Minimum security devices and procedures and Bank Secrecy Act: Insured nonmember banks; Know Your Customer programs development,

As Enacted ( Federal Register)

Cited authorities 7

Cited in

[Federal Register: December 7, 1998 (Volume 63, Number 234)]

[Proposed Rules]

[Page 67529-67536]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

[DOCID:fr07de98-22]

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Part 326

RIN 3064-AC19

Minimum Security Devices and Procedures and Bank Secrecy Act Compliance

AGENCY: Federal Deposit Insurance Corporation.

ACTION: Notice of proposed rulemaking.

SUMMARY: The FDIC is proposing to issue a regulation requiring insured nonmember banks to develop and maintain ``Know Your Customer'' programs. As proposed, the regulation would require each nonmember bank to develop a program designed to determine the identity of its customers; determine its customers' sources of funds; determine the normal and expected transactions of its customers; monitor account activity for transactions that are inconsistent with those normal

[[Page 67530]]

and expected transactions; and report any transactions of its customers that are determined to be suspicious, in accordance with the FDIC's existing suspicious activity reporting regulation. By requiring insured nonmember banks to determine the identity of their customers, as well as to obtain knowledge regarding the legitimate activities of their customers, the proposed regulation will reduce the likelihood that insured nonmember banks will become unwitting participants in illicit activities conducted or attempted by their customers. It also will level the playing field between institutions that already have adopted formal Know Your Customer programs and those that have not.

DATES: Comments must be received by March 8, 1999.

ADDRESSES: Comments should be directed to: Robert E. Feldman, Executive Secretary, Attention: Comments/OES, Federal Deposit Insurance Corporation, 550 17th Street, N.W., Washington, DC 20429. Comments may be hand-delivered to the guard station at the rear of the 550 17th Street Building (located on F Street), on business days between 7 a.m. and 5 p.m. In addition, comments may be sent by fax to (202) 898-3838, or by electronic mail to comments@FDIC.gov. Comments may be inspected and photocopied in the FDIC Public Information Center, Room 100, 801 17th Street, NW, Washington, D.C., between 9 a.m. and 4:30 p.m., on business days.

FOR FURTHER INFORMATION CONTACT: Carol A. Mesheske, Special Activities Section, Division of Supervision, (202) 898-6750, or Karen L. Main, Counsel, Legal Division (202) 898-8838.

SUPPLEMENTARY INFORMATION:

Background

The integrity of the financial sector depends on the ability of banks and other financial institutions to attract and retain legitimate funds from legitimate customers. Financial institutions are able to attract and retain the business of legitimate customers because of the quality and reliability of the services being rendered and, as important, the sound and highly respected reputation of the banking industry. Illicit activities, such as money laundering, fraud, and other transactions designed to assist criminals in their illegal ventures, pose a serious threat to the integrity of financial institutions. When transactions at financial institutions involving illicit funds are revealed, these transactions invariably damage the reputation of the financial institutions involved and, potentially, the entire financial sector. While it is impossible to identify every transaction at an institution that is potentially illegal or is being conducted to assist criminals in the movement of illegally derived funds, it is fundamental for safe and sound operations that financial institutions take reasonable measures to identify their customers, understand the legitimate transactions typically conducted by those customers, and, consequently, identify those transactions conducted by their customers that are unusual or suspicious in nature. By identifying and, when appropriate, reporting such transactions in accordance with existing suspicious activity reporting requirements, financial institutions are protecting their integrity and are assisting the efforts of the financial institution regulatory agencies and law enforcement authorities to combat illicit activities at such institutions.

One of the most effective means by which an insured nonmember bank can both protect itself from engaging in transactions designed to facilitate illicit activities and ensure compliance with applicable suspicious activity reporting requirements is for the nonmember bank to have adequate Know Your Customer policies and procedures. By knowing its customers, an insured nonmember bank is better able to fulfill its compliance responsibilities, including its Bank Secrecy Act and suspicious activity reporting requirements, 12 CFR 326.8 and 12 CFR part 353, respectively.

