[Federal Register: May 9, 2003 (Volume 68, Number 90)]
[Rules and Regulations]
[Page 25149-25162]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr09my03-28]

-----------------------------------------------------------------------

COMMODITY FUTURES TRADING COMMISSION

17 CFR Part 42

RIN 3038-AB90

DEPARTMENT OF THE TREASURY

31 CFR Part 103

RIN 1506-AA34


Customer Identification Programs For Futures Commission Merchants
and Introducing Brokers

AGENCIES: Financial Crimes Enforcement Network, Treasury; Commodity
Futures Trading Commission.

ACTION: Joint final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of the Treasury, through the Financial Crimes
Enforcement Network (FinCEN), and the Commodity Futures Trading
Commission (CFTC) are jointly adopting a final rule to implement
section 326 of the Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism (USA
PATRIOT ACT) Act of 2001. Section 326 requires the Secretary of the
Treasury to jointly prescribe with the CFTC a rule that, at a minimum,
requires futures commission merchants and introducing brokers to
implement reasonable procedures to verify the identity of any person
seeking to open an account, to the extent reasonable and practicable;
maintain records of the information used to verify the person's
identity; and determine whether the person appears on any lists of
known or suspected terrorists or terrorist organizations provided to
futures commission merchants or introducing brokers by any government
agency. This final rule applies to all futures commission merchants and
introducing brokers, except for futures commission merchants and
introducing brokers that register with the CFTC solely because they
effect transactions in security futures products.

DATES: Effective Date: This rule is effective June 9, 2003.
    Compliance Date: Futures commission merchants and introducing
brokers subject to this final rule must comply with it by October 1,
2003.

FOR FURTHER INFORMATION CONTACT: Commodity Futures Trading Commission:
Office of the General Counsel, (202) 418-5120, Commodity Futures
Trading Commission, 1155 21st Street, NW., Washington, DC 20581; or AMLstaff@cftc.gov.    Treasury: Office of the Chief Counsel (FinCEN), (703) 905-3590;
Office of the General Counsel (Treasury), (202) 622-1927; or the Office
of the Assistant General Counsel for Banking & Finance (Treasury),
(202) 622-0480.

SUPPLEMENTARY INFORMATION:

I. Background

A. Section 326 of the USA PATRIOT Act

    On October 26, 2001, President Bush signed into law the Uniting and
Strengthening America by Providing Appropriate Tools Required to
Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001
(Act).\1\ Title III of the Act, captioned ``International Money
Laundering Abatement and Anti-terrorist Financing Act of 2001,'' added
several new provisions to the Bank Secrecy Act (BSA).\2\ These
provisions are intended to facilitate the prevention, detection, and
prosecution of international money laundering and the financing of
terrorism. Section 326 of the Act added a new subsection (l) to 31
U.S.C. 5318 of the BSA that requires the Secretary of the Treasury
(Secretary or Treasury) to prescribe regulations ``setting forth the
minimum standards for financial institutions and their customers
regarding the identity of the customer that shall apply in connection
with the opening of an account at a financial institution.''
---------------------------------------------------------------------------

    \1\ Pub. L. 107-56.
    \2\ 31 U.S.C. 5311 et seq.
---------------------------------------------------------------------------

    Section 326 of the Act applies to all ``financial institutions.''
This term is defined broadly in the BSA to encompass a variety of
entities, including commercial banks, agencies and branches of foreign
banks in the United States, thrifts, credit unions, private banks,
trust companies, brokers and dealers in securities, investment
companies, futures commission merchants (FCMs), introducing brokers
(IBs),\3\ insurance companies, travel agents, pawnbrokers, dealers in
precious metals, check-cashers, casinos, and telegraph companies, among
many others.\4\
---------------------------------------------------------------------------

    \3\ Treasury has clarified that the term ``a broker or dealer in
securities or commodities'' in the BSA, 31 U.S.C. 5312(a)(2)(H),
includes IBs within the definition of ``financial institution.'' 67
FR 48328, 48329 n.2 (July 23, 2002); see also 67 FR 21110, 21111 n.5
(April 29, 2002).
    \4\ See 31 U.S.C. 5312(a)(2), 5312(c)(1)(A). For any financial
institution engaged in financial activities described in section
4(k) of the Bank Holding Company Act of 1956, the Secretary is
required to prescribe the regulations issued under section 326 of
the Act jointly with the Office of the Comptroller of the Currency,
the Board of Governors of the Federal Reserve System, the Federal
Deposit Insurance Corporation, the Office of Thrift Supervision, and
the National Credit Union Administration (collectively, the banking
agencies), the CFTC, and the Securities and Exchange Commission
(SEC).
---------------------------------------------------------------------------

    The regulations implementing section 326 of the Act must require,
at a minimum, financial institutions to implement reasonable customer
identification procedures for: (1) Verifying the identity of any person
seeking to open an account, to the extent reasonable and practicable;
(2) maintaining records of the information used to verify the person's
identity, including name, address, and other identifying information;
and (3) determining whether the person appears on any lists of known or
suspected terrorists or terrorist organizations provided to the
financial institution by any government agency. In prescribing these
regulations, the Secretary is directed to take into consideration the
types of accounts maintained by different types of financial
institutions, the various methods of opening accounts, and the types of
identifying information that are available.

B. Overview of Comments Received

    On July 23, 2002, Treasury and the CFTC jointly proposed a rule to
implement section 326 of the Act with respect to FCMs and IBs.\5\
Treasury and the CFTC received three comments directed to this
proposal.\6\ Commenters

[[Page 25150]]

were a registered futures association and two futures industry trade
associations. Commenters generally supported the proposal but suggested
a few revisions.
---------------------------------------------------------------------------

    \5\ Customer Identification Programs for FCMs and IBs, 67 FR
48328 (July 23, 2002) (NPRM). Treasury simultaneously published: (1)
jointly with the banking agencies, a proposed rule applicable to
banks (as defined in 31 CFR 103.11(c)) and foreign branches of
insured banks (67 FR 48290 (July 23, 2002)); (2) a proposed rule
applicable to credit unions, private banks and trust companies that
do not have a Federal functional regulator (67 FR 48299 (July 23,
2002)); (3) jointly with the SEC, a proposed rule applicable to
broker-dealers (67 FR 48306 (July 23, 2002)); and (4) jointly with
the SEC, a proposed rule applicable to mutual funds (67 FR 48318
(July 23, 2002)). Treasury, the CFTC, the SEC, and the banking
agencies received approximately 500 comments in response to these
proposed rules. Many of those commenters raised similar issues
applicable to all the affected sectors of the financial services
industry.
    \6\ The comment letters are available for public inspection and
copying in the CFTC's Reading Room, located in Room 4072 at the
CFTC's principal office at Three Lafayette Centre, 1155 21st Street,
NW., Washington, DC 20581. The telephone number is (202) 418-5025.
Comment letters are also available on the CFTC's Internet website at
 href="http://frwebgate.access.gpo.gov/cgi-bin/leaving.cgi?from=leavingFR.html&log=linklog&to=http://www.cftc.gov/foia/comment02/foi02_009_1.htm" shape="rect">http://frwebgate.access.gpo.gov/cgi-bin/leaving.cgi?from=leavingFR.html&log=linklog&to=http://www.cftc.gov/foia/comment02/foi02_009_1.htm.
---------------------------------------------------------------------------

    One commenter addressed the rule's definition of ``customer,''
specifically the definition's inclusion of persons with authority to
effect transactions in the account. This commenter argued that the
definition was overly broad and suggested that a risk-based approach be
adopted instead.
    Two commenters addressed the proposed rule's identity verification
requirement. One commenter supported the proposed rule's framework for
when verification would be required of existing customers that open new
accounts. The other commenter requested clarification as to what would
be considered a ``new account'' for which verification would be
necessary. Both commenters suggested that the final rule text include
the exception discussed in the NPRM for certain non-customer initiated
transfers of accounts between FCMs.\7\
---------------------------------------------------------------------------

    \7\ See NPRM, 67 FR at 48330.
---------------------------------------------------------------------------

    Two commenters addressed the issue of permissible reliance between
FCMs and IBs that share an account relationship with respect to the
performance of customer identification and verification functions. The
commenters requested clarification regarding the requirement that the
relied-upon firm provide a certification to the relying firm. They
suggested that the relied-upon firm be allowed to provide one
certification that would suffice for all customers for which the two
financial institutions share an account relationship. The commenters
also suggested that reliance upon non-U.S. financial institutions,
particularly affiliates, be permitted as well.
    One commenter addressed the proposed rule's customer notice
requirement. This commenter suggested that notice should not be
required of FCMs and IBs, and that if it is required, posting a notice
on the firm's Internet website should be deemed sufficient for all
customers.
    Treasury and the CFTC have modified the proposed rule in light of
these comments. It is the intent of Treasury, the CFTC, the SEC and the
banking agencies that all the final rules implementing 31 U.S.C.
5318(l) be substantively identical, which approach was supported by
commenters from all affected sectors of the financial services
industry. Accordingly, Treasury and the CFTC also have modified the
proposed rule for FCMs and IBs to maintain consistency and parallel
treatment with the final rules imposing customer identification and
verification requirements upon other financial institutions.\8\ The
section-by-section analysis that follows discusses the comments and the
modifications that Treasury and the CFTC have made to the proposed
rule.
---------------------------------------------------------------------------

    \8\ See supra notes 4 and 5. Treasury and the CFTC believe that
these changes either clarify or liberalize the scope of the proposed
rule with respect to FCMs and IBs.
---------------------------------------------------------------------------

C. Codification of the Joint Final Rule

    The joint final rule applies to any person that is registered or
required to be registered with the CFTC under the Commodity Exchange
Act (CEA) \9\ as either an FCM or IB, except persons who register as an
FCM or IB solely for the purpose of effecting any transactions in a
security futures product (SFP).\10\ The substantive requirements of
this joint final rule will be codified as part of Treasury's BSA
regulations located in 31 CFR Part 103.\11\
---------------------------------------------------------------------------

    \9\ 7 U.S.C. 1, et seq.
    \10\ FCMs and IBs that limit their futures business to effecting
transactions in SFPs may register with the CFTC pursuant to 7 U.S.C.
6f(a)(2). These persons will be subject to the customer
identification rule being issued by the SEC with respect to
securities brokers or dealers.
    \11\ The rule will be codified at 31 CFR 103.123.
---------------------------------------------------------------------------

    As proposed, the CFTC is adding a rule in its own regulations that
will cross-reference the joint rule in 31 CFR Part 103. Specifically,
the CFTC is concurrently amending Chapter I of 17 CFR to add a new Part
42 and adopting a new rule in this Part, Rule 42.2 (Compliance with
Bank Secrecy Act).\12\ CFTC Rule 42.2 will require each FCM and IB to
comply with the applicable provisions of the BSA and the implementing
regulations, including 31 U.S.C. 5318(l) and the implementing
regulation jointly promulgated by Treasury and the CFTC at 31 CFR
103.23, requiring customer identification and verification procedures
as part of the FCM's or IB's anti-money laundering (AML) compliance
program.
---------------------------------------------------------------------------

    \12\ 17 CFR 42.2.
---------------------------------------------------------------------------

    Final rules governing the applicability of section 326 of the Act
to certain other financial institutions, including banks, thrifts,
credit unions, mutual funds and securities broker-dealers, are being
issued separately. Treasury, the CFTC, the SEC and the banking agencies
consulted extensively in the development of all joint rules
implementing section 326 of the Act. These agencies intend the effect
of the final rules to be uniform throughout the financial services
industry. Treasury intends to issue separate rules under section 326 of
the Act for certain non-bank financial institutions that are not
regulated by one of the Federal functional regulators.

