[Federal Register Volume 63, Number 234 (Monday, December 7, 1998)]
[Proposed Rules]
[Pages 67536-67542]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-32335]
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of Thrift Supervision
12 CFR Part 563
[No. 98-114]
RIN 1550-AB15
Know Your Customer
AGENCY: Office of Thrift Supervision, Treasury.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: The Office of Thrift Supervision (OTS) is proposing to issue a
regulation requiring savings associations to develop and maintain Know
Your Customer programs to deter and detect financial crimes. The Board
of Governors of the Federal Reserve System, the Federal Deposit
Insurance Corporation, and the Office of the Comptroller of the
Currency are proposing substantially similar rules in separately
published notices. The proposed regulation would reduce the likelihood
that savings associations will become unwitting participants in any
customer's illicit activities by requiring savings associations to
determine the true identities and legitimate activities of their
customers. The proposal would require each savings association to
determine the identity of its customers, to determine normal and
expected transactions for its customers, to determine its customers'
sources of funds, to identify transactions that are not normal or
expected transactions for the customer, and to report suspicious
transactions under existing suspicious activity reporting requirements.
The proposal's flexible approach would allow each savings association
to design a Know Your Customer program suitable for its own
circumstances.
DATES: Comments must be received by March 8, 1999.
ADDRESSES: Send comments to Manager, Dissemination Branch, Information
Management and Services Division, Office of Thrift Supervision, 1700 G
Street, NW., Washington, DC 20552, Attention Docket No. 98-114. Hand
deliver comments to Public Reference Room, 1700 G Street, NW., lower
level, from 9:00 A.M. to 5:00 P.M. on business days. Send facsimile
transmissions to FAX Number (202) 906-7755 or (202) 906-6956 (if the
comment is over 25 pages). Send e-mails to public.info@ots.treas.gov
and include your name and telephone number. Interested persons may
inspect comments at 1700 G Street, NW., from 9:00 A.M. until 4:00 P.M.
on business days.
FOR FURTHER INFORMATION CONTACT: Larry A. Clark, Senior Manager,
Compliance and Trust Programs, Compliance Policy, (202) 906-5628, Gary
C. Jackson, Analyst, Compliance Policy, (202) 906-5653, Christine
Harrington, Counsel (Banking and Finance), (202) 906-7957, or Karen
Osterloh, Assistant Chief Counsel, (202) 906-6639, Office of Thrift
Supervision, 1700 G Street, NW., Washington, DC 20552.
SUPPLEMENTARY INFORMATION:
I. Background
The financial sector's integrity depends on depository
institutions' ability to attract and retain legitimate funds from law
abiding customers. Depository institutions' ability to do so rests on
the quality and the reliability of their services and on their sound
reputation within the financial sector. Illicit financial activities,
such as money laundering and fraud, pose a serious threat to financial
institutions' integrity. Illicit funds transactions can damage the
reputations of the involved financial institution, may subject the
institution to criminal liability,1 and may ultimately
damage the reputation of the entire financial sector. While it is
impossible to identify every transaction that is illegal or that
assists criminals in moving illegally derived funds, financial
institutions must take every reasonable step to detect such activity.
When institutions identify their customers and determine what
transactions are normal and expected for these customers, they are able
to monitor transactions to identify unusual or suspicious transactions.
By identifying and reporting unusual or suspicious transactions,
financial institutions protect their integrity and assist the Federal
banking agencies and law enforcement authorities in thwarting illicit
activities.
---------------------------------------------------------------------------
\1\ See 18 U.S.C. 1956 and 1957.
---------------------------------------------------------------------------
The proposed regulation would implement 12 U.S.C. 1818(s). This
statute requires the Federal banking agencies to prescribe regulations
requiring depository institutions to establish and maintain procedures
reasonably designed to ensure and monitor compliance with the Currency
and Foreign Transaction Reporting Act (31 U.S.C. 5311 et seq.)
Effective Know Your Customer programs should facilitate compliance with
the Currency and Foreign Transaction Reporting Act and the regulations
issued thereunder (31 CFR 103.11 et seq.) (collectively referred to as
the Bank Secrecy Act).
