Customer Identification Programs, Anti-Money Laundering Programs, and Beneficial Ownership Requirements for Banks Lacking a Federal Functional Regulator, 58425-58434 [2016-20219]

Agencies

• DEPARTMENT OF THE TREASURY
• Financial Crimes Enforcement Network

[Federal Register Volume 81, Number 165 (Thursday, August 25, 2016)]
[Proposed Rules]
[Pages 58425-58434]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-20219]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Financial Crimes Enforcement Network

31 CFR Parts 1010 and 1020

RIN 1506-AB28


Customer Identification Programs, Anti-Money Laundering Programs, 
and Beneficial Ownership Requirements for Banks Lacking a Federal 
Functional Regulator

AGENCY: Financial Crimes Enforcement Network (``FinCEN''), Treasury.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: FinCEN is issuing this proposed rule to implement section 326 
of the Uniting and Strengthening America by Providing Appropriate Tools 
Required to Intercept and Obstruct Terrorism Act of 2001 and to remove 
the anti-money laundering program exemption for banks that lack a 
Federal functional regulator, including, but not limited to, private 
banks, non-federally insured credit unions, and certain trust 
companies. The proposed rule would prescribe minimum standards for 
anti-money laundering programs for banks without a Federal functional 
regulator to ensure that all banks, regardless of whether they are 
subject to Federal regulation and oversight, are required to establish 
and implement anti-money laundering programs, and would extend customer 
identification program requirements and beneficial ownership 
requirements to those banks not already subject to these requirements.

DATES: Written comments may be submitted to FinCEN on or before October 
24, 2016.

ADDRESSES: You may submit comments, identified by Regulatory 
Identification Number (RIN) 1506-AB28, by any of the following methods:
     Federal E-rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments. Include 1506-AB28 in 
the submission. Refer to Docket Number FINCEN-2014-0004.
     Mail: Policy Division, Financial Crimes Enforcement 
Network, P.O. Box 39, Vienna, VA 22183. Include 1506-AB28 in the body 
of the text. Please submit comments by one method only. Comments 
submitted in response to this notice of proposed rulemaking (``NPRM'') 
will become a matter of public record. Therefore, you should submit 
only information that you wish to make publicly available.
    Inspection of comments: FinCEN uses the electronic, Internet-
accessible dockets at Regulations.gov as their complete, official-
record docket; all hard copies of materials that should be in the 
docket, including public comments, are electronically scanned and 
placed there. Federal Register notices published by FinCEN are 
searchable by docket number, RIN, or document title, among other 
things, and the docket number, RIN, and title may be found at the 
beginning of the notice. In general, FinCEN will make all comments 
publicly available by posting them on https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: The FinCEN Resource Center at (800) 
767-2825 or email frc@fincen.gov.

SUPPLEMENTARY INFORMATION:

I. Background

A. Statutory Provisions

    FinCEN exercises regulatory functions primarily under the Currency 
and Financial Transactions Reporting Act of 1970, as amended by the 
Uniting and Strengthening America by Providing Appropriate Tools 
Required to Intercept and Obstruct Terrorism Act of 2001 (``USA PATRIOT 
Act'') (Pub. L. 107-56) and other legislation. This legislative 
framework is commonly referred to as the ``Bank Secrecy Act'' 
(``BSA'').\1\ The Secretary of the Treasury (``Secretary'') has 
delegated to the Director of FinCEN the authority to implement, 
administer, and enforce compliance with the BSA and associated 
regulations.\2\ Pursuant to this authority, FinCEN may issue 
regulations requiring financial institutions to keep records and file 
reports that ``have a high degree of usefulness in criminal, tax, or 
regulatory investigations or proceedings, or in the conduct of 
intelligence or counterintelligence activities, including analysis, to 
protect against international terrorism.'' \3\ Additionally, FinCEN is 
authorized to impose anti-money laundering (``AML'') program 
requirements for financial institutions.\4\
---------------------------------------------------------------------------

    \1\ The BSA is codified at 12 U.S.C. 1829b, 12 U.S.C. 1951-1959, 
31 U.S.C. 5311-5314 and 5316-5332, and notes thereto, with 
implementing regulations at 31 CFR chapter X. See 31 CFR 
1010.100(e).
    \2\ Treasury Order 180-01 (Jul. 1, 2014).
    \3\ 31 U.S.C. 5311.
    \4\ 31 U.S.C. 5318(h).
---------------------------------------------------------------------------

    Section 352 of the USA PATRIOT Act requires financial institutions 
to establish AML programs that, at a minimum, include: (1) The 
development of internal policies, procedures, and controls; (2) the 
designation of a compliance officer; (3) an ongoing employee training 
program; and (4) an independent audit function

[[Page 58426]]

to test programs.\5\ Section 352 of the USA PATRIOT Act authorizes 
FinCEN, in consultation with the ``appropriate'' Federal functional 
regulator (using the definition of ``Federal functional regulator'' 
found in 15 U.S.C. 6809), to prescribe minimum standards for AML 
programs. In determining the appropriate scope and nature for this 
proposed rulemaking for financial institutions that are not directly 
regulated by any Federal functional regulator under any definition of 
that term, FinCEN considered the Federal functional regulators of 
similar institutions, including Federal bank supervisory authorities, 
the U.S. Securities and Exchange Commission (``SEC''), and the 
Commodity Futures Trading Commission (``CFTC''), to be ``appropriate'' 
Federal functional regulators within the meaning of Section 352. In 
preparing this rule, FinCEN consulted with these regulators and in 
order to be certain of addressing all important issues, it also 
consulted with state bank supervisory authorities, and the Internal 
Revenue Service (``IRS''), which, to date, has been the examining 
authority for all institutions regulated by FinCEN that do not have a 
Federal functional regulator.
---------------------------------------------------------------------------

    \5\ Id.
---------------------------------------------------------------------------

    When prescribing minimum standards for AML programs, FinCEN must 
``consider the extent to which the requirements imposed [under section 
352 of the USA PATRIOT Act] are commensurate with the size, location, 
and activities of the financial institutions to which [the standards] 
apply.'' \6\ In addition, FinCEN may ``prescribe an appropriate 
exemption from a requirement [in the BSA] or regulations [issued under 
the BSA].'' \7\ FinCEN used this authority in 2002 to exempt 
temporarily certain financial institutions identified in section 352 
from the requirement to establish an AML program.
---------------------------------------------------------------------------

    \6\ Public Law 107-56, title III, Sec. 352(c), 115 Stat. 322.
    \7\ 31 U.S.C. 5318(a)(6).
---------------------------------------------------------------------------

    Section 326 of the USA PATRIOT Act requires FinCEN to prescribe 
regulations that require financial institutions to establish programs 
for account opening that, at a minimum, include: (1) Verifying the 
identity of any person seeking to open an account, to the extent 
reasonable and practicable; (2) maintaining records of the information 
used to verify the person's identity, including name, address, and 
other identifying information; and (3) determining whether the person 
appears on any lists of known or suspected terrorists or terrorist 
organizations provided to the financial institution by any government 
agency.\8\ These programs are referred to as Customer Identification 
Programs (``CIPs'').
---------------------------------------------------------------------------

    \8\ 31 U.S.C. 5318(l). See Joint Final Rule--Customer 
Identification Programs for Banks, Savings Associations, Credit 
Unions and Certain Non-Federally Regulated Banks, 68 FR 25103 (May 
9, 2003) (``The CIP must include procedures for determining whether 
the customer appears on any list of known or suspected terrorists or 
terrorist organizations issued by any Federal government agency and 
designated as such by Treasury in consultation with the Federal 
functional regulators.'' To date, the Department of the Treasury has 
not designated any such list.).
---------------------------------------------------------------------------

