programs, FinCEN must “consider the extent to which the requirements imposed [under section 352 of the USA PATRIOT Act] are commensurate with the size, location, and activities of the financial institutions to which [the standards] apply.” In addition, FinCEN may “prescribe an appropriate exemption from a requirement [in the BSA] or regulations [issued under the BSA].” FinCEN used this authority in 2002 to temporarily defer the requirement to establish an AML program for certain financial institutions identified in section 352 of the USA PATRIOT Act. The purpose of the temporary deferral was to give FinCEN and Treasury time to continue to study the money laundering risks posed by such financial institutions in order to develop appropriate AML program requirements.

Section 326 of the USA PATRIOT Act requires FinCEN to prescribe regulations that require financial institutions to establish procedures for account opening that, at a minimum, include: (1) Verifying the identity of any person seeking to open an account, to the extent reasonable and practicable; (2) maintaining records of the information used to verify the person's identity, including name, address, and other identifying information; and (3) determining whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency. These programs are referred to as Customer Identification Programs (“CIPs”).

When prescribing CIP regulations for financial institutions, FinCEN is required to do so jointly with the appropriate Federal functional regulator. The appropriate Federal functional regulator with which to promulgate joint CIP regulations is the particular agency that regulates and supervises the affected financial institutions. Because the financial institutions covered under this Final Rule do not have a Federal functional regulator, and there is no other Federal agency with comparable direct supervisory authority over such financial institutions, there is no other appropriate Federal agency with which FinCEN is required to issue the CIP rules jointly. Accordingly, FinCEN is issuing the CIP rule set forth here under its sole authority.

Section 312 of the USA PATRIOT Act requires each U.S. financial institution that establishes, maintains, administers, or manages a correspondent account or a private banking account in the United States for a non-U.S. person to subject such accounts to certain AML measures. In particular, financial institutions must establish appropriate, specific, and, where necessary, enhanced due diligence policies, procedures, and controls that are reasonably designed to enable the financial institution to detect and report instances of money laundering through these accounts. In addition to the general due diligence requirements, which apply to all correspondent accounts for non-U.S. persons, section 5318(i)(2) of the BSA specifies additional standards for correspondent accounts maintained for certain foreign banks. Section 5318(i) also sets forth minimum due diligence requirements for private banking accounts for non-U.S. persons. Specifically, a covered financial institution must take reasonable steps to ascertain the identity of the nominal and beneficial owners of, and the source of funds deposited into, private banking accounts, as necessary to guard against money laundering and to report suspicious transactions. The institution must also conduct enhanced scrutiny of private banking accounts requested or maintained for, or on behalf of, senior foreign political figures (which includes family members or close associates). Enhanced scrutiny must be reasonably designed to detect and report transactions that may involve the proceeds of foreign corruption.

B. Regulatory Background

The following information describes the effect of certain previous rulemakings on banks, and specifically on banks lacking a Federal functional regulator.

AML Program Requirements

Most banks became subject to an AML program requirement under the BSA when FinCEN issued an Interim Final Rule on April 29, 2002 (“Interim Final Rule”). The Interim Final Rule stated that an institution regulated by a Federal functional regulator “shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if it implements and maintains an [AML] program that complies with the regulation of its Federal functional regulator governing such programs.” “Federal functional regulator” is defined at 31 CFR 1010.100(r) to include each of the Federal banking agencies, as well as the SEC and the CFTC.

The Interim Final Rule temporarily deferred AML program requirements for certain financial institutions, including “private bankers.” On November 6, 2002, FinCEN amended the Interim Final Rule to extend the exemption from the requirement to establish an AML program indefinitely for private bankers and to expand the exemption to other financial institutions, including any bank “that is not subject to regulation by a Federal functional regulator.”

Although banks that lack a Federal functional regulator are exempt from the requirement to establish an AML program, they are required to comply with many other BSA requirements. For example, FinCEN regulations require all banks, regardless of whether they have a Federal functional regulator, to file currency transaction reports (“CTRs”) and suspicious activity reports (“SARs”), as well as to make and maintain certain records. In addition, like other covered financial institutions, banks that lack a Federal functional regulator are prohibited from maintaining correspondent accounts for foreign shell banks and are required to obtain and retain information on the ownership of foreign banks.

