[Federal Register: May 9, 2003 (Volume 68, Number 90)] [Rules and Regulations] [Page 25149-25162] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr09my03-28] ----------------------------------------------------------------------- COMMODITY FUTURES TRADING COMMISSION 17 CFR Part 42 RIN 3038-AB90 DEPARTMENT OF THE TREASURY 31 CFR Part 103 RIN 1506-AA34 Customer Identification Programs For Futures Commission Merchants and Introducing Brokers AGENCIES: Financial Crimes Enforcement Network, Treasury; Commodity Futures Trading Commission. ACTION: Joint final rule. ----------------------------------------------------------------------- SUMMARY: The Department of the Treasury, through the Financial Crimes Enforcement Network (FinCEN), and the Commodity Futures Trading Commission (CFTC) are jointly adopting a final rule to implement section 326 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001. Section 326 requires the Secretary of the Treasury to jointly prescribe with the CFTC a rule that, at a minimum, requires futures commission merchants and introducing brokers to implement reasonable procedures to verify the identity of any person seeking to open an account, to the extent reasonable and practicable; maintain records of the information used to verify the person's identity; and determine whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to futures commission merchants or introducing brokers by any government agency. This final rule applies to all futures commission merchants and introducing brokers, except for futures commission merchants and introducing brokers that register with the CFTC solely because they effect transactions in security futures products. DATES: Effective Date: This rule is effective June 9, 2003. Compliance Date: Futures commission merchants and introducing brokers subject to this final rule must comply with it by October 1, 2003. FOR FURTHER INFORMATION CONTACT: Commodity Futures Trading Commission: Office of the General Counsel, (202) 418-5120, Commodity Futures Trading Commission, 1155 21st Street, NW., Washington, DC 20581; or [email protected]. Treasury: Office of the Chief Counsel (FinCEN), (703) 905-3590; Office of the General Counsel (Treasury), (202) 622-1927; or the Office of the Assistant General Counsel for Banking & Finance (Treasury), (202) 622-0480. SUPPLEMENTARY INFORMATION: I. Background A. Section 326 of the USA PATRIOT Act On October 26, 2001, President Bush signed into law the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001 (Act).\1\ Title III of the Act, captioned ``International Money Laundering Abatement and Anti-terrorist Financing Act of 2001,'' added several new provisions to the Bank Secrecy Act (BSA).\2\ These provisions are intended to facilitate the prevention, detection, and prosecution of international money laundering and the financing of terrorism. Section 326 of the Act added a new subsection (l) to 31 U.S.C. 5318 of the BSA that requires the Secretary of the Treasury (Secretary or Treasury) to prescribe regulations ``setting forth the minimum standards for financial institutions and their customers regarding the identity of the customer that shall apply in connection with the opening of an account at a financial institution.'' --------------------------------------------------------------------------- \1\ Pub. L. 107-56. \2\ 31 U.S.C. 5311 et seq. --------------------------------------------------------------------------- Section 326 of the Act applies to all ``financial institutions.'' This term is defined broadly in the BSA to encompass a variety of entities, including commercial banks, agencies and branches of foreign banks in the United States, thrifts, credit unions, private banks, trust companies, brokers and dealers in securities, investment companies, futures commission merchants (FCMs), introducing brokers (IBs),\3\ insurance companies, travel agents, pawnbrokers, dealers in precious metals, check-cashers, casinos, and telegraph companies, among many others.\4\ --------------------------------------------------------------------------- \3\ Treasury has clarified that the term ``a broker or dealer in securities or commodities'' in the BSA, 31 U.S.C. 5312(a)(2)(H), includes IBs within the definition of ``financial institution.'' 67 FR 48328, 48329 n.2 (July 23, 2002); see also 67 FR 21110, 21111 n.5 (April 29, 2002). \4\ See 31 U.S.C. 5312(a)(2), 5312(c)(1)(A). For any financial institution engaged in financial activities described in section 4(k) of the Bank Holding Company Act of 1956, the Secretary is required to prescribe the regulations issued under section 326 of the Act jointly with the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, and the National Credit Union Administration (collectively, the banking agencies), the CFTC, and the Securities and Exchange Commission (SEC). --------------------------------------------------------------------------- The regulations implementing section 326 of the Act must require, at a minimum, financial institutions to implement reasonable customer identification procedures for: (1) Verifying the identity of any person seeking to open an account, to the extent reasonable and practicable; (2) maintaining records of the information used to verify the person's identity, including name, address, and other identifying information; and (3) determining whether the person appears on any lists of known or suspected terrorists or terrorist organizations provided to the financial institution by any government agency. In prescribing these regulations, the Secretary is directed to take into consideration the types of accounts maintained by different types of financial institutions, the various methods of opening accounts, and the types of identifying information that are available. B. Overview of Comments Received On July 23, 2002, Treasury and the CFTC jointly proposed a rule to implement section 326 of the Act with respect to FCMs and IBs.\5\ Treasury and the CFTC received three comments directed to this proposal.\6\ Commenters [[Page 25150]] were a registered futures association and two futures industry trade associations. Commenters generally supported the proposal but suggested a few revisions. --------------------------------------------------------------------------- \5\ Customer Identification Programs for FCMs and IBs, 67 FR 48328 (July 23, 2002) (NPRM). Treasury simultaneously published: (1) jointly with the banking agencies, a proposed rule applicable to banks (as defined in 31 CFR 103.11(c)) and foreign branches of insured banks (67 FR 48290 (July 23, 2002)); (2) a proposed rule applicable to credit unions, private banks and trust companies that do not have a Federal functional regulator (67 FR 48299 (July 23, 2002)); (3) jointly with the SEC, a proposed rule applicable to broker-dealers (67 FR 48306 (July 23, 2002)); and (4) jointly with the SEC, a proposed rule applicable to mutual funds (67 FR 48318 (July 23, 2002)). Treasury, the CFTC, the SEC, and the banking agencies received approximately 500 comments in response to these proposed rules. Many of those commenters raised similar issues applicable to all the affected sectors of the financial services industry. \6\ The comment letters are available for public inspection and copying in the CFTC's Reading Room, located in Room 4072 at the CFTC's principal office at Three Lafayette Centre, 1155 21st Street, NW., Washington, DC 20581. The telephone number is (202) 418-5025. Comment letters are also available on the CFTC's Internet website at href="http://frwebgate.access.gpo.gov/cgi-bin/leaving.cgi?from=leavingFR.html&log=linklog&to=http://www.cftc.gov/foia/comment02/foi02_009_1.htm" shape="rect">http://frwebgate.access.gpo.gov/cgi-bin/leaving.cgi?from=leavingFR.html&log=linklog&to=http://www.cftc.gov/foia/comment02/foi02_009_1.htm. --------------------------------------------------------------------------- One commenter addressed the rule's definition of ``customer,'' specifically the definition's inclusion of persons with authority to effect transactions in the account. This commenter argued that the definition was overly broad and suggested that a risk-based approach be adopted instead. Two commenters addressed the proposed rule's identity verification requirement. One commenter supported the proposed rule's framework for when verification would be required of existing customers that open new accounts. The other commenter requested clarification as to what would be considered a ``new account'' for which verification would be necessary. Both commenters suggested that the final rule text include the exception discussed in the NPRM for certain non-customer initiated transfers of accounts between FCMs.\7\ --------------------------------------------------------------------------- \7\ See NPRM, 67 FR at 48330. --------------------------------------------------------------------------- Two commenters addressed the issue of permissible reliance between FCMs and IBs that share an account relationship with respect to the performance of customer identification and verification functions. The commenters requested clarification regarding the requirement that the relied-upon firm provide a certification to the relying firm. They suggested that the relied-upon firm be allowed to provide one certification that would suffice for all customers for which the two financial institutions share an account relationship. The commenters also suggested that reliance upon non-U.S. financial institutions, particularly affiliates, be permitted as well. One commenter addressed the proposed rule's customer notice requirement. This commenter suggested that notice should not be required of FCMs and IBs, and that if it is required, posting a notice on the firm's Internet website should be deemed sufficient for all customers. Treasury and the CFTC have modified the proposed rule in light of these comments. It is the intent of Treasury, the CFTC, the SEC and the banking agencies that all the final rules implementing 31 U.S.C. 5318(l) be substantively identical, which approach was supported by commenters from all affected sectors of the financial services industry. Accordingly, Treasury and the CFTC also have modified the proposed rule for FCMs and IBs to maintain consistency and parallel treatment with the final rules imposing customer identification and verification requirements upon other financial institutions.\8\ The section-by-section analysis that follows discusses the comments and the modifications that Treasury and the CFTC have made to the proposed rule. --------------------------------------------------------------------------- \8\ See supra notes 4 and 5. Treasury and the CFTC believe that these changes either clarify or liberalize the scope of the proposed rule with respect to FCMs and IBs. --------------------------------------------------------------------------- C. Codification of the Joint Final Rule The joint final rule applies to any person that is registered or required to be registered with the CFTC under the Commodity Exchange Act (CEA) \9\ as either an FCM or IB, except persons who register as an FCM or IB solely for the purpose of effecting any transactions in a security futures product (SFP).\10\ The substantive requirements of this joint final rule will be codified as part of Treasury's BSA regulations located in 31 CFR Part 103.\11\ --------------------------------------------------------------------------- \9\ 7 U.S.C. 1, et seq. \10\ FCMs and IBs that limit their futures business to effecting transactions in SFPs may register with the CFTC pursuant to 7 U.S.C. 6f(a)(2). These persons will be subject to the customer identification rule being issued by the SEC with respect to securities brokers or dealers. \11\ The rule will be codified at 31 CFR 103.123. --------------------------------------------------------------------------- As proposed, the CFTC is adding a rule in its own regulations that will cross-reference the joint rule in 31 CFR Part 103. Specifically, the CFTC is concurrently amending Chapter I of 17 CFR to add a new Part 42 and adopting a new rule in this Part, Rule 42.2 (Compliance with Bank Secrecy Act).\12\ CFTC Rule 42.2 will require each FCM and IB to comply with the applicable provisions of the BSA and the implementing regulations, including 31 U.S.C. 5318(l) and the implementing regulation jointly promulgated by Treasury and the CFTC at 31 CFR 103.23, requiring customer identification and verification procedures as part of the FCM's or IB's anti-money laundering (AML) compliance program. --------------------------------------------------------------------------- \12\ 17 CFR 42.2. --------------------------------------------------------------------------- Final rules governing the applicability of section 326 of the Act to certain other financial institutions, including banks, thrifts, credit unions, mutual funds and securities broker-dealers, are being issued separately. Treasury, the CFTC, the SEC and the banking agencies consulted extensively in the development of all joint rules implementing section 326 of the Act. These agencies intend the effect of the final rules to be uniform throughout the financial services industry. Treasury intends to issue separate rules under section 326 of the Act for certain non-bank financial institutions that are not regulated by one of the Federal functional regulators. D. Compliance Date Many commenters on the other proposed rules \13\ requested that financial institutions be given adequate time to develop and implement the requirements of any final rule adopted under section 326 of the Act. The transition periods suggested by these commenters ranged from 60 days to two years after the publication of a final rule. --------------------------------------------------------------------------- \13\ See supra note 5. --------------------------------------------------------------------------- The final rule for FCMs and IBs modifies various aspects of the proposed rule and eliminates some of the requirements that commenters identified as being most burdensome. Nonetheless, Treasury and the CFTC recognize that some FCMs and IBs will need time to develop and implement the customer identification program (CIP) required by the rule, because doing so may include various measures, such as training staff, reprinting forms, and programming automated systems. Accordingly, although this rule will be effective 30 days after publication, FCMs and IBs will have a transition period to implement the rule. FCMs and IBs must fully implement their CIPs under the final rule by October 1, 2003.