Accordingly, OTS is proposing to issue rules requiring savings
associations to develop and maintain Know Your Customer programs to
detect and deter financial crimes. The Federal Reserve Board, the
Office of the Comptroller of the Currency, and the Federal Deposit
Insurance Corporation are also proposing similar Know Your Customer
regulations. OTS believes that similar rules applicable to different
types of financial institutions will prevent competitive disparities
between industries. OTS's proposal uses the plain language drafting
techniques described in President Clinton's Memorandum on Plain
Language in Government Writing (June 1, 1998), Vice President Gore's
Memorandum Implementing the Presidential
[[Page 67537]]
Memorandum on Plain Language (July 20, 1998), and the Federal Register
Document Drafting Handbook.
The Federal banking agencies' position regarding the importance of
a Know Your Customer program is consistent with that of other
countries, as evidenced by the pronouncements of several international
organizations.2 Numerous countries have supported Know Your
Customer programs and mandatory suspicious transaction reporting as the
best means of protecting the financial sector. Criminal elements tend
to gravitate towards financial institutions that operate within poorly
regulated and poorly supervised jurisdictions. Know Your Customer
programs work to stifle transactions involving illegally derived funds.
---------------------------------------------------------------------------
\2\ See the Basle Committee on Banking Regulations and
Supervisory Practices' December 1988 ``Statement on the Prevention
of Criminal Use of the Banking System for the Purpose of Money
Laundering,'' as well as the Committee's April 1997 ``Core
Principles for Effective Banking Supervision;'' the 1988 United
Nations Vienna Convention Against Illicit Traffic in Narcotic Drugs
and Psychotropic Substances; the 1990 Council of Europe Convention;
and the Financial Action Task Force Forty Recommendations, issued in
1989 and amended in 1996.
---------------------------------------------------------------------------
OTS recognizes that the proposed Know Your Customer requirements
would impose additional burdens on some institutions. Consequently, OTS
has proposed only the minimal requirements necessary to ensure that
savings associations have adequate programs. Moreover, the proposed
regulation is designed to be flexible so that savings associations can
create Know Your Customer programs appropriate for their circumstances.
In addition, the Federal banking agencies intend to publish
interpretive guidance on Know Your Customer issuesat the same time as
the regulations become final. This guidance, coupled with a flexible
regulation, will aid savings associations in complying with the
regulations.
Section-by-Section Analysis
OTS proposes to add a new regulation at 12 CFR 563.178 that would
require every savings association to develop and implement a Know Your
Customer program. The proposed rule describes the basic requirements of
a Know Your Customer program, but does not set forth specific mandates
in a checklist style. Rather, the proposal would give each savings
association the flexibility to design a Know Your Customer program that
is appropriate for its size, the nature and complexity of its
operations, and its risk of illicit activity. The proposed rule is
summarized below.
Section 563.178(a) Who Must Establish a Know Your Customer Program?
Proposed paragraph (a) would require each savings association to
establish and comply with a written Know Your Customer program. The
savings association's board of directors or a committee of the board
would be required to approve the program and record the approval in the
official board minutes. These requirements would ensure that the same
standards are applied throughout the savings association and would
inform auditors and examiners of the program's requirements.
OTS intends to allow savings associations a sufficient time after
publication of a final rule to establish Know Your Customer programs.
OTS proposes to make the final Know Your Customer rule effective on
April 1, 2000. In this way, savings associations will have a sufficient
period to establish and implement their Know Your Customer programs.
Section 563.178(b) Why Must I Establish a Know Your Customer Program?
Paragraph (b) of the proposed rule would explain why a savings
association must establish a Know Your Customer program. Such programs
serve several purposes: protecting the savings association's
reputation; facilitating its compliance with the Bank Secrecy Act, the
OTS's suspicious activity reporting regulations, and safe and sound
practices; and protecting the savings association from becoming a
vehicle for, or a victim of, illegal activities by its customers.
Section 563.178(c) Who Is My Customer?
The proposed rule defines ``customer'' to include any person or
entity who has an account with a savings association that involves the
receipt or disbursal of funds, and any person or entity on behalf of
whom an account is maintained. The term includes direct and indirect
beneficiaries of the account when the activity in the account involves
the receipt or disbursal of funds. A ``customer'' would include an
accountholder, a beneficial owner of an account, or a borrower. A
``customer'' could include the beneficiary of a trust, an investment
fund, a pension fund or a company whose assets are managed by an asset
manager; a controlling shareholder of a closely held corporation; or
the grantor of a trust established in an off-shore jurisdiction. The
term ``customer'' does not include recipients of services for which the
receipt or disbursal of customer funds is incidental, such as rental of
safe deposit boxes.
