4.3.2023

Federal: Advocacy Letter to the Financial Crimes Enforcement Network (FinCEN) in Support of clarity and modernization of the Customer Information Program rules

Mr. Himamauli Das
Acting Director
Financial Crimes Enforcement Network
2070 Chain Bridge Road
Vienna, VA 22182

Re: Comments Regarding Regulatory Clarity, CIP Rules, and Consumer Products

Director Das:

The American Fintech Council thanks you for the opportunity to collaborate with the Financial Crimes Enforcement Network (FinCEN) in providing much needed clarity regarding the Customer Information Program rules (CIP Rule) as applied to Buy Now Pay Later (BNPL) loans.

We write to request that FinCEN consider issuing regulatory guidance that will better align data collection components of the CIP Rule to the evolution of the modern digital banking environment we are in today. Specifically, with regard to BNPL loans, AFC seeks regulatory clarity that a bank is in compliance with the CIP Rule by collecting the last four digits of a Tax ID Number (TIN) directly from the consumer, while collecting full TINs from a third party, and verifying the provided numbers through the bank’s risk based identity verification procedures.

AFC and its Mission

AFC’s mission is to promote an innovative, transparent, inclusive, and customer-centric financial system by supporting the responsible growth of lending, fostering innovation in financial technology (Fintech), and encouraging sound public policy. We believe that the provision of well-regulated, responsible services and products by technology-driven financial services providers is critically important for the financial health of consumers, small businesses, and the banking system as a whole. AFC and its members support a fair financial services system where products are designed in compliance with regulation and where predatory conduct has no place.

Reasonable Interpretation of the CIP Rule

The text of the CIP Rule requires banks to implement a written CIP program that includes risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable. The Rule identifies the pieces of information that are to be collected from a customer as part of the Bank’s CIP program: the customer's name, address, the customer’s TIN, as well as a requirement that the bank’s CIP procedures verify a customer’s identity through other methods. In addition to the language in the Rule itself, the legislative history of section 326 of the US Patriot Act indicates that Congress understood that the “the regulations should not impose requirements that are burdensome, prohibitively expensive, or impractical.”

While the Rule sets forth the pieces of information the Bank is to collect, it does not define what “from the customer” means. As a result, currently much confusion exists within the financial services industry and supervising agencies. This confusion has led to inconsistent regulatory decisions and differing practices in the marketplace. Consequently, it is appropriate for FinCEN to provide a clear understanding of what satisfies this particular requirement of the CIP Rule.

FinCEN has previously provided informal guidance on this particular matter. Within its resource center, FinCEN provided the following guidance related to the collection of TIN information from a customer:

“Thank you for your inquiry. In general, as you know, verification procedures are risk-based, so it is up to the bank’s policies and procedures whether a partial TIN would be acceptable (and obtaining the remainder from third-party sources), and whether that would allow it to satisfy the TIN requirement and form a reasonable belief it knows the true identity of the customer.
A bank’s CIP must contain procedures for verifying the identity of the customer using the identifying information obtained by the bank. A bank need not establish the accuracy of every element of identifying information obtained but must do so for enough information to form a reasonable belief it knows the true identity of the customer.”

Based on this informal guidance, it is reasonable and practical for a Bank to conclude that it satisfies the identity requirements of the CIP Rule with a program that requires collection of a partial TIN (and subsequent collection of the full TIN from a reliable third party), followed by verification of the provided numbers through the bank’s risk-based identity verification procedures.

Agency Intent

At the time the CIP Rule was adopted, FinCEN recognized the rapid speed of technological change and implemented an exemption to full TIN collection within the CIP Rule specific to credit card issuers. Presumably this was done to remain consistent with the goal of ensuring the Rule did not “impose burdens that would make [it] prohibitively expensive or impractical.”

The Credit Card Exemption (Exemption) allows credit card issuers to obtain a customer’s TIN information from a third-party source instead of directly from the customer. This Exemption allows credit card issuers to streamline application processes and grant access to credit more efficiently.