\14\ --------------------------------------------------------------------------- \14\ The final CIP rules issued by Treasury and the other Federal functional regulators also require full implementation by October 1, 2003. --------------------------------------------------------------------------- II. The Joint Final Rule Implementing Sections 326 of the Act A. Section-by-Section Analysis Section 103.123(a) Definitions Section 103.123(a)(1) Account. The proposed rule defined ``account'' as any formal business relationship with an FCM, including, but not limited to, any relationship established to effect transactions in contracts of sale for future delivery, options on contracts of sale for future delivery, or options on physicals in any commodity.\15\ --------------------------------------------------------------------------- \15\ See NPRM, 67 FR at 48337. --------------------------------------------------------------------------- The final rule includes certain changes to this definition. First, the reference to a ``business relationship'' has been removed from the definition of ``account.'' This change has been made to clarify that the rule applies to the FCM's provision of financial services,\16\ [[Page 25151]] as opposed to general business dealings such as those established in connection with an FCM's own operations or premises. Second, in order to clarify the covered relationships, the final rule refers to transactions in ``contracts of sale of a commodity for future delivery, options on any contract of sale of a commodity for future delivery, or options on a commodity.'' --------------------------------------------------------------------------- \16\ This term is intended to operate broadly to include all financial services provided by an FCM. It would include, for example, the provision of any guarantee or clearing services provided by an FCM. It would also include an FCM's provision of financial services involving any foreign currency futures contract, option on any foreign currency futures contract, or option on a foreign currency that occurs on an off-exchange basis. See 7 U.S.C. 2(c)(1)-(2). --------------------------------------------------------------------------- Two commenters requested that the final rule codify the ``transfer exception'' to the definition of an ``account.'' The NPRM stated that transfers of accounts from one FCM to another that are not initiated by the customer fall outside the scope of section 326 of the Act,\17\ and would not be covered by the proposed rule.\18\ The final rule codifies this exception \19\ by excluding from the definition of ``account'' any account that an FCM acquires through an acquisition, merger, purchase of assets, or assumption of liabilities.\20\ --------------------------------------------------------------------------- \17\ Section 326 of the Act applies with respect to persons seeking to open an account at a financial institution. If a financial institution acquires an account through a non-customer initiated transaction, such as a transfer due to the insolvency of an FCM, the customer is not seeking to open an account with the financial institution. By the same reasoning, the final rule does not, as one commenter requested, expand the ``transfer exception'' to include transfers where a customer account follows an associated person who moves from one firm to another, because such transfers are, at a minimum, undertaken with the acquiescence of the customer. Nonetheless, as discussed, infra, while the final rule requires that certain minimum customer information be obtained prior to opening an account, verification of the customer's identity may be done within a reasonable time before or after the account is opened. \18\ See NPRM, 67 FR at 48330 (discussion of definition of the term ``customer''). \19\ Nevertheless, there may be situations involving the transfer of accounts where it would be appropriate for an FCM, as part of its anti-money laundering compliance program (see, infra, note 89 and accompanying text) to verify the identity of customers associated with accounts that it acquires from another financial institution. For example, it may be appropriate to verify transferred account holders if the accounts are coming from a financial institution that has failed to establish or maintain a CIP. Treasury and the Federal functional regulators expect financial institutions to implement reasonable procedures to detect money laundering in any account, however acquired. \20\ This ``transfer exception'' includes bulk transfers made in accordance with CFTC Rule 1.65, 17 CFR 1.65, or as required by the CFTC's minimum financial requirements in CFTC Rule 1.17(a)(4), 17 CFR 1.17(a)(4). This exception would also cover transfers of accounts that result when an IB changes its introducing relationship from one FCM to another. For customers that open accounts after the transfer, however, the IB and the new FCM would need to meet the requirements in paragraph (b)(6) (including entering into a contract and providing certifications) to the extent they intend to rely on each other to undertake CIP requirements with respect to these customers. --------------------------------------------------------------------------- The final rule also excludes from the definition of ``account'' those accounts that are opened for the purpose of participating in an employee benefit plan established pursuant to the Employee Retirement Income Security Act of 1974. These accounts are less susceptible to being used for the financing of terrorism and money laundering because, among other reasons, they are funded through payroll deductions in connection with employment plans that must comply with Federal regulations imposing, among other requirements, low contribution limits and strict distribution requirements. Section 103.123(a)(2) Commission. The proposed rule defined ``Commission'' as the United States Commodity Futures Trading Commission. There were no comments on the definition, and Treasury and the CFTC have adopted it as proposed. Section 103.123(a)(3) Commodity. The proposed rule defined ``commodity'' by reference to Section 1a(4) of the CEA, 7 U.S.C. 1a(4). There were no comments on the definition, and Treasury and the CFTC have adopted it as proposed. Section 103.123(a)(4) Contract of sale. The final rule adds a definition of ``contract of sale.'' The term is used in the definition of ``account.''\21\ The final rule defines ``contract of sale'' as any sale, agreement of sale or agreement to sell as described in Section 1a(7) of the CEA, 7 U.S.C. 1a(7). --------------------------------------------------------------------------- \21\ See final rule, 103.123(a)(1). --------------------------------------------------------------------------- Section 103.123(a)(5) Customer. The proposed rule defined ``customer'' to mean any person who opens a new account with an FCM, and any person granted authority to effect transactions in an account.\22\ For consistency with the text of section 326 of the Act, the final rule defines ``customer'' as ``a person that opens a new account.'' Except in the case of minors and informal groups with a common interest (e.g., civic clubs), this means that the ``customer'' is the person identified as the account holder, or persons in the case of a joint account. It does not refer to a person who fills out the account opening paperwork or provides information necessary to open an account, if such person is not the account holder as well. Thus, an FCM or IB is not required to look through a trust or similar account to its beneficiaries, and is required only to verify the identity of the named account holder.\23\ The final rule provides for similar treatment of intermediated accounts. --------------------------------------------------------------------------- \22\ See NPRM, 67 FR at 48337. \23\ However, as discussed below, under paragraph (b)(2)(ii)(C) of the final rule, an FCM or IB, based on its risk-assessment of a new account, may need to take additional steps to verify the identity of a non-individual, such as obtaining information about persons with control over the account. In addition, the due diligence procedures required under other provisions of the BSA or the futures laws may require FCMs and IBs to look through to owners of certain types of accounts. --------------------------------------------------------------------------- As stated in the NPRM,\24\ the focus of the CIP with respect to intermediated accounts will be the intermediary itself. If the intermediary is the account holder, such as in the case of an omnibus account, an FCM is not required to look through the intermediary to the underlying beneficiaries. Likewise, if the intermediary opens an account in the name of a collective investment vehicle, such as commodity pools, an FCM or IB is not required to look through the collective investment vehicle to the underlying participants.\25\ --------------------------------------------------------------------------- \24\ See NPRM, 67 FR at 48331. \25\ This is not because the FCM or IB is relying upon the intermediary to perform its required due diligence. It is because under the final rule, FCMs and IBs are required only to verify the identity of their customers, and when an intermediary opens an account in its own name (or in the name of its collective investment vehicle), the intermediary (or collective investment vehicle) is the firm's ``customer.'' By contrast, if an intermediary were to open an account not in its own name (or the name of a collective investment vehicle) but in the name of its client, then under the final rule the FCM's or IB's customer would be the client. In this situation, the FCM or IB may indeed seek to rely upon the intermediary for performance of its CIP procedures with respect to these shared customers. See discussion infra regarding final rule, 103.123(b)(6) (reliance on other financial institutions). --------------------------------------------------------------------------- After revisiting the ``authorized person'' component of the proposed ``customer'' definition, Treasury and the CFTC have determined that requiring limited resources to be expended on verifying the identities of persons with authority over accounts could interfere with an FCM's or IB's ability to focus on customers that present a higher risk of not being properly identified. Accordingly, the final rule does not include persons with authority to effect transactions in accounts within the definition of ``customer.'' Instead, paragraph (b)(2)(ii)(C) of the final rule requires FCMs and IBs to address situations where they will take additional steps to verify the identity of a customer that is not an individual by seeking information about individuals with authority or control over the account in order to verify the customer's identity. The definition of ``customer'' has been revised to clarify the treatment of [[Page 25152]] accounts for an individual who lacks legal capacity (such as a minor) and accounts for an entity that is not a legal person (such as informal groups with a common interest, which includes civic clubs).\26\ In the case of a minor child or informal group, the ``customer'' for purposes of the rule is the individual who undertakes to open the account in the name of the minor or group. Generally, this will be the person who fills out the account opening paperwork and provides the information necessary to open the account in the name of the minor or group. --------------------------------------------------------------------------- \26\ See final rule, 103.123(a)(5)(i)(B). --------------------------------------------------------------------------- In order to make the rule less burdensome, the final rule excludes from the definition of ``customer'' certain readily identifiable entities, including: (1) Financial institutions regulated by a Federal functional regulator; (2) banks regulated by a state bank regulator; and (3) persons described in Sec. 103.22(d)(2)(ii)-(iv), which includes entities such as governmental agencies and instrumentalities and companies that are publicly traded.\27\ The definition of ``customer'' also excludes a person who has an existing account, provided that the FCM or IB has a reasonable belief that it knows the true identity of the person.