    When prescribing CIP regulations for financial institutions that 
engage in financial activities described in Section 4(k) of the Bank 
Holding Company Act of 1956, 12 U.S.C. 1843(k), FinCEN must prescribe 
such CIP regulations jointly with the Federal functional regulator 
(again using the definition of ``Federal functional regulator'' found 
in 15 U.S.C. 6809, but also including the CFTC) that is ``appropriate'' 
for the affected financial institutions.\9\ FinCEN generally considers 
the Federal functional regulator--if any--that actually regulates a 
financial institution to be the Federal functional regulator 
appropriate to promulgate regulations for such a financial 
institution.\10\ Specifically with respect to CIP rules, FinCEN has 
maintained publicly since 2003 that, for a CIP rule that applies to 
institutions not directly regulated by any Federal functional regulator 
under any definition of that term, it is not ``appropriate'' for any 
Federal agency to issue jointly such a CIP rule with FinCEN, given that 
no Federal agency has direct supervisory authority over such financial 
institutions comparable in its pervasiveness to the direct authority of 
the Federal functional regulators over their regulated financial 
institutions.\11\ Consistent with these long-held positions, FinCEN 
proposes to issue the CIP rule set forth here under its sole authority.
---------------------------------------------------------------------------

    \9\ 31 U.S.C. 5318(l)(4). The financial institutions subject to 
the CIP rule being proposed here engage in financial activities 
within the meaning of 12 U.S.C. 1843(k), in particular lending money 
and providing financial advisory services. See 12 U.S.C. 
1843(k)(4)(A) and (C).
    \10\ See, e.g., 31 CFR 1020.210(a).
    \11\ See Notice of Proposed Rulemaking--Customer Identification 
Programs for Certain Banks Lacking a Federal Functional Regulator, 
68 FR 25163 (May 9, 2003).
---------------------------------------------------------------------------

    Section 312 of the USA PATRIOT Act requires each U.S. financial 
institution that establishes, maintains, administers, or manages a 
correspondent account or a private banking account in the United States 
for a non-U.S. person to subject such accounts to certain anti-money 
laundering measures.\12\ In particular, financial institutions must 
establish appropriate, specific, and, where necessary, enhanced due 
diligence policies, procedures, and controls that are reasonably 
designed to enable the financial institution to detect and report 
instances of money laundering through these accounts. In addition to 
the general due diligence requirements, which apply to all 
correspondent accounts for non-U.S. persons, section 5318(i)(2) 
specifies additional standards for correspondent accounts maintained 
for certain foreign banks. Section 5318(i) also sets forth minimum due 
diligence requirements for private banking accounts for non-U.S. 
persons. Specifically, a covered financial institution must take 
reasonable steps to ascertain the identity of the nominal and 
beneficial owners of, and the source of funds deposited into, private 
banking accounts, as necessary to guard against money laundering and to 
report suspicious transactions. The institution must also conduct 
enhanced scrutiny of private banking accounts requested or maintained 
for, or on behalf of, senior foreign political figures (which includes 
family members or close associates). Enhanced scrutiny must be 
reasonably designed to detect and report transactions that may involve 
the proceeds of foreign corruption.
---------------------------------------------------------------------------

    \12\ These requirements are set forth and cross referenced in 
sections 1020.610 (cross-referencing to 31 CFR 1010.610) and 
1020.620 (cross-referencing to 31 CFR 1010.620).
---------------------------------------------------------------------------

B. Regulatory Background

    The following information describes the effect of certain previous 
rulemakings on banks, and specifically on banks lacking a Federal 
functional regulator.
AML Program Requirements
    Most banks became subject to an AML program requirement pursuant to 
the BSA with FinCEN's issuance of an Interim Final Rule on April 29, 
2002 (the ``Interim Final Rule'').\13\ The Interim Final Rule stated 
that an institution regulated by a Federal functional regulator ``shall 
be deemed to satisfy the requirements of 31 U.S.C.

[[Page 58427]]

5318(h)(1) if it implements and maintains an [AML] program that 
complies with the regulation of its Federal functional regulator 
governing such programs.'' \14\ ``Federal functional regulator'' is 
defined at 31 CFR 1010.100(r) to include each of the Federal banking 
agencies, as well as the SEC and the CFTC.
---------------------------------------------------------------------------

    \13\ See Interim Final Rule--Anti-Money Laundering Programs for 
Financial Institutions, 67 FR 21110 (Apr. 29, 2002). Since 1987, all 
federally insured depository institutions and credit unions have 
been required by their Federal regulators to have anti-money 
laundering programs ``to assure and monitor compliance with the 
requirements of subchapter II of chapter 53 of title 31, United 
States Code,'' but until the passage of the USA PATRIOT Act the 
requirement to implement such programs did not arise under a 
specific provision of the Bank Secrecy Act itself. See Final Rule--
Procedures for Monitoring Bank Secrecy Act Compliance, 52 FR 2858 
(Jan. 27, 1987).
    \14\ See 67 FR 21113. Since the time of the 2002 Interim Final 
Rule, FinCEN has reorganized its regulations under 31 CFR Chapter X. 
See Final Rule--Transfer and Reorganization of Bank Secrecy Act 
Regulations, 75 FR 65806 (Oct. 26, 2010). The cited AML program 
requirement can currently be found at 31 CFR 1020.210, with an added 
cross-reference to enhanced due diligence requirements imposed by 
rulemakings later than the Interim Final Rule.
---------------------------------------------------------------------------

    The Interim Final Rule also deferred AML program requirements for 
certain financial institutions, including ``private bankers.'' \15\ On 
November 6, 2002, FinCEN amended the Interim Final Rule.\16\ The 
amendment extended the deferral indefinitely,\17\ and included within 
the deferral not only private bankers, but any bank ``that is not 
subject to regulation by a Federal functional regulator.'' \18\
---------------------------------------------------------------------------

    \15\ ``Private banker'' is included in the list of financial 
institutions in the BSA. 12 U.S.C. 5312(a)(2)(C).
    \16\ See Amendment of Interim Final Rule--Anti-Money Laundering 
Programs for Financial Institutions, 67 FR 67547 (Nov. 6, 2002).
    \17\ See 31 CFR 1010.205(c). The deferral expires for a 
financial institution on the date the financial institution 
otherwise must comply with a final rule requiring the financial 
institution to establish an AML program.
    \18\ See 31 CFR 1010.205(b)(1)(vi) and (b)(2).
---------------------------------------------------------------------------

    Although banks that lack a Federal functional regulator have not 
been required to establish an AML program, they are required to comply 
with many other BSA requirements. For example, banks that lack a 
Federal functional regulator still must file currency transaction 
reports (``CTRs'') and suspicious activity reports (``SARs''), and make 
and maintain certain records.\19\ In addition, banks that lack a 
Federal functional regulator must comply with 31 CFR 1010.630, which 
prohibits covered financial institutions from maintaining correspondent 
accounts for foreign shell banks and requires covered financial 
institutions to obtain and retain information on the ownership of 
foreign banks.\20\
---------------------------------------------------------------------------

    \19\ See 31 CFR 1010.306-315 (CTRs); 31 CFR 1020.320 (SAR rule 
for banks); 31 CFR 1010.410 (records to be made and retained by 
financial institutions).
    \20\ Private banks, trust companies, and credit unions are 
``covered financial institutions'' for purposes of 31 CFR 1010.630 
and 31 CFR 1010.670, regardless of whether the institutions have a 
Federal functional Regulator. See 31 CFR 1010.605(e)(2). In 
contrast, rules requiring the implementation of due diligence 
programs for correspondent accounts and private banking accounts do 
not apply to private banks, apply only to ``federally insured credit 
unions,'' and certain trust companies that are ``federally regulated 
and subject to an anti-money laundering program requirement.'' See 
31 CFR 1010.605(e)(1); 31 CFR 1010.610 (correspondent accounts); 31 
CFR 1010.620 (private banking accounts).
---------------------------------------------------------------------------