Recognizing that a Know Your Customer program for one nonmember bank will not necessarily be appropriate for another, the proposed regulation identifies only the basic components that the FDIC believes should be contained in any Know Your Customer program. In supplemental guidance to be provided at the time this regulation becomes final, the FDIC, in coordination with the other federal financial institution supervisory agencies, will provide further information about specific steps that institutions may consider taking as they implement their Know Your Customer programs. The FDIC believes that this approach strikes an appropriate balance that responds to requests for additional guidance in this area while preserving the flexibility for each insured nonmember bank to take steps appropriate for its customers.

Privacy Issues

The proposed regulation requires insured nonmember banks to gather information about customers that, if misused, could result in an invasion of a customer's privacy. Given the potential for abuse in this area, it is the FDIC's expectation that, in complying with the Know Your Customer regulation, a nonmember bank will obtain only that information that is necessary to comply with the regulation and will limit the use of this information to complying with the regulation. Insured nonmember banks need to safeguard and handle responsibly the information gathered in connection with complying with these obligations, and should integrate comprehensive privacy practices into their Know Your Customer programs.

Authority To Issue the Regulation

The proposed regulation is authorized pursuant to the FDIC's statutory authority under section 8(s)(1) of the Federal Deposit Insurance Act (12 U.S.C. 1818(s)(1)), as amended by section 2596(a)(2) of the Crime Control Act of 1990 (Pub. L. 101-647), which requires the FDIC to issue regulations requiring banks under its supervision to establish and maintain internal procedures reasonably designed to ensure and monitor compliance with the Bank Secrecy Act. Effective Know Your Customer programs serve to facilitate compliance with the Bank Secrecy Act.

Proposal

The FDIC proposes to revise 12 CFR part 326 by adding a new subpart requiring insured nonmember banks to develop and implement Know Your Customer programs. Under the proposed regulation, the FDIC would expect each nonmember bank to design a program that is appropriate given its size and complexity, the nature and extent of its activities, its customer base and the levels of risk associated with its various customers and their transactions. The FDIC believes that this approach is preferable to a detailed regulation that imposes the same list of specific requirements on every bank regardless of its circumstances. The FDIC recognizes that a Know Your Customer requirement will impose additional burdens on some insured nonmember banks. Mindful of that fact, the FDIC is striving to impose only those requirements that are necessary to ensure that insured nonmember banks have in place adequate Know Your Customer programs.

Each of the other federal bank supervisory agencies is proposing to adopt substantially identical regulations covering state member and national banks, federally-chartered branches and agencies of foreign banks, savings associations, and credit unions. There also have been discussions with the

[[Page 67531]]

federal regulators of non-bank financial institutions, such as broker- dealers, concerning the need to propose similar rules governing the activities of these non-bank institutions.

Analysis of Subpart C

Section 326.9 Know Your Customer Compliance

Paragraph (a)--Purpose

The purposes of adopting a Know Your Customer program are to protect the reputation of the insured nonmember bank; to facilitate the insured nonmember bank's compliance with all applicable statutes and regulations (including the Bank Secrecy Act and the FDIC's suspicious activity reporting regulations) and with safe and sound banking practices; and to protect the insured nonmember bank from becoming a vehicle for, or a victim of, illegal activities perpetrated by its customers.

This subpart applies to all insured state nonmember banks as well as any insured, state-licensed branches of foreign banks. Paragraph (b)--Definitions

The proposed regulation defines the term ``customer'' as any person or entity who has an account involving the receipt or disbursal of funds with an insured nonmember bank covered by this regulation and any person or entity on behalf of whom an account is maintained. Thus, for instance, if an account is opened on behalf of a third party, the nonmember bank will need to treat as a customer both the person or entity opening the account and the person or entity for whom the account is opened. A customer would include an accountholder, a beneficial owner of an account, or a borrower. A ``customer'' could include the beneficiary of a trust, an investment fund, a pension fund or a company whose assets are managed by an asset manager; a controlling shareholder of a closely held corporation; or the grantor of a trust established in an off-shore jurisdiction. The term ``customer'' does not include recipients of services for which the receipt or disbursal of customer funds is incidental, for instance, safe deposit box rentals.