\28\ --------------------------------------------------------------------------- \27\ See final rule,103.123(a)(5)(ii)(A)-(B). Section 103.22(d)(2)(iv) exempts such companies only to the extent of their domestic operations. Accordingly, an FCM's or IB's CIP will apply to any foreign offices, affiliates, or subsidiaries of such entities that open new accounts. \28\ The proposed rule provided for similar treatment of existing customers, however, it included this exclusion in a different paragraph of the rule. Whereas the existing customer exclusion appears in the final rule's definition of ``customer,'' this exclusion appeared in the proposed rule's paragraph detailing the required verification procedures. Compare 103.123(a)(5)(ii) with NPRM, 67 FR at 48338 (proposed 103.123(d)). --------------------------------------------------------------------------- Finally, the proposed definition of ``customer'' stated that when an account is introduced to an FCM by an IB, the person or individual opening the account shall be deemed to be a customer of both the FCM and the IB. There were no comments on this portion of the definition, and Treasury and the CFTC have adopted it as proposed.\29\ --------------------------------------------------------------------------- \29\ Treasury and the CFTC believe that the revisions made to the definition of ``customer'' in the proposed rule address the suggestion by one commenter that a risk-based approach be taken to determining who is a customer whose identity must be verified. --------------------------------------------------------------------------- Section 103.123(a)(6) Federal functional regulator. The final rule adds a definition of ``Federal functional regulator.'' The term is used in the revised definition of ``customer'' and in a new provision allowing FCMs and IBs to rely on certain other financial institutions to perform procedures of their CIPs.\30\ The final rule defines ``Federal functional regulator'' by reference to Sec. 103.120(a)(2). --------------------------------------------------------------------------- \30\ See final rule, 103.123(a)(5) and (b)(6), respectively. --------------------------------------------------------------------------- Section 103.123(a)(7) Financial institution. The final rule adds a definition of ``financial institution.'' The term is used in the revised definition of ``customer'' and in a new provision allowing FCMs and IBs to rely on certain other financial institutions to perform procedures of their CIPs.\31\ This new definition cross-references the BSA, 31 U.S.C. 5312(a)(2) and (c)(1). This is a more expansive definition of ``financial institution'' than that in 31 CFR 103.11, and includes entities such as FCMs. --------------------------------------------------------------------------- \31\ Id. --------------------------------------------------------------------------- Section 103.123(a)(8) FCM. The proposed rule defined ``FCM'' as any person registered or required to be registered as an FCM with the CFTC under the CEA, except persons who register pursuant to section 4f(a)(2) of the CEA solely to effect transactions in SFPs. There were no comments on the definition, and Treasury and the CFTC have adopted it as proposed. Section 103.123(a)(9) IB. The proposed rule defined ``IB'' as any person registered or required to be registered as an IB with the CFTC under the CEA, except persons who register pursuant to section 4f(a)(2) of the CEA solely to effect transactions in SFPs. There were no comments on the definition, and Treasury and the CFTC have adopted it as proposed with the addition of a U.S.C. citation for section 4f(a)(2) of the CEA, 7 U.S.C. 6f(a)(2). Section 103.123(a)(10) Option. The final rule adds a definition of ``option.'' The term is used in the definition of ``account.'' \32\ The final rule defines ``option'' as an agreement, contract or transaction described in Section 1a(26) of the CEA, 7 U.S.C. 1a(26). --------------------------------------------------------------------------- \32\ See final rule, 103.123(a)(5). --------------------------------------------------------------------------- Section 103.12(a)(11) Taxpayer identification number. The proposed rule defined ``taxpayer identification number'' (TIN) by reference to the provisions of section 6109 of the Internal Revenue Code of 1986 and the regulations of the Internal Revenue Service (IRS) promulgated thereunder. There were no comments on the definition, and Treasury and the CFTC have adopted it substantially as proposed. Section 103.123(a)(12) U.S. Person and Sec. 103.123(a)(13) Non- U.S. person. The proposed rule defined ``U.S. person'' as an individual who is a U.S. citizen, or an entity established or organized under the laws of a State or the United States.\33\ A ``non-U.S. person'' was defined as a person who did not satisfy either of these criteria.\34\ --------------------------------------------------------------------------- \33\ The proposed rule contained a definition of ``person'' that cross-referenced the definition in 31 CFR 103.11(z). See NPRM, 67 FR at 48337. Since the final rule is being codified in 31 CFR Part 103, it will incorporate the definition in Sec. 103.11(z) without the need for a specific cross-reference. Therefore, the definition has been removed from the final rule. The definition of ``person'' in Sec. 103.11(z) is: ``an individual, a corporation, a partnership, a trust or estate, a joint stock company, an association, a syndicate, joint venture, or other unincorporated organization or group, an Indian tribe (as that term is defined in the Indian Gaming Regulatory Act), and all entities cognizable as legal personalities.'' \34\ See NPRM, 67 FR at 48337. --------------------------------------------------------------------------- Under these definitions, an FCM or IB will not necessarily need to establish whether a potential customer is a U.S. citizen. As described in greater detail below, the FCM or IB will have to ask each customer for a U.S. TIN (social security number, employer identification number, or individual TIN). If a customer cannot provide one, the FCM or IB may then obtain an identification number from some other form of government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard. There were no comments on these definitions, and Treasury and the CFTC have adopted them as proposed. Section 103.123(b) Customer Identification Program: Minimum Requirements Section 103.123(b)(1) In general. Treasury and the CFTC proposed to require that each FCM and IB implement a written CIP as part of its AML program required under 31 U.S.C. 5318(h),\35\ and that the procedures of the CIP enable each FCM and IB to form a reasonable belief that it knows the true identity of each customer.\36\ The CIP procedures were to be based on the type of identifying information available and on an assessment of relevant risk factors, including the FCM's or IB's size, location and methods of opening accounts, the types of accounts maintained and the types of transactions executed for customers, and the FCM's or IB's reliance on another FCM or IB with which it shares an account relationship. --------------------------------------------------------------------------- \35\ National Futures Association (NFA) Compliance Rule 2-9(c) sets forth minimum requirements for these AML programs. \36\ See NPRM, 67 FR at 48337-48338. --------------------------------------------------------------------------- The NPRM discussed these risk factors and explained that, although the rule would require certain minimum identifying information and suitable verification methods, FCMs and IBs should consider on an ongoing basis [[Page 25153]] whether other information or methods are appropriate, particularly as they become available in the future.\37\ Commenters generally supported the risk-based approach of the proposed CIP requirements. --------------------------------------------------------------------------- \37\ See NPRM, 67 FR at 48331. --------------------------------------------------------------------------- In the final rule, paragraph (b)(1) continues to set forth the general requirement that FCMs and IBs must implement a written CIP as part of their required AML programs. It provides that the CIP should be appropriate for the FCM's or IB's size and business and that, at a minimum, it must contain the requirements set forth in paragraphs (b)(1) through (b)(5), which are discussed below. The final rule has been re-organized to be structurally consistent with the rules being issued by Treasury and the other Federal functional regulators. Thus, requirements that had been set forth in paragraphs (c) through (h) in the proposed rule are now contained in paragraphs (b)(2) through (b)(5) of the final rule to the extent they have been adopted. The rule's structure was changed in order to affirm the intent of Treasury and the Federal functional regulators that all the CIP rules impose the same requirements. Finally, the reference to risk factors has been moved to paragraph (b)(2) of the final rule, which requires FCMs and IBs to establish identity verification procedures. This change was made to clarify that the risk factors apply only to the identity verification procedures of the CIP, and not to standard requirements, such as procedures for providing notice to customers, recordkeeping, or checking government lists, which may not vary depending upon the perceived risk. Section 103.123(b)(2) Identity Verification Procedures Treasury and the CFTC proposed to require that the FCMs' and IBs' CIPs include procedures for verifying the identity of customers, to the extent reasonable and practicable, using information specified in the rule, and that such verification occur within a reasonable time before or after the customer's account is opened.\38\ On the whole, commenters supported these general requirements, although they recommended greater use of a risk-based approach. --------------------------------------------------------------------------- \38\ See NPRM, 67 FR at 48338. --------------------------------------------------------------------------- The final rule continues to strike a balance between flexibility and detailed guidance, and Treasury and the CFTC are adopting the provisions on identity verification procedures substantially as proposed. Under the final rule, an FCM's or IB's CIP must include risk- based procedures for verifying the identity of each customer to the extent reasonable and practicable. Such procedures must enable the FCM or IB to form a reasonable belief that it knows the true identity of each customer. The procedures must be based on the FCM's or IB's assessment of the relevant risks, including those presented by the various types of accounts maintained, the various methods of opening accounts, the various types of identifying information available, and the FCM's or IB's size, location and customer base. Section 103.123(b)(2)(i) Customer Information Required The proposed rule provided that an FCM's or IB's CIP must require the firm to obtain certain identifying information about its customers, including, at a minimum: (1) Names; (2) dates of birth, for natural persons; (3) certain addresses; \39\ and (4) certain identification numbers.\40\ The NPRM further stated that in certain circumstances, an FCM or IB should obtain additional identifying information, and that the CIP should set forth guidelines regarding those circumstances and the additional information that should be obtained.\41\ --------------------------------------------------------------------------- \39\ The proposed rule would have required FCMs and IBs to obtain residence and mailing addresses (if different) for a natural person, or principal place of business and mailing addresses (if different) for a person other than a natural person. See NPRM, 67 FR at 48337. \40\ The proposed rule would have required FCMs and IBs to obtain: (1) for a customer that is a U.S. person, a TIN, or (2) for a customer that is not a U.S. person, a TIN, passport number and country of issuance, alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard. See NPRM, 67 FR at 48337. \41\ See NPRM, 67 FR at 48332. --------------------------------------------------------------------------- Treasury and the CFTC are adopting the customer information requirements substantially as proposed, with changes to accommodate individuals who may not have a physical address. Treasury and the CFTC believe that FCMs and IBs, for the most part, already collect the information required by the rule,\42\ and that this information not only is necessary for the verification process, but also serves an important law enforcement function. --------------------------------------------------------------------------- \42\ See NPRM, 67 FR at 48335 n.17. See also CFTC Rule 1.37(a)(1), 17 CFR 1.37(a)(1), which requires FCMs and IBs to obtain, among other things, the true name and address of the person for whom such account is carried or introduced. Although an FCM or IB can utilize the customer information that is obtained and verified under the final rule to fulfill this obligation under Rule 1.37, an FCM or IB still will need to obtain the principal occupation or business of its customers as well as the name of any other person guaranteeing or exercising trading control with respect to its customers' accounts, because these are among the additional requirements under CFTC Rule 1.37. Further, FCM and IB members of NFA will still need to comply with the additional minimum requirements in NFA Compliance Rule 2-30(c) (requires FCM and IB members to obtain from customers that are natural persons, at least the following: ``(2) The customer's current estimated annual income and net worth; (3) the customer's approximate age; and (4) an indication of the customer's previous investment and futures trading experience''). --------------------------------------------------------------------------- Accordingly, prior to opening an account, FCMs and IBs must obtain, at a minimum, a customer's (1) Name; (2) date of birth, for an individual; (3) address; and (4) identification number.