Over the last decade, the evolution of personal financial products has been rapid. Credit card debt, which some agencies have identified as a burdensome form of debt continues to grow, while new and cheaper alternative sources of credit are potentially hamstrung by the onerous, impractical, and technical requirements of the CIP Rule. Online purchases now makeup a substantial portion of the US economy, and they are facilitated by various means of electronic consumer financial products and services. This evolution in consumer credit and purchasing behaviors raises the question as to whether credit card issuers should remain the only beneficiaries of the Exemption to full customer TIN collection directly from the consumer.

Some agencies have considered the application of the CIP Rule to emerging financial products. Recently, the Office of the Comptroller of Currency (OCC) recognized the potential issues with requiring a consumer to enter a full TIN when it released its December 2020 Interpretive Letter 1175, guidance for an online service provider, which noted:

“modified CIP process will not change the overall risk for money laundering and terrorist financing because [OpSub] will acquire the full TIN from a third-party source prior to establishing an account relationship and will verify the information collected as required by the rule. [OpSub]’s proposed practice of collecting partial TINs is similar to the existing exemption available to the processing of credit card accounts, and [OpSub]’s modified process should be treated similarly because the OCC finds that the rationale supporting the credit card exemption also applies to the [OpSub] process as described in the request letter. The credit card exemption was granted to tailor the application of the CIP rules to ‘situations where the account holder is not physically present at the financial institution’ at account opening and involve practices that have “little risk that the lender does not know the identity of the borrower,’ which is analogous to the online services provided by [OpSub].”

The OCC’s rationale also applies to similar online services, such as consumer credit products, including BNPL loans, due to the substantially similar consumer experience identified in the OCC’s guidance. The BNPL loan market includes multiple product types, such as “pay-in-four,” point-of-sale installment loans, and other post purchase installment payment plans. Given this broad market, it can be argued that BNPL loan providers are offering financial products and services with a similar methodology to credit cards.

In addition, a recent report by the Consumer Financial Protection Bureau (CFPB) on BNPL loan products specifically supports the need for consistent treatment of similar types of financial services products. The report cites BNPL as a rapidly expanding alternative to credit and serves consumers similarly, and provides a less expensive alternative than revolving credit. With the similarities to credit cards in consumer experience and services that new products like BNPL provide, AFC encourages FinCEN to apply consistent interpretations to applicable rules and regulations. Specifically, AFC requests that FinCEN hold BNPL financing in similar a regard to credit cards and qualify them within the Credit Card Exemption of the Rule.

Administration Goal to Promote Innovation and Harmonize Regulation

The Biden Administration identified a policy objective to harmonize and modernize federal regulations across the spectrum. This policy objective aligns with AFC’s perspectives generally and specifically relates to the CIP Rule at hand. Modernizing the CIP Rules to apply the aforementioned OCC guidance and existing credit card Exemption to BNPL loan products would greatly assist in the Administration’s efforts to accomplish its policy objective.

It is with these points in mind that AFC believes it is imperative that FinCEN provide regulatory clarity by either:

  • Issuing formal guidance on the collection and verification of TIN information (specifically indirect collection of part or all of the TIN) is appropriate when deemed risk accepted by a bank; and/or
  • Extending the CIP Credit Card Exemption to all similarly situated online or point of sale credit products, including those operating in the BNPL loan space.

We appreciate the opportunity to provide more insights with FinCEN on this matter. Thank you for your consideration.

Sincerely,

Yana Miles, General Counsel and SVP, Head of Regulatory Affairs
American Fintech Council

CC: The Honorable Todd M. Harper, Board Chair, National Credit Union Administration
Mr. Michael J. Hsu, Acting Comptroller, Office of the Comptroller of the Currency
The Honorable Martin J. Gruenberg, Chair of the Board of Directors, the Federal Deposit Insurance Corporation
The Honorable Jerome H. Powell, Chair, Board of Governors of the Federal Reserve System

About the American Fintech Council: The mission of the American Fintech Council is to promote an innovative, responsible, inclusive, customer-centric financial system. You can learn more at www.fintechcouncil.org.