The proposed definition would include both existing and new
customers. The effectiveness of a Know Your Customer program would be
greatly reduced if all customer accounts in existence prior to the
effective date of the regulations were excluded from its scope.
However, the OTS does not believe that it is practicable for a savings
association to conduct a large-scale information request from all its
existing customers. Rather, a savings association could comply with the
proposed regulation by determining its current customers' normal and
expected transactions using available account data, and monitoring
their transactions for suspicious activities. However, if existing
customers and their transactions present unusual risk of illegal
activity (for instance, transactions involving private banking
customers), it may be necessary to fulfill all of the requirements of
this regulation as if they were new customers.
Section 563.178(d) What Transactions Are Covered Under This Section?
The regulation would define ``transaction'' to include any
transaction by a customer that is conducted at a savings association's
facilities or that involves the savings association, regardless of
where the transaction is conducted.
Section 563.178(e) What Must My Know Your Customer Program Contain?
Proposed paragraph (e) sets forth the basic requirements for Know
Your Customer programs. Savings associations vary considerably in how
they conduct their day-to-day business. OTS believes that requiring
each savings association to follow a standard checklist would be of
little value. Accordingly, the proposed regulation would allow each
savings association to develop an individualized Know Your Customer
program. Such individualized programs would more appropriately reflect
the size and complexity of the savings association, the types of
customers it serves, the nature and extent of its customers'
activities, and its risks of illicit activity. In particular, proposed
paragraph (e) would allow a savings association to develop ``customer
profiles'' for classifying customers into risk-based categories to
determine the information and monitoring that is appropriate for those
customers and to determine when customers' transactions may be
suspicious.
[[Page 67538]]
While the proposed regulation would provide savings associations
with substantial flexibility to devise individualized Know Your
Customer programs, all Know Your Customer programs must contain certain
critical features. First, proposed Sec. 563.178(e)(1) would require
each savings association to determine the identities of its prospective
customers. For existing customers, a savings association also would be
required to determine their identity if it has reason to believe that
it lacks adequate information to know their identity.
Each savings association would need to establish, to its own
satisfaction, that it is dealing with a legitimate person or entity,
and must verify its customer's identity. The nature and extent of the
identification process should be commensurate with the anticipated
transactions and the risks of illegal activity associated with such
transactions.
If a prospective customer refuses to provide any requested
information, sound practices would require that the savings association
not establish the customer relationship. Similarly, if an established
customer refuses to provide requested information, sound practices
would require the savings association to consider terminating the
relationship.
The best documents for verifying the identity of a prospective
customer are the ones that are the most difficult to obtain illicitly
and the most difficult to counterfeit. Because no single form of
identification can be guaranteed to be genuine, a savings association
should use a cumulative identification process and should obtain enough
information and documentation to ensure that it has properly identified
its customer. In addition to the customer's name, key identifying
information may include the customer's address, place of business, and
telephone number. A savings association may find it appropriate to
verify addresses by physically observing the locations, and to verify
telephone numbers by calling the numbers. Extra steps may be
appropriate for customers outside a savings association's normal
service area.
If a customer is a natural person, acceptable forms of
identification would include a document with a photograph, a
description of the person, the person's signature, and an easily
recognizable identification issued by a government entity. While not an
exhaustive list, examples of acceptable identification issued by a
government entity include a driver's license or an identification card
with a photograph issued by the State where the savings association is
located, or a United States passport or alien registration card. Other
forms of identification, while not sufficient without corroboration,
can serve as helpful cumulative information. Examples of such
information include an employer or student identification card, an out-
of-State driver's license, a credit card, or a customer's current home
utility bills.
For corporate or business customers, a savings association should
verify that the corporation or business entity exists and engages in
its stated business. A savings association should obtain evidence of a
business's legal status, such as an incorporation document, a
partnership agreement, association documents, or a business license. In
some instances, it may also be appropriate to obtain information on the
business's controlling owners. Additionally, a savings association
should obtain a business customer's financial statements, a description
of the business, and a description of its primary areas of trade. To
verify information, a savings association may also obtain information
related to a business's customers and suppliers.
At a minimum, for both natural persons and corporate or business
customers, the savings association's records should indicate the type
of identification obtained. If no legal impediment exists, the savings
association should duplicate and maintain a copy of the documentation.
