Compliance Blog

Nov 21, 2022

Address Confidentiality Programs and Customer Identification

The PATRIOT Act and federal regulations require each credit union to implement a written Customer Identification Program (CIP) that includes certain minimum requirements, such as the collection of identifying information at account opening and risk-based identity verification procedures. But what happens when a customer is part of an address confidentiality program (ACP)?

It’s important to note that the purpose of the CIP is to allow the credit union to form a reasonable belief that it knows the true identity of each customer.

The CIP rules are found in section 748.2(b)(2) of the NCUA regulations and section 1020.220  of the FinCEN regulations.

Under section 1020.220(a)(2)(i)(A) it states:

In general. The CIP must contain procedures for opening an account that specify the identifying information that will be obtained from each customer. Except as permitted by paragraphs (a)(2)(i)(B) and (C) of this section, the bank must obtain, at a minimum, the following information from the customer prior to opening an account:

(1) Name;

(2) Date of birth, for an individual;

(3) Address, which shall be:

(i) For an individual, a residential or business street address;

(ii) For an individual who does not have a residential or business street address, an Army Post Office (APO) or Fleet Post Office (FPO) box number, or the residential or business street address of next of kin or of another contact individual; or

(iii) For a person other than an individual (such as a corporation, partnership, or trust), a principal place of business, local office, or other physical location;” (Emphasis added).

The exception in paragraph (a)(2)(i)(B) applies to persons applying for a taxpayer identification number, and the exception in paragraph (a)(2)(i)(C) applies to credit card accounts so neither seem to be applicable in the case of a customer who is part of an address confidentiality program.  

However, based on the rule outlined above, a financial institution may accept a residential or business street address of next of kin or of another contact individual in lieu of the address of the member.

Additionally, this FinCEN letter provides helpful insight into how to handle situations when customers are part of an address confidentiality program, stating:

“I am responding to your letter dated January 16, 2009, to the Financial Crimes Enforcement Network (FinCEN), in which you seek guidance on customer identification (CIP) requirements as they relate to customers who are issued a post office box address as part of their participation in the [name of state] program, an address confidentiality program (ACP)…”

“A [financial institution] would not be in compliance with the rules if it accepts the [name of state ACP] post office box address to fulfill CIP requirements. However, FinCEN understands the need to protect victim anonymity.”

“…[i]n an effort to support [name of state ACP] requirements, as well as similar requirements that may arise in other states that have established an ACP…FinCEN authorizes the following exception to the requirement that a [financial institution] obtain a customer's residential or business street address: a customer who participates in a state-created ACP shall be treated as not having a residential or business street address and a secretary of state, or other state entity serving as a designated agent of the customer consistent with the terms of the ACP, will act as another contact individual for the purpose of complying with FinCEN's rules. Therefore, a [financial institution] should collect the street address of the ACP sponsoring agency for purposes of meeting its CIP address requirement.” (Emphasis added).

Based on the letter, FinCEN permits a financial institution to collect the address of the state agency protecting the member’s address in order to satisfy CIP requirements when the potential member is participating in a state address confidentiality program.

I hope everyone has a great Thanksgiving this week!


Regulatory Compliance School

Join your peers and understand credit union compliance from A to Z when you attend NAFCU's Regulatory Compliance School. Plus, you can earn your NCCO. Right now, save $200.00 with code SCHOOLSAVINGS. View the agenda

About the Author

Tara Simpson, NCCO, NCBSO, Regulatory Compliance Counsel, NAFCU

Tara Simpson---NAFCU-Regulatory-Compliance-Counsel

Tara Simpson joined NAFCU as a regulatory compliance counsel in July 2022. In this role, Tara assists credit unions with a variety of compliance issues.

Read full bio