    Despite being subject to the various BSA obligations detailed 
above, banks that lack a Federal functional regulator have remained 
exempt from the AML program requirement since the Interim Final Rule. 
In contrast, FinCEN has already eliminated the exemption and 
promulgated AML program rules for other institutions that had been 
exempted under the Interim Final Rule, including insurance companies, 
certain loan or finance companies, and dealers in precious metals, 
precious stones, or jewels.
Customer Identification Program Requirements
    CIP requirements were finalized, through a joint final rule, for 
banks, savings associations, credit unions, and certain non-Federally 
regulated banks on May 9, 2003. With this action, certain banks that 
lack a Federal functional regulator, namely, private banks, non-
federally insured credit unions and certain trust companies, were 
required to comply with CIP requirements.\21\ On the same day, FinCEN 
published a notice of proposed rulemaking that would have imposed CIP 
requirements on all other state-regulated banks without a Federal 
functional regulator that were not included in the joint rule.\22\ This 
rulemaking was never finalized.
---------------------------------------------------------------------------

    \21\ See Joint Final Rule--Customer Identification Programs for 
Banks, Savings Associations, Credit Unions and Certain Non-Federally 
Regulated Banks, 68 FR 25090 (May 9, 2003). See 31 CFR 1020.220.
    \22\ See Notice of Proposed Rulemaking--Customer Identification 
Programs for Certain Banks Lacking a Federal Functional Regulator, 
68 FR 25163 (May 9, 2003).
---------------------------------------------------------------------------

Beneficial Ownership Requirement
    On May 11, 2016, FinCEN published a final rule (``CDD Rule''),\23\ 
to clarify and strengthen customer due diligence requirements for 
certain financial institutions, including federally regulated banks, 
requiring these financial institutions to identify and verify the 
identity of the beneficial owners of their legal entity customers, 
subject to certain exclusions and exemptions. The CDD Rule also amends 
the AML program requirements for these financial institutions. For 
purposes of regulatory consistency, FinCEN believes that it is 
appropriate that these requirements should apply to non-federally 
regulated banks as well, and accordingly proposes these requirements in 
this notice.
---------------------------------------------------------------------------

    \23\ See Final Rules, Customer Due Diligence Rules for Financial 
Institutions, 81 FR 29398 (May 11, 2016).
---------------------------------------------------------------------------

C. Categories of Banks Lacking a Federal Functional Regulator

    FinCEN has identified the following categories of banks that lack a 
Federal functional regulator and is interested in identifying 
additional categories of such entities. However, no discussion of such 
entities should be thought to be exhaustive. This NPRM proposes that 
any entity that meets the definition of bank in 31 CFR 1010.100(d) 
would be required to establish an AML program.
State-Chartered Non-Depository Trust Companies
    State-chartered non-depository trust companies are generally 
smaller than depository (or federally regulated non-depository) trust 
companies, and often provide estate planning and settlement and trust 
administration on a regional basis.\24\ Trust companies can provide 
services similar to investment advisory firms, including securities 
investment advisers, but are generally exempt from registration as 
investment advisers with the SEC.\25\ Trust companies also may provide 
services to clients similar to the services offered by other financial 
services firms. The number of state-chartered non-depository trust 
companies is difficult to determine; however, according to data 
available from state banking regulator Web sites, there are upwards of 
347 of these entities.\26\
---------------------------------------------------------------------------

    \24\ Certain trust companies and banks offering trust services 
are subject to safety and soundness regulation by one or more 
Federal banking agencies. See, e.g., 12 U.S.C. 1813(a)(2), (l)(2), 
and (p); 12 U.S.C. 1817(i).
    \25\ See 15 U.S.C. 80b-2(a)(2) and (11)(A).
    \26\ We reviewed relevant information from the Web sites of 
state banking departments to determine the estimated number. See 
https://www.csbs.org/about/what/Pages/StateBankingDepartmentLinks.aspx.
---------------------------------------------------------------------------

Non-Federally Insured Credit Unions
    Of the more than 6,273 credit unions nationwide, FinCEN understands 
that there are approximately 265 state-chartered credit unions that are 
not federally insured. Aside from their lack of a Federal functional 
regulator, these credit unions generally are similar in structure to 
federally insured credit unions.\27\
---------------------------------------------------------------------------

    \27\ The statistics are based upon information provided in 2013 
by the National Association of State Credit Union Supervisors. 
Federally chartered credit unions are insured by the NCUA through 
the National Credit Union Share Insurance Fund. See 12 U.S.C. 1781.
---------------------------------------------------------------------------

Private Banks
    A private bank is a bank chartered under state law that is owned by 
an

[[Page 58428]]

individual or a partnership and generally provides financial services 
to individuals with high net worth.\28\ Although private banks have a 
long history in certain jurisdictions, including Switzerland and the 
United Kingdom, at least one private bank remains in the United States.
---------------------------------------------------------------------------

    \28\ Private banks should be distinguished from private banking 
accounts. A ``private banking account'' for purposes of rules 
implementing section 312 of the USA PATRIOT Act includes any 
account--at any kind of bank--that is established for certain 
individuals who are not United States citizens, provided the account 
requires a minimum aggregate deposit of $1,000,000 or more and the 
account is administered by an officer, employee, or agent of the 
covered financial institution acting as a liaison with the direct or 
beneficial owner of the account. See 31 CFR 1010.605(m). The rules 
implementing section 312 of the USA PATRIOT Act do not apply to 
private banks per se.
---------------------------------------------------------------------------

Non-Federally Insured State Banks and Savings Associations
    According to estimates available from state banking regulator Web 
sites, the number of state-chartered banks and savings and loan or 
building and loan associations without Federal Deposit Insurance 
Corporation (``FDIC'') insurance is not more than 12.\29\ These banks 
function similarly to other federally insured banks, but are privately 
insured.
---------------------------------------------------------------------------

    \29\ See supra note 26.
---------------------------------------------------------------------------

International Banking Entities
    International banking entities, or ``entidades bancarias 
internacionales'' (``EBIs''), are not federally insured, but are 
authorized by Puerto Rican and the U.S. Virgin Islands law to provide 
banking and other services to non-resident aliens. As of 2014, 33 EBIs 
were licensed by Puerto Rico.\30\
---------------------------------------------------------------------------

    \30\ See Commissioner of Financial Institutions of Puerto Rico 
https://www.ocif.gobierno.pr/documents/cons/EBI.pdf.>
---------------------------------------------------------------------------

D. Extension of AML Program, CIP and Beneficial Ownership Requirements

The Anti-Money Laundering Program
    The statutory mandate that all financial institutions establish 
anti-money laundering programs is a key element in the national effort 
to prevent and detect money laundering and the financing of terrorism. 
Banks without a Federal functional regulator may be as vulnerable to 
the risks of money laundering and terrorist financing as banks with 
one. This proposed rule would eliminate the present regulatory ``gap'' 
in AML coverage between banks with and without a Federal functional 
regulator. FinCEN expects uniform regulatory requirements for all banks 
to reduce the opportunity for criminals to seek out and exploit banks 
subject to less rigorous AML requirements.
    FinCEN also believes that imposing an AML program requirement on 
banks that lack a Federal functional regulator would not be unduly 
burdensome, given that such banks already must comply with various BSA 
recordkeeping, reporting, and, in some cases, CIP requirements. In 
order to comply with these existing rules, banks lacking a Federal 
functional regulator have likely developed procedures and protocol 
comparable to what would be required under the proposed rule.
    In 2005, uniform BSA examination procedures were issued through the 
first publication of the Federal Financial Institutions Examination 
Council Bank Secrecy Act/Anti-Money Laundering Examination Manual.\31\ 
FinCEN understands that uniform audits or examinations of policies, 
procedures, internal controls, reporting structures, transaction 
monitoring, and recordkeeping have caused many banks that lack a 
Federal functional regulator to adopt procedures similar to the ones 
that would be required under the proposed rule.
---------------------------------------------------------------------------