D. Compliance Date

    Many commenters on the other proposed rules \13\ requested that
financial institutions be given adequate time to develop and implement
the requirements of any final rule adopted under section 326 of the
Act. The transition periods suggested by these commenters ranged from
60 days to two years after the publication of a final rule.
---------------------------------------------------------------------------

    \13\ See supra note 5.
---------------------------------------------------------------------------

    The final rule for FCMs and IBs modifies various aspects of the
proposed rule and eliminates some of the requirements that commenters
identified as being most burdensome. Nonetheless, Treasury and the CFTC
recognize that some FCMs and IBs will need time to develop and
implement the customer identification program (CIP) required by the
rule, because doing so may include various measures, such as training
staff, reprinting forms, and programming automated systems.
Accordingly, although this rule will be effective 30 days after
publication, FCMs and IBs will have a transition period to implement
the rule. FCMs and IBs must fully implement their CIPs under the final
rule by October 1, 2003.\14\
---------------------------------------------------------------------------

    \14\ The final CIP rules issued by Treasury and the other
Federal functional regulators also require full implementation by
October 1, 2003.
---------------------------------------------------------------------------

II. The Joint Final Rule Implementing Sections 326 of the Act

A. Section-by-Section Analysis

Section 103.123(a) Definitions

    Section 103.123(a)(1) Account. The proposed rule defined
``account'' as any formal business relationship with an FCM, including,
but not limited to, any relationship established to effect transactions
in contracts of sale for future delivery, options on contracts of sale
for future delivery, or options on physicals in any commodity.\15\
---------------------------------------------------------------------------

    \15\ See NPRM, 67 FR at 48337.
---------------------------------------------------------------------------

    The final rule includes certain changes to this definition. First,
the reference to a ``business relationship'' has been removed from the
definition of ``account.'' This change has been made to clarify that
the rule applies to the FCM's provision of financial services,\16\

[[Page 25151]]

as opposed to general business dealings such as those established in
connection with an FCM's own operations or premises. Second, in order
to clarify the covered relationships, the final rule refers to
transactions in ``contracts of sale of a commodity for future delivery,
options on any contract of sale of a commodity for future delivery, or
options on a commodity.''
---------------------------------------------------------------------------

    \16\ This term is intended to operate broadly to include all
financial services provided by an FCM. It would include, for
example, the provision of any guarantee or clearing services
provided by an FCM. It would also include an FCM's provision of
financial services involving any foreign currency futures contract,
option on any foreign currency futures contract, or option on a
foreign currency that occurs on an off-exchange basis. See 7 U.S.C.
2(c)(1)-(2).
---------------------------------------------------------------------------

    Two commenters requested that the final rule codify the ``transfer
exception'' to the definition of an ``account.'' The NPRM stated that
transfers of accounts from one FCM to another that are not initiated by
the customer fall outside the scope of section 326 of the Act,\17\ and
would not be covered by the proposed rule.\18\ The final rule codifies
this exception \19\ by excluding from the definition of ``account'' any
account that an FCM acquires through an acquisition, merger, purchase
of assets, or assumption of liabilities.\20\
---------------------------------------------------------------------------

    \17\ Section 326 of the Act applies with respect to persons
seeking to open an account at a financial institution. If a
financial institution acquires an account through a non-customer
initiated transaction, such as a transfer due to the insolvency of
an FCM, the customer is not seeking to open an account with the
financial institution.
    By the same reasoning, the final rule does not, as one commenter
requested, expand the ``transfer exception'' to include transfers
where a customer account follows an associated person who moves from
one firm to another, because such transfers are, at a minimum,
undertaken with the acquiescence of the customer. Nonetheless, as
discussed, infra, while the final rule requires that certain minimum
customer information be obtained prior to opening an account,
verification of the customer's identity may be done within a
reasonable time before or after the account is opened.
    \18\ See NPRM, 67 FR at 48330 (discussion of definition of the
term ``customer'').
    \19\ Nevertheless, there may be situations involving the
transfer of accounts where it would be appropriate for an FCM, as
part of its anti-money laundering compliance program (see, infra,
note 89 and accompanying text) to verify the identity of customers
associated with accounts that it acquires from another financial
institution. For example, it may be appropriate to verify
transferred account holders if the accounts are coming from a
financial institution that has failed to establish or maintain a
CIP. Treasury and the Federal functional regulators expect financial
institutions to implement reasonable procedures to detect money
laundering in any account, however acquired.
    \20\ This ``transfer exception'' includes bulk transfers made in
accordance with CFTC Rule 1.65, 17 CFR 1.65, or as required by the
CFTC's minimum financial requirements in CFTC Rule 1.17(a)(4), 17
CFR 1.17(a)(4). This exception would also cover transfers of
accounts that result when an IB changes its introducing relationship
from one FCM to another. For customers that open accounts after the
transfer, however, the IB and the new FCM would need to meet the
requirements in paragraph (b)(6) (including entering into a contract
and providing certifications) to the extent they intend to rely on
each other to undertake CIP requirements with respect to these
customers.
---------------------------------------------------------------------------

    The final rule also excludes from the definition of ``account''
those accounts that are opened for the purpose of participating in an
employee benefit plan established pursuant to the Employee Retirement
Income Security Act of 1974. These accounts are less susceptible to
being used for the financing of terrorism and money laundering because,
among other reasons, they are funded through payroll deductions in
connection with employment plans that must comply with Federal
regulations imposing, among other requirements, low contribution limits
and strict distribution requirements.
    Section 103.123(a)(2) Commission. The proposed rule defined
``Commission'' as the United States Commodity Futures Trading
Commission. There were no comments on the definition, and Treasury and
the CFTC have adopted it as proposed.
    Section 103.123(a)(3) Commodity. The proposed rule defined
``commodity'' by reference to Section 1a(4) of the CEA, 7 U.S.C. 1a(4).
There were no comments on the definition, and Treasury and the CFTC
have adopted it as proposed.
    Section 103.123(a)(4) Contract of sale. The final rule adds a
definition of ``contract of sale.'' The term is used in the definition
of ``account.''\21\ The final rule defines ``contract of sale'' as any
sale, agreement of sale or agreement to sell as described in Section
1a(7) of the CEA, 7 U.S.C. 1a(7).
---------------------------------------------------------------------------

    \21\ See final rule, 103.123(a)(1).
---------------------------------------------------------------------------

    Section 103.123(a)(5) Customer. The proposed rule defined
``customer'' to mean any person who opens a new account with an FCM,
and any person granted authority to effect transactions in an
account.\22\ For consistency with the text of section 326 of the Act,
the final rule defines ``customer'' as ``a person that opens a new
account.'' Except in the case of minors and informal groups with a
common interest (e.g., civic clubs), this means that the ``customer''
is the person identified as the account holder, or persons in the case
of a joint account. It does not refer to a person who fills out the
account opening paperwork or provides information necessary to open an
account, if such person is not the account holder as well. Thus, an FCM
or IB is not required to look through a trust or similar account to its
beneficiaries, and is required only to verify the identity of the named
account holder.\23\ The final rule provides for similar treatment of
intermediated accounts.
---------------------------------------------------------------------------

    \22\ See NPRM, 67 FR at 48337.
    \23\ However, as discussed below, under paragraph (b)(2)(ii)(C)
of the final rule, an FCM or IB, based on its risk-assessment of a
new account, may need to take additional steps to verify the
identity of a non-individual, such as obtaining information about
persons with control over the account. In addition, the due
diligence procedures required under other provisions of the BSA or
the futures laws may require FCMs and IBs to look through to owners
of certain types of accounts.
---------------------------------------------------------------------------

    As stated in the NPRM,\24\ the focus of the CIP with respect to
intermediated accounts will be the intermediary itself. If the
intermediary is the account holder, such as in the case of an omnibus
account, an FCM is not required to look through the intermediary to the
underlying beneficiaries. Likewise, if the intermediary opens an
account in the name of a collective investment vehicle, such as
commodity pools, an FCM or IB is not required to look through the
collective investment vehicle to the underlying participants.\25\
---------------------------------------------------------------------------

    \24\ See NPRM, 67 FR at 48331.
    \25\ This is not because the FCM or IB is relying upon the
intermediary to perform its required due diligence. It is because
under the final rule, FCMs and IBs are required only to verify the
identity of their customers, and when an intermediary opens an
account in its own name (or in the name of its collective investment
vehicle), the intermediary (or collective investment vehicle) is the
firm's ``customer.''
    By contrast, if an intermediary were to open an account not in
its own name (or the name of a collective investment vehicle) but in
the name of its client, then under the final rule the FCM's or IB's
customer would be the client. In this situation, the FCM or IB may
indeed seek to rely upon the intermediary for performance of its CIP
procedures with respect to these shared customers. See discussion
infra regarding final rule, 103.123(b)(6) (reliance on other
financial institutions).
---------------------------------------------------------------------------

    After revisiting the ``authorized person'' component of the
proposed ``customer'' definition, Treasury and the CFTC have determined
that requiring limited resources to be expended on verifying the
identities of persons with authority over accounts could interfere with
an FCM's or IB's ability to focus on customers that present a higher
risk of not being properly identified. Accordingly, the final rule does
not include persons with authority to effect transactions in accounts
within the definition of ``customer.'' Instead, paragraph (b)(2)(ii)(C)
of the final rule requires FCMs and IBs to address situations where
they will take additional steps to verify the identity of a customer
that is not an individual by seeking information about individuals with
authority or control over the account in order to verify the customer's
identity.
    The definition of ``customer'' has been revised to clarify the
treatment of

[[Page 25152]]

accounts for an individual who lacks legal capacity (such as a minor)
and accounts for an entity that is not a legal person (such as informal
groups with a common interest, which includes civic clubs).\26\ In the
case of a minor child or informal group, the ``customer'' for purposes
of the rule is the individual who undertakes to open the account in the
name of the minor or group. Generally, this will be the person who
fills out the account opening paperwork and provides the information
necessary to open the account in the name of the minor or group.
---------------------------------------------------------------------------

    \26\ See final rule, 103.123(a)(5)(i)(B).
---------------------------------------------------------------------------

    In order to make the rule less burdensome, the final rule excludes
from the definition of ``customer'' certain readily identifiable
entities, including: (1) Financial institutions regulated by a Federal
functional regulator; (2) banks regulated by a state bank regulator;
and (3) persons described in Sec.  103.22(d)(2)(ii)-(iv), which
includes entities such as governmental agencies and instrumentalities
and companies that are publicly traded.\27\ The definition of
``customer'' also excludes a person who has an existing account,
provided that the FCM or IB has a reasonable belief that it knows the
true identity of the person.\28\
---------------------------------------------------------------------------