Establishing a customer relationship without face to face contact
(e.g., by mail, Internet, or other electronic operations) poses
difficulties in identifying customers. Even though photographic
identification may be impractical, other acceptable means of
identifying the customer are available. In such circumstances, a
savings association should carefully verify a customer's address and
telephone number. The savings association may use other commercially
available data, such as credit reports and traditional information
sources, to compare items such as a customer's name with his or her
date of birth and social security number.
Introductions or referrals of prospective customers by established
customers can provide extremely valuable background information about a
prospective customer. The savings association should, of course,
document details regarding the introduction or referral to assist in
verifying the prospective customer's identity. Introductions and
referrals cannot, however, take the place of the identification
required under the proposed regulation.
Private banking accounts pose unique risks because customers may
use them to protect or conceal their identities by using such account
vehicles as personal investment companies, trusts, personal mutual
investment funds, or a financial advisor's account. However, OTS and
other Federal banking agencies believe that properly identifying
private banking customers is necessary to depository institutions' safe
and sound operation. Procedures for identifying private banking
customers should be no different than the procedures for identifying
other customers. A savings association can address private banking
customers' confidentiality needs by developing special protections that
limit access to information that could reveal the beneficial owners of
these accounts.3
---------------------------------------------------------------------------
\3\ For an in-depth discussion of private banking and sound
practices associated with the administration of private banking
activities, see the July 1997 Guidance on Sound Risk Management
Practices Governing Private Banking Activities, prepared by the
Federal Reserve Bank of New York and issued by the Federal Reserve
Board. It is available on the Federal Reserve Board's public
Internet website (www.federalreserve.gov/).
---------------------------------------------------------------------------
A savings association must also identify beneficial owners of
assets bought, sold or managed through the savings association. Such
transactions often occur at the behest of intermediaries, such as asset
managers. The ``customer'' in these situations would include the
beneficiaries of the transactions, not just the intermediaries. The
amount of information necessary to fulfill Know Your Customer
obligations would depend on the risk of illicit activity. Risk depends
on matters such as the type, duration, and size of the transactions
that a customer will conduct. Savings associations should address the
type and amount of information necessary as a part of their Know Your
Customer programs.
Where there is little risk of illegal activities by customers,
savings associations would not be required to identify those indirect
customers or monitor their transactions. For example, if the customer
is a widely-held mutual fund or asset management fund whose shares are
traded on a public exchange, there is little risk that the customer's
shareholders would conduct illegal acts at the savings association.
Similarly, if a savings association's customer is a regulated financial
institution for whom the savings association is an intermediary in
check clearing or funds transfer processing, there is little risk that
the financial institution's customers would conduct illegal acts at the
savings association. On the other hand, if the savings association's
customer is a mutual fund established in an off-shore
[[Page 67539]]
jurisdiction that has a limited number of shareholders, the risk of
illegal activity is higher. In that case, the savings association would
be required to identify and monitor the customers of the mutual fund.
In addition to identifying each customer as a part of the Know Your
Customer program, proposed Sec. 563.178(e)(2) would require a savings
association to identify its customer's sources of funds for
transactions at the savings association. For purposes of determining
and documenting the sources of funds, the amount of information
necessary will depend on the type of customer. A savings association
may categorize customers and obtain more or less information depending
on the risks of illicit activities in the category. For example, many
customers with demand deposit accounts obtain their funds from payroll
deposits. Thus, a savings association may identify and document these
customers' sources of funds relatively easily. On the other hand, a
savings association would be required to obtain more documentation for
customers with multiple deposits from a variety of sources. The
proposed regulation would allow, and OTS would encourage, savings
associations to categorize customers that share common characteristics
in order to collect pertinent information with the least burden.
Proposed Sec. 563.178(e)(3) would require a savings association to
determine its customers' normal and expected transactions. This
determination forms the basis for identifying transactions that are out
of the ordinary, unexpected, and possibly suspicious. A savings
association cannot completely determine a customer's normal and
expected transactions when it first establishes a customer
relationship. Accordingly, an effective Know Your Customer program
should include procedures for periodically reviewing a savings
association's original determination to determine whether the same
transactions are still normal and expected.
OTS encourages savings associations to design flexible Know Your
Customer programs. This proposed rule would allow savings associations
to determine normal and expected transactions for categories or classes
of customers that share common characteristics. Associations may use
this flexibility to focus their efforts on areas with the greatest risk
of illicit activity. For example, customers with demand deposit
accounts funded by payroll deposits will, most likely, use the accounts
for depositing salaries and for ordinary living expenses. Such accounts
would require little analysis. Conversely, business accounts or private
banking customers' accounts may require more in-depth analysis of the
customers' intended use of the accounts.
