FinCEN, Banking Regulators Clarify CIP Rule's TIN Collection Requirements
Synapse Bankruptcy Stays in Chapter 11, Stablecoin Digest
Hey all, Jason here.
I’ll be headed to London early next month to cohost a dinner for lending, credit, and risk practitioners with my friends at Oscilar.
The event will take place on July 8th, from 6:00pm-9:00pm, at iconic Covent Garden steakhouse Smith & Wollensky and will feature curated group discussion on timely industry topics, including innovations in fraud and financial crime detection and mitigation, how companies are leveraging biometrics, and the role of alternative data.
Space is limited for this exclusive event, so please RSVP here to request an invitation.
💰 Help Keep Fintech Business Weekly accessible to all: in an era where it feels more difficult than ever to parse hype from reality, I've made a conscious decision not to paywall Fintech Business Weekly.
But doing the research and analysis to bring you well-informed, deeply-reported stories takes time -- and money (really, you don't want to see my PACER bill, let alone my lawyer's.)
Looking to get in front of Fintech Business Weekly's 87,000+ readers and listeners? Get in touch about sponsorship options: jason@fintechbusinessweekly.com
To help keep Fintech Business weekly accessible to all, please consider upgrading to a paid subscription if you haven't already.
Alternately, if you don't want a recurring payment, you can "tip" what you think is fair here.
This API Is Reshaping Consumer Credit
Sponsored by Spinwheel: Why is consumer debt management so antiquated? Why rely on processes that add friction and costs when the tech to streamline it is already here?
Imagine unlocking key financial details instantly — with just a phone number and birthdate. That’s what Spinwheel does.
Spinwheel flips the script on consumer credit and payments. Their Debt APIs give brands real-time, verified data and seamless payment processing — without customers leaving their ecosystem.
Synapse Bankruptcy Stays in Chapter 11, For Now
The latest hearing in the ongoing Synapse bankruptcy case took place late Friday, beginning around 1:30pm Pacific Time.
This was the first hearing since the Synapse Chapter 11 Trustee, former FDIC Chair Jelena McWilliams, filed a motion to either convert the case to a Chapter 7 liquidation, which would see a new Chapter 7 Trustee appointed by the US Trustee, or to dismiss the case outright.
It’s also the first hearing since the Consumer Financial Protection Bureau filed a statement of interest in the case on Friday June 20th, as first reported by Fintech Business Weekly, lining up the possibility of using the CFPB’s civil penalty fund to make depositors whole.
The news that the CFPB is taking a more active role in seeking a solution for out-of-pocket depositors stands in stark contrast to the prudential banking regulators, who have continued to dodge questions and responsibility for the Synapse matter.
At last week’s House Financial Services Committee hearing, Fed Chair Powell continued to dissemble, responding to a last-minute question about Synapse by saying, “I don’t have a lot of specifics for you on that. I’m assured that we're still very much, uh, doing everything we can to try to get people their money back and to avoid similar occurrences.”
While the most noteworthy development in Friday’s hearing was that the case will stay in Chapter 11 — for now — much of the more than two-and-a-half hour hearing focused on questions about handling the data in the Synapse estate’s possession.
On the one hand, the data is a bona fide asset of the estate and could be requisite to continuing efforts to reconcile and return funds.
On the other hand, continuing to store this data as it has been to date, at Amazon Web Services and MongoDB, is unsustainable.
While AWS and MongoDB have been prevented from terminating Synapse’s services and destroying data so far by the bankruptcy stay, that is not a permanent solution. Since the start of the bankruptcy in April 2024, the Synapse estate has accrued millions of dollars in expenses related to storing the data that are almost certain never to be paid.
The judge in the bankruptcy case, Martin Barash, emphasized his concern about preserving data necessary for any current or future causes of action, while acknowledging the status quo cannot continue forever.
Attorneys for the Chapter 11 Trustee clarified the current state of play, including that ledger data from MongoDB has already been backed up, with copies in the possession of Lineage, Evolve, and the Trustee’s advisory firm, B. Riley.
B. Riley is also generating a copy for the CFPB to use as part of its investigation and potential victim compensation efforts, an attorney for the Trustee said.
The AWS story is a bit more complicated, with Synapse holding between 700 terabytes and 1,000 terabytes of data in AWS, amounting to hundreds of millions of files. While the Trustee hasn’t reviewed the entire contents, the Trustee’s team clarified that AWS houses customer KYC/KYB documents, such as images of driver’s licenses and passports and company incorporation documents and copies of customers’ monthly statements, among many other categories of data.