    \31\ The Federal Financial Institutions Examination Council is a 
formal interagency body consisting of the Federal banking agencies 
authorized to prescribe uniform standards for the examination of 
financial institutions. See https://www.ffiec.gov/. Regulators from 
forty-seven state regulators, the District of Columbia, and the 
Commonwealth of Puerto Rico conduct AML compliance inspections in 
conjunction with the Federal banking agencies. Similarly, credit 
unions are subject to joint supervision by the NCUA and their state 
supervisors, pursuant to a Document of Cooperation executed by the 
NCUA and the National Association of State Credit Union Supervisors.
---------------------------------------------------------------------------

Customer Identification Program
    For the reasons of regulatory consistency and protection against 
systemic vulnerability discussed above in connection with AML programs, 
FinCEN believes that CIP should also apply to all banks (including all 
depository institutions chartered under state banking law, even if the 
charter was not for a credit union, trust company, or private bank), 
regardless of whether they are Federally regulated. The preamble of the 
final CIP rule said that it applied to ``banks with a Federal 
functional regulator and to credit unions, trust companies, and private 
banks without a federal functional regulator.'' However, on the same 
day that the final CIP rule was issued, FinCEN issued a follow-on 
Notice of Proposed Rulemaking to ensure that there would be no gaps in 
the scope of the CIP obligations as they apply to banks.\32\ Because 
this proposal was never finalized, FinCEN is also re-proposing changes 
that would explicitly require all banks that lack a Federal functional 
regulator to establish CIP.
---------------------------------------------------------------------------

    \32\ See supra note 22.
---------------------------------------------------------------------------

Beneficial Ownership Requirements
    As noted above, the CDD Rule requires that federally regulated 
banks and certain other financial institutions identify, and verify the 
identity of, the beneficial owners of their legal entity customers, as 
set forth in section 1010.230.\33\ For purposes of regulatory 
consistency, FinCEN believes that this requirement should apply to non-
federally regulated banks as well.
---------------------------------------------------------------------------

    \33\ The CDD Rule is effective July 11, 2016 and applicable on 
and after May 11, 2018.
---------------------------------------------------------------------------

II. Section-by-Section Analysis

    This notice proposes to amend chapter X by adding AML program 
requirements for banks that lack a Federal functional regulator, and 
extending CIP and beneficial ownership requirements to those banks not 
already subject to these requirements. These proposed changes include 
the following: (1) Amending the provision in Sec.  1010.205 that 
exempts certain financial institutions from the requirement to 
establish an AML program; (2) amending the definition of covered 
financial institution in Sec.  1010.605 so that non-federally regulated 
banks will be subject to the beneficial ownership requirements pursuant 
to the CDD Rule (as well as the requirements in Sec. Sec.  1010.610 and 
1010.620); (3) removing the substantive language in the definitions of 
bank and financial institution in part 1020, Rules for Banks, because 
there will no longer be a need to make distinctions from the 
definitions in part 1010's General Definitions; (4) imposing AML 
program requirements on banks that lack a Federal functional regulator 
and prescribing minimum standards for the AML programs; and (5) 
amending the CIP requirements to delete a specific requirement that 
until banks without a Federal functional regulator are subject to AML 
program requirements they must have their CIPs approved by their boards 
of directors. If the proposed changes are implemented, banks without a 
Federal functional regulator will be required to implement a written 
AML program approved by their boards of directors or by equivalent 
functional units within the banks.

A. Exempted Anti-Money Laundering Programs for Certain Financial 
Institutions

    Section 1010.205 provides temporary exemptions for certain 
financial institutions from the requirement to establish an anti-money 
laundering

[[Page 58429]]

program.\34\ The proposed amendments to 31 CFR 1010.205 reflect the 
removal of: (1) The exemption for private bankers (Sec.  
1010.205(b)(1)(vi)); (2) the broader exemption for banks that lack a 
Federal functional regulator (Sec.  1010.205(b)(2)); and (3) the 
exemption for persons subject to supervision by a state banking 
authority (Sec.  1010.205(b)(3)).
---------------------------------------------------------------------------

    \34\ See 67 FR 21113 (Apr. 29, 2002), as amended at 67 FR 67549 
(Nov. 6, 2002) and corrected at 67 FR 68935 (Nov. 14, 2002) 
(Treasury temporarily exempted private bankers and banks not subject 
to regulation by a Federal functional regulator from establishing an 
AML program).
---------------------------------------------------------------------------

B. General and Specific Definitions

    General rules that apply to all industries appear in part 1010, and 
industry-specific rules are contained in other parts within chapter X. 
Because the definition of bank in part 1010 makes no distinctions as to 
whether a bank has a Federal functional regulator, there are no 
proposed changes to that definition of bank in Sec.  1010.100(d).\35\ 
Likewise, there are no proposed changes to the general definition of 
financial institution in Sec.  1010.100(t).\36\ Specific rules for 
banks are contained in part 1020, which includes definitions of both 
``bank'' and ``financial institution'' specific to that part, to note a 
distinction in the application of AML program and CIP requirements 
between banks with a Federal functional regulator and those lacking 
one. FinCEN proposes to amend those definitions, as described below.
---------------------------------------------------------------------------

    \35\ Bank is defined in 31 CFR 1010.100(d) as each agent, 
agency, branch, or office within the United States of any person 
doing business in one or more of the capacities listed: (1) A 
commercial bank or trust company organized under the laws of any 
state or of the United States; (2) A private bank; (3) A savings and 
loan association or a building and loan association organized under 
the laws of any state or of the United States; (4) An insured 
institution as defined in section 401 of the National Housing Act; 
(5) A savings bank, industrial bank or other thrift institution; (6) 
A credit union organized under the law of any state or of the United 
States; (7) Any other organization (except a money services 
business) chartered under the banking laws of any state and subject 
to the supervision of the bank supervisory authorities of a state; 
(8) A bank organized under foreign law; (9) Any national banking 
association or corporation acting under the provisions of section 
25(a) of the Act of Dec. 23, 1913, as added by the Act of Dec. 24, 
1919, ch. 18, 41 Stat. 378, as amended (12 U.S.C. 611-32).
    \36\ 31 CFR 1010.100(t) defines financial institution as each 
agent, agency, branch, or office within the United States of any 
person doing business, whether or not on a regular basis or as an 
organized business concern, in one or more of the capacities listed 
below: (1) A bank (except bank credit card systems); (2) A broker or 
dealer in securities; (3) A money services business as defined in 
Sec.  1010.100(ff); (4) A telegraph company; (5) Casino; (6) Card 
club; (7) A person subject to supervision by any state or Federal 
bank supervisory authority; (8) A futures commission merchant; (9) 
An introducing broker in commodities; or (10) A mutual fund.
---------------------------------------------------------------------------

Customer Identification Program Requirement
    The separate definition of bank in Sec.  1020.100(b) reflects the 
fact that existing CIP requirements do not apply to all banks that lack 
a Federal functional regulator. The current definition of bank, for the 
purposes of 31 CFR 1020.220, is (1) A bank, as that term is defined in 
31 CFR 1010.100(d), that is subject to regulation by a Federal 
functional regulator; and (2) A credit union, private bank, and trust 
company, as set forth in 31 CFR 1010.100(d) of this chapter, that does 
not have a Federal functional regulator.\37\
---------------------------------------------------------------------------

    \37\ See 31 CFR 1020.100(b).
---------------------------------------------------------------------------