The proposed regulation does not differentiate between current customers and new customers. The effectiveness of an insured nonmember bank's Know Your Customer program would be greatly reduced if all customer accounts in existence prior to the effective date of the regulation were excluded from its scope. However, the FDIC does not believe that it is practicable for a nonmember bank to conduct a large- scale information request from all its existing customers. Rather, a nonmember bank may comply with the proposed regulation with respect to its current customers by determining their normal and expected transactions, using available account data, and monitoring their transactions for suspicious activities. However, depending on the nature of the risk associated with some customers and their transactions (for instance, transactions involving private banking customers), it may be necessary to fulfill all of the requirements of this regulation as if they were new customers. Paragraph (c)--Establishment of Know Your Customer Program

This paragraph requires that each insured nonmember bank establish a Know Your Customer program by April 1, 2000. Additionally, this paragraph requires that the Know Your Customer program be reduced to writing and approved by the board of directors of the nonmember bank, or a committee thereof, and the approval recorded in the official minutes of the board. Paragraph (d)--Contents of Know Your Customer Program

This paragraph sets forth the specific requirements for the contents of the Know Your Customer program. The FDIC recognizes that insured nonmember banks vary considerably in the way in which they conduct their business on a day-to-day basis. Therefore, the FDIC believes that to impose a regulation that simply requires each insured nonmember bank to follow a pre-designed, standardized checklist would not be appropriate. The proposed regulation thus allows each nonmember bank to develop and delineate a system that will comprise the Know Your Customer program, consistent with the banking practices of the particular bank that, when followed by the nonmember bank, will effectively meet the requirements and goals of the regulation.

Section 326.9(d) reflects the FDIC's recognition that each insured nonmember bank's Know Your Customer program may vary depending on the nature of the specific activity, the type of customers involved, the size of the transactions, and other factors that reflect the nonmember bank's assessment of the risk presented. In complying with this section, it may be beneficial for insured nonmember banks to classify customers into varying risk-based categories that the insured nonmember banks can use in determining the amount and type of information, documentation and monitoring that is appropriate. While the proposed regulation will provide nonmember banks with substantial flexibility in devising an appropriate Know Your Customer program, the FDIC believes that all Know Your Customer programs should contain certain critical features, which are discussed below.

Documentation and due diligence. Paragraph (d)(1) of Sec. 326.9 requires that the Know Your Customer program delineate acceptable documentation requirements and due diligence procedures the insured nonmember bank will follow in meeting the requirements of the proposed regulation. The delineation of this information in the Know Your Customer program will ensure that the same standards are applied throughout the nonmember bank and will inform auditors and examiners of the nonmember bank's established standards for review of customer information.

Minimum steps to take to comply with the Know Your Customer rule. Paragraph (d)(2) of Sec. 326.9 sets forth the steps an insured nonmember bank needs to take in order to know its customers. The proposed regulation requires that, rather than following a ``checklist'' approach, an insured nonmember bank may develop a ``system'' designed to meet the basic requirements of the regulation. The system approach allows each insured nonmember bank to design its own program, in accordance with its own business practices, that will best suit the nonmember bank. While this places some burden on the nonmember bank to develop the specifics of the Know Your Customer program, such an approach recognizes that each insured nonmember bank conducts business in accordance with its own policies, procedures, goals and objectives. The Know Your Customer program, in order to be the most effective, must be developed and implemented with the nonmember bank's regular and ordinary business practices in mind. The FDIC believes that all Know Your Customer programs should contain certain critical features, which are set forth below.

Identify the customer. Paragraph (d)(2)(i) requires that the Know Your Customer program provide a system for determining the true identity of prospective customers. If an insured nonmember bank has reasonable cause to believe that it lacks sufficient information to know the identity of an existing customer, paragraph (d)(4)(ii)(A) also requires that the program provide a system for

[[Page 67532]]

determining the identity of that customer.

It is imperative that an insured nonmember bank establish, to its own satisfaction, that it is dealing with a legitimate customer, whether the customer is a natural person, corporation, or other business entity. The nature and extent of the identification process should be commensurate with the types of transactions anticipated by the customer and the risks associated with such transactions. If a prospective customer refuses to provide any of the requested information, sound practices would require that the nonmember bank not open the account. Similarly, if additional or follow-up information is not forthcoming from an established customer, sound practices would require that consideration be given to terminating the account relationship.