While the discussion in the hearing implied that the AWS data is not necessary for any ongoing reconciliation efforts, Evolve’s attorney at the hearing clarified that the bank is working to back up a full copy of the data held in AWS.
Judge Barash noted that it’s “not ideal” to have Evolve, a target of significant litigation related to this matter, be the only one to retain a full copy of the data currently housed on AWS.
Given the vast size, the estimate provided was that this could take four to six more weeks, though an attorney representing AWS suggested it could be completed more quickly.
Representatives from the CFPB also joined the hearing, affirming the details of the Bureau’s statement of interest and providing additional confirmation to the court and to depositors about what the Bureau is proposing and how that process would work.
Ultimately, given there are multiple copies of the data held at MongoDB, the company’s motion was granted, which will allow it to cease hosting Synapse’s data.
Judge Barash extended the stay regarding AWS, allowing Evolve more time to create copies of the data held there.
And the Chapter 11 Trustee’s motion to convert or dismiss the case was continued until the next, likely the last, hearing on August 11th.
FinCEN, Federal Regulators Clarify CIP Rule’s TIN Collection Requirements
On Friday, federal bank regulators issued an order granting an exemption to the requirement of the Customer Identification Program (CIP) rule that requires covered institutions to obtain taxpayer identification numbers (TINs) directly from customers.
The OCC, FDIC, NCUA, and FinCEN jointly issued the order modifying the rule, which implements part 326 of the USA PATRIOT Act, following a request for information on the matter issued by FinCEN in March 2024.
The CIP rule is intended to set a minimum standard for customer identification and verification for covered institutions that enable them to form a reasonable belief in the identity of their customers.
At a minimum, the CIP rule requires institutions to collect a customer’s name, date of birth (for a consumer account), address, and identification number, which must be a TIN for US persons who have one.
Institutions can verify customers’ information through both documentary means, such as checking government-issued identification, through non-documentary methods, such as comparing customer-supplied information to what is available in commercial databases, or a combination of the two.
Historically, the CIP rule has been interpreted as requiring institutions to collect the TIN directly from customers, with the exception of credit card accounts.
Credit cards were carved out from this requirement of the original CIP rule, issued in 2003, as, regulators “recognized at the time that without this exception, the CIP Rule would alter a bank’s business practices by requiring additional information beyond what was already obtained directly from a customer who opened a credit card account at the point of sale or by telephone.”
It’s worth remembering that, in 2003, it was fairly common to open credit card accounts over the phone, by mailing a paper application form, or at a point of sale (eg, for private label and cobrand credit cards), whereas checking and savings accounts were overwhelmingly opened in person at a bank branch.
At the time the 2003 CIP rule was going through the notice-and-comment rulemaking process, industry stakeholders “raised concerns during the CIP Rule comment period that customers applying for credit card accounts were reluctant to give out their complete TIN, especially through non-face-to-face means, due to consumer privacy and security concerns.”
Ultimately, the final 2003 CIP rule included an exception for credit card accounts that “allowed a bank broader latitude to obtain some information from the customer opening a credit card account and the remaining information from a third-party source, such as a credit reporting agency, prior to extending credit to a customer.”
Of course, since 2003, how Americans access financial services, including how they open new financial accounts, has radically changed.
Surveys estimate that nearly half of new bank accounts are opened with digital-only banks and fintechs, and more than three-quarters of Americans primarily manage their accounts via mobile app or online account, with just 8% saying visiting a branch is their primary method for conducting banking activities.
As digital options of accessing banking services have become ubiquitous and consumer preference and behavior have shifted, the requirement to collect customers’ TIN in these non-face-to-face settings has become more burdensome, the regulators’ order argues, saying, “the rationale relating to consumer privacy and security concerns provided for the credit card exception in 2003 as well as concerns about requirements being burdensome, prohibitively expensive, or impractical is applicable to all other types of accounts that are now easily accessible to customers through non-face-to-face means.”
Further, with the explosion of data breaches, identity theft, fraud, and scams that have come along with the rise of digitally-distributed financial services, consumers have become understandably wary about providing personal information, particularly their Social Security numbers or other taxpayer identification numbers.
It’s estimated that nearly half of the US population has had personal information compromised by a data breach in the past five years, which have seen massive data breaches at firms that include T-Mobile, Xfinity, AT&T, National Public Data, Real Estate Wealth Network, UnitedHealth Group, and numerous others.
It’s also worth remembering that taxpayer identification numbers, particularly Social Security numbers, were never intended to be used as secure, unique identifiers — and that CIP processes, while legally required, are not, by themselves, designed to prevent fraud or financial crime.
Americans’ reluctance to provide their TINs has proven to be an enduring point of friction in opening accounts online.
Some fintechs have sought to streamline onboarding by collecting only the last four digits of a customer’s TIN and then using commercially available databases, primarily credit reporting agencies, to match and retrieve the full TIN.
But while the 2003 CIP rule itself did not specifically speak to the permissibility of collecting only a partial TIN, the 2024 interagency RFI reiterated FinCEN and the federal banking regulators’ position at the time that “banks must continue to comply with the current CIP Rule requirement to collect a full SSN for U.S. individuals from the customer prior to opening an account.”
And concurrent with that 2024 interagency RFI, the FDIC also released now-rescinded financial institution letter FIL-15-2024, which explicitly reiterated the FDIC’s view at the time that “the CIP Rule does not allow for an abbreviated collection of any data element. For example, the full TIN must be collected from the customer prior to opening the account.”
The order released on Friday argues that exempting institutions from this requirement and allowing an alternative TIN collection method, within an existing, reasonably designed, risk-based CIP program, is consistent with the purposes of the Bank Secrecy Act and with the principles of safe and sound banking.
The joint order provides improved regulatory clarity and should enable more streamlined customer onboarding, with minimal additional financial crime or fraud risk.
Stablecoin Digest: GENIUS Passes Senate, JPMC Plans Tokenized Deposit Pilot, Fiserv Announces FIUSD Stablecoin
Those who follow my work may have noticed I’ve been relatively quiet on the white-hot trend du jour: yes, stablecoins.
Having watched a plethora of dubious, short-lived trends capture the imagination of thought leaders and the conference circuit in recent years but never reach escape velocity — remember NFTs? web3? the metaverse? CBDCs? — I’ve developed a healthy sense of skepticism in an effort to avoid falling prey to industry groupthink.
But at this point, while surely not a general interest topic, it is undeniable that stablecoins have broken out from a niche utility within the crypto world to capture the imagination of the financial services industry and have the potential — potential — to reshape banking and payments, with implications that could reach as far as impacting overall financial stability and the US Government’s cost of borrowing by influencing demand for US Treasuries.
Still, I’m highly skeptical of anyone proclaiming stablecoins will be the “death of X” — ACH, Visa/Mastercard, SWIFT, cash, or even fractional reserve banking itself.
It’s worth remembering that once a payment method has reached a critical mass of adoption, it tends to become incredibly sticky and thus difficult to displace.
For example, despite the initial launch of the Automated Clearing House in 1972, born out of a fear about the logistics of processing a growing volume of physical paper checks, the volume of payments transacted via check has remained stubbornly high, with more than 11 billion checks transferring an aggregate of almost $27.5 trillion as recently as 2021 — nearly 50 years after ACH was introduced with the intention of stemming the rising tide of checks.
This is all to say, it’s not that I haven’t been paying attention to the burgeoning stablecoin dialogue, but rather that I’ve been resisting the urge to commentate and, instead, take my time to read, research, talk to industry stakeholders across the spectrum, and develop my own point of view on how stablecoins are likely to evolve and impact incumbents, including the prior generation of fintech “disruptors.”
With that, these are the key pieces of stablecoin-related news on my radar in recent weeks:
GENIUS passes Senate: on June 17th, the Senate passed the measure, which would create a dual federal and state framework for licensing and regulating “permitted payment stablecoin issuers,” or PPSIs. The bill defines categories of PPSIs, which include subsidiaries of insured depositories, federally-qualified non-depository issuers, state-qualified non-depository issuers, and qualifying foreign issuers.
GENIUS would impose various requirements on PPSIs, including that issued stablecoins be backed one-to-one by high-quality short-duration liquid assets (eg, US Treasuries) and that PPSIs would be prohibited from pledging, rehypothecating, or otherwise reusing required reserve assets, except in narrowly defined circumstances.
The measure also directs the federal and state entities that would regulate PPSIs to coordinate to formulate requirements for capital, liquidity, reserve asset diversification (including regarding bank deposit concentration, a risk highlighted by the failure of SVB), interest rate risk, and operational and compliance risk, including BSA/AML.
While GENIUS would prohibit issuers from paying interest, it leaves open pathways for issuers and affiliates or unaffiliated platforms, like crypto exchanges, to pay “rewards” or other consideration, a practice that is already fairly widespread and entrenched in the economics of some players in the industry.
The measure now moves to the House, where its companion bill, the STABLE Act of 2025, is under consideration. While largely similar to the Senate’s measure, it seems unlikely the House will simply pass the Senate version as-is, and leadership on the House Financial Services Committee has hinted at a desire to concurrently pass a stablecoin framework and a wider crypto “market structure” bill.
JPMorgan Chase selects Coinbase for deposit token pilot: in one of several signs in recent weeks that established financial services players are looking to blunt any potential threat from stablecoins, the largest bank in the US has chosen Coinbase as a vendor to support the launch of its own tokenized deposit, dubbed “JPMD.”
While potentially serving overlapping use cases with stablecoins, a “tokenized deposit” is distinct in that it is a representation of a traditional bank deposit on a blockchain, rather than the issuance of a token back by other assets, such as US Treasuries.
The definition as a tokenized “deposit” vs. a stablecoin provides greater certainty around financial and accounting treatment, which is a critical concern for corporate and institutional adoption.
JPMorgan plans to issue the JPMD token on Base, Coinbase’s public Ethereum-based blockchain, though the permissioned token will only be accessible to select institutional customers of the bank at launch.
JPMD will enable institutional customers to make cross-border business-to-business payments and settle transfers 24/7/365.
Fiserv announces FIUSD stablecoin: payments and core banking technology provider Fiserv last week announced its planned digital asset platform, including its own stablecoin, FIUSD.
Fiserv is, at least in theory, well positioned to capitalize on its existing relationships, which include about 10,000 financial institutions and six million merchant locations that process 90 billion transactions per year, according to the company.
Fiserv has tapped blockchain and stablecoin infrastructure companies Paxos and Circle, with the goal of making its FIUSD interoperable with other market-leading stablecoins. FIUSD will operate on the Solana blockchain. The company said it is also “exploring” the use of deposit tokens alongside the FIUSD effort.
Mastercard joins Paxos Global Dollar Network: not to be left out, Mastercard last week touted its existing and planned stablecoin-related capabilities, including by joining the Paxos Global Dollar Network.
Mastercard’s framing on stablecoins is worth highlighting. The network began by emphasizing that “[c]onsumers and merchants adopt solutions that are convenient, secure and dependable,” and continued by saying that, “We don’t see stablecoins disrupting this dynamic — in fact, they reinforce it.”
By joining Paxos Global Dollar Network, Mastercard will enable any Mastercard-affiliated institution to mint, distribute, and redeem USDG to their customers.
Mastercard announced it is “aiming” to integrate Fiserv’s FIUSD across its products and services, including on/off ramping, settlement, and stablecoin-linked card issuance.
The network said it is continuing to work with PayPal “to drive future network settlement capabilities with PYUSD,” the PayPal-issued stablecoin. And Mastercard touted its “ongoing support” for USDC, issued by the newly public Circle.
Stripe acquires Privy: earlier this month, payments platform Stripe built on its blockbuster $1.1 billion acquisition of stablecoin infrastructure platform Bridge by acquiring wallet provider Privy for an undisclosed sum.
Privy provides infrastructure to enable firms to embed crypto and stablecoin wallets into their platforms and experiences. The capability is comparable to popular app and browser-based wallet Metamask and Coinbase Wallet.
Of the potential, Stripe cofounder and CEO Patrick Collison said in a statement, “With a unified platform, connecting Privy’s wallets to the money movement capabilities in Stripe and Bridge, we’re enormously excited to enable a new generation of global, Internet-native financial services.”
Erebor files bank charter application with OCC: the startup backed by billionaire founder of defense tech firm Anduril, Palmer Luckey, and Palantir cofounder Joe Lonsdale has filed an application to form a national bank with the Office of the Comptroller of the Currency. Lonsdale’s 8VC is reportedly leading a $225 million fundraising effort for the would-be bank.
Erebor — the name is a reference to Lord of the Rings — would be something of a reboot of Silicon Valley Bank, with a target market focused on the “innovation economy, in particular technology companies focused on virtual currencies, artificial intelligence, defense, and manufacturing, as well as payment service providers, investment funds and trading firms (including registered investment advisers, broker dealers, proprietary trading firms, and futures commission merchants),” according to the company’s charter application (h/t BankRegBlog).
Erebor would “also serve select individual consumers in the high and ultra-high net worth category who work for, or invest, in such companies, and provide certain deposit and payment services to qualifying foreign banking organizations,” its application says.
“Stablecoin-related services” are one of four categories of product Erebor intends to offer, if approved, during its three-year de novo period.
To facilitate such services, Erebor would hold virtual currencies on balance sheet “for operational purposes” that include paying so-called “gas fees” (transaction fees) for interacting with Layer-1 and Layer-2 blockchains.
Erebor says that its goal is “to be the most regulated entity conducting and facilitating stablecoin transactions and to bring this modern form of traditional financial intermediation fully within the regulatory perimeter.”
The company’s business plan and the legal analysis supporting the permissibility of Erebor’s proposed activities are both confidential and thus not disclosed with the public portion of its charter application.
But, Bank for International Settlements warns stablecoins perform poorly as “money:” if the burgeoning number of entities issuing stablecoins on different blockchains, with different characteristics, under varying and (at the moment anyway) uncertain regulatory regimes, with different compositions of reserve assets gives you pause, you aren’t alone.
In a BIS report published last week, the organization argues that stablecoins perform poorly as “money,” as, in the current environment, their characteristics don’t lend themselves (pun intended) to achieving singleness, elasticity, and integrity.
“Singleness” is the concept that commercial bank money issued by different banks can be used and exchanged without friction or hesitation: a deposit at JPMorgan Chase can be treated the same as a deposit at Bank of America or a local, small-town community bank or credit union.
Achieving the singleness of money was no accident — it required the creation of a complex infrastructure of prudential regulation, deposit insurance, and access to emergency liquidity.
And, in fact, the US has not always had singleness of money. During the so-called free-banking era, after the closure of the Second Bank of the United States in 1841 and before the passage of the National Bank Act in 1863, chartering and regulation of banks was handled solely at the state level.
During this period, many banks issued their own banknotes — somewhat comparably to the current stablecoin era, though the current generation of stablecoins are generally fully reserved — which allowed for sometimes wide deltas between a banknote’s actual vs. par value, depending on the perceived financial health of the issuing institution.
The BIS report further argues the current generation of stablecoins, because of their fully reserved nature, lack the elasticity that exists in the two-tier banking system (eg central bank and commercial banks.)
In today’s two-tier banking system, central banks stand ready to provide liquidity to commercial banks at the policy rate against high-quality assets, the BIS argues, and banks can determine how much money, in the form of bank deposits, to supply to the real economy in line with their business models and risk tolerances. Because they are designed to be fully reserved, stablecoins lack this flexibility.
Finally, the BIS argues that stablecoins perform poorly at protecting the integrity of the monetary system, as some stablecoins may be more susceptible to illicit activity and may undermine monetary sovereignty, which the BIS describes as “the ability of a jurisdiction to make decisions and exercise influence over the monetary system within its borders.”
Fintech Business Weekly is an independent publication, entirely supported by readers like you. Consider upgrading to a paid subscription to help me continue doing this work.
Other Good Reads & Listens
Policy Statement: Guidance on Referrals for Potential Criminal Enforcement (CFPB)
Regulatory Capital Rule: Modifications to the Enhanced Supplementary Leverage Ratio Standards (Department of the Treasury)
Big Banks: Go Small! (Connecticut Law Review)
Man whose parents were kidnapped after $245M Bitcoin theft pleads guilty to charges (ABC News)
Blueacorn founders indicted on PPP fraud charges (Banking Dive)
An Exhaustive Review of the History and Nascent Culture of the CFPB (Fintech Takes)
Listen: Interview with BILL’s Mary Kay Bowman (Fintech Business Weekly)
About Fintech Business Weekly
Looking to work with me in any of the following areas? Email me.
Now available: buy my best-selling book, Banking as a Service: Opportunities, Challenges and Risks of New Banking Business Models, here
Vendor, partner & investment opportunity advice and due diligence
Fintech advising & consulting
Sponsoring this newsletter
News tip or story suggestion — reach me on Signal at mikulaja.01