\43\ The address must be: (1) For an individual, a residential or business street address, or for an individual who does not have a residential or business street address, an Army Post Office or Fleet Post Office box number, or the residential or business street address of next of kin or another contact individual; or (2) for a person other than an individual, a principal place of business, local office or other physical location. --------------------------------------------------------------------------- \43\ Based on an assessment of the relevant risk factors, the FCM's or IB's CIP may require a customer to provide additional information to enable the firm to form a reasonable belief that it knows the customer's true identity. --------------------------------------------------------------------------- Treasury and the CFTC are adopting the identification number requirement substantially as proposed. For a customer that is a U.S. person, the identification number is a TIN (social security number, or employer identification number). For a customer that is not a U.S. person, the identification number is one or more of the following: a TIN, passport number and country of issuance, alien identification card number, or number and country of issuance of any other government- issued document evidencing nationality or residence and bearing a photograph or similar safeguard. This provision provides FCMs and IBs with some flexibility to choose among a variety of identification numbers that they may accept from a non-U.S. person.\44\ However, the identifying information the FCM or IB accepts must enable it to form a reasonable belief that it knows the true identity of the customer.\45\ --------------------------------------------------------------------------- \44\ The rule provides this flexibility because there is no uniform identification number that non-U.S. persons would be able to provide to an FCM or IB. See Treasury Department, ``A Report to Congress in Accordance with section 326(b) of the USA PATRIOT Act,'' October 21, 2002. \45\ Treasury and the CFTC emphasize that the rule neither endorses nor prohibits an FCM or IB from accepting information from particular types of identification documents issued by foreign governments. The FCM or IB must determine, based upon appropriate risk factors, including those discussed above, whether the information presented by a customer is reliable. Treasury and the CFTC recognize that a foreign business or enterprise may not have an identification number. Therefore the final rule notes that when opening an account for such a customer, the FCM or IB must request alternative government-issued documentation certifying the existence of the business or enterprise. --------------------------------------------------------------------------- [[Page 25154]] The proposed rule included an exception from the requirement to obtain a TIN from a customer opening a new account.\46\ The exception would have allowed an FCM or IB to open an account for a customer that has applied for, but has not yet received, an employer identification number (EIN).\47\ Treasury and the CFTC are adopting an expanded version of this exception in the final rule. As proposed, the exception was limited to customers that are not natural persons.\48\ On further consideration, Treasury and the CFTC have determined that it is appropriate to expand the exception to include natural persons who have applied for, but have not received, a TIN. Treasury and the CFTC also have modified the exception to reduce the recordkeeping burden. The proposed rule would have required an FCM or IB to retain a copy of the customer's application for a TIN.\49\ The FCM's or IB's CIP must include procedures to confirm that the application was filed before the customer opens the account and to obtain the TIN within a reasonable period of time after the account is opened. The final rule permits the FCM or IB to exercise discretion in determining how to confirm that a customer has filed an application. --------------------------------------------------------------------------- \46\ See NPRM, 67 FR at 48337-48338. \47\ This position is analogous to that in regulations issued by the IRS concerning ``awaiting--TIN certificates.'' The IRS permits a taxpayer to furnish an ``awaiting--TIN certificate'' in lieu of a TIN to exempt the taxpayer from the withholding of taxes owed on reportable payments (i.e., interest and dividends) on certain accounts. See 26 CFR 31.3406(g)-3. \48\ In the NPRM, Treasury and the CFTC explained that the exception was for businesses that may need to open an account before they receive an EIN from the IRS. See NPRM, 67 FR at 48332-48333. \49\ See NPRM, 67 FR at 48338. --------------------------------------------------------------------------- Section 103.123(b)(2)(ii) Customer Verification Treasury and the CFTC proposed to require that an FCM's or IB's CIP include procedures for verifying the identity of customers, to the extent reasonable and practicable, using the information obtained under the rule.\50\ Treasury and the CFTC also proposed to require such verification to occur within a reasonable time before or after the customer's account is opened. The NPRM stated that an FCM or IB need not establish the accuracy of each piece of identifying information if it is able to form a reasonable belief that it knows the customer's identity after verifying only certain of the information.\51\ The NPRM also stated that the flexibility to undertake verification within a reasonable time must be exercised in a reasonable manner.\52\ --------------------------------------------------------------------------- \50\ Id. \51\ See NPRM, 67 FR at 48333. \52\ Id. --------------------------------------------------------------------------- The sole commenter on this aspect of the proposed rule suggested that the rule should require verification each time the customer opens a new type of account, and not each time the customer establishes a different account at the FCM to trade the same type of product. As discussed above, however, the definition of ``customer'' in the final rule has been changed to exclude persons who have an existing account, provided the FCM or IB has a reasonable belief that it knows the customer's true identity. Accordingly, FCMs and IBs will not be required to verify the identities of such persons, which may include persons who open successive accounts of either the same type or multiple types to trade either the same or different products. The final rule adopts the customer verification requirements substantially as proposed. The final rule requires that an FCM's or IB's CIP contain procedures for verifying the identity of the customer, using the customer information obtained in accordance with paragraph (b)(2)(i), within a reasonable time before or after the account is opened. As stated in the NPRM, FCMs and IBs must reasonably exercise the flexibility to undertake verification before or after an account is opened.\53\ The appropriate amount of time may depend on various factors, such as the type of account opened, whether the customer opens the account in person, and the type of identifying information that is available.\54\ --------------------------------------------------------------------------- \53\ See NPRM, 67 FR at 48333. \54\ An FCM or IB member of NFA would violate CFTC Rule 1.37 and NFA Compliance Rule 2-30, however, if it allowed a natural person to transact business before obtaining specified information about the individual's true identity. Moreover, an FCM or IB must also comply with Treasury's Office of Foreign Asset Control's (OFAC) regulations prohibiting transactions involving designated foreign countries or their nationals. See 31 CFR Part 500. --------------------------------------------------------------------------- Although the location of the provision has been moved, the final rule continues to require that an FCM's or IB's CIP include procedures that describe when the firm will use documents, non-documentary methods, or a combination of both to verify customer identities.\55\ Depending on the type of customer and the method of opening an account, it may be more appropriate to use either documentary or non-documentary methods, and in some cases it may be appropriate to use both methods. The CIP should set forth guidelines describing when documents, non- documentary methods, or a combination of both will be used. These guidelines should be based on the FCM's or IB's assessment of the relevant risk factors. --------------------------------------------------------------------------- \55\ See final rule, 103.123(b)(2)(ii). --------------------------------------------------------------------------- Section 103.123(b)(2)(ii)(A) Customer Verification--Through Documents Treasury and the CFTC proposed to require that an FCM's or IB's CIP describe documents that the firm will use to verify a customer's identity. There were no comments directly addressing the documentary verification provisions of the proposed rule, and the final rule adopts the documentary verification provisions substantially as proposed. Specifically, the final rule requires an FCM's or IB's CIP to contain procedures that set forth the documents that the firm will use to verify a customer's identity. Each FCM or IB will conduct its own risk- based analysis of the types of documents that it believes will enable it to verify the true identities of its customers. In light of recent increases in identity theft and the availability of fraudulent documents, Treasury and the CFTC believe that the value of documentary verification is enhanced by redundancy. Treasury and the CFTC encourage each FCM and IB to obtain more than one type of documentary verification to ensure that it has a reasonable belief that it knows its customer's true identity. Moreover, Treasury and the CFTC encourage FCMs and IBs to use a variety of methods to verify the identity of a customer, especially when it does not have the ability to examine original documents. The final rule continues to include, without significant change, an illustrative list of identification documents. For an individual, these documents may include unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver's license or passport.\56\ For a person other than an individual, these documents may include documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement, or a trust instrument.\57\ An FCM or IB may use other documents,\58\ provided they allow the firm to form a [[Page 25155]] reasonable belief that it knows the true identity of the customer. --------------------------------------------------------------------------- \56\ See final rule, 103.123(b)(2)(ii)(A)(1). \57\ See final rule, 103.123(b)(2)(ii)(A)(2). \58\ The list of documents in the rule is meant to be illustrative. Other documents, such as trust certificates and legal opinions, also may be appropriate for verification. --------------------------------------------------------------------------- In addition to the risk factors described in paragraph (b)(2), the FCM or IB should take into consideration the problems associated with authenticating documents and the inherent limitations of documents as a means of identity verification. These limitations will affect the types of documents that will be necessary to establish a reasonable belief that the FCM or IB knows the true identity of the customer, and may require the use of non-documentary methods of verification in addition to documents. Once an FCM or IB verifies the identity of a customer through a document, such as a driver's license or passport, it is not required to take steps to determine whether the document has been validly issued. An FCM or IB generally may rely on government-issued identification as verification of a customer's identity; however, if a document shows obvious indications of fraud, the FCM or IB must consider that in determining whether it can form a reasonable belief that it knows the customer's true identity. Section 103.123(b)(2)(ii)(B) Customer Verification--Through Non- documentary Methods Treasury and the CFTC proposed to require that an FCM's or IB's CIP describe the non-documentary methods the firm would use to verify customers' identities and when the firm would use these methods in addition to, or instead of, relying on documents.\59\ Treasury and the CFTC explained that the proposed rule would allow the exclusive use of non-documentary methods because some accounts are opened by telephone, by mail, or over the Internet.\60\ Treasury and the CFTC also noted that, even if a customer presents identification documents, it still might be appropriate to use non-documentary verification methods as well. --------------------------------------------------------------------------- \59\ See NPRM, 67 FR at 48338. \60\ See NPRM, 67 FR at 48333. --------------------------------------------------------------------------- The proposed rule provided examples of non-documentary verification methods that an FCM or IB may use. In the NPRM, Treasury and the CFTC observed that FCMs and IBs may wish to analyze whether there is logical consistency between the identifying information provided, such as the customer's name, street address, ZIP code, telephone number (if provided), date of birth, and social security number.