The best identification documents for verifying the identity of prospective customers are the ones that are the most difficult to obtain illicitly and the most difficult to counterfeit. No single form of identification can be guaranteed to be genuine, however. Therefore, the identification process should be cumulative, obtaining enough information and documentation to assure the insured nonmember bank that it has adequately identified the prospective customer. For individual accounts, this might include, for instance, a document containing a photograph and signature of the individual. For corporate or business customers, the customer identification process could include the review of appropriate documentation that allows for a means to verify that the corporation or other business entity does exist and does engage in the business, as stated. All documentation reviewed, as well as verifications of the information contained therein, should be recorded and maintained by the nonmember bank.

Any practice of an insured nonmember bank that allows for the establishment of a customer relationship without face-to-face contact with bank personnel, such as banking by mail or Internet banking, poses difficulties in the identification of the prospective customer by use of the traditionally accepted practice of obtaining identification documentation, to include photographic identification. Even though photographic identification in such circumstances will be impractical, other accepted means of identifying a customer are still viable. In such circumstances, special care should be given to verification of address and telephone number. Moreover, insured nonmember banks should consider using commercially available data to compare items such as name with date of birth and social security number.

If an insured nonmember bank offers private banking services, it is important that the nonmember bank understand a customer's personal and business background, source of funds, and intended use of the private banking services. Typically, private banking customers are clients of financial advisors or make use of account vehicles such as personal investment companies, trusts, and personal mutual investment funds. The establishment of such accounts serves the stated purposes of protecting the legitimate confidentiality and financial privacy of the customers who use such accounts. However, the need to identify properly the beneficial owners of such accounts, through an effective Know Your Customer program, is necessary to the continued safe and sound operation of the insured nonmember bank. Any needed confidentiality required by customers of an insured nonmember bank's private banking department can be addressed by the development of special protections to limit access to information that would generally reveal the beneficial owners of those accounts.

Introductions or referrals of prospective customers by established customers of the insured nonmember bank, while extremely valuable in providing background information about the prospective customer, cannot take the place of identification requirements that should be set forth in the nonmember bank's Know Your Customer program. Details regarding the introduction or referral should be documented so that the information obtained can be effectively used to assist in the verification of the prospective customer.

The extent of the information regarding the customer that may be necessary to fulfill the nonmember bank's Know Your Customer obligations should depend on a risk-based assessment of the customer and the transactions that are expected to occur, and should be addressed within the insured nonmember bank's Know Your Customer program.

Determine the source of funds. Paragraph (d)(2)(ii) requires that the Know Your Customer program provide a system for determining the source of a customer's funds. The amount of information needed to do this can depend on the type of customer in question. As an example, if a retail banking customer maintains demand deposit accounts funded primarily from payroll deposits, it should be a relatively simple task to identify and document the source of funds as payroll deposits. On the other hand, a more detailed analysis, with a more extensive documentation process, would be required for high net worth customers with multiple deposits from a variety of sources. For these reasons, among others, it may be beneficial for insured nonmember banks to classify customers into varying categories, based on factors such as the types of accounts maintained, the types of transactions conducted, and the potential risk of illicit activities associated with such accounts and transactions. An insured nonmember bank could then develop procedures to obtain necessary information and documentation based on the risk assessment for the various categories or classes established by the nonmember bank.

Determine normal and expected transactions. Paragraph (d)(2)(iii) requires that the Know Your Customer program provide a system for determining a customer's normal and expected transactions involving the insured nonmember bank. A nonmember bank's understanding of a customer's normal and expected transactions should be based on information obtained both when an account is opened and during a reasonable period of time thereafter. It also should be based on normal transactions for similarly situated customers. Without this information, an insured nonmember bank is unable to identify suspicious transactions.

Monitor the account transactions. Paragraph (d)(2)(iv) requires that the Know Your Customer program provide a system for monitoring, on an ongoing basis, the transactions conducted by customers to identify transactions that are inconsistent with the normal and expected transactions for particular customers or for customers in the same or similar categories or classes. The proposed regulation does not require that every transaction of every customer be reviewed. Rather, it requires that an insured nonmember bank develop a monitoring system that is commensurate with the risks presented by the accounts maintained at that bank.

In designing a monitoring system, an insured nonmember bank may choose to classify accounts into various categories based on factors such as the type and size of account, the types, number, and size of transactions conducted in the account, and the risk of illicit activity associated with the account. For certain classes or categories of accounts, it would be sufficient for an effective monitoring system to establish parameters for which the transactions

[[Page 67533]]

within these accounts will normally occur. Rather than monitoring each transaction, an effective monitoring system could entail monitoring only for those transactions that exceed the established parameters for that particular class or category of accounts. For other categories or classes of accounts, such as private banking accounts, it may be necessary to monitor each significant transaction.