    \27\ See final rule,103.123(a)(5)(ii)(A)-(B). Section
103.22(d)(2)(iv) exempts such companies only to the extent of their
domestic operations. Accordingly, an FCM's or IB's CIP will apply to
any foreign offices, affiliates, or subsidiaries of such entities
that open new accounts.
    \28\ The proposed rule provided for similar treatment of
existing customers, however, it included this exclusion in a
different paragraph of the rule. Whereas the existing customer
exclusion appears in the final rule's definition of ``customer,''
this exclusion appeared in the proposed rule's paragraph detailing
the required verification procedures. Compare 103.123(a)(5)(ii) with
NPRM, 67 FR at 48338 (proposed 103.123(d)).
---------------------------------------------------------------------------

    Finally, the proposed definition of ``customer'' stated that when
an account is introduced to an FCM by an IB, the person or individual
opening the account shall be deemed to be a customer of both the FCM
and the IB. There were no comments on this portion of the definition,
and Treasury and the CFTC have adopted it as proposed.\29\
---------------------------------------------------------------------------

    \29\ Treasury and the CFTC believe that the revisions made to
the definition of ``customer'' in the proposed rule address the
suggestion by one commenter that a risk-based approach be taken to
determining who is a customer whose identity must be verified.
---------------------------------------------------------------------------

    Section 103.123(a)(6) Federal functional regulator. The final rule
adds a definition of ``Federal functional regulator.'' The term is used
in the revised definition of ``customer'' and in a new provision
allowing FCMs and IBs to rely on certain other financial institutions
to perform procedures of their CIPs.\30\ The final rule defines
``Federal functional regulator'' by reference to Sec.  103.120(a)(2).
---------------------------------------------------------------------------

    \30\ See final rule, 103.123(a)(5) and (b)(6), respectively.
---------------------------------------------------------------------------

    Section 103.123(a)(7) Financial institution. The final rule adds a
definition of ``financial institution.'' The term is used in the
revised definition of ``customer'' and in a new provision allowing FCMs
and IBs to rely on certain other financial institutions to perform
procedures of their CIPs.\31\ This new definition cross-references the
BSA, 31 U.S.C. 5312(a)(2) and (c)(1). This is a more expansive
definition of ``financial institution'' than that in 31 CFR 103.11, and
includes entities such as FCMs.
---------------------------------------------------------------------------

    \31\ Id.
---------------------------------------------------------------------------

    Section 103.123(a)(8) FCM. The proposed rule defined ``FCM'' as any
person registered or required to be registered as an FCM with the CFTC
under the CEA, except persons who register pursuant to section 4f(a)(2)
of the CEA solely to effect transactions in SFPs. There were no
comments on the definition, and Treasury and the CFTC have adopted it
as proposed.
    Section 103.123(a)(9) IB. The proposed rule defined ``IB'' as any
person registered or required to be registered as an IB with the CFTC
under the CEA, except persons who register pursuant to section 4f(a)(2)
of the CEA solely to effect transactions in SFPs. There were no
comments on the definition, and Treasury and the CFTC have adopted it
as proposed with the addition of a U.S.C. citation for section 4f(a)(2)
of the CEA, 7 U.S.C. 6f(a)(2).
    Section 103.123(a)(10) Option. The final rule adds a definition of
``option.'' The term is used in the definition of ``account.'' \32\ The
final rule defines ``option'' as an agreement, contract or transaction
described in Section 1a(26) of the CEA, 7 U.S.C. 1a(26).
---------------------------------------------------------------------------

    \32\ See final rule, 103.123(a)(5).
---------------------------------------------------------------------------

    Section 103.12(a)(11) Taxpayer identification number. The proposed
rule defined ``taxpayer identification number'' (TIN) by reference to
the provisions of section 6109 of the Internal Revenue Code of 1986 and
the regulations of the Internal Revenue Service (IRS) promulgated
thereunder. There were no comments on the definition, and Treasury and
the CFTC have adopted it substantially as proposed.
    Section 103.123(a)(12) U.S. Person and Sec.  103.123(a)(13) Non-
U.S. person. The proposed rule defined ``U.S. person'' as an individual
who is a U.S. citizen, or an entity established or organized under the
laws of a State or the United States.\33\ A ``non-U.S. person'' was
defined as a person who did not satisfy either of these criteria.\34\
---------------------------------------------------------------------------

    \33\ The proposed rule contained a definition of ``person'' that
cross-referenced the definition in 31 CFR 103.11(z). See NPRM, 67 FR
at 48337. Since the final rule is being codified in 31 CFR Part 103,
it will incorporate the definition in Sec.  103.11(z) without the
need for a specific cross-reference. Therefore, the definition has
been removed from the final rule. The definition of ``person'' in
Sec.  103.11(z) is: ``an individual, a corporation, a partnership, a
trust or estate, a joint stock company, an association, a syndicate,
joint venture, or other unincorporated organization or group, an
Indian tribe (as that term is defined in the Indian Gaming
Regulatory Act), and all entities cognizable as legal
personalities.''
    \34\ See NPRM, 67 FR at 48337.
---------------------------------------------------------------------------

    Under these definitions, an FCM or IB will not necessarily need to
establish whether a potential customer is a U.S. citizen. As described
in greater detail below, the FCM or IB will have to ask each customer
for a U.S. TIN (social security number, employer identification number,
or individual TIN). If a customer cannot provide one, the FCM or IB may
then obtain an identification number from some other form of
government-issued document evidencing nationality or residence and
bearing a photograph or similar safeguard. There were no comments on
these definitions, and Treasury and the CFTC have adopted them as
proposed.

Section 103.123(b) Customer Identification Program: Minimum
Requirements

    Section 103.123(b)(1) In general. Treasury and the CFTC proposed to
require that each FCM and IB implement a written CIP as part of its AML
program required under 31 U.S.C. 5318(h),\35\ and that the procedures
of the CIP enable each FCM and IB to form a reasonable belief that it
knows the true identity of each customer.\36\ The CIP procedures were
to be based on the type of identifying information available and on an
assessment of relevant risk factors, including the FCM's or IB's size,
location and methods of opening accounts, the types of accounts
maintained and the types of transactions executed for customers, and
the FCM's or IB's reliance on another FCM or IB with which it shares an
account relationship.
---------------------------------------------------------------------------

    \35\ National Futures Association (NFA) Compliance Rule 2-9(c)
sets forth minimum requirements for these AML programs.
    \36\ See NPRM, 67 FR at 48337-48338.
---------------------------------------------------------------------------

    The NPRM discussed these risk factors and explained that, although
the rule would require certain minimum identifying information and
suitable verification methods, FCMs and IBs should consider on an
ongoing basis

[[Page 25153]]

whether other information or methods are appropriate, particularly as
they become available in the future.\37\ Commenters generally supported
the risk-based approach of the proposed CIP requirements.
---------------------------------------------------------------------------

    \37\ See NPRM, 67 FR at 48331.
---------------------------------------------------------------------------

    In the final rule, paragraph (b)(1) continues to set forth the
general requirement that FCMs and IBs must implement a written CIP as
part of their required AML programs. It provides that the CIP should be
appropriate for the FCM's or IB's size and business and that, at a
minimum, it must contain the requirements set forth in paragraphs
(b)(1) through (b)(5), which are discussed below. The final rule has
been re-organized to be structurally consistent with the rules being
issued by Treasury and the other Federal functional regulators. Thus,
requirements that had been set forth in paragraphs (c) through (h) in
the proposed rule are now contained in paragraphs (b)(2) through (b)(5)
of the final rule to the extent they have been adopted. The rule's
structure was changed in order to affirm the intent of Treasury and the
Federal functional regulators that all the CIP rules impose the same
requirements.
    Finally, the reference to risk factors has been moved to paragraph
(b)(2) of the final rule, which requires FCMs and IBs to establish
identity verification procedures. This change was made to clarify that
the risk factors apply only to the identity verification procedures of
the CIP, and not to standard requirements, such as procedures for
providing notice to customers, recordkeeping, or checking government
lists, which may not vary depending upon the perceived risk.

Section 103.123(b)(2) Identity Verification Procedures

    Treasury and the CFTC proposed to require that the FCMs' and IBs'
CIPs include procedures for verifying the identity of customers, to the
extent reasonable and practicable, using information specified in the
rule, and that such verification occur within a reasonable time before
or after the customer's account is opened.\38\ On the whole, commenters
supported these general requirements, although they recommended greater
use of a risk-based approach.
---------------------------------------------------------------------------

    \38\ See NPRM, 67 FR at 48338.
---------------------------------------------------------------------------

    The final rule continues to strike a balance between flexibility
and detailed guidance, and Treasury and the CFTC are adopting the
provisions on identity verification procedures substantially as
proposed. Under the final rule, an FCM's or IB's CIP must include risk-
based procedures for verifying the identity of each customer to the
extent reasonable and practicable. Such procedures must enable the FCM
or IB to form a reasonable belief that it knows the true identity of
each customer. The procedures must be based on the FCM's or IB's
assessment of the relevant risks, including those presented by the
various types of accounts maintained, the various methods of opening
accounts, the various types of identifying information available, and
the FCM's or IB's size, location and customer base.

Section 103.123(b)(2)(i) Customer Information Required

    The proposed rule provided that an FCM's or IB's CIP must require
the firm to obtain certain identifying information about its customers,
including, at a minimum: (1) Names; (2) dates of birth, for natural
persons; (3) certain addresses; \39\ and (4) certain identification
numbers.\40\ The NPRM further stated that in certain circumstances, an
FCM or IB should obtain additional identifying information, and that
the CIP should set forth guidelines regarding those circumstances and
the additional information that should be obtained.\41\
---------------------------------------------------------------------------

    \39\ The proposed rule would have required FCMs and IBs to
obtain residence and mailing addresses (if different) for a natural
person, or principal place of business and mailing addresses (if
different) for a person other than a natural person. See NPRM, 67 FR
at 48337.
    \40\ The proposed rule would have required FCMs and IBs to
obtain: (1) for a customer that is a U.S. person, a TIN, or (2) for
a customer that is not a U.S. person, a TIN, passport number and
country of issuance, alien identification card number, or number and
country of issuance of any other government-issued document
evidencing nationality or residence and bearing a photograph or
similar safeguard. See NPRM, 67 FR at 48337.
    \41\ See NPRM, 67 FR at 48332.
---------------------------------------------------------------------------

    Treasury and the CFTC are adopting the customer information
requirements substantially as proposed, with changes to accommodate
individuals who may not have a physical address. Treasury and the CFTC
believe that FCMs and IBs, for the most part, already collect the
information required by the rule,\42\ and that this information not
only is necessary for the verification process, but also serves an
important law enforcement function.
---------------------------------------------------------------------------