Proposed Sec. 563.178(e)(4) would require a savings association to
monitor customers' transactions to determine if transactions are normal
and expected for individual customers or for categories or classes of
customers. While monitoring is critical, a savings association would
not be required to monitor every transaction of every customer.
Similarly, OTS does not suggest that savings associations must purchase
expensive, sophisticated computer hardware or software to comply with
the proposed rule. Rather, OTS encourages each savings association to
design an effective monitoring program that is appropriate for that
institution and that corresponds to the risk of illegal activities by
its customers. For example, a savings association may categorize, for
monitoring purposes, by account type, transaction type, account size,
or number and size of transactions in accounts. A savings association
may choose to monitor only those transactions that meet established
parameters, such as dollar size, frequency, or source of funds, for a
particular category of account. Whatever the method, savings
associations should focus their monitoring on areas with the greatest
risk of illegal activity. The Federal banking agencies are working on
interpretive guidance to help institutions in this area. OTS will give
deference to a savings association's monitoring program.
For some categories or classes of accounts, a savings association
may have to monitor each transaction. For example, a savings
association should understand the nature of and monitor each
significant private banking transaction. Because one of the goals of
private banking is to offer highly individualized service through the
use of relationship managers, OTS does not believe that the burden of
monitoring each transaction of private banking customers is
significant.
In many instances, savings associations already monitor their
customers' transactions. For example, savings associations monitor
transactions in order to comply with suspicious activity reporting
requirements. Similarly, savings associations monitor for large cash
transactions, check kiting and attempted withdrawals from accounts with
insufficient funds or from closed accounts. Savings associations'
experience in monitoring these transactions should ease the impact of
Know Your Customer monitoring requirements.
Proposed Sec. 563.178(e)(4) would require savings associations to
identify customer transactions that are not normal and expected. Under
this proposed rule, a savings association would not be required to
detect every abnormal or unexpected transaction. Rather, a savings
association would be required to identify those monitored transactions
that were not consistent with its determination of what is normal and
expected for a particular customer.
Under proposed Sec. 563.178(e)(5), the savings association would be
required to determine whether each identified transaction is unusual or
suspicious. If the transaction is suspicious, the association would be
required to report the transaction under OTS's existing suspicious
activities reporting requirements at 12 CFR 563.180. The proposed Know
Your Customer regulation would impose no additional reporting
requirements.
Section 563.178(f) How Do I Ensure Compliance With My Know Your
Customer Program?
Under proposed Sec. 563.178(f), a savings association must follow
its Know Your Customer program. To do so, a savings association would
have to establish internal controls to ensure ongoing compliance. In
addition, the savings association would be required to use either
outside parties or independent employees to test its compliance. The
proposed rule would also require each savings association to designate
at least one individual to be responsible for coordinating and
monitoring day-to-day compliance. Finally, a savings association would
be required to train the appropriate personnel in the Know Your
Customer program at least annually.
These requirements are very similar to OTS's procedures for
monitoring Bank Secrecy Act compliance.4 Savings
associations are familiar with, and regularly use, the Bank Secrecy Act
procedures. Where appropriate, a savings association may charge its
Bank Secrecy Act compliance officer with the responsibility for its
Know Your Customer program. This should ease the burdens associated
with complying with the new Know Your Customer regulation.
---------------------------------------------------------------------------
\4\ 12 CFR 563.177(c) (1998).
---------------------------------------------------------------------------
[[Page 67540]]
Section 563.178(g) How Do I Document My Compliance With My Know Your
Customer Program?
Proposed section 563.178(g) would require a savings association to
maintain information and documents demonstrating that it has complied
with all of the requirements of the Know Your Customer regulation,
including the internal control, independent testing, and training
requirements listed under the compliance requirements. The proposed
rule would further require a savings association to make all Know Your
Customer documents available to OTS within 48 hours of a request,
unless OTS specifies a different time period.
In addition, if a savings association maintains information or
documents at a location other than where it maintains a customer's
account or where it renders financial services, it must also establish
and follow procedures designed to ensure that its employees review, on
an ongoing basis, information and documents to ensure that it has
complied with the Know Your Customer requirements.