Determine if transaction should be reported. Once a transaction is identified as inconsistent with normal and expected transactions, paragraph (d)(2)(v) requires that an insured nonmember bank determine if the transaction warrants the filing of a Suspicious Activity Report. This is consistent with an insured nonmember bank's existing obligations under 12 CFR 353.3(a). In identifying reportable transactions, an insured nonmember bank should not conclude that every transaction that falls outside what is expected for a given customer should be reported. Rather, a nonmember bank should focus on patterns of inconsistent transactions and isolated transactions that present risk factors that warrant further review. Paragraph (e)--Compliance With Know Your Customer Program

This paragraph sets forth the requirements an insured nonmember bank must follow to ensure that it is in compliance with its Know Your Customer program. The requirements include that an insured nonmember bank provide for and document a system of internal controls to ensure ongoing compliance, as well as provide for and document independent testing for compliance with the Know Your Customer program. Additionally, the nonmember bank must designate an individual responsible for coordinating and monitoring day-to-day compliance and provide for and document training to all appropriate personnel of the content and requirements of the Know Your Customer program. Paragraph (f)--Availability of Documentation

This paragraph requires, for all accounts opened or maintained in the United States, that all information and documentation necessary to comply with the regulations be made available for examination and inspection, at a location specified by an FDIC representative, within 48 hours of a request for such information and documentation. In instances where the information and documentation is at a location other than where the customer's account is maintained or the financial services are rendered, the insured nonmember bank must adopt, as part of its Know Your Customer program, specific procedures designed to ensure that the information and documentation is reviewed on an ongoing basis by appropriate personnel. The nonmember bank should maintain written evidence that the appropriate review is being performed on a regular basis.

While issues arise on occasion concerning documentation on accounts domiciled in the United States by foreign accountholders, the FDIC believes that the information typically already exists within the insured nonmember bank in the United States because the information is used by the relationship manager, who resides in the United States, as well as other components of the nonmember bank to provide banking services to the customer.

Comments Sought

The FDIC invites comment on any aspect of the rule, and specifically seeks comment on the following issues:

Whether the proposed definition of ``customer'' is sufficient to include all persons who benefit from an account opened at an insured nonmember bank such as persons who establish off-shore shell companies or entities or otherwise conduct their business through intermediaries.
Whether the proposed definition of ``customer'' is too broad and will unnecessarily include persons that pose a minimal Know Your Customer risk.
Whether an insured nonmember bank's Know Your Customer program should apply to a nonmember bank's counterparty relationships with respect to transactions in wholesale financial markets (e.g., sales or purchases involving foreign exchange or securities) and correspondent banking relationships. If so, would a different standard than that applicable to retail relationships be more appropriate for wholesale and correspondent banking relationships? If such a distinction is appropriate, is the proposed definition of ``customer'' sufficient?
Whether the benefits of implementing Know Your Customer requirements outweigh the costs involved.
Whether the proposed regulation will create a competitive disadvantage with respect to other financial entities offering similar services that may not be subject to similar regulations (citing, where possible, specific examples) and, if so, what could be done to mitigate the disadvantage consistent with the FDIC's supervisory responsibilities.
Whether the actual or perceived invasion of personal privacy interests is outweighed by the additional compliance benefits anticipated by this proposal.
Whether there should be a minimum account size threshold below which the Know Your Customer requirements should be waived.

Regulatory Flexibility Act

Under the Regulatory Flexibility Act, the FDIC must either provide an Initial Regulatory Flexibility Analysis (IRFA) with this proposed rule, or certify that the proposed rule would not have a significant economic impact on a substantial number of small entities. The proposed rule is designed to be flexible so that each insured nonmember bank can design a Know Your Customer program appropriate for its circumstances. While advantageous to insured nonmember banks, this flexibility makes it difficult to predict the magnitude of the economic impact of the proposed rule on insured nonmember banks. The FDIC cannot, at this time, determine whether the proposed rule would have a significant economic impact on a substantial number of small entities. The FDIC, therefore, includes this IRFA.
1. Reasons For and Objectives of the Proposed Rule.
  