FinCEN has incrementally eliminated the Interim Final Rule's temporary exemption and promulgated AML program rules for certain other institutions, including insurance companies, certain loan or finance companies, and dealers in precious metals, precious stones, or jewels. FinCEN determined that the gap in AML coverage between banks with and without a Federal functional regulator presented a vulnerability to the U.S. financial system that could be exploited by bad actors, prompting this rulemaking. In the 2016 U.S. Mutual Evaluation, the Financial Action Task Force (FATF) recommended that three categories of non-Federal state-chartered banks be subject to an AML program requirement in addition to their reporting obligations. The rulemaking covers non-Federal state chartered banks. Further, subsequent to the 2016 notice of proposed rulemaking to amend the AML, CIP, and beneficial ownership regulations to include coverage for banks lacking a Federal functional regulator, and according to the 2020 National Strategy for Combatting Terrorist and Other Illicit Financing, law enforcement identified specific instances of illicit actors taking advantage of this lack of regulatory coverage.

Customer Identification Program Requirements

CIP requirements were finalized, through a joint final rule, for banks, savings associations, credit unions, and certain non-federally regulated banks on May 9, 2003. With this action, certain banks that lack a Federal functional regulator—namely, private banks, non-federally insured credit unions and trust companies lacking a federal functional regulator—were required to comply with CIP requirements. On the same day, FinCEN published a notice of proposed rulemaking (“NPRM”) that would have imposed CIP requirements on all other banks without a Federal functional regulator that were not already included in the joint rule. The 2003 NPRM was never finalized.

Beneficial Ownership Requirement

On May 11, 2016, FinCEN published a final rule (“CDD Rule”) to clarify and strengthen customer due diligence requirements for certain financial institutions, including federally regulated banks. Specifically, the CDD Rule requires these financial institutions to identify and verify the identity of the beneficial owners of their legal entity customers, subject to certain exclusions and exemptions. The CDD Rule also amended the AML program requirements for these financial institutions. For purposes of regulatory consistency and for the reasons noted above, FinCEN believes it is necessary that these requirements apply to non-federally regulated banks as well.

II. Notice of Proposed Rulemaking

On August 25, 2016, FinCEN issued an NPRM proposing to amend certain definitions and to amend the AML, CIP, and beneficial ownership regulations to include coverage for banks lacking a Federal functional regulator. FinCEN proposed amending the definition of “bank” in 31 CFR 1020 specifically to include, at a minimum, the following categories: (1) State-chartered non-depository trust companies; (2) non-federally insured credit unions; (3) private banks; (4) non-federally insured state banks and savings associations; and (5) international banking entities. In the NPRM, FinCEN noted that the gap in AML coverage between banks with and without a Federal functional regulator presented a vulnerability to the U.S. financial system that could be exploited by bad actors, prompting this rulemaking. Subsequent to the NPRM, law enforcement has identified to FinCEN specific instances of illicit actors taking advantage of this lack of coverage. This activity has involved different types of institutions that would be subject to this rule, and includes multiple investigations related to terrorist financing, espionage, narcotics trafficking, and public corruption. FinCEN further proposed technical amendments to the definition of the term “bank” to create one standard definition to be used throughout the regulations. FinCEN did not propose any amendments to the definition of “financial institution,” because the amendments proposed in the NPRM would not impact how that term is defined in 31 CFR 1010.100(t).

In addition, FinCEN proposed amending the existing rules to impose standards and requirements for banks lacking a Federal functional regulator that are identical to those in FinCEN's AML, CIP, and beneficial ownership regulations for banks with a Federal functional regulator. Specifically, the NPRM proposed requiring any entity meeting the definition of “bank” in 31 CFR 1010.100(d), whether or not regulated by a Federal functional regulator, to establish AML and CIP programs and to comply with beneficial ownership requirements.

Finally, because there would no longer be a need to exclude banks without a Federal functional regulator from AML and CIP requirements if the proposal were finalized, FinCEN also proposed removing 31 CFR 1020.100(b) and (d). FinCEN also invited comment on all aspects of the NPRM.