Comments Sought
OTS specifically seeks comments on the following questions:
1. Is the proposed definition of ``customer'' sufficient to include
all persons who benefit from an account opened at a savings
association, such as persons who establish off-shore shell companies,
or entities that otherwise conduct their business through
intermediaries?
2. Is the proposed definition of ``customer'' too broad,
unnecessarily reaching persons who pose a minimal risk of illicit
activities at savings associations?
3. Should ``customer'' include savings associations' counterparties
in wholesale financial transactions? Should ``customer'' include
correspondent banking relationships? Would a different standard be more
appropriate for those transactions or relationships?
4. Would the benefits of implementing Know Your Customer
requirements outweigh the costs involved? Are there alternatives that
would better balance these costs and benefits?
5. Would the proposed regulation place savings associations at a
competitive disadvantage with respect to other financial entities
offering similar services that are not subject to similar requirements?
Please cite specific examples.
6. Would the added compliance benefits of this proposal outweigh
the actual or perceived invasion of personal privacy interests?
7. Should OTS waive Know Your Customer requirements for accounts
below a minimum size threshold? If so, where should OTS set the
threshold?
Executive Order 12866
The Director of OTS has determined that this proposed rule does not
constitute a ``significant regulatory action'' for the purposes of
Executive Order 12866.
Regulatory Flexibility Act
Under the Regulatory Flexibility Act, OTS must either provide an
Initial Regulatory Flexibility Analysis (IRFA) with this proposed rule,
or certify that the proposed rule would not have a significant economic
impact on a substantial number of small entities. This proposed rule is
designed to be flexible so that each savings association could design a
Know Your Customer program appropriate for its circumstances. While
advantageous to savings associations, this flexibility makes it
difficult to predict the economic impact of the proposed rule. OTS
cannot, at this time, determine whether the proposed rule would have a
significant economic impact on a substantial number of small
institutions. OTS, therefore, includes this IRFA.
A. Reasons for and Objectives of the Proposed Rule
The proposed Know Your Customer rule is designed to deter and
detect financial crimes, such as money laundering, tax evasion, and
fraud. Financial crimes conducted at or through savings associations,
even where savings associations are not parties to the transactions,
can damage the reputations of the institutions involved, and possibly
of the entire thrift industry. Under current law, savings associations
are required to report suspicious activities to law enforcement
authorities, but are not required to specifically search for suspicious
activities. As a result, suspicious activities may go unreported, and
illegal activity may go undetected. Know Your Customer programs would
better enable savings associations to alert law enforcement authorities
to potential criminal conduct and help deter criminal conduct in the
thrift industry.
OTS has two primary objectives for this proposed rulemaking: (1)
increasing savings associations' detection and reporting of suspicious
customer activities; and (2) deterring financial crimes at savings
associations.
The proposed rule would apply to large and small savings
associations. Small savings associations are generally defined, for
Regulatory Flexibility Act purposes, as those with assets under $100
million.5 This proposed rule would apply to approximately
600 small savings associations.
---------------------------------------------------------------------------
\5\ 13 CFR 121.201, Division H (1998).
---------------------------------------------------------------------------
B. Requirements of the Proposed Rule
The proposed rule would require savings associations to identify
their customers, determine their customers' normal and expected
transactions, determine their customers' sources of funds, monitor
transactions to find those that are not normal and expected, and, for
transactions that are not normal and expected, identify which are
suspicious. Savings associations are required to report any suspicious
transactions under current law, and this proposed rule would have no
additional reporting requirements.
The impact of the proposed regulation on an institution's
resources, and the skills necessary to comply with it, will vary from
one institution to another because the proposed regulation is designed
to take into account each institution's size and resources. Because
each institution would be able to design an individualized Know Your
Customer program, it is difficult to specify the type of professional
skills necessary for preparing any required records or reports. Large
institutions may be more likely to use computerized Know Your Customer
programs, and in that event would be more likely to need professional
computer skills. Small institutions that choose to automate their Know
Your Customer programs would need professional computer skills.
Know Your Customer monitoring would be similar to monitoring that
savings associations already do. For example, savings associations
monitor customer transactions to ensure that cash transactions
exceeding $10,000 are reported under the Bank Secrecy Act, to ensure
that customers do not overdraw their accounts, and to ensure that loan
payments are accurate and timely. Thus, Know Your Customer monitoring
would rely, at least in part, on computer and other skills that savings
association personnel already have and regularly use.