\61\ --------------------------------------------------------------------------- \61\ See NPRM, 67 FR at 48334. --------------------------------------------------------------------------- Treasury and the CFTC proposed to require FCMs and IBs to use non- documentary methods when: (1) A customer who is a natural person cannot present an unexpired, government-issued identification document that bears a photograph or similar safeguard; (2) the FCM or IB is presented with unfamiliar documents to verify the identity of a customer; or (3) the FCM or IB does not obtain documents to verify the identity of a customer, does not meet face-to-face with a customer who is a natural person, or is otherwise presented with circumstances that increase the risk the FCM or IB will be unable to verify the true identity of a customer through documents.\62\ Treasury and the CFTC recognize that there are many scenarios and combinations of risk factors that FCMs and IBs may encounter, and they have decided to adopt general principles that are illustrated by examples, in lieu of a lengthy and possibly unwieldy regulation that attempts to address a wide variety of situations with particularity. --------------------------------------------------------------------------- \62\ See NPRM, 67 FR at 48338. --------------------------------------------------------------------------- There were no comments specifically regarding the non-documentary verification provisions of the proposed rule, and thus the final rule adopts them substantially as proposed. Under the final rule, an FCM or IB relying on non-documentary verification methods must describe them in its CIP. The final rule includes an illustrative list of non- documentary verification methods, similar to the list that was included in the proposed rule. These methods may include: (1) Contacting a customer; (2) independently verifying the customer's identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database,\63\ or other source; (3) checking references with other financial institutions; and (4) obtaining a financial statement.\64\ As Treasury and the CFTC stated in the NPRM, FCMs and IBs may wish to analyze whether there is logical consistency between the identifying information provided, such as the customer's name, street address, ZIP code, telephone number (if provided), date of birth, and social security number.\65\ --------------------------------------------------------------------------- \63\ The specific types of databases that would be suitable for verification ultimately will depend on the circumstances and the FCM's or IB's assessment of the relevant risk factors. \64\ See final rule, 103.123(b)(ii)(B)(1). \65\ See NPRM, 67 FR at 48334. --------------------------------------------------------------------------- The final rule also includes a list, again similar to that in the proposal, of circumstances that may require the use of non-documentary verification procedures.\66\ Specifically, an FCM's or IB's non- documentary procedures must address situations in which: (1) An individual is unable to present an unexpired government-issued identification document that bears a photograph or similar safeguard; (2) the FCM or IB is not familiar with the documents presented; (3) the account is opened without obtaining documents; (4) the customer opens the account without appearing in person; and (5) the circumstances presented increase the risk that the FCM or IB will be unable to verify the true identity of a customer through documents. --------------------------------------------------------------------------- \66\ See final rule, 103.123(b)(ii)(B)(2). --------------------------------------------------------------------------- As explained in the NPRM,\67\ because identification documents may be obtained illegally and may be fraudulent, and in light of the recent increase in identity theft, Treasury and the CFTC encourage FCMs and IBs to use non-documentary methods even when the customer has provided identification documents. --------------------------------------------------------------------------- \67\ Id. --------------------------------------------------------------------------- Section 103.123(b)(2)(ii)(C) Customer Verification--Additional Verification for Certain Customers As described above, Treasury and the CFTC proposed to require verification of the identity of any person authorized to effect transactions in a customer's account. Commenters objected to this requirement, and it has been omitted from the final rule. For the reasons discussed below, however, the final rule does require that an FCM's or IB's CIP address the circumstances in which it will obtain information about such individuals in order to verify a customer's identity. Treasury and the CFTC believe that, while FCMs and IBs may be able to verify the identity of the majority of customers through the documentary or non-documentary verification methods described above, there may be circumstances when these methods are inadequate. The risk that an FCM or IB will not know the customer's true identity may be heightened for certain types of accounts, such as an account opened in the name of a corporation, partnership, or trust that is created or conducts substantial business in a jurisdiction that has been designated by the United States as a primary money laundering concern or has been designated as non-cooperative by an international body. Treasury and the CFTC believe that, in order to identify customers that pose a heightened risk of not being properly identified, an FCM's or IB's CIP must prescribe additional measures that may be used to obtain [[Page 25156]] information about the identities of the individuals associated with the customer when standard documentary or non-documentary verification methods prove to be insufficient. The final rule, therefore, includes a new provision requiring that the CIP address situations in which, based on the FCM's or IB's risk assessment of a new account opened by a customer that is not an individual, the firm also will obtain information about individuals with authority or control over the account (e.g., persons authorized to effect transactions in the account) in order to verify the customer's identity. This additional verification method applies only when the FCM or IB cannot adequately verify the customer's identity after using the documentary and non-documentary verification methods described above.\68\ --------------------------------------------------------------------------- \68\ An FCM or IB need not undertake any additional verification if it chooses not to open an account when it cannot verify the customer's identity after using standard documentary and non- documentary verification methods. --------------------------------------------------------------------------- Section 103.123(b)(2)(iii) Lack of Verification Treasury and the CFTC proposed to require that an FCM's or IB's CIP include procedures for responding to circumstances in which the firm cannot form a reasonable belief that it knows the true identity of the customer.\69\ Treasury and the CFTC explained in the NPRM that the CIP should specify the actions to be taken, which could include closing the account or placing limitations on additional trading.\70\ Treasury and the CFTC also explained that there should be guidelines for when an account will not be opened (e.g., when the required information is not provided), and that the CIP should address the terms under which a customer may conduct transactions while the customer's identity is being verified.\71\ --------------------------------------------------------------------------- \69\ See NPRM, 67 FR at 48338. \70\ See NPRM, 67 FR at 48334. \71\ Id. --------------------------------------------------------------------------- There were no comments on this aspect of the proposed rule, and Treasury and the CFTC have adopted the provision substantially as proposed. The final rule, however, adds a description of the recommended features of these procedures, similar to the features that were described in the NPRM. Thus, the final rule provides that the CIP's procedures should describe: (1) When an account should not be opened; (2) the terms under which a customer may conduct transactions while the FCM or IB attempts to verify the customer's identity; (3) when the FCM or IB should file a suspicious activity report (SAR) in accordance with applicable law and regulation; \72\ and (4) when an account should be closed, after attempts to verify a customer's identity have failed. --------------------------------------------------------------------------- \72\ FinCEN has not yet published a rule requiring FCMs and IBs to report suspicious activities. These firms may, however, voluntarily file SARs with FinCEN to report suspicious activities. --------------------------------------------------------------------------- Section 103.123(b)(3) Recordkeeping Section 103.123(b)(3)(i) Required Records. Treasury and the CFTC proposed to require that CIPs of FCMs and IBs include certain recordkeeping procedures.73-74 First, the proposed rule would have required that an FCM or IB maintain a record of the identifying information provided by customers. Second, if an FCM or IB relied on a document to verify a customer's identity, the proposed rule would have required the firm to maintain a copy of the document. Third, the proposed rule would have required FCMs and IBs to record the methods and results of any additional measures undertaken to verify the identity of customers. Finally, the proposed rule would have required FCMs and IBs to record the resolution of any discrepancy in the identifying information obtained. --------------------------------------------------------------------------- \73-74\ See NPRM, 67 FR at 48338. --------------------------------------------------------------------------- Although there were no comments on this aspect of the proposed rule, Treasury and the CFTC have reconsidered and modified the recordkeeping requirements of the rule based on comments received with respect to the parallel recordkeeping provisions in the proposed CIP rules jointly issued by Treasury and the other Federal functional regulators. The final rule provides that an FCM's or IB's CIP must include procedures for making and maintaining records related to verifying the identities of customers. However, the final rule is more flexible than the proposed rule in this regard. Under the final rule, FCMs and IBs still must make a record of all identifying information obtained about each customer. However, rather than requiring that copies of verification documents be maintained, the final rule requires that an FCM's or IB's records include a description of any document that the firm relied on to verify the identity of the customer, noting the type of document, any identification number contained in the document, the place of issuance, and the issuance and expiration dates, if any. With respect to non-documentary verification, the final rule requires the records to include a description of the non-documentary methods and the results of any additional measures undertaken to verify the identity of the customer. The final rule also requires a description of the resolution of any ``substantive discrepancy'' discovered when verifying the identifying information obtained. This is intended to make clear that a record would not have to be made in the case of a minor discrepancy, such as one that might be caused by typographical mistakes. Section 103.123(b)(3)(ii) Record Retention Treasury and the CFTC proposed to require that an FCM or IB retain all required records for five years after the account is closed.\75\ Although there were no comments on this aspect of the proposed rule, commenters on the other Federal functional regulators' proposed CIP rules expressed concern regarding this requirement as costly and overly burdensome, particularly with respect to the length of time that certain records would need to be retained and the requirement that financial institutions retain copies of the documents used to verify customer identities. The final rules adopted by Treasury and the Federal functional regulators address many of these concerns. --------------------------------------------------------------------------- \75\ See NPRM, 67 FR at 48338. --------------------------------------------------------------------------- Treasury and the Federal functional regulators have, in the final rules, eliminated the requirement that a financial institution retain copies of documents used to verify customer identities. Treasury and the Federal functional regulators also believe that, while the identifying information provided by customers should be retained as proposed, there is little value in requiring financial institutions to retain the remaining records for five years after an account is closed, because this information is likely to grow stale. Therefore, the final rule prescribes a bifurcated record retention schedule that is consistent with a general five-year retention requirement. Under the final rule, an FCM or IB must retain the information obtained about a customer pursuant to paragraph (b)(3)(i)(A) (i.e., all minimum identifying information obtained under (b)(2)(ii)(A)) for five years after the date the account is closed.