America’s CUs Oppose CIP Rule Change
The opposition concerns a third party’s ability to access consumers’ full Social Security numbers.
The Financial Crimes Enforcement Network (FinCEN) posted a request for information in March asking for feedback related to changes in the Customer Identification Program (CIP) Rule, which could expand access to consumers’ full Social Security number (SSN) by third-party organizations – a change America’s Credit Unions opposes.
According to America’s Credit Unions, “The existing rule requires financial institutions to implement a written CIP that includes identity verification procedures, and financial institutions must currently collect a full SSN from a customer to fulfill the Taxpayer Identification Number (TIN) requirement.”
A letter filed Tuesday with FinCEN officials from America’s Credit Unions Senior Director of Advocacy and Counsel Luke Martone stated the organization’s opposition to amending the CIP Rule for identity verification to potentially allow financial institutions to collect a partial SSN from a customer and then use a third-party fintech to collect the full SSN.
“While we appreciate FinCEN’s consideration of technological advancements, including with regard to the methods by which financial institutions verify customer identification, we are concerned that modifying the current process to allow for collection of the full SSN from a third party may present certain risks, without clear benefits,” Martone wrote.
He continued, “While we typically encourage regulatory changes that increase flexibility, we are also mindful that some changes could bring about increased risk, including in the area of consumer fraud, such as identity theft, as noted by FinCEN. Further, we are aware of concern among consumers regarding the sharing — and/or retrieval of — their SSN by third parties outside the direct supervision of their trusted credit union.”
While Martone expressed the opposition to the possible rule change, he noted a potential solution that “could be some value in possibly allowing financial institutions to utilize third-parties to collect other (non-SSN) customer-identifying information required by the CIP Rule directly from the customer.”
He added, “Some financial institutions, including credit unions, utilize third parties to verify the data collected from their customers to assess its accuracy, as well as review for potential fraud. Use of such third-party tools can decrease the amount of processing time required, while still complying with the regulatory requirements of the CIP Rule. Based on member feedback, we ask FinCEN to evaluate the appropriateness of expanding financial institutions’ ability to rely on third parties (e.g., fintechs) to collect and verify consumer data.”