C. Significant Alternatives
1. No Know Your Customer Requirements
OTS considered recommending rather than requiring Know Your
Customer
[[Page 67541]]
procedures. OTS decided to propose this rulemaking, however, because of
the risks that savings associations face from customers who attempt
illegal activities. Illegal activities would harm an association's
reputation and that of the entire thrift industry. Requiring Know Your
Customer programs significantly reduces the likelihood that some
savings associations would not establish or adhere to such programs. In
addition, because other Federal banking agencies are proposing Know
Your Customer rules, OTS believes that criminals would quickly move
their illegal funds transfers into savings associations without Know
Your Customer programs, thus increasing those savings associations'
exposure to illegal activity.
For these reasons, merely recommending Know Your Customer programs
would interfere with OTS's goals of increasing savings associations'
detection and reporting of suspicious customer activities, and
deterring financial crimes at savings associations.
2. Exemption for Small Savings Associations
OTS considered exempting small institutions from Know Your Customer
requirements. However, this alternative has the disadvantage of
possibly creating a haven for criminal activity. It is likely that
criminals would concentrate their activity at those institutions not
subject to any Know Your Customer requirements. An exemption for small
savings associations would conflict with OTS's goals of increasing
savings associations' detection and reporting of suspicious customer
activities and deterring financial crimes at savings associations.
3. Flexible Know Your Customer Requirements
OTS proposes requiring all savings associations to establish and
follow Know Your Customer programs, but proposes allowing each
institution to develop a program appropriate for its circumstances,
including but not limited to its size and resources. This approach is
preferable to the first two alternatives because it does not allow
criminals to choose a savings association without Know Your Customer
requirements to conduct illegal activities. A flexible alternative also
avoids requirements beyond the means of small institutions. Small
institutions could use simpler, less costly, and less burdensome
programs than larger institutions.
D. Other Matters
OTS has statutory authority to promulgate these proposed
regulations.6 There are no federal rules that duplicate,
overlap, or conflict with this proposed rule. The proposed rule
complement OTS rules implementing the Bank Secrecy Act at 12 CFR
563.178 and the suspicious activity reporting requirements at 12 CFR
563.180.
---------------------------------------------------------------------------
\6\ 12 U.S.C. 1464(a)(1), 1464(d)(6)(A), 1818(s)(1).
---------------------------------------------------------------------------
OTS encourages comments on all aspects of this initial regulatory
flexibility analysis, including comments on any significant economic
impacts the proposed rule would have on small entities.
Unfunded Mandates Act of 1995
Section 202 of the Unfunded Mandates Reform Act of 1995, Pub. L.
104-4 (Unfunded Mandates Act), requires that an agency prepare a
budgetary impact statement before promulgating a rule that includes a
federal mandate that may result in expenditure by state, local, and
tribal governments, in the aggregate, or by the private sector, of $100
million or more in any one year. If a budgetary impact statement is
required, section 205 of the Unfunded Mandates Act also requires an
agency to identify and consider a reasonable number of regulatory
alternatives before promulgating a rule. OTS has determined that the
proposed rule will not result in expenditures by state, local, or
tribal governments or by the private sector of $100 million or more.
Accordingly, this rulemaking is not subject to section 202 of the
Unfunded Mandates Act.
Paperwork Reduction Act
OTS invites comment on:
Whether the proposed information collection contained in this
proposal is necessary for the proper performance of OTS's functions,
including whether the information has practical utility;
The accuracy of OTS's estimate of the burden of the proposed
information collection;
(1) Ways to enhance the quality, utility, and clarity of the
information to be collected; Ways to minimize the burden of the
information collection on respondents, including through the use of
automated collection techniques or other forms of information
technology; and
Estimates of capital and start-up costs of operation, maintenance
and purchases of services to provide information.
Respondents/recordkeepers are not required to respond to this
collection of information unless it displays a currently valid OMB
control number.
OTS has submitted the collection of information requirements
contained in this proposal to the Office of Management and Budget for
review in accordance with the Paperwork Reduction Act of 1995 (44
U.S.C. 3507(d)). Send comments on the collections of information to the
Office of Management and Budget, Paperwork Reduction Project (1550),
Washington, D.C. 20503, with copies to the Regulations and Legislation
Division (1550), Chief Counsel's Office, Office of Thrift Supervision,
1700 G Street, N.W., Washington, D.C. 20552.
The collection of information requirements in this proposed rule
are found in 12 CFR 563.178. OTS requires this information for the
proper supervision of savings associations' compliance with the Bank
Secrecy Act. The likely respondents/recordkeepers are savings
associations.
