萝莉社官网

On June 27, 2025, of an order providing banks and credit unions federally regulated by the FDIC, OCC or the NCUA the option to obtain tax identification numbers (TINs) from account applicants using methods other than having them directly provided in their entirety.

The order is the culmination of FinCEN’s efforts under Section 6216 of the Anti-Money Laundering Act of 2020, which tasked them with — among other things — identifying regulations and guidance that are outdated.

Here’s what you need to know about the alternative TIN collection order:

What the TIN collection order does

To simplify and understand this order, it’s useful to focus on its limitations.

Importantly, FinCEN’s exemption:

• Does not relieve institutions of the obligation to obtain and retain a complete TIN.
• Does not apply to banks that are regulated by the Federal Reserve.
• Does not apply to banks or credit unions lacking a federal regulator.
• Does not modify the structure of the customer identification program (CIP) regulation within the Bank Secrecy Act (BSA) or the implementing regulations of the federal banking regulators that have adopted the exemption.

The order does provide a carve-out through guidance that explicitly allows obtaining a TIN indirectly.

In practical terms, you still have to do the same thing (get a full TIN) — but now you’re allowed to do it without making an account applicant provide it. This usually means collecting only the last four digits of the TIN from applicants, then obtaining the remaining five digits from a third-party source.

For example, you could obtain the digits from a fintech solutions provider that accesses public records after using other identifying information in combination with multifactor authentication methods to validate the account applicant’s identity.

Whether using alternatives or not, financial institutions will still need to get and keep the “whole nine” in accordance with record retention requirements.

Why now?

Over the past decade, FinCEN has faced increased pressure from lawmakers and industry trade organizations to modernize various aspects of the BSA, most notably through the passing of the . According to FinCEN, the order reflects a broader recognition of both technological innovation and evolving consumer behavior.

Several key factors influenced their decision to issue this exemption:

• Innovation in identity verification: The financial sector has seen rapid advancements in digital identity tools, including biometric verification, AI-driven fraud detection and real-time data validation.
• Customer reluctance: FinCEN and the agencies noted a growing trend of customers hesitating to provide full TINs, citing concerns over data breaches and identity theft.
• Legislative and industry support: The order follows advocacy from banks, fintechs, trade associations and members of Congress — many of whom pointed to the long-standing “credit card exception” that has allowed partial SSN collection for over two decades.
• Changing customer onboarding norms: With the rise of non-face-to-face account openings, traditional identity verification methods are increasingly seen as outdated or overly burdensome.

Addressing the critics

Some have raised concerns that loosening TIN collection standards could weaken identity verification. However, the order indicates that more rigorous verification — not less — will be necessary to authenticate account applicants without directly obtaining their full TIN. Therefore, in combination with the more limited exposure of full TIN data, the net impact should be neutral at worst, given FinCEN’s clear implication that a strong authentication control environment will be necessary.

Institutions considering taking advantage of the exemption will need to conduct a thorough CIP risk assessment and implement robust processes to mitigate those risks. As a result, it can be reasonably anticipated that the FDIC, OCC and NCUA will expect financial institutions to leverage effective tools to validate, verify and authenticate customer identities.

What’s next?

While the order is effective immediately, institutions seeking to adopt alternative TIN collection methods should proceed thoughtfully and cautiously.

Neither FinCEN nor the federal banking regulators have issued detailed implementation guidance, leaving many institutions seeking clarity on acceptable practices. Additionally, the order did not contemplate whether any other aspects of banking compliance may be impacted if alternative TIN collection methods are implemented. AML/CFT management should be certain to collaborate cross-functionally to determine if and how other requirements may be affected institutionwide.

It’s also important to capture the previously mentioned factors and an inventory of threats and controls within a centralized document, such as a targeted risk analysis or an updated AML/CFT risk assessment. Doing so will demonstrate that, even if your institution stops getting the “whole nine,” you’ll never stop going the “whole nine.”

How Wipfli can help

Navigating regulatory shifts like FinCEN’s new TIN collection order requires more than compliance. It demands strategic foresight.

Wipfli’s team includes former industry professionals who know the challenges you face when navigating a strict and ever-changing regulatory environment. We’re ready to apply our experience to help you adapt quickly while taking advantage of opportunities for growth.

Reach out today to talk to our team about the future of your financial institution.

You can also get more insights from these additional resources:

• Webinar: Navigating AML/CFT risk assessments
• How banks navigate uncertainty with AI agents and agentic AI
• How ROVs can help mitigate risk at your institution