    \42\ See NPRM, 67 FR at 48335 n.17. See also CFTC Rule
1.37(a)(1), 17 CFR 1.37(a)(1), which requires FCMs and IBs to
obtain, among other things, the true name and address of the person
for whom such account is carried or introduced. Although an FCM or
IB can utilize the customer information that is obtained and
verified under the final rule to fulfill this obligation under Rule
1.37, an FCM or IB still will need to obtain the principal
occupation or business of its customers as well as the name of any
other person guaranteeing or exercising trading control with respect
to its customers' accounts, because these are among the additional
requirements under CFTC Rule 1.37. Further, FCM and IB members of
NFA will still need to comply with the additional minimum
requirements in NFA Compliance Rule 2-30(c) (requires FCM and IB
members to obtain from customers that are natural persons, at least
the following: ``(2) The customer's current estimated annual income
and net worth; (3) the customer's approximate age; and (4) an
indication of the customer's previous investment and futures trading
experience'').
---------------------------------------------------------------------------

    Accordingly, prior to opening an account, FCMs and IBs must obtain,
at a minimum, a customer's (1) Name; (2) date of birth, for an
individual; (3) address; and (4) identification number.\43\ The address
must be: (1) For an individual, a residential or business street
address, or for an individual who does not have a residential or
business street address, an Army Post Office or Fleet Post Office box
number, or the residential or business street address of next of kin or
another contact individual; or (2) for a person other than an
individual, a principal place of business, local office or other
physical location.
---------------------------------------------------------------------------

    \43\ Based on an assessment of the relevant risk factors, the
FCM's or IB's CIP may require a customer to provide additional
information to enable the firm to form a reasonable belief that it
knows the customer's true identity.
---------------------------------------------------------------------------

    Treasury and the CFTC are adopting the identification number
requirement substantially as proposed. For a customer that is a U.S.
person, the identification number is a TIN (social security number, or
employer identification number). For a customer that is not a U.S.
person, the identification number is one or more of the following: a
TIN, passport number and country of issuance, alien identification card
number, or number and country of issuance of any other government-
issued document evidencing nationality or residence and bearing a
photograph or similar safeguard. This provision provides FCMs and IBs
with some flexibility to choose among a variety of identification
numbers that they may accept from a non-U.S. person.\44\ However, the
identifying information the FCM or IB accepts must enable it to form a
reasonable belief that it knows the true identity of the customer.\45\
---------------------------------------------------------------------------

    \44\ The rule provides this flexibility because there is no
uniform identification number that non-U.S. persons would be able to
provide to an FCM or IB. See Treasury Department, ``A Report to
Congress in Accordance with section 326(b) of the USA PATRIOT Act,''
October 21, 2002.
    \45\ Treasury and the CFTC emphasize that the rule neither
endorses nor prohibits an FCM or IB from accepting information from
particular types of identification documents issued by foreign
governments. The FCM or IB must determine, based upon appropriate
risk factors, including those discussed above, whether the
information presented by a customer is reliable. Treasury and the
CFTC recognize that a foreign business or enterprise may not have an
identification number. Therefore the final rule notes that when
opening an account for such a customer, the FCM or IB must request
alternative government-issued documentation certifying the existence
of the business or enterprise.

---------------------------------------------------------------------------

[[Page 25154]]

    The proposed rule included an exception from the requirement to
obtain a TIN from a customer opening a new account.\46\ The exception
would have allowed an FCM or IB to open an account for a customer that
has applied for, but has not yet received, an employer identification
number (EIN).\47\ Treasury and the CFTC are adopting an expanded
version of this exception in the final rule. As proposed, the exception
was limited to customers that are not natural persons.\48\ On further
consideration, Treasury and the CFTC have determined that it is
appropriate to expand the exception to include natural persons who have
applied for, but have not received, a TIN. Treasury and the CFTC also
have modified the exception to reduce the recordkeeping burden. The
proposed rule would have required an FCM or IB to retain a copy of the
customer's application for a TIN.\49\ The FCM's or IB's CIP must
include procedures to confirm that the application was filed before the
customer opens the account and to obtain the TIN within a reasonable
period of time after the account is opened. The final rule permits the
FCM or IB to exercise discretion in determining how to confirm that a
customer has filed an application.
---------------------------------------------------------------------------

    \46\ See NPRM, 67 FR at 48337-48338.
    \47\ This position is analogous to that in regulations issued by
the IRS concerning ``awaiting--TIN certificates.'' The IRS permits a
taxpayer to furnish an ``awaiting--TIN certificate'' in lieu of a
TIN to exempt the taxpayer from the withholding of taxes owed on
reportable payments (i.e., interest and dividends) on certain
accounts. See 26 CFR 31.3406(g)-3.
    \48\ In the NPRM, Treasury and the CFTC explained that the
exception was for businesses that may need to open an account before
they receive an EIN from the IRS. See NPRM, 67 FR at 48332-48333.
    \49\ See NPRM, 67 FR at 48338.
---------------------------------------------------------------------------

Section 103.123(b)(2)(ii) Customer Verification

    Treasury and the CFTC proposed to require that an FCM's or IB's CIP
include procedures for verifying the identity of customers, to the
extent reasonable and practicable, using the information obtained under
the rule.\50\ Treasury and the CFTC also proposed to require such
verification to occur within a reasonable time before or after the
customer's account is opened. The NPRM stated that an FCM or IB need
not establish the accuracy of each piece of identifying information if
it is able to form a reasonable belief that it knows the customer's
identity after verifying only certain of the information.\51\ The NPRM
also stated that the flexibility to undertake verification within a
reasonable time must be exercised in a reasonable manner.\52\
---------------------------------------------------------------------------

    \50\ Id.
    \51\ See NPRM, 67 FR at 48333.
    \52\ Id.
---------------------------------------------------------------------------

    The sole commenter on this aspect of the proposed rule suggested
that the rule should require verification each time the customer opens
a new type of account, and not each time the customer establishes a
different account at the FCM to trade the same type of product. As
discussed above, however, the definition of ``customer'' in the final
rule has been changed to exclude persons who have an existing account,
provided the FCM or IB has a reasonable belief that it knows the
customer's true identity. Accordingly, FCMs and IBs will not be
required to verify the identities of such persons, which may include
persons who open successive accounts of either the same type or
multiple types to trade either the same or different products.
    The final rule adopts the customer verification requirements
substantially as proposed. The final rule requires that an FCM's or
IB's CIP contain procedures for verifying the identity of the customer,
using the customer information obtained in accordance with paragraph
(b)(2)(i), within a reasonable time before or after the account is
opened. As stated in the NPRM, FCMs and IBs must reasonably exercise
the flexibility to undertake verification before or after an account is
opened.\53\ The appropriate amount of time may depend on various
factors, such as the type of account opened, whether the customer opens
the account in person, and the type of identifying information that is
available.\54\
---------------------------------------------------------------------------

    \53\ See NPRM, 67 FR at 48333.
    \54\ An FCM or IB member of NFA would violate CFTC Rule 1.37 and
NFA Compliance Rule 2-30, however, if it allowed a natural person to
transact business before obtaining specified information about the
individual's true identity. Moreover, an FCM or IB must also comply
with Treasury's Office of Foreign Asset Control's (OFAC) regulations
prohibiting transactions involving designated foreign countries or
their nationals. See 31 CFR Part 500.
---------------------------------------------------------------------------

    Although the location of the provision has been moved, the final
rule continues to require that an FCM's or IB's CIP include procedures
that describe when the firm will use documents, non-documentary
methods, or a combination of both to verify customer identities.\55\
Depending on the type of customer and the method of opening an account,
it may be more appropriate to use either documentary or non-documentary
methods, and in some cases it may be appropriate to use both methods.
The CIP should set forth guidelines describing when documents, non-
documentary methods, or a combination of both will be used. These
guidelines should be based on the FCM's or IB's assessment of the
relevant risk factors.
---------------------------------------------------------------------------

    \55\ See final rule, 103.123(b)(2)(ii).
---------------------------------------------------------------------------

Section 103.123(b)(2)(ii)(A) Customer Verification--Through Documents

    Treasury and the CFTC proposed to require that an FCM's or IB's CIP
describe documents that the firm will use to verify a customer's
identity. There were no comments directly addressing the documentary
verification provisions of the proposed rule, and the final rule adopts
the documentary verification provisions substantially as proposed.
Specifically, the final rule requires an FCM's or IB's CIP to contain
procedures that set forth the documents that the firm will use to
verify a customer's identity. Each FCM or IB will conduct its own risk-
based analysis of the types of documents that it believes will enable
it to verify the true identities of its customers.
    In light of recent increases in identity theft and the availability
of fraudulent documents, Treasury and the CFTC believe that the value
of documentary verification is enhanced by redundancy. Treasury and the
CFTC encourage each FCM and IB to obtain more than one type of
documentary verification to ensure that it has a reasonable belief that
it knows its customer's true identity. Moreover, Treasury and the CFTC
encourage FCMs and IBs to use a variety of methods to verify the
identity of a customer, especially when it does not have the ability to
examine original documents. The final rule continues to include,
without significant change, an illustrative list of identification
documents. For an individual, these documents may include unexpired
government-issued identification evidencing nationality or residence
and bearing a photograph or similar safeguard, such as a driver's
license or passport.\56\ For a person other than an individual, these
documents may include documents showing the existence of the entity,
such as certified articles of incorporation, a government-issued
business license, a partnership agreement, or a trust instrument.\57\
An FCM or IB may use other documents,\58\ provided they allow the firm
to form a

[[Page 25155]]

reasonable belief that it knows the true identity of the customer.
---------------------------------------------------------------------------

    \56\ See final rule, 103.123(b)(2)(ii)(A)(1).
    \57\ See final rule, 103.123(b)(2)(ii)(A)(2).
    \58\ The list of documents in the rule is meant to be
illustrative. Other documents, such as trust certificates and legal
opinions, also may be appropriate for verification.
---------------------------------------------------------------------------

    In addition to the risk factors described in paragraph (b)(2), the
FCM or IB should take into consideration the problems associated with
authenticating documents and the inherent limitations of documents as a
means of identity verification. These limitations will affect the types
of documents that will be necessary to establish a reasonable belief
that the FCM or IB knows the true identity of the customer, and may
require the use of non-documentary methods of verification in addition
to documents.
    Once an FCM or IB verifies the identity of a customer through a
document, such as a driver's license or passport, it is not required to
take steps to determine whether the document has been validly issued.
An FCM or IB generally may rely on government-issued identification as
verification of a customer's identity; however, if a document shows
obvious indications of fraud, the FCM or IB must consider that in
determining whether it can form a reasonable belief that it knows the
customer's true identity.

