On June 27, 2025, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an update to the Customer Identification Program (CIP) Rule. The new order allows banks to collect Taxpayer Identification Numbers (TINs) from trusted third-party sources—such as credit bureaus or technology platforms—in addition to directly from bank customers. This change marks a step towards modernizing identity verification in digital banking.
This shift highlights the growing influence of digital banking and modern identity verification technologies. It offers financial institutions greater flexibility in their verification processes while still complying with the broader CIP Rule. Under this rule, banks need to collect basic types of customer information “…supplemented by risk-based verification procedures, where appropriate, to ensure that the bank has a reasonable belief that it knows each customer’s identity.”
A TIN is a unique number used for tax reporting and regulatory compliance. It helps match income and transaction data to the correct individual or entity, supporting accurate tax reporting, as well as anti-money laundering and fraud prevention.
3 common types of TINs include:
TINs are a core component of the CIP Rule, which is part of the broader Bank Secrecy Act aimed at preventing money laundering and terrorist financing. Banks must collect TINs before opening new accounts to help verify customer identities, which in turn reduces fraud/financial crime risk to the financial system.
As mentioned, financial institutions are required to collect certain basic information as part of their CIP compliance activity, and this includes collecting TINs before opening new accounts. For example, when a small business opens a new account, the bank must collect the business’s EIN and verify it using reliable sources. Only after the EIN has been verified could the bank say they have formed a reasonable belief that it knows who its customer is.
The FinCEN order introduced a change allowing banks to collect TINs from verified third-party providers. These providers could include credit bureaus, fintech platforms, and other secure data sources. Its goal is to make onboarding processes smoother—especially for customers who may prefer digital-first experiences—while still maintaining strong anti-financial crime and compliance standards. Institutions may also be able to drive operational efficiency through automated collection processes.
While the recent FinCEN order introduces more flexibility in how banks may collect TIN information, the obligation to verify customer identity remains unchanged. Failing to collect or verify TINs properly could expose financial institutions to serious consequences, including:
Although using third-party data to collect TIN information can help streamline onboarding, banks remain responsible for maintaining processes that are robust, secure, and compliant with the CIP Rule.
TINs remain a cornerstone of CIPs, tax compliance, and financial crime prevention. FinCEN’s updated guidance reflects a shift towards digital transformation in banking, which gives institutions more flexibility in how they execute onboarding processes.
By leveraging trusted third-party data and modern verification tools, banks can leverage innovation to enhance efficiency and customer experience, while balancing their responsibility to uphold regulatory rigor.
Moody’s Maxsight™ unified risk platform helps banks to digitally transform customer onboarding processes and integrate robust data checks. With Moody’s Entity Verification API, banks have the opportunity to match TINs through Moody's access to government registries throughout the U.S. states and territories.
For more information, or to see a demonstration, please get in touch any time.