  The proposed Know Your Customer rule is designed to deter and detect financial crimes, such as money laundering, tax evasion, and fraud. Financial crimes conducted at or through financial institutions, even where financial institutions are not parties to the transactions, can damage the reputations of the institutions involved, and possibly of the entire banking industry. Under current law, financial institutions are required to report suspicious activities to law enforcement authorities, but are not required to specifically search for suspicious activities. As a result, suspicious activities may go unreported, and illegal activity may go undetected. Know Your Customer programs would better enable financial institutions to alert law enforcement authorities to potential criminal conduct and help deter criminal conduct in the banking industry.
  
  The FDIC has two primary objectives for this proposed rulemaking: (1) increasing insured nonmember banks' detection and reporting of suspicious customer activities; and, (2) deterring financial crimes at insured nonmember banks.
  
  The proposed rule would apply to large and small insured nonmember
  
  [[Page 67534]]
  
  banks. Small nonmember banks are generally defined, for Regulatory Flexibility Act purposes, as those with assets of $100 million or less. This proposed rule would apply to approximately 3,950 small insured nonmember banks.
2. Requirements of the Proposed Rule.
  
  The proposed rule would require insured nonmember banks to identify their customers, determine their customers' normal and expected transactions, determine their customers' sources of funds, monitor transactions to find those that are not normal and expected, and, for transactions that are not normal and expected, identify which are suspicious. Insured nonmember banks are required to report any suspicious transactions under current law, and this proposed rule would have no additional reporting requirements.
  
  The impact of the proposed regulation on a nonmember bank's resources, and the skills necessary to comply with it, will vary from one nonmember bank to another because the proposed regulation is designed to take into account each bank's size and resources. Because each nonmember bank would be able to design an individualized Know Your Customer program, it is difficult to specify the type of professional skills necessary for preparing any required records or reports. Large insured nonmember banks may be more likely to use computerized Know Your Customer programs, and in that event would be more likely to need professional computer skills. Small nonmember banks that choose to automate their Know Your Customer programs would need professional computer skills.
  
  Know Your Customer monitoring would be similar to monitoring that insured nonmember banks already do. For example, insured nonmember banks monitor customer transactions to ensure that cash transactions exceeding $10,000 are reported under the Bank Secrecy Act, to ensure that customers do not overdraw their accounts, and to ensure that loan payments are accurate and timely. Thus, Know Your Customer monitoring would rely, at least in part, on computer and other skills that insured nonmember bank personnel already have and regularly use.
3. Significant Alternatives
No Know Your Customer Requirements

The FDIC considered recommending Know Your Customer procedures rather than proposing regulatory requirements. The FDIC decided to propose this rulemaking, however, because of the risks that insured nonmember banks face from customers who attempt illegal activities. Illegal activities would harm a nonmember bank's reputation and that of the entire banking industry. Requiring Know Your Customer programs significantly reduces the likelihood that some insured nonmember banks would not establish or adhere to such programs. In addition, because other federal banking agencies are proposing Know Your Customer rules, the FDIC believes that criminals would quickly move their illegal funds transfers into insured nonmember banks without Know Your Customer programs, thus increasing those banks' exposure to illegal activity.

Moreover, recommending rather than requiring Know Your Customer programs would allow customers to simply refuse to answer appropriate questions about their identities or transactions. If Know Your Customer programs are required, insured nonmember banks can more easily collect the necessary information because customers cannot turn readily to another financial institution free of such requirements.

For these reasons, merely recommending Know Your Customer programs would interfere with the FDIC's goals of increasing insured nonmember banks' detection and reporting of suspicious customer activities, and deterring financial crimes at insured nonmember banks.
Exemption for Small Nonmember Banks

The FDIC considered exempting small nonmember banks from Know Your Customer requirements. However, this alternative has the disadvantage of possibly creating a haven for criminal activity. It is likely that criminals would concentrate their activity at those nonmember banks not subject to any Know Your Customer requirements. An exemption for small insured nonmember banks would conflict with the FDIC's goals of increasing insured nonmember banks' detection and reporting of suspicious customer activities and deterring financial crimes at insured nonmember banks. 3. Flexible Know Your Customer Requirements

The FDIC is proposing to require that all insured nonmember banks establish and follow Know Your Customer programs, but the proposal will allow each nonmember bank to develop a program appropriate for its circumstances, including but not limited to its size and resources. This approach is preferable to the first two alternatives because it does not allow criminals to choose an insured nonmember bank without Know Your Customer requirements to conduct illegal activities. A flexible alternative also avoids requirements beyond the means of small nonmember banks. Small nonmember banks could use simpler, less costly, and less burdensome programs than larger insured nonmember banks.
1. Other Matters
The FDIC has the statutory authority to promulgate this proposed regulation. There are no federal rules that duplicate, overlap, or conflict with this proposed rule.