Section 103.123(b)(2)(ii)(B) Customer Verification--Through Non-
documentary Methods

    Treasury and the CFTC proposed to require that an FCM's or IB's CIP
describe the non-documentary methods the firm would use to verify
customers' identities and when the firm would use these methods in
addition to, or instead of, relying on documents.\59\ Treasury and the
CFTC explained that the proposed rule would allow the exclusive use of
non-documentary methods because some accounts are opened by telephone,
by mail, or over the Internet.\60\ Treasury and the CFTC also noted
that, even if a customer presents identification documents, it still
might be appropriate to use non-documentary verification methods as
well.
---------------------------------------------------------------------------

    \59\ See NPRM, 67 FR at 48338.
    \60\ See NPRM, 67 FR at 48333.
---------------------------------------------------------------------------

    The proposed rule provided examples of non-documentary verification
methods that an FCM or IB may use. In the NPRM, Treasury and the CFTC
observed that FCMs and IBs may wish to analyze whether there is logical
consistency between the identifying information provided, such as the
customer's name, street address, ZIP code, telephone number (if
provided), date of birth, and social security number.\61\
---------------------------------------------------------------------------

    \61\ See NPRM, 67 FR at 48334.
---------------------------------------------------------------------------

    Treasury and the CFTC proposed to require FCMs and IBs to use non-
documentary methods when: (1) A customer who is a natural person cannot
present an unexpired, government-issued identification document that
bears a photograph or similar safeguard; (2) the FCM or IB is presented
with unfamiliar documents to verify the identity of a customer; or (3)
the FCM or IB does not obtain documents to verify the identity of a
customer, does not meet face-to-face with a customer who is a natural
person, or is otherwise presented with circumstances that increase the
risk the FCM or IB will be unable to verify the true identity of a
customer through documents.\62\ Treasury and the CFTC recognize that
there are many scenarios and combinations of risk factors that FCMs and
IBs may encounter, and they have decided to adopt general principles
that are illustrated by examples, in lieu of a lengthy and possibly
unwieldy regulation that attempts to address a wide variety of
situations with particularity.
---------------------------------------------------------------------------

    \62\ See NPRM, 67 FR at 48338.
---------------------------------------------------------------------------

    There were no comments specifically regarding the non-documentary
verification provisions of the proposed rule, and thus the final rule
adopts them substantially as proposed. Under the final rule, an FCM or
IB relying on non-documentary verification methods must describe them
in its CIP. The final rule includes an illustrative list of non-
documentary verification methods, similar to the list that was included
in the proposed rule. These methods may include: (1) Contacting a
customer; (2) independently verifying the customer's identity through
the comparison of information provided by the customer with information
obtained from a consumer reporting agency, public database,\63\ or
other source; (3) checking references with other financial
institutions; and (4) obtaining a financial statement.\64\ As Treasury
and the CFTC stated in the NPRM, FCMs and IBs may wish to analyze
whether there is logical consistency between the identifying
information provided, such as the customer's name, street address, ZIP
code, telephone number (if provided), date of birth, and social
security number.\65\
---------------------------------------------------------------------------

    \63\ The specific types of databases that would be suitable for
verification ultimately will depend on the circumstances and the
FCM's or IB's assessment of the relevant risk factors.
    \64\ See final rule, 103.123(b)(ii)(B)(1).
    \65\ See NPRM, 67 FR at 48334.
---------------------------------------------------------------------------

    The final rule also includes a list, again similar to that in the
proposal, of circumstances that may require the use of non-documentary
verification procedures.\66\ Specifically, an FCM's or IB's non-
documentary procedures must address situations in which: (1) An
individual is unable to present an unexpired government-issued
identification document that bears a photograph or similar safeguard;
(2) the FCM or IB is not familiar with the documents presented; (3) the
account is opened without obtaining documents; (4) the customer opens
the account without appearing in person; and (5) the circumstances
presented increase the risk that the FCM or IB will be unable to verify
the true identity of a customer through documents.
---------------------------------------------------------------------------

    \66\ See final rule, 103.123(b)(ii)(B)(2).
---------------------------------------------------------------------------

    As explained in the NPRM,\67\ because identification documents may
be obtained illegally and may be fraudulent, and in light of the recent
increase in identity theft, Treasury and the CFTC encourage FCMs and
IBs to use non-documentary methods even when the customer has provided
identification documents.
---------------------------------------------------------------------------

    \67\ Id.
---------------------------------------------------------------------------

Section 103.123(b)(2)(ii)(C) Customer Verification--Additional
Verification for Certain Customers

    As described above, Treasury and the CFTC proposed to require
verification of the identity of any person authorized to effect
transactions in a customer's account. Commenters objected to this
requirement, and it has been omitted from the final rule. For the
reasons discussed below, however, the final rule does require that an
FCM's or IB's CIP address the circumstances in which it will obtain
information about such individuals in order to verify a customer's
identity.
    Treasury and the CFTC believe that, while FCMs and IBs may be able
to verify the identity of the majority of customers through the
documentary or non-documentary verification methods described above,
there may be circumstances when these methods are inadequate. The risk
that an FCM or IB will not know the customer's true identity may be
heightened for certain types of accounts, such as an account opened in
the name of a corporation, partnership, or trust that is created or
conducts substantial business in a jurisdiction that has been
designated by the United States as a primary money laundering concern
or has been designated as non-cooperative by an international body.
Treasury and the CFTC believe that, in order to identify customers that
pose a heightened risk of not being properly identified, an FCM's or
IB's CIP must prescribe additional measures that may be used to obtain

[[Page 25156]]

information about the identities of the individuals associated with the
customer when standard documentary or non-documentary verification
methods prove to be insufficient.
    The final rule, therefore, includes a new provision requiring that
the CIP address situations in which, based on the FCM's or IB's risk
assessment of a new account opened by a customer that is not an
individual, the firm also will obtain information about individuals
with authority or control over the account (e.g., persons authorized to
effect transactions in the account) in order to verify the customer's
identity. This additional verification method applies only when the FCM
or IB cannot adequately verify the customer's identity after using the
documentary and non-documentary verification methods described
above.\68\
---------------------------------------------------------------------------

    \68\ An FCM or IB need not undertake any additional verification
if it chooses not to open an account when it cannot verify the
customer's identity after using standard documentary and non-
documentary verification methods.
---------------------------------------------------------------------------

Section 103.123(b)(2)(iii) Lack of Verification

    Treasury and the CFTC proposed to require that an FCM's or IB's CIP
include procedures for responding to circumstances in which the firm
cannot form a reasonable belief that it knows the true identity of the
customer.\69\ Treasury and the CFTC explained in the NPRM that the CIP
should specify the actions to be taken, which could include closing the
account or placing limitations on additional trading.\70\ Treasury and
the CFTC also explained that there should be guidelines for when an
account will not be opened (e.g., when the required information is not
provided), and that the CIP should address the terms under which a
customer may conduct transactions while the customer's identity is
being verified.\71\
---------------------------------------------------------------------------

    \69\ See NPRM, 67 FR at 48338.
    \70\ See NPRM, 67 FR at 48334.
    \71\ Id.
---------------------------------------------------------------------------

    There were no comments on this aspect of the proposed rule, and
Treasury and the CFTC have adopted the provision substantially as
proposed. The final rule, however, adds a description of the
recommended features of these procedures, similar to the features that
were described in the NPRM. Thus, the final rule provides that the
CIP's procedures should describe: (1) When an account should not be
opened; (2) the terms under which a customer may conduct transactions
while the FCM or IB attempts to verify the customer's identity; (3)
when the FCM or IB should file a suspicious activity report (SAR) in
accordance with applicable law and regulation; \72\ and (4) when an
account should be closed, after attempts to verify a customer's
identity have failed.
---------------------------------------------------------------------------

    \72\ FinCEN has not yet published a rule requiring FCMs and IBs
to report suspicious activities. These firms may, however,
voluntarily file SARs with FinCEN to report suspicious activities.
---------------------------------------------------------------------------

Section 103.123(b)(3) Recordkeeping

    Section 103.123(b)(3)(i) Required Records. Treasury and the CFTC
proposed to require that CIPs of FCMs and IBs include certain
recordkeeping procedures.73-74 First, the proposed rule
would have required that an FCM or IB maintain a record of the
identifying information provided by customers. Second, if an FCM or IB
relied on a document to verify a customer's identity, the proposed rule
would have required the firm to maintain a copy of the document. Third,
the proposed rule would have required FCMs and IBs to record the
methods and results of any additional measures undertaken to verify the
identity of customers. Finally, the proposed rule would have required
FCMs and IBs to record the resolution of any discrepancy in the
identifying information obtained.
---------------------------------------------------------------------------

    \73-74\ See NPRM, 67 FR at 48338.
---------------------------------------------------------------------------

    Although there were no comments on this aspect of the proposed
rule, Treasury and the CFTC have reconsidered and modified the
recordkeeping requirements of the rule based on comments received with
respect to the parallel recordkeeping provisions in the proposed CIP
rules jointly issued by Treasury and the other Federal functional
regulators. The final rule provides that an FCM's or IB's CIP must
include procedures for making and maintaining records related to
verifying the identities of customers. However, the final rule is more
flexible than the proposed rule in this regard.
    Under the final rule, FCMs and IBs still must make a record of all
identifying information obtained about each customer. However, rather
than requiring that copies of verification documents be maintained, the
final rule requires that an FCM's or IB's records include a description
of any document that the firm relied on to verify the identity of the
customer, noting the type of document, any identification number
contained in the document, the place of issuance, and the issuance and
expiration dates, if any. With respect to non-documentary verification,
the final rule requires the records to include a description of the
non-documentary methods and the results of any additional measures
undertaken to verify the identity of the customer. The final rule also
requires a description of the resolution of any ``substantive
discrepancy'' discovered when verifying the identifying information
obtained. This is intended to make clear that a record would not have
to be made in the case of a minor discrepancy, such as one that might
be caused by typographical mistakes.

Section 103.123(b)(3)(ii) Record Retention

    Treasury and the CFTC proposed to require that an FCM or IB retain
all required records for five years after the account is closed.\75\
Although there were no comments on this aspect of the proposed rule,
commenters on the other Federal functional regulators' proposed CIP
rules expressed concern regarding this requirement as costly and overly
burdensome, particularly with respect to the length of time that
certain records would need to be retained and the requirement that
financial institutions retain copies of the documents used to verify
customer identities. The final rules adopted by Treasury and the
Federal functional regulators address many of these concerns.
---------------------------------------------------------------------------

    \75\ See NPRM, 67 FR at 48338.
---------------------------------------------------------------------------

    Treasury and the Federal functional regulators have, in the final
rules, eliminated the requirement that a financial institution retain
copies of documents used to verify customer identities. Treasury and
the Federal functional regulators also believe that, while the
identifying information provided by customers should be retained as
proposed, there is little value in requiring financial institutions to
retain the remaining records for five years after an account is closed,
because this information is likely to grow stale. Therefore, the final
rule prescribes a bifurcated record retention schedule that is
consistent with a general five-year retention requirement.
    Under the final rule, an FCM or IB must retain the information
obtained about a customer pursuant to paragraph (b)(3)(i)(A) (i.e., all
minimum identifying information obtained under (b)(2)(ii)(A)) for five
years after the date the account is closed.\76\ The remaining records
required under paragraphs (b)(3)(i)(B), (C), and (D) (i.e.,
descriptions of: any document relied upon to verify identity; methods
and results of any measure taken to verify identity; and the resolution
of each substantive discrepancy discovered

[[Page 25157]]

when verifying the identifying information obtained) need only be
retained for five years after the record is made. The final rule
continues to provide that in all other respects, these records shall be
maintained in accordance with the provisions of the CFTC's
recordkeeping rule 1.31.\77\
---------------------------------------------------------------------------