Estimated average annual burden hours per respondent/recordkeeper:
8.
Estimated number of respondents: 1191.
Estimated total annual reporting and recordkeeping burden: 9528.
Start up costs to respondents: None.
List of Subjects in 12 CFR Part 563
Accounting, Advertising, Crime, Currency, Investments, Reporting
and recordkeeping requirements, Savings associations, Securities,
Surety bonds.
Accordingly, the Office of Thrift Supervision proposes to amend
Title 12, Chapter V as set forth below:
PART 563--[AMENDED]
1. The authority citation for part 563 is revised to read as
follows:
Authority: 12 U.S.C. 375b, 1462, 1462a, 1463, 1464, 1467a, 1468,
1817, 1818, 1820, 1828, 1831p-1, 3806; 42 U.S.C. 4106.
2. Section 563.178 is added to read as follows:
Sec. 563.178 Know your customer.
(a) Who must establish a Know Your Customer program? Each savings
association (``you'') must establish and comply with a written Know
Your Customer program that describes your procedures for complying with
this section. Your board of directors, or a committee of your board,
must approve your Know Your Customer program and must record that
approval in your official board minutes.
(b) Why must I establish a Know Your Customer program? These
procedures: protect your reputation; facilitate your compliance with
the Bank Secrecy Act, the suspicious activity reporting
[[Page 67542]]
requirements of Sec. 563.180, and safe and sound practices; and protect
you from becoming a vehicle for, or a victim of, your customers'
illegal activities.
(c) Who is my customer? Your customer is any person or entity who
has an account with you involving the receipt or disbursal of funds,
and any person or entity on behalf of whom such an account is
maintained.
(d) What transactions are covered under this section? A transaction
is any transaction by a customer that is conducted at your facilities
or that involves you, regardless of where the transaction is conducted.
(e) What must my Know Your Customer program contain? Your Know Your
Customer program may vary in scope and complexity according to
categories or classes of customers that you establish, and the
potential risk of illicit activities associated with your customers'
accounts and transactions. Under your Know Your Customer program, you
must do all of the following:
(1) Determine your prospective customers' identities. You must also
determine the identities of your existing customers if you have reason
to believe that you lack adequate information to know the identities of
those customers.
(2) Identify the sources of funds for your customers' transactions.
You may make this determination for a customer individually, or for
categories or classes of customers that share common characteristics.
(3) Determine the types of transactions that you expect your
customers to normally conduct (``normal and expected transactions'').
You may make this determination for a customer individually, or you may
determine what types of transactions are normal and expected for
categories or classes of customers that share common characteristics.
(4) Monitor your customers' transactions and identify transactions
that are not consistent with your customers' normal or expected
transactions as determined under paragraph (e) (2) and (3) of this
section. You may monitor transactions for each customer individually,
or you may monitor transactions for categories or classes of customers
that share common characteristics.
(5) Determine whether transactions identified under paragraph
(e)(4) of this section are unusual or suspicious. If any are
suspicious, you must follow OTS's suspicious activity reporting
regulations at 12 CFR 563.180.
(f) How do I ensure compliance with my Know Your Customer program?
To ensure compliance, you must do all of the following:
(1) Establish internal controls to ensure your ongoing compliance.
(2) Independently test your compliance. Your employees or outside
parties may conduct the testing.
(3) Designate an individual(s) responsible for coordinating and
monitoring day-to-day compliance.
(4) Train all appropriate personnel on your program at least
annually.
(g) How do I document my compliance with my Know Your Customer
program? (1) You must maintain information and documents demonstrating
that you have complied with all of the requirements of this section,
including internal control, independent testing, and training
requirements of paragraph (f) of this section.
(2) You must provide all information and documents demonstrating
your compliance with this section to OTS for examination and inspection
within 48 hours of an OTS request, unless OTS specifies a different
time period.
(3) If you maintain information or documents at a location other
than where you maintain a customer's account or where you render
financial services, you must establish and follow procedures designed
to ensure that your employees review, on an ongoing basis, information
and documents to ensure that you comply with this section.
Dated: November 9, 1998.
By the Office of Thrift Supervision.
Ellen Seidman,
Director.
[FR Doc. 98-32335 Filed 12-4-98; 8:45 am]
BILLING CODE 6720-01-P