III. Comments on the NPRM—Overview and General Issues

The comment period on the NPRM ended on October 24, 2016. FinCEN received eight comments. Comments were submitted by one anonymous source, three industry representatives, and four trade associations. FinCEN has reviewed and considered all the comments to the extent they addressed aspects of the proposed rulemaking. All the comments supported the issuance of this Final Rule. The Final Rule adopts the proposal in its entirety, but establishes a later date by which affected banks must be in compliance. One commenter requested a two-year implementation period. Another suggested an implementation date in May 2018, to coincide with that of the CDD Rule. A third commenter suggested an implementation period of six months to a year, and a fourth commenter suggested a minimum of six months.

As FinCEN emphasized in the NPRM, and described in more detail above, banks lacking a Federal functional regulator are already obligated to comply with a number of BSA regulations. In addition, banks lacking a Federal functional regulator generally are required by state banking regulation and guidance to have policies, management oversight, personnel training, and internal compliance review and various procedures and systems in place to comply with regulation and guidance. Even banks not subject to these state regulatory requirements must develop such policies and procedures to properly function and comply with their BSA obligations and state banking regulations. FinCEN views the existence of such policies and procedures as minimizing the amount of time needed to prepare for implementation of the Final Rule's requirements. Accordingly, FinCEN does not expect the transition to compliance with the Final Rule to be unreasonably difficult or costly, and does not believe a two-year implementation period is needed or warranted. However, in light of these comments, FinCEN has determined that it would be appropriate to provide affected banks more time to comply with the Final Rule. Banks lacking a Federal functional regulator, therefore, will have 180 days from the day the Final Rule is published to be in compliance. FinCEN believes that this time frame is reasonable and adequate to ensure compliance with these requirements, given the framework that these banks are expected to already have in place.

IV. Section-by-Section Analysis

A. Section 1010.100 General Definitions

Because the definition of bank in Part 1010 makes no distinction as to whether a bank has a Federal functional regulator, FinCEN did not propose any changes to the definition of bank in paragraph 1010.100(d). Likewise, there were no proposed changes to the general definition of financial institution in paragraph 1010.100(t). Because these existing definitions do not make distinctions based on whether a bank has a Federal functional regulator, they will be used for Part 1020. There were no objections to this general formulation, and FinCEN is adopting it as proposed.

B. Section 1010.605 Definition

The beneficial ownership rule refers to the definition of covered financial institution set forth in paragraph 1010.605(e)(1), which excludes certain financial institutions lacking a Federal functional regulator. To ensure that all banks are subject to the beneficial ownership requirements under section 1010.230, FinCEN proposed amending the definition in paragraph 1010.605(e)(1) by replacing paragraphs (i) through (vii) with a single paragraph (e)(1)(i) to include all banks within the rule's definition of “covered financial institution.” With these changes, all banks will now be required to comply with the beneficial ownership requirements to identify and verify the beneficial owners of legal entity customers, regardless of whether they are federally regulated. As with the previous sections, there were no objections to this general formulation, and FinCEN is adopting it as proposed.

C. Section 1020.100 Definitions

FinCEN proposed removing paragraph 1020.100(b), because the definition of bank for purposes of complying with CIP requirements only included banks subject to regulation by a Federal functional regulator. There were no objections to this general formulation, and FinCEN is removing the definition as proposed.

Likewise, FinCEN proposed removing paragraphs 1020.100(d)(1) and (2), because the definitions of financial institution for purposes of complying with AML and CIP requirements only included banks subject to regulation by a Federal functional regulator. There were no objections to this general formulation, and FinCEN is removing these paragraphs as proposed.

D. Amendments to Section 1010.205

FinCEN proposed amending section 1010.205 to reflect the removal of: (1) The exemption for private bankers (paragraph 1010.205(b)(1)(vi)); (2) the broader exemption for banks that lack a Federal functional regulator (paragraph 1010.205(b)(2)); and (3) the exemption for persons subject to supervision by a state banking authority (paragraph 1010.205(b)(3)). There were no objections to this amendment, and FinCEN is adopting it as proposed.

E. Amendments to Section 1020.210

FinCEN proposed amending the title for this section to reflect that all banks, regardless of whether they are subject to Federal regulation and oversight, are required to establish and implement AML programs. There were no objections to this amendment, and FinCEN is adopting it as proposed. The title for this section now reads: “Anti-money laundering program requirements for banks.”