\76\ The remaining records required under paragraphs (b)(3)(i)(B), (C), and (D) (i.e., descriptions of: any document relied upon to verify identity; methods and results of any measure taken to verify identity; and the resolution of each substantive discrepancy discovered [[Page 25157]] when verifying the identifying information obtained) need only be retained for five years after the record is made. The final rule continues to provide that in all other respects, these records shall be maintained in accordance with the provisions of the CFTC's recordkeeping rule 1.31.\77\ --------------------------------------------------------------------------- \76\ The Secretary has determined that the records required to be retained under section 326 of the Act have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, to protect against international terrorism. \77\ 17 CFR 1.31. --------------------------------------------------------------------------- Section 103.123(b)(4) Comparison With Government Lists Treasury and the CFTC proposed to require that an FCM's or IB's CIP have procedures for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations prepared by any Federal government agency and made available to the firm.\78\ In addition, the proposed rule provided that FCMs and IBs must follow all Federal directives issued in connection with such lists. --------------------------------------------------------------------------- \78\ See NPRM, 67 FR at 48338. --------------------------------------------------------------------------- Although there were no comments on this aspect of the proposed rule, commenters on the other Federal functional regulators' proposed CIP rulemakings raised a number of concerns regarding this provision. Some commenters were concerned about how a financial institution would be able to determine what lists should be checked and how these lists would be made available. Other commenters suggested that all such lists be consolidated or provided through a designated government agency, such as FinCEN, that would serve as a clearinghouse. Still other commenters suggested that the rule should allow for the lists to be checked after an account is opened. The final rule provides that an FCM's or IB's CIP must include procedures for determining whether the customer appears on any list of known or suspected terrorists or terrorist organizations issued by any Federal government agency and designated as such by Treasury in consultation with the Federal functional regulators. Because Treasury and the Federal functional regulators have not yet designated any such lists, the final rule cannot be more specific with respect to the lists that FCMs and IBs must check. However, FCMs and IBs will not have an affirmative duty under this rule to seek out all lists of known or suspected terrorists or terrorist organizations compiled by the Federal government. Instead, they will receive notification by way of separate guidance regarding the lists that they must consult for purposes of this provision. Treasury and the CFTC have modified the proposed rule to provide that the CIP's procedures must require the FCM or IB to determine whether a customer appears on a list ``within a reasonable period of time'' after the account is opened, or earlier if required by another Federal law or regulation or by a Federal directive issued in connection with the applicable list. The final rule also requires an FCM's or IB's CIP to include procedures that require the firm to follow all Federal directives issued in connection with such lists. Again, because no lists have yet been designated under this provision, the final rule cannot provide more guidance in this area.\79\ --------------------------------------------------------------------------- \79\ This is not to say, however, that FCMs and IBs do not have obligations under other laws to screen their customers against government lists. For example, FCMs and IBs should already have AML compliance programs in place to ensure they comply with OFAC's rules. See supra note 54; see also OFAC's Foreign Assets Control Regulations For The Securities Industry (href="http://frwebgate.access.gpo.gov/cgi-bin/leaving.cgi?from=leavingFR.html&log=linklog&to=http://www.ustreas.gov/offices/enforcement/ofac/regulations/t11facsc.pdf" shape="rect">http://frwebgate.access.gpo.gov/cgi-bin/leaving.cgi?from=leavingFR.html&log=linklog&to=http://www.ustreas.gov/offices/enforcement/ofac/regulations/t11facsc.pdf ). --------------------------------------------------------------------------- Section 103.123(b)(5) Customer Notice Treasury and the CFTC proposed to require that an FCM's or IB's CIP include procedures for providing customers with adequate notice that the firm is requesting information to verify their identities.\80\ The NPRM stated that an FCM or IB could satisfy that notice requirement by generally notifying its customers about the firm's verification procedures.\81\ It also stated that if an account is opened electronically, such as through an Internet website, the FCM or IB could provide notice electronically.\82\ --------------------------------------------------------------------------- \80\ See NPRM, 67 FR at 48338. \81\ See NPRM, 67 FR at 48334. \82\ Id. --------------------------------------------------------------------------- Section 326 of the Act provides that the regulations issued ``shall at a minimum, require financial institutions to * * * [give] customers * * * adequate notice'' of the procedures they adopt concerning customer identification. Based on this statutory requirement, the final rule requires an FCM's or IB's CIP to include procedures for providing customers with adequate notice that the firm is requesting information to verify their identities. The final rule contains additional guidance regarding what constitutes adequate notice and the timing of the notice requirement. The final rule provides that notice is adequate if the FCM or IB describes the identification requirements of the final rule and provides notice in a manner reasonably designed to ensure that a customer is able to view the notice, or is otherwise given notice, before opening an account. The final rule also provides that, depending on how an account is opened, an FCM or IB may post a notice in the lobby or on its website, include the notice on its account applications, or use any other form of oral or written notice.\83\ In addition, the final rule includes sample language that, if appropriate, will be deemed adequate notice to an FCM's or IB's customers when provided in accordance with the requirements of the final rule. --------------------------------------------------------------------------- \83\ One commenter suggested that a firm's posting of the required notice on its Internet Web site should be deemed sufficient notice for all customers, regardless of how any particular account is opened. Because such posting would not ensure that every customer would be able to view the notice before opening an account, Treasury and the CFTC do not believe that this approach would satisfy the statutory requirement of section 326 of the Act. --------------------------------------------------------------------------- Section 103.123(b)(6) Reliance on Other Financial Institutions In the proposed rule, Treasury and the CFTC included as a risk factor an FCM's or IB's reliance on another FCM or IB to perform procedures of its CIP.\84\ In the NPRM, Treasury and the CFTC stated that this would require an assessment of whether the FCM or IB can rely on another FCM or IB, with which it shares an account relationship, to undertake any of the steps required by the firm's CIP with respect to the shared account. --------------------------------------------------------------------------- \84\ See NPRM, 67 FR at 48331-48332. --------------------------------------------------------------------------- Treasury and the CFTC have expanded the reliance provision of the proposed rule in recognition that there may be circumstances in which an FCM or IB should be able to rely on the performance by another financial institution of some or all of the elements of the firm's CIP. The final rule provides that an FCM's or IB's CIP may include procedures that specify when the firm will rely on the performance by another financial institution (including an affiliate) of any procedures of the firm's CIP, and thereby satisfy the FCM's or IB's obligations under the rule. Reliance is permitted if a customer of the FCM or IB is opening, or has opened, an account or has established a similar business relationship with the other financial institution to provide or engage in services, dealings, or other financial transactions. In order for an FCM or IB to rely on the other financial institution: (1) Such reliance must be reasonable under the circumstances; (2) the other financial institution must be subject to a rule implementing the AML compliance program requirements of 31 U.S.C. 5318(h) and be regulated by a Federal functional regulator, and (3) the other financial institution must enter into a contract requiring it to certify annually to the FCM or IB that it has implemented an AML program and that it will perform (or its agent will perform) the specified requirements of [[Page 25158]] the FCM's or IB's CIP.\85\ The contract and certification will provide a standard means for an FCM or IB to demonstrate the extent to which it is relying on another financial institution to perform its CIP, and that the other institution has, in fact, agreed to perform those functions.\86\ If it is not clear from these documents, an FCM or IB must be able to otherwise demonstrate when it is relying on another financial institution to perform its CIP with respect to a particular customer. --------------------------------------------------------------------------- \85\ As discussed in the NPRM, the required contractual commitments in the case of shared accounts involving FCMs and IBs may be made a part of an introducing agreement (in the context of introduced business) or a give-up agreement (in the context of give- up business). See NPRM, 67 FR at 48332. And as urged by one commenter, the required annual certification under the final rule may cover all customers for which the two financial institutions share an account relationship, and need not be on a customer-by- customer basis. \86\ FCMs and IBs must obtain annual certifications acknowledging performance of CIP functions from financial institutions that are affiliates as well as those that are non- affiliates. This requirement maintains parity with the CIP rule applicable to securities broker-dealers, many of which are dually registered as FCMs. --------------------------------------------------------------------------- An FCM or IB will not be held responsible for the failure of the other financial institution to fulfill adequately the FCM's or IB's CIP obligations, provided that the FCM or IB can establish that its reliance was reasonable and that it has the requisite contracts and certifications. Treasury and the CFTC emphasize that the FCM or IB and the other financial institution upon which it relies must satisfy all the conditions for reliance set forth in the final rule. If they do not, then the FCM or IB remains solely responsible for applying its own CIP to each customer in accordance with the rule. This reliance provision of the final rule does not affect the ability of an FCM or IB to contractually delegate the implementation and operation of its CIP procedures to a service provider. Nor does the final rule alter an FCM's or IB's ability to use an agent to perform services on its behalf. Treasury and the CFTC note, however, that in contrast to the reliance provision in the rule, in these situations the FCM or IB remains solely responsible for assuring compliance with the rule, and therefore must actively monitor the operation of its CIP, assesses its effectiveness, and ensure that examiners are able to obtain information and records relating to the CIP.