The FDIC encourages comment on all aspects of this IRFA, including comments on any significant economic impact the proposed rule would have on small entities.

Paperwork Reduction Act

In accordance with the Paperwork Reduction Act (44 U.S.C. 3501 et seq.) the FDIC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid Office of Management and Budget (OMB) control number. A collection of information contained in this rule and described below has been submitted to OMB for review. Comments on the collection of information should be sent to the desk officer for the FDIC: Alexander T. Hunt, Office of Information and Regulatory Affairs, Office of Management and Budget, New Executive Office Building, Room 3208, Washington, DC 20503. Copies of comments should also be sent to: Steven F. Hanft, FDIC Clearance Officer, Office of the Executive Secretary, Federal Deposit Insurance Corporation, 550 17th Street, NW, Washington, DC 20429, (202) 898-3907. Comments may be hand-delivered to the guard station at the rear of the 17th Street building (located on F Street) on business days between 7:00 a.m. and 5:00 p.m. [Fax number (202) 898- 3838; Internet address: COMMENTS@FDIC.GOV]. For further information on the Paperwork Reduction Act aspect of this rule, contact Steven F. Hanft at the above address. OMB will make a decision concerning the change in the information collection between 30 and 60 days after the publication of this document in the Federal Register. Therefore, a comment to OMB is best assured of having its full effect if OMB receives it within 30 days of this publication. Unless the FDIC publishes a notice to the contrary, the public may assume that the change in the collection

[[Page 67535]]

was approved within 60 days of this publication.

Comment is solicited on: (i) Whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;

(ii) The accuracy of the agency's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;

(iii) The quality, utility, and clarity of the information to be collected; and

(iv) Ways to minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses.

Title of the collection: The proposed rule will modify an information collection previously approved by OMB titled ``Procedures for Monitoring Bank Secrecy Act Compliance'' under OMB control number 3064-0087.

Summary of the change to the collection: The proposed rule will modify the collection by adding a requirement that each bank develop a written ``Know Your Customer'' program.

Need and Use of the information: Banks will use the Know Your Customer program to assure that they do not become unwitting participants in illicit activities conducted or attempted by their customers. The FDIC will use the information kept to ensure and monitor compliance with the Bank Secrecy Act.

Respondents: State nonmember banks (approximately 6,000).

Estimated annual burden: The majority of the paperwork burden associated with the proposed rule is the one-time cost of developing a plan and implementing written policies and procedures which will occur in the first year of the rule's application to a covered bank. In the normal course of business, most institutions likely already have sufficient information about their customers in their files and would only need to organize and review such information. The FDIC estimates that there will be 6,000 recordkeepers in the first year. In subsequent years, the recordkeepers will consist of newly-chartered institutions subject to the rule. The proposed rule is not expected to significantly increase the ongoing annual burden for the recordkeepers because most of the ongoing burden is incurred in the normal course of their business activities and or accounted for under other existing information collections including their fraud prevention procedures, their monitoring of transactions for reporting on the Department of the Treasury's Currency Transaction Reports and as part of their procedures to detect violations or suspicious activity reported on the Suspicious Activity Report. Because the records would be maintained at the subject organizations and are not provided to the Board, no issue of confidentiality under the Freedom of Information Act arises.

Frequency of response: Occasional.

Number of responses: 6,000.

Number of hours to prepare a response: 10--30 hours, with an average of 20 hours.

Total annual burden: 120,000.

List of Subjects in 12 CFR Part 326

Banks, banking, Bank robbery, Bank Secrecy Act, Crime, Currency, Reporting and recordkeeping requirements, Security measures.