FinCEN proposed amending the introductory paragraph in 1020.210 and redesignating the introductory paragraph as paragraph (a) in order to detail the AML program requirements specific to banks regulated only by a Federal functional regulator, including banks, savings associations, and credit unions. FinCEN also proposed removing from the introductory paragraph in 1020.210 the reference to regulation by a self-regulatory organization. There were no objections to these amendments, and FinCEN is adopting them as proposed.

FinCEN proposed adding new paragraph 1020.210(b) to detail the AML program requirements specific to banks that lack a Federal functional regulator, including, but not limited to, private banks, non-federally insured credit unions, and certain trust companies. Paragraph 1020.210(b)(2) requires banks that lack a Federal functional regulator to establish and implement AML programs under the specified minimum standards. Paragraph 1020.210(b)(3) requires banks that lack a Federal functional regulator to obtain approval of the AML program by their board of directors, or an equivalent governing body, and to make the AML program available to FinCEN or its designee upon request. There were no objections to these amendments, and FinCEN is adopting them as proposed.

F. Amendments to Section 1020.220

FinCEN proposed amending the title for this section to reflect that, going forward, CIP requirements would apply to all banks. There were no objections to this amendment, and FinCEN is adopting it as proposed.

V. Final Regulatory Flexibility Act Analysis

When an agency issues a rulemaking proposal, the Regulatory Flexibility Act (“RFA”) requires the agency to “prepare and make available for public comment an initial regulatory flexibility analysis” that will “describe the impact of the proposed rule on small entities.” 5 U.S.C. 603(a). Section 605 of the RFA allows an agency to certify a rule, in lieu of preparing an analysis, if the proposed rulemaking is not expected to have a significant economic impact on a substantial number of small entities.

A. Reasons Why Action by the Agency Is Being Considered

The Anti-Money Laundering Program

The statutory mandate that all financial institutions establish AML programs is a key element in the national effort to prevent and detect money laundering and the financing of terrorism. Banks without a Federal functional regulator are at least as vulnerable to the risks of money laundering and terrorist financing as banks with one. The Final Rule eliminates the present regulatory gap in AML coverage between banks with and without a Federal functional regulator. FinCEN expects that uniform regulatory requirements for all banks will reduce the opportunity for criminals to seek out and exploit banks subject to less rigorous AML requirements.

Customer Identification Program

For the reasons of regulatory consistency and protection against the systemic vulnerability discussed above in connection with AML programs, FinCEN believes that CIP requirements should also apply to all banks, regardless of whether they are federally regulated. In May 2003, FinCEN issued a Notice of Proposed Rulemaking to ensure that there would be no gaps in the scope of the CIP obligations as they apply to banks. However, this proposal was never finalized.

Beneficial Ownership Requirements

As noted above, the beneficial ownership requirements of the CDD Rule require that from and after May 11, 2018, federally regulated banks and certain other financial institutions identify, and verify the identity of, the beneficial owners of their legal entity customers, as set forth in section 1010.230. For purposes of regulatory consistency, and protection against the systemic vulnerability discussed above in connection with AML programs, FinCEN believes that this requirement should apply to non-federally regulated banks as well.

B. Objectives of, and Legal Basis for, the Final Rule

Section 352 of the USA PATRIOT Act requires financial institutions to establish AML programs that, at a minimum, include: (1) The development of internal policies, procedures, and controls; (2) the designation of a compliance officer; (3) an ongoing employee training program; and (4) an independent audit function to test programs. In addition, the CDD Rule described above added an explicit requirement to understand the nature and purpose of customer relationships; to conduct ongoing monitoring to identify and report suspicious transactions; and, on a risk basis, to maintain and update customer information.

Section 326 of the USA PATRIOT Act requires FinCEN to prescribe regulations that require financial institutions to establish programs for account opening that, at a minimum, include: (1) Verifying the identity of any person seeking to open an account, to the extent reasonable and practicable; (2) maintaining records of the information used to verify the person's identity, including name, address, and other identifying information; and (3) determining whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency.

Section 312 of the USA PATRIOT Act requires each U.S. financial institution that establishes, maintains, administers, or manages a correspondent account or a private banking account in the United States for a non-U.S. person to subject such accounts to certain AML measures.

