22234
Federal Register / Vol. 89, No. 62 / Friday, March 29, 2024 / Notices
electronic Consent Based SSN
Verification (eCBSV) program, which
typically requires customer consent
prior to accessing this program, how
would banks be able to use the eCBSV
program if banks no longer obtained the
full SSN from the customer?
4. Regarding current practices by
parties not subject to the CIP Rule’s SSN
collection requirement (i.e., non-banks)
when using third-party sources for SSN
collection:
a. What are the risks and benefits of
using a third-party source for SSN
collection?
b. What minimum due diligence
processes does a non-bank typically
conduct before contracting with a third-
party source for SSN collection? How do
non-banks review and assess the
capability, quality, and performance of
the third-party source, including the
accuracy and reliability of the full SSN
collected by the third-party source?
c. What ongoing due diligence and
monitoring do non-banks conduct on
the third-party source? How frequently
is ongoing due diligence conducted?
d. What measures do non-banks have
in place to verify the accuracy of a full
SSN retrieved from a third-party source?
e. How do non-banks ensure the
privacy and security of customer data
when using a third-party source for SSN
collection?
f. What authoritative or private sector
third-party sources are generally used
for obtaining SSNs?
g. What, if any, limitations and/or
shortcomings have been identified in
third-party sources used to obtain SSN
information?
h. What is the typical timeframe from
when a customer enters their partial TIN
to the non-bank receiving the full SSN
from the third-party source?
i. What types of processes or strategies
may be employed by third-party sources
to manage high volume and/or time-
sensitive SSN collection requests?
j. How frequently do customers fail
the third-party SSN collection? What
process(es) can be applied in such
instances?
k. Have there been expected or
observed differences in the rate of fraud
or suspicious activity when non-banks
using a partial SSN collection process
versus full SSN collection directly from
a customer?
l. How frequently does the partial
SSN provided by a customer match to
more than one individual when
submitted to a third-party source? What
additional steps are taken in such a
case?
m. When the customer provides a
partial SSN, is the customer notified
that the remaining digits of their SSN
will be obtained from a third-party
source? Are there instances when non-
banks may display a full SSN to a
customer who provided a partial SSN?
How would non-banks address and
mitigate identity theft-related risks in
those instances?
5. Provide any publicly available
studies or data points that demonstrate:
a. Customer behavior in seeking or
avoiding access to financial products or
services based on risks associated with
a customer providing a full SSN,
whether perceived or actual.
b. Accuracy and reliability of third-
party sources from which SSN
information could be acquired.
c. Impact on financial crime or other
illicit finance activity risks when a
customer is not required to provide a
full SSN.
d. The benefits and risks for non-
banks (e.g., employers, retailers,
financial service providers, and
government agencies) and third-party
service providers in obtaining a partial
SSN from the customer and then using
a third-party source to obtain the
customer’s full SSN.
6. Regarding current CIP practices of
all financial institutions, both banks and
non-banks:
a. What risks have been identified
with the SSN collection requirement,
and how have those risks been
mitigated?
b. Do financial institutions use a
combination of documentary and non-
documentary methods to verify the
identity of its customers, or do financial
institutions rely solely on one of the two
methods?
i. For financial institutions that do not
rely on a combination of both methods,
what is the rationale?
ii. For financial institutions that rely
solely on non-documentary methods,
what is the rationale and what
information is collected to form a
reasonable belief that it knows the true
identity of the customer?
c. What are the variations to TIN
collection and verification practices
used by financial institutions?
d. Other than processes related to TIN
collection and verification, what other
means are used by financial institutions
to collect and verify customer
identifying information?
e. Describe the processes and
technologies used by financial
institutions when obtaining and
verifying partial and/or full customer
identifying information as it pertains to
various delivery channels (such as
telephonic, mobile, and point-of-sale).
f. Describe similarities and differences
in the collection and verification
practices by financial institutions
between individuals who provide SSNs
and legal entities that provide Employer
Identification Numbers.
7. What are the competitive
advantages and disadvantages between
banks that are required to collect the full
SSN from the customer and those non-
banks that collect a partial SSN from the
customer and then use a third-party
source to obtain the customer’s full
SSN?
8. What types of products/services are
impacted by differing regulatory
requirements related to SSN collection?
Andrea M. Gacki,
Director, Financial Crimes Enforcement
Network.
[FR Doc. 2024–06763 Filed 3–28–24; 8:45 am]
BILLING CODE 4810–02–P
DEPARTMENT OF THE TREASURY
Office of Foreign Assets Control
Notice of OFAC Sanctions Actions
AGENCY
: Office of Foreign Assets
Control, Treasury.
ACTION
: Notice.
SUMMARY
: The U.S. Department of the
Treasury’s Office of Foreign Assets
Control (OFAC) is publishing the names
of one or more persons that have been
placed on OFAC’s Specially Designated
Nationals and Blocked Persons List
(SDN List) based on OFAC’s
determination that one or more
applicable legal criteria were satisfied.
All property and interests in property
subject to U.S. jurisdiction of these
persons are blocked, and U.S. persons
are generally prohibited from engaging
in transactions with them.
DATES
: See
SUPPLEMENTARY INFORMATION
section for applicable dates.
FOR FURTHER INFORMATION CONTACT
:
OFAC: Bradley T. Smith, Director, tel.:
202–622–2490; Associate Director for
Global Targeting, tel.: 202–622–2420;
Assistant Director for Licensing, tel.:
202–622–2480; Assistant Director for
Regulatory Affairs, tel.: 202–622–4855;
or the Assistant Director Compliance,
tel.: 202–622–2490.
SUPPLEMENTARY INFORMATION
:
Electronic Availability
The SDN List and additional
information concerning OFAC sanctions
programs are available on OFAC’s
website (https://www.treasury.gov/ofac).
Notice of OFAC Action(s)
On March 26, 2024, OFAC
determined that the property and
interests in property subject to U.S.
jurisdiction of the following persons are
VerDate Sep<11>2014 16:49 Mar 28, 2024 Jkt 262001 PO 00000 Frm 00119 Fmt 4703 Sfmt 4703 E:\FR\FM\29MRN1.SGM 29MRN1
khammond on DSKJM1Z7X2PROD with NOTICES