\87\ --------------------------------------------------------------------------- \87\ Two commenters suggested that the final rule should allow FCMs and IBs to rely upon foreign financial institutions in general, and foreign affiliates in particular to perform CIP procedures. Such a liberalization of the rule, however, could undermine the purpose of the Act in combating international money laundering and the financing of terrorism. Accordingly, the final rule permits reliance only on a financial institution that is subject to a rule requiring an AML program under the Act and that is regulated by a Federal functional regulator, which will exclude foreign entities. This does not prevent an FCM or IB from utilizing a foreign affiliate or other foreign financial institution to perform procedures of its CIP. Rather, it means only that the FCM's or IB's relationship with the foreign firm will be treated the same as if the firm contractually delegated the implementation and operation of its CIP procedures to a service provider. --------------------------------------------------------------------------- All of the Federal functional regulators are adopting comparable provisions in their CIP rules to permit such reliance. Furthermore, the Federal functional regulators expect to share information and cooperate with each other to determine whether the institutions subject to their jurisdiction are in compliance with the reliance provision of the rule. Section 103.123(c) Exemptions The proposed rule provided that the CFTC, with the concurrence of the Secretary, may exempt any FCM or IB that registers with the CFTC or any type of account from the requirements of the rule. It excluded from this exemptive authority FCMs or IBs that register pursuant to section 4f(a)(2) of the CEA solely because they deal in transactions involving SFPs. The exemptive authority with respect to these firms will be in the final rule issued jointly by Treasury and the SEC for securities broker-dealers. There were no comments on this provision of the proposed rule, and Treasury and the CFTC have adopted it substantially as proposed. Section 103.123(d) Other Requirements Unaffected The final rule adds a provision stating that nothing in Sec. 103.123 shall relieve an FCM or IB of its obligation to comply with any other provision of Part 103, including provisions concerning information that must be obtained, verified, or maintained in connection with any account or transaction. A parallel provision similarly has been included in the final CIP rules issued by Treasury and the other Federal functional regulators. B. Requirement for CIP Approval Removed The NPRM required that the CIP be approved by the FCM's or IB's board of directors, managing partners, board of managers or other governing body performing similar functions, or by a person or persons specifically authorized by such bodies to approve the CIP.\88\ The final rule requires the CIP to be a part of the overall AML program required of FCMs and IBs under 31 U.S.C. 5318(h). NFA Compliance Rule 2-9(c) requires these AML programs to be approved in writing by a member of the FCM's or IB's senior management.\89\ --------------------------------------------------------------------------- \88\ See NPRM, 67 FR at 48338. \89\ Compliance with NFA Compliance Rule 2-9(c) is deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1). See 31 CFR 103.120(c). --------------------------------------------------------------------------- Treasury and the CFTC have omitted the approval requirement from the final rule because it is unnecessary given the approval requirements for AML programs set forth in NFA Compliance Rule 2-9(c). Treasury and the CFTC note, however, that an FCM or IB with an approved AML program must nonetheless obtain approval of a new CIP because it would constitute a material change to the AML program. III. Regulatory Analysis A. Regulatory Flexibility Act The Regulatory Flexibility Act (RFA), 5 U.S.C. 601, et seq. (1994 & Supp. II 1996), requires Federal agencies, in proposing rules, to consider the impact of those rules on small businesses. The rules adopted herein would affect FCMs and IBs. The CFTC has previously established certain definitions of ``small entities'' to be used by the CFTC in evaluating the impact of its rules on small entities in accordance with the RFA.\90\ The CFTC has previously determined that FCMs are not small entities for the purposes of the RFA. With respect to IBs, the CFTC has stated that it is appropriate to evaluate within the context of a particular rule proposal whether some or all of the affected entities should be considered small entities and, if so, to analyze the economic impact on them of any rule.\91\ --------------------------------------------------------------------------- \90\ 47 FR 18618-21 (Apr. 30, 1982). \91\ Id. at 18618-21. --------------------------------------------------------------------------- In this regard, the rules being adopted herein would not require any IB significantly to change its current method of doing business. As noted in the NPRM, Treasury and the CFTC believe that IBs already obtain from their customers most, if not all, of the information required under the proposed rule.\92\ In addition, FCMs and IBs already must have AML programs that include procedures for customer identification and verification. The flexibility incorporated into the final rule also will permit each IB to tailor its CIP to fit its own size and needs. As a result, Treasury and the CFTC believe that expenditures associated with establishing and implementing a CIP should be commensurate with the size of the firm. If an IB is small, with a limited number of customers, the burden to comply with the rule should [[Page 25159]] be de minimis. This position is consistent with the views of one trade association commenter that characterized the expected additional costs for IBs to comply with this new rule as ``insubstantial.'' --------------------------------------------------------------------------- \92\ See NPRM, 67 FR at 48335 n.17. --------------------------------------------------------------------------- Accordingly, pursuant to 5 U.S.C. 605(b), Treasury and the CFTC certify that the action taken herein will not have a significant economic impact on a substantial number of small entities. In this regard, Treasury and the CFTC note that they did not receive any comments expressing concern regarding the implications of the rule for small entities. B. Paperwork Reduction Act The collections of information in this rule have been reviewed and approved by the Office of Management and Budget pursuant to the Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)), under control number 1506-0022. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid control number. Neither Treasury nor the CFTC received any comments on any potential paperwork burden associated with the NPRM. Treasury and the CFTC did receive comments concerning the information that would be collected under the proposed rule. The final rule, which addresses these concerns among others, reduces the paperwork burden of the rule as proposed.\93\ --------------------------------------------------------------------------- \93\ See NPRM, 67 FR at 48335. --------------------------------------------------------------------------- Comments on the burden, and suggestions for how to further reduce it, may be sent (preferably by fax (202-395-6974)) to Desk Officer for the Department of the Treasury, Office of Information and Regulatory Affairs, Office of Management and Budget, Paperwork Reduction Project (1506-0022), Washington, DC 20503 (or by the Internet to [email protected]), with a copy to FinCEN by mail or the Internet at the addresses previously specified. C. Cost-Benefit Analysis Section 15(a) of the CEA requires the CFTC to consider the costs and benefits of its action before issuing a new rule. The CFTC understands that, by its terms, section 15(a) does not require the CFTC to quantify the costs and benefits of a new rule or to determine whether the benefits of the rule outweigh its costs. Nor does it require that each rule be analyzed in isolation when that rule is a component of a larger package of rules or rule revisions. Rather, section 15(a) simply requires the CFTC to ``consider the costs and benefits'' of its action. Section 15(a) further specifies that the costs and benefits of the rule shall be evaluated in light of five broad areas of market and public concern: (1) Protection of market participants and the public; (2) efficiency, competitiveness, and financial integrity of futures markets; (3) price discovery; (4) sound risk management practices; and (5) other public interest considerations. The CFTC may, in its discretion, give greater weight to any one of the five enumerated areas of concern and may, in its discretion, determine that, notwithstanding its costs, a particular rule is necessary or appropriate to protect the public interest or to effectuate any of the provisions or to accomplish any of the purposes of the CEA. The NPRM contained an analysis of the CFTC's consideration of these costs and benefits and solicited public comment thereon.\94\ The CFTC invited commenters to submit any data that they might have to assist in quantifying the costs and benefits of the proposed rules. The CFTC did not receive any such data or related comments. --------------------------------------------------------------------------- \94\ See NPRM, 67 FR at 48336-48337. --------------------------------------------------------------------------- After considering the costs and benefits of the proposed rules, the CFTC has decided to adopt these rules, with revisions as discussed above. D. Executive Order 12866 Treasury has determined that this rule is not a ``significant regulatory action'' for purposes of Executive Order 12866. As noted above, the final rule parallels the requirements of section 326 of the Act. Accordingly, a regulatory impact analysis is not required. List of Subjects 17 CFR Part 42 Anti-money laundering, Brokers, Reporting and recordkeeping requirements, Terrorist financing. 31 CFR Part 103 Administrative practice and procedure, Authority delegations (Government agencies), Banks, Banking, Brokers, Currency, Foreign banking, Foreign currencies, Gambling, Investigations, Law enforcement, Penalties, Reporting and recordkeeping requirements, Securities. Commodity Futures Trading Commission 17 CFR Chapter I Authority and Issuance 0 For the reasons articulated in the preamble, the CFTC amends chapter I of title 17 of the Code of Federal Regulations by adding a new part 42 to read as follows: PART 42--ANTI-MONEY LAUNDERING, TERRORIST FINANCING Subpart A--General Provisions Sec. 42.1 [Reserved] 42.2 Compliance with Bank Secrecy Act Authority: 7 U.S.C. 1a, 2, 5, 6, 6b, 6d, 6f, 6g, 7, 7a, 7a-1, 7a-2, 7b, 7b-1, 7b-2, 9, 12, 12a, 12c, 13a, 13a-1, 13c, 16 and 21; 12 U.S.C. 1786(q), 1818, 1829b and 1951-1959; 31 U.S.C. 5311-5314 and 5316-5332; title III, secs. 312-314, 319, 321, 326, 352, Pub. L. 107-56, 115 Stat. 307. Subpart A--General Provisions Sec. 42.1 [Reserved] Sec. 42.2 Compliance with Bank Secrecy Act. Every futures commission merchant and introducing broker shall comply with the applicable provisions of the Bank Secrecy Act and the regulations promulgated by the Department of the Treasury under that Act at 31 CFR Part 103, and with the requirements of 31 U.S.C. 5318(l) and the implementing regulation jointly promulgated by the Commission and the Department of the Treasury at 31 CFR 103.123, which require that a customer identification program be adopted as part of the firm's Bank Secrecy Act compliance program. Dated: April 28, 2003. Jean A. Webb, Secretary of the Commodity Futures Trading Commission. Department of the Treasury 31 CFR Chapter I Authority and Issuance 0 For the reasons set forth in the preamble, part 103 of title 31 of the Code of Federal Regulations is amended as follows: PART 103--FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND FOREIGN TRANSACTIONS 0 1. The authority citation for part 103 is revised to read as follows: Authority: 12 U.S.C. 1786(q), 1818, 1829b and 1951-1959; 31 U.S.C. 5311-5314 and 5316-5332; title III, secs. 312, 313, 314, 319, 321, 326, 352, Pub L. 107-56, 115 Stat. 307. [[Page 25160]] 0 2. Subpart I of part 103 is amended by adding Sec. 103.123 to read as follows: Sec. 103.123 Customer identification programs for futures commission merchants and introducing brokers. (a) Definitions. For the purposes of this section: (1)(i) Account means a formal relationship with a futures commission merchant, including, but not limited to, those established to effect transactions in contracts of sale of a commodity for future delivery, options on any contract of sale of a commodity for future delivery, or options on a commodity. (ii) Account does not include: (A) An account that the futures commission merchant acquires through any acquisition, merger, purchase of assets, or assumption of liabilities; or (B) An account opened for the purpose of participating in an employee benefit plan established under the Employee Retirement Income Security Act of 1974. (2) Commission means the United States Commodity Futures Trading Commission. (3) Commodity means any good, article, service, right, or interest described in Section 1a(4) of the Commodity Exchange Act (7 U.S.C. 1a(4)). (4) Contract of sale means any sale, agreement of sale or agreement to sell as described in Section 1a(7) of the Commodity Exchange Act (7 U.S.C. 1a(7)). (5)(i) Customer means: (A) A person that opens a new account with a futures commission merchant; and (B) An individual who opens a new account with a futures commission merchant for: (1) An individual who lacks legal capacity; or (2) An entity that is not a legal person. (ii) Customer does not include: (A) A financial institution regulated by a Federal functional regulator or a bank regulated by a state bank regulator; (B) A person described in Sec. 103.22(d)(2)(ii) through (iv); or (C) A person that has an existing account, provided the futures commission merchant or introducing broker has a reasonable belief that it knows the true identity of the person. (iii) When an account is introduced to a futures commission merchant by an introducing broker, the person or individual opening the account shall be deemed to be a customer of both the futures commission merchant and the introducing broker for the purposes of this section. (6) Federal functional regulator is defined at Sec. 103.120(a)(2). (7) Financial institution is defined at 31 U.S.C. 5312(a)(2) and (c)(1). (8) Futures commission merchant means any person registered or required to be registered as a futures commission merchant with the Commission under the Commodity Exchange Act (7 U.S.C. 1 et seq.), except persons who register pursuant to Section 4f(a)(2) of the Commodity Exchange Act (7 U.S.C. 6f(a)(2)). (9) Introducing