C. Small Entities Subject to the Final Rule

Based upon available data, for the purposes of the RFA, FinCEN estimates that these rules will impact approximately 297 state-chartered non-depository trust companies, 228 non-federally insured credit unions, 12 non-federally insured state-chartered banks and savings and loan or building and loan associations, 1 private bank, and 29 international banking entities.²⁸ FinCEN's expectation, as expressed in the NPRM, is that many of the banks without a Federal functional regulator are small entities. No comments received in response to the NPRM indicated anything to the contrary. Therefore, FinCEN concludes that the Final Rule applies to a substantial number of small entities.

D. Projected Reporting, Recordkeeping, and Other Compliance Requirements of the Final Rule

The Final Rule prescribes minimum standards for AML programs for banks without a Federal functional regulator to ensure that all banks, regardless of whether they are subject to Federal regulation and oversight, are required to establish and implement written AML programs, including conducting ongoing customer due diligence, and to identify and verify the identity of the beneficial owners of their legal entity customers. The changes also extend customer identification program requirements to those banks not already subject to these requirements.

Banks lacking a Federal functional regulator are currently required to comply with many existing requirements under the BSA. All banks, including those not subject to Federal supervision, are already required to file CTRs and SARs, which necessarily requires a bank to establish a process to detect unusual activity. In addition, certain banks lacking a Federal functional regulator—namely, private banks, non-federally insured credit unions, and certain trust companies—must maintain CIPs.

With respect to the beneficial ownership requirement, the Final Rule requires banks lacking a Federal functional regulator to obtain and maintain identifying information for each beneficial owner from each legal entity customer that opens a new account, including name, address, date of birth, and identification number. The financial institution is also required to verify the identity of such persons by documentary or non-documentary methods and to maintain in its records for five years a description of (i) any document relied on for verification, (ii) any such non-documentary methods and results of such measures undertaken, and (iii) the resolution of any substantive discrepancies discovered in verifying the identification information.

The burden on a small non-federally regulated bank at account opening resulting from the Final Rule would be a function of the number of beneficial owners of each legal entity customer opening a new account, the additional time required to identify and verify each beneficial owner, and the number of new accounts opened for legal entities by the small banks during a specified period.

None of the small businesses that commented on the CDD Rule's Initial Regulatory Flexibility Analysis (“IRFA”) included an estimate of the amount of time to open a legal entity account; rather, only one noted the number of such accounts it opens per year (70). As a result of the comments FinCEN received to the CDD Rule's regulatory impact assessment (“RIA”), FinCEN concluded in its Final Regulatory Flexibility Analysis (“FRFA”) that the estimated time for financial institutions to open accounts ranges from 20 to 40 minutes. On December 30, 2019, FinCEN published in the Federal Register a notice of intent to renew without change, information collection requirements in connection with beneficial ownership requirements for legal entity customers. As a result of public comments received on the notice, FinCEN increased its estimate of the burden from an average of 30 minutes to an average of 80 minutes per new account opened for a legal entity customer.

E. Overlapping or Conflicting Federal Rules

FinCEN is unaware of any existing Federal regulations that would overlap or conflict with the Final Rule.

F. Consideration of Significant Alternatives

FinCEN has not identified any alternative means for bringing these categories of non-Federally regulated banks into compliance with the same standards as all other banks in the United States. Were FinCEN to exempt small entities from this requirement, those entities would potentially be at greater risk of abuse by criminals, terrorists, and other bad actors and would expose the U.S. financial system to money laundering, terrorist financing, proliferation financing, and other serious illicit finance threats.

With respect to beneficial ownership requirements in the CDD Rule, FinCEN considered several alternatives to the requirements proposed. As described in greater detail in the preamble to the final CDD Rule, these alternatives included exempting small financial institutions below a certain asset or legal entity customer threshold from the requirements, as well as utilizing a lower or higher threshold for the minimum level of equity ownership for the definition of beneficial owner. FinCEN determined, however, that identifying the beneficial owner of a financial institution's legal entity customers and verifying that identity are necessary requirements to strengthen financial transparency and to combat the misuse of companies to engage in illicit activities. Were FinCEN to exempt from this requirement small entities or entities that establish a limited number of accounts for legal entities, those financial institutions would be at greater risk of abuse by criminals, terrorists, and other bad actors and would expose the U.S. financial system to money laundering, terrorist financing, proliferation financing, and other serious illicit finance threats.