Authority and Issuance

For the reasons set forth in the preamble, part 326 of title 12 of the Code of Federal Regulations is proposed to be amended as follows:

PART 326--MINIMUM SECURITY DEVICES AND PROCEDURES AND BANK SECRECY ACT COMPLIANCE
The authority citation for part 326 continues to read as follows:

Authority: 12 U.S.C. 1813, 1815, 1817, 1818, 1819[Tenth], 1881- 1883; 31 U.S.C. 5311-5324.
A new subpart C is added to read as follows:

Subpart C--Know Your Customer Compliance

Sec. 326.9 Know Your Customer rule.

(a) Purpose. This subpart requires that all insured nonmember banks as defined in 12 CFR 326.1(a) establish and regularly maintain procedures designed to determine the identity of their customers, as well as their customers' normal and expected transactions and sources of funds involving the nonmember bank. These procedures (referred to as the ``Know Your Customer'' program) are intended to: protect the reputation of the nonmember bank; facilitate the nonmember bank's compliance with all applicable statutes and regulations (including the Bank Secrecy Act and the suspicious activity reporting requirements of 12 CFR 353.3) and with safe and sound banking practices; and protect the insured nonmember bank from becoming a vehicle for or a victim of illegal activities perpetrated by its customers.

(b) Definition of customer. For the purposes of this section, customer means:

(1) Any person or entity who has an account with an insured nonmember bank covered by this subpart involving the receipt or disbursal of funds; and

(2) Any person or entity on behalf of whom an account is maintained.

(c) Establishment of Know Your Customer program. Each insured nonmember bank shall develop and provide for the continued administration of a Know Your Customer program by April 1, 2000. The Know Your Customer program shall be reduced to writing and approved by the board of directors (or a committee thereof) with the approval recorded in the official minutes of the board.

(d) Contents of Know Your Customer program. The Know Your Customer program may vary in complexity and scope according to categories or classes of customers established by the nonmember bank and the potential risk of illicit activities associated with those customers' accounts and transactions.

(1) Appropriate documentation requirements and due diligence procedures established by the insured nonmember bank to comply with this section.

(2) A system for:

(i) Determining the identity of the insured nonmember bank's new customers and, if the nonmember bank has reasonable cause to believe that it lacks adequate information to know the identity of existing customers, determining the identity of those existing customers;

(ii) Determining the customer's sources of funds for transactions involving the insured nonmember bank;

(iii) Determining the particular customer's normal and expected transactions involving the insured nonmember bank;

(iv) Monitoring customer transactions and identifying transactions that are inconsistent with normal and expected transactions for that particular customer or for customers in the same or similar categories or classes, as established by the insured nonmember bank; and

(v) Determining if a transaction should be reported in accordance with the FDIC's suspicious activity reporting regulations and, if so, reporting accordingly.

(e) Compliance with Know Your Customer program. The insured nonmember bank shall comply with its Know Your Customer program. To ensure compliance, the nonmember bank shall:

[[Page 67536]]

(1) Provide for and document a system of internal controls;

(2) Provide for and document independent testing for compliance to be conducted by bank personnel or by an outside party on a regular basis;

(3) Designate an individual or individuals as responsible for coordinating and monitoring day-to-day compliance; and

(4) Provide for and document training to all appropriate personnel, on at least an annual basis, of the content and required procedures of the Know Your Customer program.

(f) Availability of documentation. For all accounts opened or maintained in the United States, each insured nonmember bank must ensure that all information and documentation sufficient to comply with the requirements of this section are available for examination and inspection, at a location specified by an FDIC representative, within 48 hours of an FDIC representative's request for such information and documentation. In instances where the information and documentation is maintained at a location other than where the customer's account is maintained or the financial services are rendered, the insured nonmember bank must include, as part of its Know Your Customer program, specific procedures designed to ensure that the information and documentation is reviewed on an ongoing basis by appropriate bank personnel in order to comply with this subpart.

By order of the Board of Directors.

Dated at Washington, D.C. this 27th day of October, 1998.

Federal Deposit Insurance Corporation. Robert E. Feldman, Executive Secretary.

[FR Doc. 98-32334Filed12-4-98; 8:45 am]

BILLING CODE 6714-01-P

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Minimum security devices and procedures and Bank Secrecy Act: Insured nonmember banks; Know Your Customer programs development,

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users