    This rulemaking proposes to remove existing Sec.  1020.100(b), 
which would result in making all banks, regardless of whether they are 
subject to regulation by a Federal functional regulator, comply with 
CIP requirements.
Beneficial Ownership Requirement
    The beneficial ownership requirement in the CDD Rule applies to 
covered financial institutions as defined in Sec.  1010.605(e)(1). This 
definition includes several types of banks, all of which are federally 
regulated,\38\ as well as brokers and dealers in securities, futures 
commission merchants and introducing brokers, and mutual funds. In 
order to apply this requirement to non-federally regulated banks, this 
rulemaking proposes to amend the current definition of covered 
financial institution by replacing paragraphs (i) through (vii) of 
Sec.  1010.605(e)(1) with the following, which includes all banks 
(whether or not federally regulated) that are subject to an AML program 
requirement ``a bank required to have an anti-money laundering 
compliance program under the regulations implementing 31 U.S.C. 
5318(h), 12 U.S.C. 1818(s), or 12 U.S.C. 1786(q)(1).''
---------------------------------------------------------------------------

    \38\ These include (1) An insured bank (as defined in section 
3(h) of the Federal Deposit Insurance Act (12 U.S.C. 1813(h)); (2) A 
commercial bank; (3) An agency or branch of a foreign bank; (4) A 
federally insured credit union; (5) A savings association; (6) A 
corporation acting under section 25A of the Federal Reserve Act; and 
(7) A trust bank or trust company that is federally regulated and is 
subject to an anti-money laundering program requirement.
---------------------------------------------------------------------------

Anti-Money Laundering Program Requirement
    The definition of financial institution in Sec.  1020.100(d) 
reflects the fact that existing AML program requirements are based on 
whether a bank is subject to regulation by a Federal functional 
regulator. The current definition of financial institution is (1) For 
the purposes of 31 CFR 1020.210, a financial institution is defined in 
31 U.S.C. 5312(a)(2) or (c)(1) that is subject to regulation by a 
Federal functional regulator or a self-regulatory organization; (2) For 
the purposes of 31 CFR 1020.220, a financial institution is defined in 
31 U.S.C. 5312(a)(2) or (c)(1).
    This rulemaking proposes to remove existing Sec.  1020.100(d)(1), 
which along with the proposed amendments to Sec.  1020.210 described 
below, would result in requiring all banks, regardless of whether they 
are subject to regulation by a Federal functional regulator, to comply 
with the obligation to implement an AML program.\39\
---------------------------------------------------------------------------

    \39\ We are also proposing to remove Sec.  1020.100(d)(2). Due 
to the current definition of ``financial institution'' in Sec.  
1010.100(t), this broader definition of the term is no longer 
necessary.
---------------------------------------------------------------------------

C. AML Program Requirements

    Section 1020.210 (as amended by the CDD Rule) sets forth the 
current AML program requirements for banks. This rulemaking proposes 
certain changes necessary to ensure that all banks, regardless of 
whether they are subject to Federal regulation and oversight, are 
required to establish and implement anti-money laundering programs. One 
proposed change concerns the title and structure of the section. 
Currently, the title reads: ``Anti-money laundering program 
requirements for financial institutions regulated only by a Federal 
functional regulator, including banks, savings associations, and credit 
unions.'' With the proposed change, the title would read: ``Anti-money 
laundering program requirements for banks,'' and it would contain one 
section for banks regulated only by a Federal functional regulator and 
another section for banks that lack a Federal functional regulator.
    As proposed, Sec.  1020.210(a) would be titled: ``Anti-money 
laundering program requirements for banks regulated only by a Federal 
functional regulator, including banks, savings associations, and credit 
unions.'' The existing language in Sec.  1020.210 states that 
compliance by a financial institution regulated by a Federal functional 
regulator that is not subject to the regulations of a self-regulatory 
organization satisfies the AML program requirement under 31 U.S.C. 
5318(h)(1) if its program complies with the requirements of Sec. Sec.  
1010.610 and 1010.620 and the regulations of its Federal functional 
regulator governing AML programs. FinCEN is unaware of any instance in 
which a bank is subject to regulations by a self-regulatory 
organization. Accordingly, FinCEN proposes to remove reference to such 
regulation from the regulatory text, by

[[Page 58430]]

striking the words ``that is not subject to the regulations of a self-
regulatory organization.'' This proposed change would appear in Sec.  
1020.210(a).\40\
---------------------------------------------------------------------------

    \40\ The regulation text set forth is the text as amended by the 
CDD Rule, which is effective July 11, 2016 and applicable on and 
after May 11, 2018.
---------------------------------------------------------------------------

    Proposed new Sec.  1020.210(b) would be titled: ``Anti-money 
laundering program requirements for banks lacking a Federal functional 
regulator including, but not limited to, private banks, non-federally 
insured credit unions, and certain trust companies.'' New Sec.  
1020.210(b)(1) would require banks that lack a Federal functional 
regulator to establish and implement AML programs reasonably designed 
to assure ongoing compliance with the Bank Secrecy Act. Section 
1020.210(b)(1)(ii)(E) would require compliance with due diligence 
requirements for correspondent accounts for foreign financial 
institutions (Sec.  1010.610) and for private banking accounts (Sec.  
1010.620), and new Sec.  1020.210(b)(1) also would prescribe the 
minimum standards necessary for an AML program.
    With respect to minimum standards, proposed Sec.  
1020.210(b)(1)(ii)(A) would require that the AML program include a 
system of internal controls to assure ongoing compliance with the BSA. 
As part of implementing an AML program, FinCEN would expect banks that 
lack a Federal functional regulator to assess the money laundering and 
terrorist financing risks that are associated with their products, 
customers, distribution channels, and geographic locations. An 
assessment of customer-related information is a key component to a 
robust AML program, and banks must ensure that they obtain all the 
information necessary for their AML program requirements. For purposes 
of making the required risk assessment, banks have discretion to 
determine how best to collect the relevant customer information. FinCEN 
does not anticipate that this requirement will entail obtaining 
information not already obtained in the ordinary course of business. 
Policies, procedures, and internal controls also must be reasonably 
designed to ensure compliance with BSA requirements. Banks may conduct 
some of their operations through agents and third-party service 
providers. Some elements of the compliance program may best be 
performed by personnel of these entities, in which case it is 
permissible for banks to contract with such entities to assist them 
with implementation and operation of those aspects of its AML program. 
Any bank that contracts with an agent or third party to assist with 
aspects of its AML program, however, remains fully responsible for the 
effectiveness of the program, as well as ensuring that compliance 
examiners are able to obtain information and records relating to the 
AML program.
    Proposed Sec.  1020.210(b)(1)(ii)(B) would require that the program 
provide for independent testing to monitor and maintain an adequate 
program. A party external to the bank, such as an outside consultant or 
accountant, need not perform the testing. The testing may be conducted 
by an officer, employee, or group of employees, so long as the person 
or persons conducting the testing are independent of the person or 
group of persons primarily responsible for implementing the bank's AML 
program. The frequency of independent testing will depend upon the 
risks posed.\41\ Any recommendations that result from the independent 
testing should be implemented promptly or reviewed by senior 
management.
---------------------------------------------------------------------------

    \41\ See The Federal Financial Institutions Examination Council, 
Bank Secrecy Act/Anti-Money Laundering Examination Manual, at 30 
(2014) available at https://www.ffiec.gov/bsa_aml_infobase/documents/BSA_AML_Man_2014_v2.pdf (``[A] sound practice is for the 
bank to conduct independent testing generally every 12 to 18 months, 
commensurate with the BSA/AML risk profile of the bank.'').
---------------------------------------------------------------------------