broker means any person registered or required to be registered as an introducing broker with the Commission under the Commodity Exchange Act (7 U.S.C. 1 et seq.), except persons who register pursuant to Section 4f(a)(2) of the Commodity Exchange Act (7 U.S.C. 6f(a)(2)). (10) Option means an agreement, contract or transaction described in Section 1a(26) of the Commodity Exchange Act (7 U.S.C. 1a(26)). (11) Taxpayer identification number is defined by section 6109 of the Internal Revenue Code of 1986 (26 U.S.C. 6109) and the Internal Revenue Service regulations implementing that section (e.g., social security number or employer identification number). (12) U.S. person means: (i) A United States citizen; or (ii) A person other than an individual (such as a corporation, partnership or trust) that is established or organized under the laws of a State or the United States. (13) Non-U.S. person means a person that is not a U.S. person. (b) Customer identification program: minimum requirements--(1) In general. Each futures commission merchant and introducing broker must implement a written Customer Identification Program (CIP) appropriate for its size and business that, at a minimum, includes each of the requirements of paragraphs (b)(1) through (b)(5) of this section. The CIP must be a part of each futures commission merchant's and introducing broker's anti-money laundering compliance program required under 31 U.S.C. 5318(h). (2) Identity verification procedures. The CIP must include risk- based procedures for verifying the identity of each customer to the extent reasonable and practicable. The procedures must enable each futures commission merchant and introducing broker to form a reasonable belief that it knows the true identity of each customer. The procedures must be based on the futures commission merchant's or introducing broker's assessment of the relevant risks, including those presented by the various types of accounts maintained, the various methods of opening accounts, the various types of identifying information available, and the futures commission merchant's or introducing broker's size, location and customer base. At a minimum, these procedures must contain the elements described in paragraph (b)(2) of this section. (i)(A) Customer information required. The CIP must include procedures for opening an account that specify identifying information that will be obtained from each customer. Except as permitted by paragraph (b)(2)(i)(B) of this section, each futures commission merchant and introducing broker must obtain, at a minimum, the following information prior to opening an account: (1) Name; (2) Date of birth, for an individual; (3) Address, which shall be: (i) For an individual, a residential or business street address; (ii) For an individual who does not have a residential or business street address, an Army Post Office (APO) or Fleet Post Office (FPO) box number, or the residential or business street address of a next of kin or another contact individual; or (iii) For a person other than an individual (such as a corporation, partnership or trust), a principal place of business, local office or other physical location; and (4) Identification number, which shall be: (i) For a U.S. person, a taxpayer identification number; or (ii) For a non-U.S. person, one or more of the following: a taxpayer identification number, a passport number and country of issuance, an alien identification card number, or the number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard. Note to paragraph (b)(2)(i)(A)(4)(ii): When opening an account for a foreign business or enterprise that does not have an identification number, the futures commission merchant or introducing broker must request alternative government- issued documentation certifying the existence of the business or enterprise. (B) Exception for persons applying for a taxpayer identification number. Instead of obtaining a taxpayer identification number from a customer prior to opening an account, the CIP may include procedures for opening an account for a customer that has applied for, but has not received, a taxpayer identification number. In this case, the CIP must include procedures to confirm that the application was filed before the customer opens the account and to [[Page 25161]] obtain the taxpayer identification number within a reasonable period of time after the account is opened. (ii) Customer verification. The CIP must contain procedures for verifying the identity of each customer, using information obtained in accordance with paragraph (b)(2)(i) of this section, within a reasonable time before or after the customer's account is opened. The procedures must describe when the futures commission merchant or introducing broker will use documents, non-documentary methods, or a combination of both methods, as described in this paragraph (b)(2)(ii). (A) Verification through documents. For a futures commission merchant or introducing broker relying on documents, the CIP must contain procedures that set forth the documents the futures commission merchant or introducing broker will use. These documents may include: (1) For an individual, an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver's license or passport; and (2) For a person other than an individual (such as a corporation, partnership or trust), documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement, or a trust instrument. (B) Verification through non-documentary methods. For a futures commission merchant or introducing broker relying on non-documentary methods, the CIP must contain procedures that set forth the non- documentary methods the futures commission merchant or introducing broker will use. (1) These methods may include contacting a customer; independently verifying the customer's identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source; checking references with other financial institutions; or obtaining a financial statement. (2) The futures commission merchant's or introducing broker's non- documentary procedures must address situations where an individual is unable to present an unexpired government-issued identification document that bears a photograph or similar safeguard; the futures commission merchant or introducing broker is not familiar with the documents presented; the account is opened without obtaining documents; the customer opens the account without appearing in person at the futures commission merchant or introducing broker; and where the futures commission merchant or introducing broker is otherwise presented with circumstances that increase the risk that the futures commission merchant or introducing broker will be unable to verify the true identity of a customer through documents. (C) Additional verification for certain customers. The CIP must address situations where, based on the futures commission merchant's or introducing broker's risk assessment of a new account opened by a customer that is not an individual, the futures commission merchant or introducing broker will obtain information about individuals with authority or control over such account in order to verify the customer's identity. This verification method applies only when the futures commission merchant or introducing broker cannot verify the customer's true identity after using the verification methods described in paragraphs (b)(2)(ii)(A) and (B) of this section. (iii) Lack of verification. The CIP must include procedures for responding to circumstances in which the futures commission merchant or introducing broker cannot form a reasonable belief that it knows the true identity of a customer. These procedures should describe: (A) When an account should not be opened; (B) The terms under which a customer may conduct transactions while the futures commission merchant or introducing broker attempts to verify the customer's identity; (C) When an account should be closed after attempts to verify a customer's identity have failed; and (D) When the futures commission merchant or introducing broker should file a Suspicious Activity Report in accordance with applicable law and regulation. (3) Recordkeeping. The CIP must include procedures for making and maintaining a record of all information obtained under procedures implementing paragraph (b) of this section. (i) Required records. At a minimum, the record must include: (A) All identifying information about a customer obtained under paragraph (b)(2)(i) of this section; (B) A description of any document that was relied on under paragraph (b)(2)(ii)(A) of this section noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date; (C) A description of the methods and the results of any measures undertaken to verify the identity of a customer under paragraphs (b)(2)(ii)(B) and (C) of this section; and (D) A description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. (ii) Retention of records. Each futures commission merchant and introducing broker must retain the records made under paragraph (b)(3)(i)(A) of this section for five years after the account is closed and the records made under paragraphs (b)(3)(i)(B), (C), and (D) of this section for five years after the record is made. In all other respects, the records must be maintained pursuant to the provisions of 17 CFR 1.31. (4) Comparison with government lists. The CIP must include procedures for determining whether a customer appears on any list of known or suspected terrorists or terrorist organizations issued by any Federal government agency and designated as such by Treasury in consultation with the Federal functional regulators. The procedures must require the futures commission merchant or introducing broker to make such a determination within a reasonable period of time after the account is opened, or earlier if required by another Federal law or regulation or Federal directive issued in connection with the applicable list. The procedures also must require the futures commission merchant or introducing broker to follow all Federal directives issued in connection with such lists. (5)(i) Customer notice. The CIP must include procedures for providing customers with adequate notice that the futures commission merchant or introducing broker is requesting information to verify their identities. (ii) Adequate notice. Notice is adequate if the futures commission merchant or introducing broker generally describes the identification requirements of this section and provides such notice in a manner reasonably designed to ensure that a customer is able to view the notice, or is otherwise given notice, before opening an account. For example, depending upon the manner in which the account is opened, a futures commission merchant or introducing broker may post a notice in the lobby or on its Web site, include the notice on its account applications or use any other form of written or oral notice. (iii) Sample notice. If appropriate, a futures commission merchant or introducing broker may use the following sample language to provide notice to its customers: [[Page 25162]] Important Information About Procedures For Opening a New Account To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address, date of birth and other information that will allow us to identify you. We may also ask to see your driver's license or other identifying documents. (6) Reliance on another financial institution. The CIP may include procedures specifying when the futures commission merchant or introducing broker will rely on the performance by another financial institution (including an affiliate) of any procedures of its CIP, with respect to any customer of the futures commission merchant or introducing broker that is opening an account, or has established an account or similar business relationship with the other financial institution to provide or engage in services, dealings, or other financial transactions, provided that: (i) Such reliance is reasonable under the circumstances; (ii) The other financial institution is subject to a rule implementing 31 U.S.C. 5318(h), and is regulated by a Federal functional regulator; and (iii) The other financial institution enters into a contract requiring it to certify annually to the futures commission merchant or introducing broker that it has implemented its anti-money laundering program, and that it will perform (or its agent will perform) specified requirements of the futures commission merchant's or introducing broker's CIP. (c) Exemptions. The Commission, with the concurrence of the Secretary, may by order or regulation exempt any futures commission merchant or introducing broker that registers with the Commission or any type of account from the requirements of this section. In issuing such exemptions, the Commission and the Secretary shall consider whether the exemption is consistent with the purposes of the Bank Secrecy Act, and in the public interest, and may consider other necessary and appropriate factors. (d) Other requirements unaffected. Nothing in this section relieves a futures commission merchant or introducing broker of its obligation to comply with any other provision of this part, including provisions concerning information that must be obtained, verified, or maintained in connection with any account or transaction. Dated: April 28, 2003. James F. Sloan, Director, Financial Crimes Enforcement Network. Dated: April 28, 2003. In concurrence: Jean A. Webb, Secretary of the Commodity Futures Trading Commission. [FR Doc. 03-11016 Filed 5-8-03; 8:45 am] BILLING CODE 4810-02-P; 6351-01-P