SR 25-2:
Order Granting an Exemption from the Customer Identification Program Rule Requirement Related to a Bank Obtaining Taxpayer Identification Number Information from the Customer
OF THE FEDERAL RESERVE SYSTEM
WASHINGTON, D.C. 20551
DIVISION OF
SUPERVISION AND REGULATION
August 15, 2025
TO THE OFFICER IN CHARGE OF SUPERVISION AT EACH FEDERAL RESERVE BANK
Order Granting an Exemption from the Customer Identification Program Rule Requirement Related to a Bank Obtaining Taxpayer Identification Number Information from the Customer
Applicability: This Order applies to all banks supervised by the Federal Reserve that are subject to Customer Identification Program (CIP) Rule requirements under the Bank Secrecy Act.1
The Board of Governors of the Federal Reserve System (Federal Reserve) with the concurrence of the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), is issuing the attached Order to grant an exemption from the requirement of the CIP Rule related to banks subject to the jurisdiction of the Federal Reserve2 obtaining Taxpayer Identification Number (TIN)3 information from the customer prior to opening an account. Effective immediately, banks supervised by the Federal Reserve can utilize this CIP exemption and should update their CIP policies and procedures as needed.
The Order permits banks, for all accounts4 at all banks (and their subsidiaries5) subject to the Federal Reserve’s jurisdiction, to instead use an alternative collection method to obtain TIN information from a third-party source rather than the customer, provided that the bank otherwise complies with the CIP Rule, which requires written procedures that: (1) enable the bank to obtain TIN information prior to opening an account; (2) are based on the bank’s assessment of the relevant risks; and (3) are risk-based for the purpose of verifying the identity of each customer to the extent reasonable and practicable, enabling the bank to form a reasonable belief that it knows the true identity of each customer. The use of this exemption by banks is optional; banks are not required to use an alternative collection method for TIN information.
The CIP Rule, implementing section 326 of the USA PATRIOT Act,6 requires a bank to have a CIP that includes risk-based verification procedures that enable the bank to form a reasonable belief regarding the identity of each “customer,” including, at a minimum, obtaining the customer’s name, date of birth, address, and identification number, and to establish risk-based procedures to verify the identity of new customers. Generally, to fulfill the CIP Rule’s identification number requirement, a bank must obtain TIN information from the customer, except with respect to credit card accounts.7 The Federal Reserve and FinCEN recognize that considerable changes in the way that customers interact with banks and receive financial services have occurred since section 326 of the USA PATRIOT Act was enacted into law. The importance of collecting TIN information from the customer rather than through another method for identification and verification purposes has lessened since regulations implementing section 326 were adopted in 2003, particularly in light of the availability of new methods that a bank can use alongside TIN information to form a reasonable belief that the bank knows the true identity of each customer.
Under the CIP Rule, the Federal Reserve, with the concurrence of the Secretary of the Treasury (Secretary), may by order or regulation exempt any bank or type of account from the requirements of the CIP Rule. The Secretary’s authority under this provision has been delegated to FinCEN. Based on FinCEN’s analysis of Bank Secrecy Act information, consultation with law enforcement agencies, and the Federal Reserve’s examination of current CIP program and procedures, FinCEN has not identified heightened illicit finance risk relating to the method of collection of TINs, and the Federal Reserve considers an alternative collection method for TIN information consistent with safe and sound banking. FinCEN and the Federal Reserve therefore find there is a valid basis for an exemption to allow banks the option to use an alternative collection method for TIN information.
Reserve Banks should distribute this SR letter to supervised banks in their districts, as well as to supervisory and examination staff. Questions concerning this SR letter or the interagency exemption Order may be sent via the Federal Reserve Board’s public website.8
signed by
Mary L. Aiken
Acting Director
Division of
Supervision and Regulation
-
SR 05-9, “Frequently Asked Questions Relating to Customer Identification Program Rules”
Notes:
-
Banks supervised by the Federal Reserve subject to the CIP requirements include: state member banks (Regulation H, 12 CFR 208.63(b)(2)), Edge and agreement corporations (Regulation K, 12 C.F.R. 211.5(m)(2)), and branches, agencies and representative offices of foreign banking organizations operating in the United States (Regulation K, 12 CFR 211.24(j)(2)). Return to text.
-
The Order is applicable to banks, as that term is defined by 31 CFR 1010.100(d), and their subsidiaries, that are subject to the jurisdiction of the Federal Reserve. On June 27, 2025, with the concurrence of FinCEN, the Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), and National Credit Union Administration (NCUA) (together with the Federal Reserve, the “Agencies”) issued an identical order applicable to banks subject to their jurisdiction. See FinCEN Permits Banks to Use Alternative Collection Method for Obtaining TIN Information; FDIC: Agencies Issue Exemption Order to Customer Identification Program Requirements; OCC: Acting Comptroller of the Currency Issues Statement on Order Granting Exemption to Customer Identification Program; NCUA: Agencies Issue Exemption Order to Customer Identification Program Requirements. Return to text.
-
See 31 CFR 1020.220(a)(2)(i)(A)(4); see also 31 CFR 1010.100(yy). A TIN is defined by section 6109 of the Internal Revenue Code of 1986 (26 U.S.C. § 6109) and the Internal Revenue Service regulations implementing that section (e.g., Social Security Number (SSN), individual taxpayer identification number (ITIN), or employer identification number (EIN)). Return to text.
-
The terms account and customer are defined at 31 CFR 1020.100(a) and (b), respectively. Return to text.
-
See, e.g., 12 C.F.R. §§ 5.34(e)(3) and 5.38(e)(3) (requirements governing operating subsidiaries of national banks and Federal savings associations); see also Agencies, FinCEN, Office of Thrift Supervision, Department of the Treasury, Interagency Interpretive Guidance on Customer Identification Program Requirements under Section 326 of the USA PATRIOT Act (Apr. 28, 2005), available at https://www.fincen.gov/resources/statutes-regulations/guidance/interagency-interpretive-guidance-customer-identification (interagency FAQs describing the applicability of the CIP Rule to bank subsidiaries). Return to text.
-
31 U.S.C. 5318(l). See also SR letter 05-9, “Frequently Asked Questions Relating to Customer Identification Program Rules,” for interagency guidance on common questions regarding the CIP Rule. Return to text.
-
Regarding credit card accounts, the CIP Rule allows banks to obtain customer identification information from a third-party source prior to extending credit to the customer. 31 CFR 1020.220(a)(2)(i)(C). Return to text.
-
See http://www.federalreserve.gov/apps/contactus/feedback.aspx. Return to text.