FinCEN also considered increasing the threshold for ownership of equity interests in the definition of beneficial ownership to 50 percent or more of the equity interests. Although this higher threshold would reduce the maximum number of individuals whose identity would need to be verified from five to three, thus reducing marginally the onboarding time, this change would not impact the training or IT costs and, therefore, would not substantially reduce the overall costs of the rule and also would provide less useful information. After considering all the alternatives, FinCEN concluded that an ownership threshold of 25 percent is appropriate to maximize the benefits of the requirement while minimizing the burden.

To minimize burden to covered financial institutions, which would apply to banks covered under this Final Rule, FinCEN did exempt such financial institutions from the beneficial ownership requirements in connection with legal entity customers opening certain low risk accounts.

FinCEN believes, based on its exposure to other similarly regulated businesses that are required to comply with AML and CIP programs and beneficial ownership requirements, that banks lacking a Federal functional regulator will be able to build on their existing compliance policies and procedures and prudential business practices to ensure compliance with this Final Rule with relatively minimal cost and effort. As FinCEN has done with the other industries subject to the requirements of the BSA, FinCEN will actively engage with banks lacking a Federal functional regulator to provide guidance and feedback, and endeavor to make compliance with the regulations as cost-effective and efficient as possible for all affected banks.

FinCEN believes that the flexibility incorporated into the Final Rule permits each bank lacking a Federal functional regulator to take a risk-based approach to tailor its AML and CIP programs to fit its own size, needs, and operational risks. In this regard, FinCEN believes that expenditures associated with establishing and implementing an AML program will be commensurate with a bank's size, complexity, and risk profile. Based on inherent risks, some banks may deem it appropriate to implement more comprehensive policies, procedures, and internal controls than others. FinCEN does not intend for each bank lacking a Federal functional regulator to have identical policies and procedures for their AML and CIP programs. The AML regulations are risk-based. Accordingly, each bank has broad discretion to design and implement programs that reflect and respond to the bank's unique money laundering, terrorist and proliferation financing, and other serious illicit finance risks. As with other financial institutions subject to the requirements of the BSA, if a bank lacking a Federal functional regulator is small or does not have high-risk customers, or does not engage in high-risk transactions, the burden to comply with the Final Rule likely will be commensurately minimal. FinCEN anticipates that the impact of the AML and CIP program and beneficial ownership requirements and the assessment of associated risks will not be significant for covered banks lacking a Federal functional regulator.

G. Certification

The additional burden under the Final Rule is a requirement to maintain AML and CIP programs and comply with beneficial ownership requirements. As discussed above, FinCEN anticipates that the impact from these requirements will not be significant. Accordingly, FinCEN certifies that the Final Rule will not have a significant economic impact on small entities.

VI. Unfunded Mandates Act

Section 202 of the Unfunded Mandates Reform Act of 1995 (“Unfunded Mandates Act”), Public Law 104-4 (March 22, 1995), requires that an agency prepare a budgetary impact statement before promulgating a rule that may result in expenditure by State, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year. If a budgetary impact statement is required, section 202 of the Unfunded Mandates Act also requires an agency to identify and consider a reasonable number of regulatory alternatives before promulgating a rule. Taking into account the factors noted above and using conservative estimates of average labor costs in evaluating the cost of the burden imposed by the proposed regulation, FinCEN has determined that it is not required to prepare a written statement under section 202.

VII. Executive Orders 13563 and 12866

Executive Orders 13563 and 12866 direct agencies to assess costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). Executive Order 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. This Final Rule has been designated a “significant regulatory action,” although not economically significant, under section 3(f) of Executive Order 12866. Accordingly, the Final Rule has been reviewed by the Office of Management and Budget (“OMB”). As noted above, FinCEN believes the new requirements imposed on banks without a Federal functional regulator, as a result of this Final Rule, will result in a minimal additional compliance burden for such banks for the following reasons:

• Banks lacking a Federal functional regulator are currently required to comply with many existing requirements under the BSA, including the requirements to file CTRs and SARs, which necessarily require a bank to establish a process to detect unusual activity.
• Certain banks lacking a Federal functional regulator—namely, private banks, non-federally insured credit unions, and certain trust companies—must maintain CIPs.
• Banks lacking a Federal functional regulator generally are required by state banking regulation and guidance to have policies, management oversight, personnel training, internal compliance review, and various procedures and systems in place to comply with regulation and guidance. Even banks not subject to these state regulatory requirements must develop such policies and procedures to properly function and comply with their BSA obligations and state banking regulations.