    Proposed Sec.  1020.210(b)(1)(ii)(C) would require that the bank 
designate a person or persons who will be responsible for coordinating 
and monitoring day-to-day compliance with the AML program. The bank may 
have one individual, or the bank may designate multiple individuals to 
perform the function as a group. The person or persons should be 
competent and knowledgeable regarding BSA requirements and money 
laundering issues and risks, and should be empowered with full 
responsibility and authority to develop and enforce appropriate 
policies and procedures. The role of this function is to ensure that 
the program is implemented effectively and updated as necessary.
    Proposed Sec.  1020.210(b)(1)(ii)(D) would require that the program 
provide for training of appropriate persons. Employee training is an 
integral part of any AML program. In order to carry out their 
responsibilities effectively, employees must be trained in requirements 
under the BSA and money laundering risks generally, as well as the 
internal policies and procedures of the institution, so that red flags 
can be identified. Such training may be conducted by third parties or 
in-house, and may include computer-based training. Employees should 
receive periodic updates and refreshers to such training. The nature, 
scope, and frequency of training would depend upon the functions 
performed by employees.
    Proposed Sec.  1020.210(b)(1)(ii)(E) would require that the program 
include, at a minimum, appropriate risk-based procedures for conducting 
ongoing customer due diligence, to include, but not be limited to, 
understanding the nature and purpose of customer relationships for the 
purpose of developing a customer risk profile; and conducting ongoing 
monitoring to identify and report suspicious transactions and, on a 
risk basis, to maintain and update customer information. For purposes 
of this proposed paragraph, customer information would include 
information regarding the beneficial owners of legal entity customers 
(as defined in Sec.  1010.230). FinCEN views this not as a new 
requirement, but as an explicit statement of the activities that are 
already required of covered financial institutions in order to monitor 
for, and detect and report, suspicious transactions.\42\
---------------------------------------------------------------------------

    \42\ For a description of what is required by this new provision 
in the AML program rule for banks, see CDD Rule, 81 FR 29398, 29419-
29421.
---------------------------------------------------------------------------

    Proposed Sec.  1020.210(b)(2) would require that an AML program be 
approved by the bank's board of directors or, if the bank does not have 
a board of directors, an equivalent function within the bank. 
Additionally, a bank would be required to make a copy of its AML 
program available to FinCEN or its designee upon request.\43\
---------------------------------------------------------------------------

    \43\ An agency with authority delegated by FinCEN to examine the 
bank for compliance with the BSA would qualify as a designee of 
FinCEN.
---------------------------------------------------------------------------

D. CIP Requirements

    Currently, the title reads: Section 1020.220, ``Customer 
identification programs for banks, savings associations, credit unions, 
and certain non-Federally regulated banks.'' With the proposed change, 
the title would read: ``Customer identification program requirements 
for banks.'' This proposed change recognizes that going forward CIP 
requirements would apply to all banks.
    The proposed changes would also delete an unnecessary reference in 
Sec.  1020.220 that stipulates that credit unions, private banks, and 
trust companies without a Federal functional regulator must seek board 
approval for their CIPs. With finalization of this proposal, banks 
lacking a Federal functional regulator would be required to implement a 
written AML program approved by their boards of directors. Since CIP 
would be part of their AML

[[Page 58431]]

programs, which must be approved by their boards of directors, it would 
no longer be necessary to stipulate a separate approval of CIP in this 
section.

III. Request for Comment

    FinCEN welcomes comment on all aspects of the proposed rule. In 
addition, FinCEN seeks comment on the following issues:
     Whether certain banks lacking a Federal functional 
regulator should be excluded from the proposed rule;
     Whether there are additional bank categories that should 
be included in the proposed rule;
     Whether non-federally regulated banks should be subject to 
the requirements contained in the CDD Rule;
     If the requirements contained in the CDD Rule and under 
Section 312 are imposed on non-federally regulated banks, what time 
period should be given to these institutions to implement such 
requirements; and
     Whether there are banks that are, in fact, regulated by 
self-regulatory organizations.

IV. Initial Regulatory Flexibility Act Analysis

    When an agency issues a rulemaking proposal, the Regulatory 
Flexibility Act (``RFA'') requires the agency to ``prepare and make 
available for public comment an initial regulatory flexibility 
analysis'' that will ``describe the impact of the proposed rule on 
small entities.'' (5 U.S.C. 603(a).) Section 605 of the RFA allows an 
agency to certify a rule, in lieu of preparing an analysis, if the 
proposed rulemaking is not expected to have a significant economic 
impact on a substantial number of small entities.

A. Reasons Why Action by the Agency Is Being Considered

The Anti-Money Laundering Program
    The statutory mandate that all financial institutions establish 
anti-money laundering programs is a key element in the national effort 
to prevent and detect money laundering and the financing of terrorism. 
Banks without a Federal functional regulator may be as vulnerable to 
the risks of AML and terrorist financing as banks with one. This 
proposed rule would eliminate the present regulatory ``gap'' in AML 
coverage between banks with and without a Federal functional regulator. 
FinCEN expects that uniform regulatory requirements for all banks will 
reduce the opportunity for criminals to seek out and exploit banks 
subject to less rigorous AML requirements.
Customer Identification Program
    For the reasons of regulatory consistency and protection against 
systemic vulnerability discussed above in connection with AML programs, 
FinCEN believes that CIP should also apply to all banks (including all 
depository institutions chartered under state banking law, even if the 
charter was not for a credit union, trust company, or private bank), 
regardless of whether they are Federally regulated. In July 2002, 
FinCEN issued a Notice of Proposed Rulemaking to ensure that there 
would be no gaps in the scope of the CIP obligations as they apply to 
banks. Because this proposal was never finalized, FinCEN is also re-
proposing changes that would explicitly require all banks that lack a 
Federal functional regulator to establish CIP.
Beneficial Ownership Requirements
    As noted above, the CDD Rule requires that from and after May 11, 
2018, federally regulated banks and certain other financial 
institutions identify, and verify the identity of, the beneficial 
owners of their legal entity customers, as set forth in section 
1010.230. For purposes of regulatory consistency, FinCEN believes that 
this requirement should apply to non-federally regulated banks as well.

B. Objectives of, and Legal Basis for, the Proposed Rules

    Section 352 of the USA PATRIOT Act requires financial institutions 
to establish AML programs that, at a minimum, include: (1) The 
development of internal policies, procedures, and controls; (2) the 
designation of a compliance officer; (3) an ongoing employee training 
program; and (4) an independent audit function to test programs. In 
addition, the CDD Rule described above adds an explicit requirement to 
conduct ongoing monitoring.
    Section 326 of the USA PATRIOT Act requires FinCEN to prescribe 
regulations that require financial institutions to establish programs 
for account opening that, at a minimum, include: (1) Verifying the 
identity of any person seeking to open an account, to the extent 
reasonable and practicable; (2) maintaining records of the information 
used to verify the person's identity, including name, address, and 
other identifying information; and (3) determining whether the person 
appears on any lists of known or suspected terrorists or terrorist 
organizations provided to the financial institution by any government 
agency.
    Section 312 of the USA PATRIOT Act requires each U.S. financial 
institution that establishes, maintains, administers, or manages a 
correspondent account or a private banking account in the United States 
for a non-U.S. person to subject such accounts to certain anti-money 
laundering measures.

C. Small Entities Subject to the Proposed Rules

    Based upon current data, for the purposes of RFA, FinCEN estimates 
that these rules will impact approximately 347 state chartered non-
depository trust companies; 265 state-chartered credit unions that are 
not federally insured; 12 state-chartered banks and savings and loan or 
building and loan associations without FDIC insurance; and 115 EBIs 
licensed in Puerto Rico.\44\ FinCEN believes it is likely that most or 
all of the non-federally insured credit unions are small entities, and 
has no data on the size of the other entities subject to this 
rulemaking, and therefore assumes that many of them are small entities. 
Therefore, FinCEN concludes that the proposed rules will apply to a 
substantial number of small entities.
---------------------------------------------------------------------------

    \44\ The Small Business Administration (``SBA'') defines a trust 
company as a small business if it has assets of $35.5 million or 
less. The SBA defines a depository institution (including a credit 
union) as a small business if it has assets of $550 million or less. 
FinCEN was unable to find an authoritative figure on the number of 
non-federally regulated depository institutions that would meet the 
definition of small entity.
---------------------------------------------------------------------------

D. Projected Reporting, Recordkeeping, and Other Compliance 
Requirements of the Proposed Rules

    The proposed rules would prescribe minimum standards for AML 
programs for banks without a Federal functional regulator to ensure 
that all banks, regardless of whether they are subject to Federal 
regulation and oversight, are required to establish and implement 
written AML programs, including conducting ongoing customer due 
diligence, and to identify and verify the identity of the beneficial 
owners of their legal entity customers. The changes would also extend 
customer identification program requirements to those banks not already 
subject to these requirements.
    Banks lacking a Federal functional regulator are currently required 
to comply with many existing requirements under the BSA. All banks, 
including those not subject to Federal regulation and oversight, are 
already required to file SARs, which necessarily requires a bank to 
establish a process to detect unusual activity. Certain banks lacking a 
Federal functional regulator--namely, private banks, non-federally 
insured credit unions, and certain trust companies--must maintain CIPs.

