Pilot Launch You have early access to the Barinhall Compliance Intelligence Portal. Coverage and features are expanding weekly. Share feedback →
← Back to Feed
View source document ↗
T4 FED High Confidence Guidance

SR 25-2: Order Granting an Exemption from the Customer Identification Program Rule Requirement Related to a Bank Obtaining Taxpayer Identification Number Information from the Customer

Regulatory relief providing banks flexibility in TIN collection methods under Customer Identification Program requirements

LOW
Impact Level
Top: Compliance (2)

Advisory Assessment

Impact. The Federal Reserve has granted banks discretionary authority to obtain taxpayer identification numbers from third-party sources rather than directly from customers, while preserving all other Customer Identification Program requirements. This regulatory relief allows institutions to streamline account opening processes and potentially reduce customer friction without compromising anti-money laundering compliance obligations.

Risk. The primary exposure lies in third-party risk management, where institutions adopting alternative TIN collection methods must ensure vendor reliability and data accuracy. Compliance teams face examination scrutiny around whether third-party TIN verification procedures maintain the same level of customer identity verification that direct collection provides.

Recommended Action. Compliance should conduct a cost-benefit analysis of current TIN collection processes versus third-party alternatives, focusing on operational efficiency gains and vendor risk trade-offs. If pursuing the exemption, establish clear vendor due diligence standards and accuracy thresholds for third-party TIN data before updating CIP policies.

Watch. Monitor examination guidance from the Federal Reserve and other banking agencies regarding expectations for third-party TIN collection oversight and quality control measures. Track industry adoption patterns to gauge competitive positioning and regulatory comfort levels with alternative verification methods.

Classification

Regulatory Program
Bank Secrecy Act - Customer Identification Program
Doc Type
Guidance
Effective Date
2025-08-15
Days to Action
-335
Comment Deadline
Published
2025-01-01

Urgency Basis

Effective date was August 15, 2025, which is over 180 days past as of reference date May 15, 2026. This is optional relief that banks can implement at their discretion.

Operational Context

Affected Functions
Compliance Operations Risk Management
Institution Applicability
All

Impact by Category

Compliance
2
Operational
2
Data Governance
1
Model Risk
0
Reporting & Disclosure
0
Capital & Liquidity
0
Consumer Protection
0
Third-Party Risk
2

Key Requirements

- Review current CIP policies and procedures for potential updates - Assess whether to utilize alternative TIN collection from third-party sources - Establish risk-based procedures for third-party TIN verification if adopting exemption - Ensure continued compliance with overall CIP Rule requirements - Maintain ability to form reasonable belief of customer identity

Scoring Rationale

This is optional regulatory relief rather than a new obligation. The Federal Reserve is permitting banks to collect Taxpayer Identification Numbers from third-party sources instead of directly from customers, while maintaining all other CIP requirements. Impact is low across affected categories because: (1) compliance impact is limited since this provides flexibility rather than new requirements, (2) operational changes are optional and involve policy updates rather than system overhaul, (3) third-party risk increases modestly due to potential new vendor relationships for TIN collection. The exemption has been effective since August 2025 and represents a lessening of regulatory burden.

Scored: 2026-05-15T07:44:45.190Z Model: claude-sonnet-4-20250514 Confidence: High Aggregate Score: 1.4
AI Analysis Disclosure — This record, including its scores, impact assessments, and Advisory Assessment (impact, risk, and recommended actions), was generated by an AI model and may contain errors or omissions. The Advisory Assessment is a starting point for analysis, not a substitute for professional judgment. Effective dates, applicability determinations, impact assessments, and any recommended actions should be independently verified against primary regulatory source documents and reviewed by qualified compliance or legal personnel before taking compliance action. This output does not constitute legal or compliance advice.