VIII. Paperwork Reduction Act

The collections of information contained in the Final Rule were submitted to OMB for review in accordance with the Paperwork Reduction Act of 1995 (“PRA”). The information collections have been approved under OMB control numbers 1506-0035 (Anti-money laundering program requirements for banks), 1506-0026 (Customer identification program requirements for banks), and 1506-0070 (Beneficial ownership requirements for legal entity customers).

In accordance with the requirements of the PRA, and its implementing regulations, 5 CFR part 1320, the following information concerning the collection of information is presented. The information collections in this Final Rule are contained in 31 CFR 1020.210 (Anti-money laundering program requirements for banks), 31 CFR 1020.220 (Customer identification program requirements for banks), and 31 CFR 1010.230 (Beneficial ownership requirements for legal entity customers). The information will be used by examining agencies to verify compliance with these provisions. The collection of information is mandatory. Records required to be retained under the BSA must be retained for five years.

a. 31 CFR 1020.210—Anti-Money Laundering Program Requirements for Banks

Under this Final Rule, banks that lack a Federal functional regulator are required to establish and implement written AML programs under the specified minimum standards. All financial institutions are required to document their AML programs and are permitted to use the method most suitable to their requirements. In addition, banks that lack a Federal functional regulator are required to obtain approval of their AML program by their board of directors, or an equivalent governing body.

Description of Recordkeepers: Banks that lack a Federal functional regulator, including, but not limited to, state-chartered non-depository trust companies, non-federally insured credit unions, non-federally insured state-chartered banks and savings and loan or building and loan associations, private banks, and international banking entities.

Estimated Number of Recordkeepers: 567 financial institutions.

Estimated Annual Records: 567 AML programs.

Estimated Annual Burden Hours: 1,134 hours.

Estimated Total Annual Burden for AML Program Requirements: 1,134 hours.

This burden is added to the existing burden listed under OMB control number 1506-0035 currently titled “Anti-Money Laundering Programs for Insurance Companies and Non-Bank Residential Mortgage Lenders and Originators.” The new title for this control number will be “Anti-Money Laundering Programs for Insurance Companies, Non-Bank Residential Mortgage Lenders and Originators, and Banks Lacking a Federal Functional Regulator.” The new total estimated annual burden for this control number is 33,334 hours.

b. 31 CFR 1020.220—Customer Identification Program Requirements for Banks

Under the CIP requirements, financial institutions are required to implement risk-based, written CIPs that address the following: (1) Procedures for verifying the identify of each new customer; (2) procedures for making and maintaining a record of all information obtained under the customer identification program; (3) procedures for determining whether a new customer appears on any list of known or suspected terrorist organizations issued by the Federal government; and (4) procedures for providing customers adequate notice that the financial institution is requesting information to verify their identities.

Description of Recordkeepers: Banks that lack a Federal functional regulator, such as non-federally insured state-chartered banks and savings and loan or building and loan associations, and international banking entities.

1. Implementing Written CIP Procedures

Estimated Number of Recordkeepers: 41 financial institutions.

Estimated Annual Records: 41 written CIP programs.

Estimated Annual Burden Hours: 41 hours.

2. Recording Information Required To Identify and Verify New Customers

Estimated Number of Recordkeepers: 41 financial institutions.

Estimated Annual Records: 30,750 records on new accounts.

Estimated Annual Burden Hours: 2,563 hours.

3. Providing Customers Notice of Identification Requirements

Estimated Number of Recordkeepers: 41 financial institutions.

Estimated Annual Records: 41 disclosure notices.

Estimated Annual Burden Hours: 41 hours.

4. Total Annual Burden Applicable to CIP Requirements

Estimated Total Annual Burden Hours for CIP Requirements: 2,645 hours (41 + 2,563 + 41).

• 41 hours—Implementing written CIP procedures.
• 2,563 hours—Recording information required to identify and verify new customers.
• 41 hours—Providing customers notice of identification requirements.