    \76\ The Secretary has determined that the records required to
be retained under section 326 of the Act have a high degree of
usefulness in criminal, tax, or regulatory investigations or
proceedings, or in the conduct of intelligence or
counterintelligence activities, to protect against international
terrorism.
    \77\ 17 CFR 1.31.
---------------------------------------------------------------------------

Section 103.123(b)(4) Comparison With Government Lists

    Treasury and the CFTC proposed to require that an FCM's or IB's CIP
have procedures for determining whether the customer appears on any
list of known or suspected terrorists or terrorist organizations
prepared by any Federal government agency and made available to the
firm.\78\ In addition, the proposed rule provided that FCMs and IBs
must follow all Federal directives issued in connection with such
lists.
---------------------------------------------------------------------------

    \78\ See NPRM, 67 FR at 48338.
---------------------------------------------------------------------------

    Although there were no comments on this aspect of the proposed
rule, commenters on the other Federal functional regulators' proposed
CIP rulemakings raised a number of concerns regarding this provision.
Some commenters were concerned about how a financial institution would
be able to determine what lists should be checked and how these lists
would be made available. Other commenters suggested that all such lists
be consolidated or provided through a designated government agency,
such as FinCEN, that would serve as a clearinghouse. Still other
commenters suggested that the rule should allow for the lists to be
checked after an account is opened.
    The final rule provides that an FCM's or IB's CIP must include
procedures for determining whether the customer appears on any list of
known or suspected terrorists or terrorist organizations issued by any
Federal government agency and designated as such by Treasury in
consultation with the Federal functional regulators. Because Treasury
and the Federal functional regulators have not yet designated any such
lists, the final rule cannot be more specific with respect to the lists
that FCMs and IBs must check. However, FCMs and IBs will not have an
affirmative duty under this rule to seek out all lists of known or
suspected terrorists or terrorist organizations compiled by the Federal
government. Instead, they will receive notification by way of separate
guidance regarding the lists that they must consult for purposes of
this provision.
    Treasury and the CFTC have modified the proposed rule to provide
that the CIP's procedures must require the FCM or IB to determine
whether a customer appears on a list ``within a reasonable period of
time'' after the account is opened, or earlier if required by another
Federal law or regulation or by a Federal directive issued in
connection with the applicable list. The final rule also requires an
FCM's or IB's CIP to include procedures that require the firm to follow
all Federal directives issued in connection with such lists. Again,
because no lists have yet been designated under this provision, the
final rule cannot provide more guidance in this area.\79\
---------------------------------------------------------------------------

    \79\ This is not to say, however, that FCMs and IBs do not have
obligations under other laws to screen their customers against
government lists. For example, FCMs and IBs should already have AML
compliance programs in place to ensure they comply with OFAC's
rules. See supra note 54; see also OFAC's Foreign Assets Control
Regulations For The Securities Industry (href="http://frwebgate.access.gpo.gov/cgi-bin/leaving.cgi?from=leavingFR.html&log=linklog&to=http://www.ustreas.gov/offices/enforcement/ofac/regulations/t11facsc.pdf" shape="rect">http://frwebgate.access.gpo.gov/cgi-bin/leaving.cgi?from=leavingFR.html&log=linklog&to=http://www.ustreas.gov/offices/enforcement/ofac/regulations/t11facsc.pdf
).
---------------------------------------------------------------------------

Section 103.123(b)(5) Customer Notice

    Treasury and the CFTC proposed to require that an FCM's or IB's CIP
include procedures for providing customers with adequate notice that
the firm is requesting information to verify their identities.\80\ The
NPRM stated that an FCM or IB could satisfy that notice requirement by
generally notifying its customers about the firm's verification
procedures.\81\ It also stated that if an account is opened
electronically, such as through an Internet website, the FCM or IB
could provide notice electronically.\82\
---------------------------------------------------------------------------

    \80\ See NPRM, 67 FR at 48338.
    \81\ See NPRM, 67 FR at 48334.
    \82\ Id.
---------------------------------------------------------------------------

    Section 326 of the Act provides that the regulations issued ``shall
at a minimum, require financial institutions to * * * [give] customers
* * * adequate notice'' of the procedures they adopt concerning
customer identification. Based on this statutory requirement, the final
rule requires an FCM's or IB's CIP to include procedures for providing
customers with adequate notice that the firm is requesting information
to verify their identities.
    The final rule contains additional guidance regarding what
constitutes adequate notice and the timing of the notice requirement.
The final rule provides that notice is adequate if the FCM or IB
describes the identification requirements of the final rule and
provides notice in a manner reasonably designed to ensure that a
customer is able to view the notice, or is otherwise given notice,
before opening an account. The final rule also provides that, depending
on how an account is opened, an FCM or IB may post a notice in the
lobby or on its website, include the notice on its account
applications, or use any other form of oral or written notice.\83\ In
addition, the final rule includes sample language that, if appropriate,
will be deemed adequate notice to an FCM's or IB's customers when
provided in accordance with the requirements of the final rule.
---------------------------------------------------------------------------

    \83\ One commenter suggested that a firm's posting of the
required notice on its Internet Web site should be deemed sufficient
notice for all customers, regardless of how any particular account
is opened. Because such posting would not ensure that every customer
would be able to view the notice before opening an account, Treasury
and the CFTC do not believe that this approach would satisfy the
statutory requirement of section 326 of the Act.
---------------------------------------------------------------------------

Section 103.123(b)(6) Reliance on Other Financial Institutions

    In the proposed rule, Treasury and the CFTC included as a risk
factor an FCM's or IB's reliance on another FCM or IB to perform
procedures of its CIP.\84\ In the NPRM, Treasury and the CFTC stated
that this would require an assessment of whether the FCM or IB can rely
on another FCM or IB, with which it shares an account relationship, to
undertake any of the steps required by the firm's CIP with respect to
the shared account.
---------------------------------------------------------------------------

    \84\ See NPRM, 67 FR at 48331-48332.
---------------------------------------------------------------------------

    Treasury and the CFTC have expanded the reliance provision of the
proposed rule in recognition that there may be circumstances in which
an FCM or IB should be able to rely on the performance by another
financial institution of some or all of the elements of the firm's CIP.
The final rule provides that an FCM's or IB's CIP may include
procedures that specify when the firm will rely on the performance by
another financial institution (including an affiliate) of any
procedures of the firm's CIP, and thereby satisfy the FCM's or IB's
obligations under the rule. Reliance is permitted if a customer of the
FCM or IB is opening, or has opened, an account or has established a
similar business relationship with the other financial institution to
provide or engage in services, dealings, or other financial
transactions.
    In order for an FCM or IB to rely on the other financial
institution: (1) Such reliance must be reasonable under the
circumstances; (2) the other financial institution must be subject to a
rule implementing the AML compliance program requirements of 31 U.S.C.
5318(h) and be regulated by a Federal functional regulator, and (3) the
other financial institution must enter into a contract requiring it to
certify annually to the FCM or IB that it has implemented an AML
program and that it will perform (or its agent will perform) the
specified requirements of

[[Page 25158]]

the FCM's or IB's CIP.\85\ The contract and certification will provide
a standard means for an FCM or IB to demonstrate the extent to which it
is relying on another financial institution to perform its CIP, and
that the other institution has, in fact, agreed to perform those
functions.\86\ If it is not clear from these documents, an FCM or IB
must be able to otherwise demonstrate when it is relying on another
financial institution to perform its CIP with respect to a particular
customer.
---------------------------------------------------------------------------

    \85\ As discussed in the NPRM, the required contractual
commitments in the case of shared accounts involving FCMs and IBs
may be made a part of an introducing agreement (in the context of
introduced business) or a give-up agreement (in the context of give-
up business). See NPRM, 67 FR at 48332. And as urged by one
commenter, the required annual certification under the final rule
may cover all customers for which the two financial institutions
share an account relationship, and need not be on a customer-by-
customer basis.
    \86\ FCMs and IBs must obtain annual certifications
acknowledging performance of CIP functions from financial
institutions that are affiliates as well as those that are non-
affiliates. This requirement maintains parity with the CIP rule
applicable to securities broker-dealers, many of which are dually
registered as FCMs.
---------------------------------------------------------------------------

    An FCM or IB will not be held responsible for the failure of the
other financial institution to fulfill adequately the FCM's or IB's CIP
obligations, provided that the FCM or IB can establish that its
reliance was reasonable and that it has the requisite contracts and
certifications. Treasury and the CFTC emphasize that the FCM or IB and
the other financial institution upon which it relies must satisfy all
the conditions for reliance set forth in the final rule. If they do
not, then the FCM or IB remains solely responsible for applying its own
CIP to each customer in accordance with the rule.
    This reliance provision of the final rule does not affect the
ability of an FCM or IB to contractually delegate the implementation
and operation of its CIP procedures to a service provider. Nor does the
final rule alter an FCM's or IB's ability to use an agent to perform
services on its behalf. Treasury and the CFTC note, however, that in
contrast to the reliance provision in the rule, in these situations the
FCM or IB remains solely responsible for assuring compliance with the
rule, and therefore must actively monitor the operation of its CIP,
assesses its effectiveness, and ensure that examiners are able to
obtain information and records relating to the CIP.\87\
---------------------------------------------------------------------------

    \87\ Two commenters suggested that the final rule should allow
FCMs and IBs to rely upon foreign financial institutions in general,
and foreign affiliates in particular to perform CIP procedures. Such
a liberalization of the rule, however, could undermine the purpose
of the Act in combating international money laundering and the
financing of terrorism. Accordingly, the final rule permits reliance
only on a financial institution that is subject to a rule requiring
an AML program under the Act and that is regulated by a Federal
functional regulator, which will exclude foreign entities.
    This does not prevent an FCM or IB from utilizing a foreign
affiliate or other foreign financial institution to perform
procedures of its CIP. Rather, it means only that the FCM's or IB's
relationship with the foreign firm will be treated the same as if
the firm contractually delegated the implementation and operation of
its CIP procedures to a service provider.
---------------------------------------------------------------------------

    All of the Federal functional regulators are adopting comparable
provisions in their CIP rules to permit such reliance. Furthermore, the
Federal functional regulators expect to share information and cooperate
with each other to determine whether the institutions subject to their
jurisdiction are in compliance with the reliance provision of the rule.

Section 103.123(c) Exemptions

    The proposed rule provided that the CFTC, with the concurrence of
the Secretary, may exempt any FCM or IB that registers with the CFTC or
any type of account from the requirements of the rule. It excluded from
this exemptive authority FCMs or IBs that register pursuant to section
4f(a)(2) of the CEA solely because they deal in transactions involving
SFPs. The exemptive authority with respect to these firms will be in
the final rule issued jointly by Treasury and the SEC for securities
broker-dealers. There were no comments on this provision of the
proposed rule, and Treasury and the CFTC have adopted it substantially
as proposed.

Section 103.123(d) Other Requirements Unaffected

    The final rule adds a provision stating that nothing in Sec.
103.123 shall relieve an FCM or IB of its obligation to comply with any
other provision of Part 103, including provisions concerning
information that must be obtained, verified, or maintained in
connection with any account or transaction. A parallel provision
similarly has been included in the final CIP rules issued by Treasury
and the other Federal functional regulators.

B. Requirement for CIP Approval Removed

    The NPRM required that the CIP be approved by the FCM's or IB's
board of directors, managing partners, board of managers or other
governing body performing similar functions, or by a person or persons
specifically authorized by such bodies to approve the CIP.\88\ The
final rule requires the CIP to be a part of the overall AML program
required of FCMs and IBs under 31 U.S.C. 5318(h). NFA Compliance Rule
2-9(c) requires these AML programs to be approved in writing by a
member of the FCM's or IB's senior management.\89\
---------------------------------------------------------------------------

    \88\ See NPRM, 67 FR at 48338.
    \89\ Compliance with NFA Compliance Rule 2-9(c) is deemed to
satisfy the requirements of 31 U.S.C. 5318(h)(1). See 31 CFR
103.120(c).
---------------------------------------------------------------------------

    Treasury and the CFTC have omitted the approval requirement from
the final rule because it is unnecessary given the approval
requirements for AML programs set forth in NFA Compliance Rule 2-9(c).
Treasury and the CFTC note, however, that an FCM or IB with an approved
AML program must nonetheless obtain approval of a new CIP because it
would constitute a material change to the AML program.

III. Regulatory Analysis

A. Regulatory Flexibility Act

    The Regulatory Flexibility Act (RFA), 5 U.S.C. 601, et seq. (1994 &
Supp. II 1996), requires Federal agencies, in proposing rules, to
consider the impact of those rules on small businesses. The rules
adopted herein would affect FCMs and IBs. The CFTC has previously
established certain definitions of ``small entities'' to be used by the
CFTC in evaluating the impact of its rules on small entities in
accordance with the RFA.\90\ The CFTC has previously determined that
FCMs are not small entities for the purposes of the RFA. With respect
to IBs, the CFTC has stated that it is appropriate to evaluate within
the context of a particular rule proposal whether some or all of the
affected entities should be considered small entities and, if so, to
analyze the economic impact on them of any rule.\91\
---------------------------------------------------------------------------

    \90\ 47 FR 18618-21 (Apr. 30, 1982).
    \91\ Id. at 18618-21.
---------------------------------------------------------------------------

    In this regard, the rules being adopted herein would not require
any IB significantly to change its current method of doing business. As
noted in the NPRM, Treasury and the CFTC believe that IBs already
obtain from their customers most, if not all, of the information
required under the proposed rule.\92\ In addition, FCMs and IBs already
must have AML programs that include procedures for customer
identification and verification. The flexibility incorporated into the
final rule also will permit each IB to tailor its CIP to fit its own
size and needs. As a result, Treasury and the CFTC believe that
expenditures associated with establishing and implementing a CIP should
be commensurate with the size of the firm. If an IB is small, with a
limited number of customers, the burden to comply with the rule should

[[Page 25159]]

be de minimis. This position is consistent with the views of one trade
association commenter that characterized the expected additional costs
for IBs to comply with this new rule as ``insubstantial.''
---------------------------------------------------------------------------

    \92\ See NPRM, 67 FR at 48335 n.17.
---------------------------------------------------------------------------

    Accordingly, pursuant to 5 U.S.C. 605(b), Treasury and the CFTC
certify that the action taken herein will not have a significant
economic impact on a substantial number of small entities. In this
regard, Treasury and the CFTC note that they did not receive any
comments expressing concern regarding the implications of the rule for
small entities.

B. Paperwork Reduction Act

    The collections of information in this rule have been reviewed and
approved by the Office of Management and Budget pursuant to the
Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)), under control
number 1506-0022. An agency may not conduct or sponsor, and a person is
not required to respond to, a collection of information unless it
displays a currently valid control number.
    Neither Treasury nor the CFTC received any comments on any
potential paperwork burden associated with the NPRM. Treasury and the
CFTC did receive comments concerning the information that would be
collected under the proposed rule. The final rule, which addresses
these concerns among others, reduces the paperwork burden of the rule
as proposed.\93\
---------------------------------------------------------------------------

    \93\ See NPRM, 67 FR at 48335.
---------------------------------------------------------------------------

    Comments on the burden, and suggestions for how to further reduce
it, may be sent (preferably by fax (202-395-6974)) to Desk Officer for
the Department of the Treasury, Office of Information and Regulatory
Affairs, Office of Management and Budget, Paperwork Reduction Project
(1506-0022), Washington, DC 20503 (or by the Internet to jlackeyj@omb.eop.gov), with a copy to FinCEN by mail or the Internet at
the addresses previously specified.

C. Cost-Benefit Analysis

    Section 15(a) of the CEA requires the CFTC to consider the costs
and benefits of its action before issuing a new rule. The CFTC
understands that, by its terms, section 15(a) does not require the CFTC
to quantify the costs and benefits of a new rule or to determine
whether the benefits of the rule outweigh its costs. Nor does it
require that each rule be analyzed in isolation when that rule is a
component of a larger package of rules or rule revisions. Rather,
section 15(a) simply requires the CFTC to ``consider the costs and
benefits'' of its action.
    Section 15(a) further specifies that the costs and benefits of the
rule shall be evaluated in light of five broad areas of market and
public concern: (1) Protection of market participants and the public;
(2) efficiency, competitiveness, and financial integrity of futures
markets; (3) price discovery; (4) sound risk management practices; and
(5) other public interest considerations. The CFTC may, in its
discretion, give greater weight to any one of the five enumerated areas
of concern and may, in its discretion, determine that, notwithstanding
its costs, a particular rule is necessary or appropriate to protect the
public interest or to effectuate any of the provisions or to accomplish
any of the purposes of the CEA.
    The NPRM contained an analysis of the CFTC's consideration of these
costs and benefits and solicited public comment thereon.\94\ The CFTC
invited commenters to submit any data that they might have to assist in
quantifying the costs and benefits of the proposed rules. The CFTC did
not receive any such data or related comments.
---------------------------------------------------------------------------

    \94\ See NPRM, 67 FR at 48336-48337.
---------------------------------------------------------------------------

    After considering the costs and benefits of the proposed rules, the
CFTC has decided to adopt these rules, with revisions as discussed
above.

D. Executive Order 12866

    Treasury has determined that this rule is not a ``significant
regulatory action'' for purposes of Executive Order 12866. As noted
above, the final rule parallels the requirements of section 326 of the
Act. Accordingly, a regulatory impact analysis is not required.

List of Subjects

17 CFR Part 42

    Anti-money laundering, Brokers, Reporting and recordkeeping
requirements, Terrorist financing.

31 CFR Part 103

    Administrative practice and procedure, Authority delegations
(Government agencies), Banks, Banking, Brokers, Currency, Foreign
banking, Foreign currencies, Gambling, Investigations, Law enforcement,
Penalties, Reporting and recordkeeping requirements, Securities.

Commodity Futures Trading Commission

17 CFR Chapter I

Authority and Issuance

0
For the reasons articulated in the preamble, the CFTC amends chapter I
of title 17 of the Code of Federal Regulations by adding a new part 42
to read as follows:

PART 42--ANTI-MONEY LAUNDERING, TERRORIST FINANCING

Subpart A--General Provisions

Sec.
42.1 [Reserved]
42.2 Compliance with Bank Secrecy Act

    Authority: 7 U.S.C. 1a, 2, 5, 6, 6b, 6d, 6f, 6g, 7, 7a, 7a-1,
7a-2, 7b, 7b-1, 7b-2, 9, 12, 12a, 12c, 13a, 13a-1, 13c, 16 and 21;
12 U.S.C. 1786(q), 1818, 1829b and 1951-1959; 31 U.S.C. 5311-5314
and 5316-5332; title III, secs. 312-314, 319, 321, 326, 352, Pub. L.
107-56, 115 Stat. 307.

Subpart A--General Provisions


Sec.  42.1  [Reserved]


Sec.  42.2  Compliance with Bank Secrecy Act.

    Every futures commission merchant and introducing broker shall
comply with the applicable provisions of the Bank Secrecy Act and the
regulations promulgated by the Department of the Treasury under that
Act at 31 CFR Part 103, and with the requirements of 31 U.S.C. 5318(l)
and the implementing regulation jointly promulgated by the Commission
and the Department of the Treasury at 31 CFR 103.123, which require
that a customer identification program be adopted as part of the firm's
Bank Secrecy Act compliance program.

    Dated: April 28, 2003.
Jean A. Webb,
Secretary of the Commodity Futures Trading Commission.

Department of the Treasury

31 CFR Chapter I

Authority and Issuance

0
For the reasons set forth in the preamble, part 103 of title 31 of the
Code of Federal Regulations is amended as follows:

PART 103--FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND
FOREIGN TRANSACTIONS

0
1. The authority citation for part 103 is revised to read as follows:

    Authority: 12 U.S.C. 1786(q), 1818, 1829b and 1951-1959; 31
U.S.C. 5311-5314 and 5316-5332; title III, secs. 312, 313, 314, 319,
321, 326, 352, Pub L. 107-56, 115 Stat. 307.

[[Page 25160]]


0
2. Subpart I of part 103 is amended by adding Sec.  103.123 to read as
follows:


Sec.  103.123  Customer identification programs for futures commission
merchants and introducing brokers.

    (a) Definitions. For the purposes of this section:
    (1)(i) Account means a formal relationship with a futures
commission merchant, including, but not limited to, those established
to effect transactions in contracts of sale of a commodity for future
delivery, options on any contract of sale of a commodity for future
delivery, or options on a commodity.
    (ii) Account does not include:
    (A) An account that the futures commission merchant acquires
through any acquisition, merger, purchase of assets, or assumption of
liabilities; or
    (B) An account opened for the purpose of participating in an
employee benefit plan established under the Employee Retirement Income
Security Act of 1974.
    (2) Commission means the United States Commodity Futures Trading
Commission.
    (3) Commodity means any good, article, service, right, or interest
described in Section 1a(4) of the Commodity Exchange Act (7 U.S.C.
1a(4)).
    (4) Contract of sale means any sale, agreement of sale or agreement
to sell as described in Section 1a(7) of the Commodity Exchange Act (7
U.S.C. 1a(7)).
    (5)(i) Customer means:
    (A) A person that opens a new account with a futures commission
merchant; and
    (B) An individual who opens a new account with a futures commission
merchant for:
    (1) An individual who lacks legal capacity; or
    (2) An entity that is not a legal person.
    (ii) Customer does not include:
    (A) A financial institution regulated by a Federal functional
regulator or a bank regulated by a state bank regulator;
    (B) A person described in Sec.  103.22(d)(2)(ii) through (iv); or
    (C) A person that has an existing account, provided the futures
commission merchant or introducing broker has a reasonable belief that
it knows the true identity of the person.
    (iii) When an account is introduced to a futures commission
merchant by an introducing broker, the person or individual opening the
account shall be deemed to be a customer of both the futures commission
merchant and the introducing broker for the purposes of this section.
    (6) Federal functional regulator is defined at Sec.  103.120(a)(2).
    (7) Financial institution is defined at 31 U.S.C. 5312(a)(2) and
(c)(1).
    (8) Futures commission merchant means any person registered or
required to be registered as a futures commission merchant with the
Commission under the Commodity Exchange Act (7 U.S.C. 1 et seq.),
except persons who register pursuant to Section 4f(a)(2) of the
Commodity Exchange Act (7 U.S.C. 6f(a)(2)).
    (9) Introducing broker means any person registered or required to
be registered as an introducing broker with the Commission under the
Commodity Exchange Act (7 U.S.C. 1 et seq.), except persons who
register pursuant to Section 4f(a)(2) of the Commodity Exchange Act (7
U.S.C. 6f(a)(2)).
    (10) Option means an agreement, contract or transaction described
in Section 1a(26) of the Commodity Exchange Act (7 U.S.C. 1a(26)).
    (11) Taxpayer identification number is defined by section 6109 of
the Internal Revenue Code of 1986 (26 U.S.C. 6109) and the Internal
Revenue Service regulations implementing that section (e.g., social
security number or employer identification number).
    (12) U.S. person means:
    (i) A United States citizen; or
    (ii) A person other than an individual (such as a corporation,
partnership or trust) that is established or organized under the laws
of a State or the United States.
    (13) Non-U.S. person means a person that is not a U.S. person.
    (b) Customer identification program: minimum requirements--(1) In
general. Each futures commission merchant and introducing broker must
implement a written Customer Identification Program (CIP) appropriate
for its size and business that, at a minimum, includes each of the
requirements of paragraphs (b)(1) through (b)(5) of this section. The
CIP must be a part of each futures commission merchant's and
introducing broker's anti-money laundering compliance program required
under 31 U.S.C. 5318(h).
    (2) Identity verification procedures. The CIP must include risk-
based procedures for verifying the identity of each customer to the
extent reasonable and practicable. The procedures must enable each
futures commission merchant and introducing broker to form a reasonable
belief that it knows the true identity of each customer. The procedures
must be based on the futures commission merchant's or introducing
broker's assessment of the relevant risks, including those presented by
the various types of accounts maintained, the various methods of
opening accounts, the various types of identifying information
available, and the futures commission merchant's or introducing
broker's size, location and customer base. At a minimum, these
procedures must contain the elements described in paragraph (b)(2) of
this section.
    (i)(A) Customer information required. The CIP must include
procedures for opening an account that specify identifying information
that will be obtained from each customer. Except as permitted by
paragraph (b)(2)(i)(B) of this section, each futures commission
merchant and introducing broker must obtain, at a minimum, the
following information prior to opening an account:
    (1) Name;
    (2) Date of birth, for an individual;
    (3) Address, which shall be:
    (i) For an individual, a residential or business street address;
    (ii) For an individual who does not have a residential or business
street address, an Army Post Office (APO) or Fleet Post Office (FPO)
box number, or the residential or business street address of a next of
kin or another contact individual; or
    (iii) For a person other than an individual (such as a corporation,
partnership or trust), a principal place of business, local office or
other physical location; and
    (4) Identification number, which shall be:
    (i) For a U.S. person, a taxpayer identification number; or
    (ii) For a non-U.S. person, one or more of the following: a
taxpayer identification number, a passport number and country of
issuance, an alien identification card number, or the number and
country of issuance of any other government-issued document evidencing
nationality or residence and bearing a photograph or similar safeguard.

    Note to paragraph (b)(2)(i)(A)(4)(ii):
    When opening an account for a foreign business or enterprise
that does not have an identification number, the futures commission
merchant or introducing broker must request alternative government-
issued documentation certifying the existence of the business or
enterprise.

    (B) Exception for persons applying for a taxpayer identification
number. Instead of obtaining a taxpayer identification number from a
customer prior to opening an account, the CIP may include procedures
for opening an account for a customer that has applied for, but has not
received, a taxpayer identification number. In this case, the CIP must
include procedures to confirm that the application was filed before the
customer opens the account and to

[[Page 25161]]

obtain the taxpayer identification number within a reasonable period of
time after the account is opened.
    (ii) Customer verification. The CIP must contain procedures for
verifying the identity of each customer, using information obtained in
accordance with paragraph (b)(2)(i) of this section, within a
reasonable time before or after the customer's account is opened. The
procedures must describe when the futures commission merchant or
introducing broker will use documents, non-documentary methods, or a
combination of both methods, as described in this paragraph (b)(2)(ii).
    (A) Verification through documents. For a futures commission
merchant or introducing broker relying on documents, the CIP must
contain procedures that set forth the documents the futures commission
merchant or introducing broker will use. These documents may include:
    (1) For an individual, an unexpired government-issued
identification evidencing nationality or residence and bearing a
photograph or similar safeguard, such as a driver's license or
passport; and
    (2) For a person other than an individual (such as a corporation,
partnership or trust), documents showing the existence of the entity,
such as certified articles of incorporation, a government-issued
business license, a partnership agreement, or a trust instrument.
    (B) Verification through non-documentary methods. For a futures
commission merchant or introducing broker relying on non-documentary
methods, the CIP must contain procedures that set forth the non-
documentary methods the futures commission merchant or introducing
broker will use.
    (1) These methods may include contacting a customer; independently
verifying the customer's identity through the comparison of information
provided by the customer with information obtained from a consumer
reporting agency, public database, or other source; checking references
with other financial institutions; or obtaining a financial statement.
    (2) The futures commission merchant's or introducing broker's non-
documentary procedures must address situations where an individual is
unable to present an unexpired government-issued identification
document that bears a photograph or similar safeguard; the futures
commission merchant or introducing broker is not familiar with the
documents presented; the account is opened without obtaining documents;
the customer opens the account without appearing in person at the
futures commission merchant or introducing broker; and where the
futures commission merchant or introducing broker is otherwise
presented with circumstances that increase the risk that the futures
commission merchant or introducing broker will be unable to verify the
true identity of a customer through documents.
    (C) Additional verification for certain customers. The CIP must
address situations where, based on the futures commission merchant's or
introducing broker's risk assessment of a new account opened by a
customer that is not an individual, the futures commission merchant or
introducing broker will obtain information about individuals with
authority or control over such account in order to verify the
customer's identity. This verification method applies only when the
futures commission merchant or introducing broker cannot verify the
customer's true identity after using the verification methods described
in paragraphs (b)(2)(ii)(A) and (B) of this section.
    (iii) Lack of verification. The CIP must include procedures for
responding to circumstances in which the futures commission merchant or
introducing broker cannot form a reasonable belief that it knows the
true identity of a customer. These procedures should describe:
    (A) When an account should not be opened;
    (B) The terms under which a customer may conduct transactions while
the futures commission merchant or introducing broker attempts to
verify the customer's identity;
    (C) When an account should be closed after attempts to verify a
customer's identity have failed; and
    (D) When the futures commission merchant or introducing broker
should file a Suspicious Activity Report in accordance with applicable
law and regulation.
    (3) Recordkeeping. The CIP must include procedures for making and
maintaining a record of all information obtained under procedures
implementing paragraph (b) of this section.
    (i) Required records. At a minimum, the record must include:
    (A) All identifying information about a customer obtained under
paragraph (b)(2)(i) of this section;
    (B) A description of any document that was relied on under
paragraph (b)(2)(ii)(A) of this section noting the type of document,
any identification number contained in the document, the place of
issuance, and if any, the date of issuance and expiration date;
    (C) A description of the methods and the results of any measures
undertaken to verify the identity of a customer under paragraphs
(b)(2)(ii)(B) and (C) of this section; and
    (D) A description of the resolution of each substantive discrepancy
discovered when verifying the identifying information obtained.
    (ii) Retention of records. Each futures commission merchant and
introducing broker must retain the records made under paragraph
(b)(3)(i)(A) of this section for five years after the account is closed
and the records made under paragraphs (b)(3)(i)(B), (C), and (D) of
this section for five years after the record is made. In all other
respects, the records must be maintained pursuant to the provisions of
17 CFR 1.31.
    (4) Comparison with government lists. The CIP must include
procedures for determining whether a customer appears on any list of
known or suspected terrorists or terrorist organizations issued by any
Federal government agency and designated as such by Treasury in
consultation with the Federal functional regulators. The procedures
must require the futures commission merchant or introducing broker to
make such a determination within a reasonable period of time after the
account is opened, or earlier if required by another Federal law or
regulation or Federal directive issued in connection with the
applicable list. The procedures also must require the futures
commission merchant or introducing broker to follow all Federal
directives issued in connection with such lists.
    (5)(i) Customer notice. The CIP must include procedures for
providing customers with adequate notice that the futures commission
merchant or introducing broker is requesting information to verify
their identities.
    (ii) Adequate notice. Notice is adequate if the futures commission
merchant or introducing broker generally describes the identification
requirements of this section and provides such notice in a manner
reasonably designed to ensure that a customer is able to view the
notice, or is otherwise given notice, before opening an account. For
example, depending upon the manner in which the account is opened, a
futures commission merchant or introducing broker may post a notice in
the lobby or on its Web site, include the notice on its account
applications or use any other form of written or oral notice.
    (iii) Sample notice. If appropriate, a futures commission merchant
or introducing broker may use the following sample language to provide
notice to its customers:


[[Page 25162]]



Important Information About Procedures For Opening a New Account

    To help the government fight the funding of terrorism and money
laundering activities, Federal law requires all financial
institutions to obtain, verify, and record information that
identifies each person who opens an account.
    What this means for you: When you open an account, we will ask
for your name, address, date of birth and other information that
will allow us to identify you. We may also ask to see your driver's
license or other identifying documents.

    (6) Reliance on another financial institution. The CIP may include
procedures specifying when the futures commission merchant or
introducing broker will rely on the performance by another financial
institution (including an affiliate) of any procedures of its CIP, with
respect to any customer of the futures commission merchant or
introducing broker that is opening an account, or has established an
account or similar business relationship with the other financial
institution to provide or engage in services, dealings, or other
financial transactions, provided that:
    (i) Such reliance is reasonable under the circumstances;
    (ii) The other financial institution is subject to a rule
implementing 31 U.S.C. 5318(h), and is regulated by a Federal
functional regulator; and
    (iii) The other financial institution enters into a contract
requiring it to certify annually to the futures commission merchant or
introducing broker that it has implemented its anti-money laundering
program, and that it will perform (or its agent will perform) specified
requirements of the futures commission merchant's or introducing
broker's CIP.
    (c) Exemptions. The Commission, with the concurrence of the
Secretary, may by order or regulation exempt any futures commission
merchant or introducing broker that registers with the Commission or
any type of account from the requirements of this section. In issuing
such exemptions, the Commission and the Secretary shall consider
whether the exemption is consistent with the purposes of the Bank
Secrecy Act, and in the public interest, and may consider other
necessary and appropriate factors.
    (d) Other requirements unaffected. Nothing in this section relieves
a futures commission merchant or introducing broker of its obligation
to comply with any other provision of this part, including provisions
concerning information that must be obtained, verified, or maintained
in connection with any account or transaction.

    Dated: April 28, 2003.
James F. Sloan,
Director, Financial Crimes Enforcement Network.
    Dated: April 28, 2003.

In concurrence:
Jean A. Webb,
Secretary of the Commodity Futures Trading Commission.
[FR Doc. 03-11016 Filed 5-8-03; 8:45 am]
BILLING CODE 4810-02-P; 6351-01-P