[[Page 58432]]

Uniform audits at the state and Federal levels may have caused banks 
lacking a Federal functional regulator to adopt procedures similar to 
the ones that would be required under the AML program requirement of 
the proposed rule.
    With respect to the beneficial ownership requirement, the proposed 
rule would require banks lacking a Federal functional regulator to 
obtain and maintain the identity of each beneficial owner from each 
legal entity customer that opens a new account, including name, 
address, date of birth and identification number. The financial 
institution would also be required to verify such identity by 
documentary or non-documentary methods and to maintain in its records 
for five years a description of (1) any document relied on for 
verification, (2) any such non-documentary methods and results of such 
measures undertaken, and (3) the resolution of any substantive 
discrepancies discovered in verifying the identification information.
    The burden on a small non-federally regulated bank at account 
opening resulting from the final rule would be a function of the number 
of beneficial owners of each legal entity customer opening a new 
account, the additional time required for each beneficial owner, and 
the number of new accounts opened for legal entities by the small banks 
during a specified period.
    None of the small businesses that commented on the CDD Rule's 
Initial Regulatory Flexibility Analysis (``IRFA'') included an estimate 
of the amount of time to open a legal entity account; only one noted 
the number of such accounts it opens per year (70). As a result of the 
comments FinCEN received to the CDD Rule's-related regulatory impact 
assessment from other commenters, FinCEN concluded in its Final 
Regulatory Flexibility Analysis (``FRFA'') \45\ that the estimated time 
for financial institutions to open accounts ranges from 20 to 40 
minutes. Based on opening 471 new accounts for legal entities and an 
average wage of $16.77 for ``new account clerks,'' \46\ this would 
result in an annual cost to a small bank of $2,550 to $5,100.\47\ 
FinCEN also notes that, even among small entities, the costs could be 
expected to vary substantially.\48\
---------------------------------------------------------------------------

    \45\ See 81 FR 29398, 29448 (May 11, 2016).
    \46\ See 81 FR 29398, 29448, n. 179, (May 11, 2016).
    \47\ The estimated cost is based on the bank-reported 471 new 
accounts per year, additional time at account opening of 15 to 30 
minutes, and the average wage of $16.77 for the financial industry 
``new account clerks'' reported by the Bureau of Labor Statistics.
    \48\ For example, for the small bank that responded to the CDD 
IRFA and estimated that it opens 70 new accounts for business 
customers per year, the estimated costs would range from $380 to 
$760 per year. See 81 FR 29398, 29447-48 (May 11, 2016).
---------------------------------------------------------------------------

    In addition, compliance with the beneficial ownership requirement 
would be expected to require additional training, information 
technology upgrades, and revisions to policies, procedures, and 
internal controls. A discussion of the estimated costs for these tasks 
for small entities is included in the CDD Rule FRFA referred to above.

E. Overlapping or Conflicting Federal Rules

    FinCEN is unaware of any existing Federal regulations that would 
overlap or conflict with the amendments being proposed.

F. Consideration of Significant Alternatives

    FinCEN has not identified any alternative means for bringing these 
categories of non-federally regulated banks into compliance with the 
same standards as all other banks in the United States. Were FinCEN to 
exempt small entities from this requirement, those entities would 
potentially be at greater risk of abuse by money launderers and other 
financial criminals.
    With respect to the CDD pillar of the AML program rule, FinCEN 
considered several alternatives to that which is being proposed. As 
described in greater detail elsewhere,\49\ these alternatives included 
exempting small financial institutions below a certain asset or legal 
entity customer threshold from the requirements, as well as utilizing a 
lower (e.g., 10 percent) or higher (e.g., 50 percent) threshold for the 
minimum level of equity ownership for the definition of beneficial 
owner. FinCEN determined, however, that identifying the beneficial 
owner of a financial institution's legal entity customers and verifying 
that identity are necessary parts of an effective AML program. Were 
FinCEN to exempt small entities from this requirement, or entities that 
establish fewer than a limited number of accounts for legal entities, 
those financial institutions would be at greater risk of abuse by money 
launderers and other financial criminals, as criminals would identify 
institutions without this requirement. FinCEN also considered 
increasing the threshold for ownership of equity interests in the 
definition of beneficial ownership to 50 percent or more of the equity 
interests. Although this higher threshold would reduce the number of 
individuals whose identity would need to be verified from five to 
three, thus reducing marginally the onboarding time, this change would 
not impact the training or IT costs, and therefore, would not 
substantially reduce the overall costs of the rule and also would 
provide less useful information. After considering all the alternatives 
FinCEN has concluded that an ownership threshold of 25 percent is 
appropriate to maximize the benefits of the requirement while 
minimizing the burden.
---------------------------------------------------------------------------

    \49\ See 81 FR 29398, 29450 (May 11, 2016).
---------------------------------------------------------------------------

G. Questions for Comment

    Please provide comment on any or all of the provisions of the 
proposed rule with regard to their economic impact on small entities, 
and what less burdensome alternatives, if any, FinCEN should consider.

V. Unfunded Mandates Act

    Section 202 of the Unfunded Mandates Reform Act of 1995 (``Unfunded 
Mandates Act''), Public Law 104-4 (March 22, 1995), requires that an 
agency prepare a budgetary impact statement before promulgating a rule 
that may result in expenditure by the State, local, and tribal 
governments, in the aggregate, or by the private sector, of $100 
million or more in any one year. If a budgetary impact statement is 
required, section 202 of the Unfunded Mandates Act also requires an 
agency to identify and consider a reasonable number of regulatory 
alternatives before promulgating a rule. Taking into account the 
factors noted above and using conservative estimates of average labor 
costs in evaluating the cost of the burden imposed by the proposed 
regulation, FinCEN has determined that it is not required to prepare a 
written statement under section 202.

VI. Executive Orders 13563 and 12866

    Executive Orders 13563 and 12866 direct agencies to assess costs 
and benefits of available regulatory alternatives and, if regulation is 
necessary, to select regulatory approaches that maximize net benefits 
(including potential economic, environmental, public health and safety 
effects, distributive impacts, and equity). Executive Order 13563 
emphasizes the importance of quantifying both costs and benefits, of 
reducing costs, of harmonizing rules, and of promoting flexibility. It 
has been determined that this is not a significant regulatory action 
for purposes of Executive Order 12866. Accordingly, a regulatory impact 
analysis is not required.