This burden is added to the existing burden listed under OMB control number 1506-0026 currently titled “Customer Identification Programs for Banks, Savings Associations, Credit Unions, and Certain Non-Federally Regulated Banks.” The new title for this control number will be “Customer Identification Program Requirements for Banks.” The new total estimated annual burden for this control number is 178,205 hours.

c. 31 CFR 1010.230—Beneficial Ownership Requirements for Legal Entity Customers

Under 31 CFR 1010.230, financial institutions are required to establish and maintain written procedures that are reasonably designed to identify and verify beneficial owners of new accounts opened by legal entity customers and to include such procedures in their AML programs. Financial institutions may obtain the required identifying information by either using the optional certification form from the individual opening the account on behalf of a legal entity customer, or by obtaining from the individual the information required by the form by another means, provided the individual certifies the accuracy of the information. Financial institutions must also maintain a record of the identifying information obtained, as well as a description of any document relied on, of any non-documentary methods and results of any measures undertaken, and the resolutions of substantive discrepancies.

Description of Recordkeepers: Banks that lack a Federal functional regulator, including, but not limited to, state-chartered non-depository trust companies, non-federally insured credit unions, non-federally insured state-chartered banks and savings and loan or building and loan associations, private banks, and international banking entities.

1. Develop and Maintain Beneficial Ownership Identification Procedures

Estimated Number of Recordkeepers: 567 financial institutions.

Estimated Annual Records: 567 beneficial ownership identification procedures.

Estimated Annual Burden Hours: 22,680 hours.

2. Customer Identification, Verification, and Review and Recordkeeping of the Beneficial Ownership Information

Estimated Number of Recordkeepers: 567 financial institutions.

Estimated Annual Records: 212,625 beneficial ownership identification records.

Estimated Annual Burden Hours: 283,500 hours.

3. Total Annual Burden Applicable to Beneficial Ownership Requirements

Estimated Total Annual Burden Hours for Beneficial Ownership Requirements: 306,180 hours (22,680 + 283,500).

• 22,680 hours—Develop and maintain beneficial ownership identification procedures.
• 283,500 hours—Customer identification, verification, and review and recordkeeping of the beneficial ownership information.

This burden is added to the existing burden listed under OMB control number 1506-0070 titled Beneficial Ownership Requirements for Legal Entity Customers. The new total estimated annual burden for this control number is 12,190,880 hours.

Total Estimated Annual Burden Hours as a Result of this Final Rule: 309,959 hours (1,134 + 2,645 + 306,180).

• Anti-money laundering program requirements for banks—1,134 hours.
• Customer identification program requirements for banks—2,645 hours.
• Beneficial ownership requirements for legal entity customers—306,180 hours.

List of Subjects in 31 CFR Parts 1010 and 1020

• Administrative practice and procedure
• Banks
• Banking
• Currency
• Foreign banking
• Foreign currencies
• Investigations
• Penalties
• Reporting and recordkeeping requirements
• Terrorism

Authority and Issuance

For the reasons set forth in the preamble, Parts 1010 and 1020 of Chapter X of Title 31 of the Code of Federal Regulations are amended as follows:

PART 1010—GENERAL PROVISIONS

1. The authority citation for part 1010 continues to read as follows:

Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 and 5316-5332; title III, sec. 314, Pub. Law 107-56, 115 Stat. 307; sec. 701, Pub. L. 114-74, 129 Stat. 599.

2. Section 1010.205 is amended by:

a. Removing paragraph (b)(1)(vi);

b. Redesignating paragraphs (b)(1)(vii) through (ix) as paragraphs (b)(1)(vi) through (viii); and

c. Removing and reserving paragraphs (b)(2) and (b)(3).

3. Section 1010.605 is amended by:

a. Revising paragraph (e)(1)(i);

b. Removing paragraphs (e)(1)(ii) through (vii); and

c. Redesignating paragraphs (e)(1)(viii) through (x) as paragraphs (e)(1)(ii) through (iv).

The revision reads as follows:

PART 1020—RULES FOR BANKS

4. The authority citation for part 1020 continues to read as follows:

Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 and 5316-5332; title III, sec. 314, Pub. Law 107-56, 115 Stat. 307.

5. Section 1020.100 is amended by:

a. Removing paragraphs (b) and (d); and

b. Redesignating paragraph (c) as paragraph (b).

6. Section 1020.210 is revised to read as follows:

7. Amend § 1020.220 by revising the section heading and paragraph (a)(1) to read as follows: