On March 5, 2012, the United States Department of the Treasury ("Treasury"), Financial Crimes Enforcement Network ("FinCEN"), published an Advance Notice of Proposed Rulemaking ("ANPR") seeking comments on the concept of prescriptive rules for customer due diligence ("CDD") for certain financial institutions (and potentially all financial institutions) under the Bank Secrecy Act ("BSA"). The rules would include "a categorical requirement" for financial institutions to obtain beneficial ownership information on all customers. (77 Fed. Reg. 13046). Comments are due to FinCEN by May 4, 2012.
The proposal is potentially extremely burdensome and is expected to elicit comments from many affected financial institutions and their professional associations. If the proposal goes forward, the ANPR would be followed by a Notice of Proposed Rulemaking ("NPR") addressing the comments received in response to the ANPR. The NPR would include the full text of the proposed regulatory language and provide another opportunity for public comment. It is notable that, while Treasury states that it consulted with the Federal financial institution supervisory authorities, none of the regulators joined in sponsoring the issuance of the ANPR.
Under the BSA and its implementing regulations, and, with respect to banks, parallel requirements of the Federal bank regulators, banks, securities broker-dealers, and certain other "financial institutions" are required to implement risk-based anti-money laundering ("AML") programs to prevent and detect money laundering and terrorist financing and to comply with a labyrinth of BSA/AML laws, regulations, and regulatory guidance. The number and complexity of these requirements and the regulatory expectations for comprehensive AML programs has grown exponentially over the last 20 years, especially since the implementation of the BSA amendments of the USA PATRIOT Act. Financial institutions have engaged legions of compliance professionals and invested in sophisticated systems to support their AML programs, including CDD systems.
Clearly, there have been positive, significant results from this attention by the financial industry to BSA/AML compliance: Financial institutions have increased their ability to prevent and detect money laundering within their institutions and to manage their money laundering legal and reputational risks. Banks and other financial institutions have become active partners with the government in the fight against money laundering. There are countless examples in which alert financial institutions complying with the suspicious activity reporting ("SAR") requirements have been helpful to law enforcement in opening or furthering investigations and/or laying the groundwork for the seizure and forfeiture of assets.
Nevertheless, while financial institutions have made money laundering more difficult for criminals, there is no evidence that the overall level of money laundering and financial crime in the United States has decreased. Despite the burgeoning requirements and costs, there appears to have never been what would be considered a systematic effort by the U.S. government to assess the costs of BSA/AML compliance by financial institutions and to weight those coasts against the benefits to law enforcement. There is a question whether additional AML burdens on financial institutions are justified and whether, given the current risk-based CDD programs of financial institutions, this particular proposal is warranted.
Current CDD Programs of Financial Institutions
Key to effective AML efforts is the need for financial institutions to know their customers. Consequently, a core component of an effective AML program are policies, procedures, and internal controls for CDD and enhanced due diligence ("EDD") for higher risk customers. CDD and EDD build upon the BSA Customer Identification Program ("CIP") requirements and address the EDD regulatory requirements for foreign financial institution correspondent accounts and private banking accounts for non-U.S. persons under Section 312 of the USA PATRIOT Act. Beyond compliance with the CIP and Section 312 requirements, financial institutions have been allowed to fashion risk-based CDD/EDD programs to address the money laundering risks of their particular customers, products and services, and geographic locations and markets.
Most banks and securities broker-dealers have developed systematic risk rating methods for customers and obtain CDD/EDD information and documentation, refresh account information periodically, and monitor accounts in accordance with the money laundering risk of their customers. Obtaining beneficial ownership of legal entity clients is approached differently by different financial institutions. The extent to which beneficial ownership information is obtained and verified (and at what levels of ownership) is keyed to the type of customer and the customer risk. The CDD/EDD programs are reviewed rigorously by the Federal functional regulators with respect to their effectiveness, compliance with regulatory requirements and guidance, and consistency in application.
Overview of the Proposal
As stated in the ANPR, Treasury is considering implementing comprehensive CDD regulatory requirements for all customers, including a requirement to obtain beneficial ownership information for all customers and to verify beneficial ownership on a risk basis. The current risk-based approach to CDD would be subject to, if not replaced by, regulatory requirements that would "codify, clarify, consolidate, and strengthen existing CDD regulatory requirements and supervisory expectations." Initially, the requirements would be imposed on banks, securities broker-dealers, mutual funds, futures commission merchants, and introducing brokers in commodities, i.e., on financial institutions currently subject to CIP requirements. Treasury suggests that, in the future, the requirements could apply to other financial institutions under the BSA, e.g. money services businesses and insurance companies with respect to certain insurance products. Treasury is considering whether existing accounts would be grandfathered in from the requirements, similar to the grandfathering of existing accounts when the CIP regulations were implemented.
Concerns about the Proposal
Specific CDD regulatory requirements, including the requirement to obtain beneficial ownership information "categorically," arguably are not necessary. The case made in the ANPR that consistent requirements would enhance efforts to combat money laundering, tax evasion, and other crimes is not convincing, and the potential burdens are minimized. The proposal appears to be at least partially driven by a desire to comply with the revised recommendations of the Financial Action Task Force and to be able to provide foreign tax authorities with beneficial ownership information for the accounts of their citizens in the United States through tax information exchange agreements and other means of mutual legal assistance.
The ANPR points out that that there have been BSA enforcement actions where CDD deficiencies have been cited. Nevertheless, in public pronouncements, the Federal financial institution functional regulators and FinCEN appear to be of the view that financial institutions generally are doing a good job in managing their AML risk -- including knowing their customers, filtering out problematic customers, and reporting suspicious activity. Moreover, in the most serious BSA/AML cases, where AML program deficiencies have been coupled with serious criminal activity, the problems appear to have been rooted in a failure to appreciate the money laundering risk of certain customers or products, e.g., Mexican casas de cambio, third party payment processors, or remote deposit capture activities, or to take appropriate action in the face of suspicious activity. It is questionable whether specific CDD requirements and obtaining and verifying beneficial ownership information would have prevented the problematic financial activity.
Implementation of the changes would be expensive and entail major changes in financial institution procedures and systems and current practices. There also are numerous practical concerns with the proposal, including the difficulty of obtaining reliable and verifiable beneficial ownership information; the problem of explaining the complex ownership definition to customers; the difficulty of complying with beneficial ownership and verification of beneficial ownership requirements in certain account opening situations, e.g., opening bank-issued credit cards for business customers on the spot at retail establishments; and the problem of conducting CDD on the "owners of assets," as discussed below.
Another consideration with respect to the beneficial ownership requirement is whether the government is putting the cart before the horse. In the United States, unlike certain other countries, reliable public sources for legal entity ownership information (other than for public companies) do not exist and, even if Federal legislation under consideration were passed requiring state action to maintain reliable ownership information, it would be many years before the information would be available for all states. Arguably, Treasury's efforts should be focused on promoting legislative solutions to encourage or require states to develop reliable corporate registries and take more responsibility for determining the beneficial owners of legal entities they charter. Once there is a reliable corporate registry, determining and verifying beneficial ownership would be far less burdensome for financial institutions and potentially more useful to the government.
Components of the Regulations Under Consideration
The specific components of the regulations under consideration are:
- A requirement to identify all beneficial owners of legal entity customers. Possible exceptions would apply to entities exempt from CIP requirements, e.g., U.S. publicly-traded companies, financial institutions with Federal functional regulators, and Federal, state, and local government entities and instrumentalities. Generally, a financial institution would be able to rely on information provided by the person opening an account, which of course, would not necessarily be reliable.
- How beneficial ownership would be defined is under consideration. The ANPR sets forth a proposed definition of beneficial owner which either would be either an individual owner with more than a 25% equity interest in the entity or, in the alternative, if no person has more than a 25% interest, the beneficial owner would be the person with at least as great an interest as any other person and who has a greater responsibility than other individuals for directing or managing the affairs of the entity. It is unclear how the difficult task of identifying and verifying beneficial owners of entities owned by other entities would be treated or how beneficial ownership would be defined for legal entities where no one has an equity interest. (It should be noted that currently, many financial institutions identify the beneficial ownership of high risk customers at a lower threshold than 25%.)
- Financial institutions would be required to verify beneficial owners on a risk-basis. There may be a requirement to verify the identity of beneficial owners in the sense of verifying that the named individual owner is who the person says he or she is, e.g., by obtaining a copy of a driver's license or passport, and/or verification that the person has the purported beneficial ownership interest in the legal entity, e.g., proof that a person is a more than 25% beneficial ownership. The challenge in the latter case is obtaining reliable information.
- Treasury suggests that, for accounts opened by agents or held by financial intermediaries for their customers, e.g., brokered deposited or omnibus accounts, CDD and beneficial ownership information may be required on the "owner of the assets." This is a major reversal of the current regulatory guidance and industry approach. Generally, for omnibus accounts, due diligence is conducted on the intermediary and not on the intermediary's customers or "the owners of the assets," which could change from day-to-day. It also is difficult to contemplate how CDD on the owners of the assets could be conducted. This potential requirement and the verification requirement potentially appear to be the most onerous aspects of the proposal.
- There may be a requirement to ask customers when opening accounts whether they are opening accounts on their own behalf, e.g., to determine if there are other parties for whom CDD should be conducted and for whom beneficial ownership information should be obtained.
- The regulation would specify that there must be ongoing monitoring of customers and additional CDD conducted, as appropriate, as a result of that monitoring. This aspect of the regulation would seem to codify what has become standard practice and regulatory expectation currently as integral part of SAR compliance.
Areas for Comment
FinCEN is soliciting comments on nine specific areas:
- What changes would be required in a financial institution's CDD program if the rule described were adopted?
- What changes would be required in a financial institution's CDD processes as a result of a requirement to obtain and verify beneficial ownership information? Are the proposed alternative definitions of beneficial ownership clear or are there suggestions for a better definition? How are financial institutions addressing the beneficial ownership issue currently relating to ownership of assets in an account of a financial intermediary? Should any beneficial ownership requirement for accounts of intermediaries be risk-based?
- Under what circumstances does a financial institution currently obtain beneficial ownership?
- How do financial institutions obtain beneficial ownership?
- Is the current risk-based approach to CDD resulting in varied approaches across and within industries?
- Are there other elements of CDD that would be more effective in facilitating compliance with AML requirements?
- What information should be required to identify and verify the identity of beneficial owners on a risk-basis?
- Are their products and services that should be exempted from the beneficial ownership requirement?
- What types of financial institutions should not be covered by the rule?
- What would be the impact on "consumers or other customers" of the CDD program outlined in the ANPR?
Given the current economic strains and regulatory burdens on financial institutions and the level of their AML compliance efforts, before going further with the concept of these regulations and adding new BSA AML requirements, it seems incumbent for the government to conduct any additional cost-benefit analysis of the costs to financial institutions of compliance with existing BSA/AML requirements and the proposed new BSA requirements compared to the benefits to the government. At a minimum, before proceeding further, a stronger case needs to be made that the current risk-based approach to CDD, as it is being implemented by financial institutions under the watchful eyes of their regulators, is inadequate. There is a danger that the financial industry is being asked to bear a disproportionate share of the cost of the fight against money laundering and that what they are being asked to do in this proposal will ultimately have little salient effect on the problem.