[[Page 58433]]

VII. Paperwork Reduction Act

    The collection of information contained in this proposed rule is 
being submitted to the Office of Management and Budget for review in 
accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3507(d)). Comments on the collection of information should be sent 
(preferably by fax (202-395-6974)) to the Desk Officer for the 
Department of the Treasury, Office of Information and Regulatory 
Affairs, Office of Management and Budget, Paperwork Reduction Project 
(1506), Washington, DC 20503, or by the Internet to 
OIRA_submission@omb.eop.gov, with a copy to FinCEN by mail or the 
Internet. Comments on the collection of information should be received 
by October 24, 2016.
    An agency may not conduct or sponsor, and a person is not required 
to respond to, a collection of information subject to the Paperwork 
Reduction Act unless it displays a valid control number assigned by the 
Office of Management and Budget.
    The collection of information in the proposed rule would be 
codified at 31 CFR 1020.210, 1020.220, and 1020.230. The information 
will be used by examining agencies to verify compliance with these 
provisions. The collection of information is mandatory. Records 
required to be retained under the BSA must be retained for five years.
    Description of Recordkeepers: Banks without a Federal functional 
regulator, as defined in 31 CFR 1020.210 and 1020.220.
    Estimated Number of Affected Institutions: 1,151.
    Estimated Average Annual Burden Hours per Recordkeeper: Since this 
is a new requirement, the estimated average burden associated with the 
recordkeeping requirement in this proposed rule is 40 hours for 
development of a written program, and following the initial 
development, the program must be reviewed on an annual basis, to 
include a one (1) hour per year burden recognized for annual 
maintenance and update.
    Estimated Total Annual Reporting Burden: 46,040 hours.
    This burden will be added to the existing burden listed under OMB 
Control Number 1506-0035 currently titled AML Programs for insurance 
companies and loan and finance companies. The new title for this 
control number will be AML Programs for insurance companies, and 
residential mortgage lenders and originators, and banks that lack a 
Federal functional regulator. The new total burden will be 140,240 
hours.
    Questions for comment: (1) Whether the collection of information is 
necessary for the proper performance of FinCEN's mission, including 
whether the information will have practical utility; (2) Whether 
FinCEN's estimate of the burden of the collection of information is 
accurate; (3) What are ways to enhance the quality, utility, and 
clarity of the information to be collected; (4) What are ways to 
minimize the burden of the collection of information, including through 
the use of automated collection techniques or other forms of 
information technology; (5) What are the estimates of capital or start-
up costs to implement and then maintain an AML program; (6) How many 
banks that lack a Federal functional regulator are considered ``small 
businesses'' because the entities have less than $550 million in total 
assets; (7) What is the average number of employees or the average 
total annual salary expense for banks that lack a Federal functional 
regulator; and (8) What is the average number of employees dedicated to 
bank regulation compliance.

List of Subjects in 31 CFR Parts 1010 and 1020

    Administrative practice and procedure, Banks, banking, Brokers, 
Currency, Foreign banking, Foreign currencies, Gambling, 
Investigations, Penalties, Reporting and recordkeeping requirements, 
Securities, Terrorism.

Authority and Issuance

    For the reasons set forth in the preamble, parts 1010 and 1020 of 
chapter X of title 31 of the Code of Federal Regulations are proposed 
to be amended as follows:

PART 1010--GENERAL PROVISIONS

0
1. The authority citation for part 1010 continues to read as follows:

    Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 
and 5316-5332; title III, sec. 314, Public Law 107-56, 115 Stat. 
307.


Sec.  1010.205  [Amended]

0
2. Section 1010.205 is amended by:
0
a. Removing paragraph (b)(1)(vi);
0
b. Redesignating paragraphs (b)(1)(vii) through (ix) as paragraphs 
(b)(1)(vi) through (viii); and
0
c. Removing and reserving paragraph (b)(2) and removing paragraph 
(b)(3).
0
3. Section 1010.605 is amended by:
0
a. Revising paragraph (e)(1)(i)
0
b. Removing paragraphs through (e)(1)(ii) through (vii); and
0
b. Redesignating paragraphs (e)(1)(viii) through (x) as paragraphs 
(e)(1)(ii) through (iv).
    The revision reads as follows:


Sec.  1010.605  Definitions.

* * * * *
    (e) * * *
    (i) A bank required to have an anti-money laundering compliance 
program under the regulations implementing 31 U.S.C. 5318(h), 12 U.S.C. 
1818(s), or 12 U.S.C. 1786(q)(1);
* * * * *

PART 1020--RULE FOR BANKS

0
4. The authority citation for part 1020 continues to read as follows:

    Authority:  12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 
and 5316-5332; title III, sec. 314, Public Law 107-56, 115 Stat. 
307.


Sec.  1020.100   [Amended]

0
5. Section 1020.100 is amended by:
0
a. Removing paragraphs (b) and (d); and
0
b. Redesignating paragraph (c) as paragraph (b).
0
6. Section 1020.210 is revised to read as follows:


Sec.  1020.210   Anti-money laundering program requirements for banks.

    (a) Anti-money laundering program requirements for banks regulated 
only by a Federal functional regulator, including banks, savings 
associations, and credit unions. A bank regulated by a Federal 
functional regulator shall be deemed to satisfy the requirements of 31 
U.S.C. 5318(h)(1) if it implements and maintains an anti-money 
laundering program that:
    (1) Complies with the requirements of Sec. Sec.  1010.610 and 
1010.620 of this chapter;
    (2) Includes, at a minimum:
    (i) A system of internal controls to assure ongoing compliance;
    (ii) Independent testing for compliance to be conducted by bank 
personnel or by an outside party;
    (iii) Designation of an individual or individuals responsible for 
coordinating and monitoring day-to-day compliance;
    (iv) Training for appropriate personnel; and
    (v) Appropriate risk-based procedures for conducting ongoing 
customer due diligence, to include, but not be limited to:
    (A) Understanding the nature and purpose of customer relationships 
for the purpose of developing a customer risk profile; and
    (B) Conducting ongoing monitoring to identify and report suspicious 
transactions and, on a risk basis, to maintain and update customer 
information. For purposes of this paragraph, customer information shall

[[Page 58434]]

include information regarding the beneficial owners of legal entity 
customers (as defined in Sec.  1010.230); and
    (3) Complies with the regulation of its Federal functional 
regulator governing such programs.
    (b) Anti-money laundering program requirements for banks lacking a 
Federal functional regulator including, but not limited to, private 
banks, non-federally insured credit unions, and certain trust 
companies. (1) A bank lacking a Federal functional regulator shall be 
deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if the bank 
establishes and maintains a written anti-money laundering program that:
    (i) Complies with the requirements of Sec. Sec.  1010.610 and 
1010.620 of this chapter; and
    (ii) Includes, at a minimum:
    (A) A system of internal controls to assure ongoing compliance with 
the Bank Secrecy Act and the regulations set forth in 31 CFR chapter X;
    (B) Independent testing for compliance to be conducted by bank 
personnel or by an outside party;
    (C) Designation of an individual or individuals responsible for 
coordinating and monitoring day-to-day compliance;
    (D) Training for appropriate personnel; and
    (E) Appropriate risk-based procedures for conducting ongoing 
customer due diligence, to include, but not be limited to:
    (1) Understanding the nature and purpose of customer relationships 
for the purpose of developing a customer risk profile; and
    (2) Conducting ongoing monitoring to identify and report suspicious 
transactions and, on a risk basis, to maintain and update customer 
information. For purposes of this paragraph, customer information shall 
include information regarding the beneficial owners of legal entity 
customers (as defined in Sec.  1010.230).
    (2) The program must be approved by the board of directors or, if 
the bank does not have a board of directors, an equivalent governing 
body within the bank. The bank shall make a copy of its anti-money 
laundering program available to the Financial Crimes Enforcement 
Network or its designee upon request.
0
7. Amend Sec.  1020.220 by revising the section heading and paragraph 
(a)(1) to read as follows:


Sec.  1020.220   Customer identification program requirements for 
banks.

    (a) * * * (1) In general. A bank required to have an anti-money 
laundering compliance program under the regulations implementing 31 
U.S.C. 5318(h), 12 U.S.C. 1818(s), or 12 U.S.C. 1786(q)(1) must 
implement a written Customer Identification Program (CIP) appropriate 
for its size and type of business that, at a minimum, includes each of 
the requirements of paragraphs (a)(1) through (5) of this section. The 
CIP must be a part of the anti-money laundering compliance program.
* * * * *

Jamal El-Hindi,
Acting Director, Financial Crimes Enforcement Network.
[FR Doc. 2016-20219 Filed 8-24-16; 8:45 am]
 BILLING CODE 4810-02-P