Starting May 11, 2018, financial institutions will need to implement new policies and procedures to comply with the Financial Crimes Enforcement Network's (FinCEN) new Customer Due Diligence Requirements for Financial Institutions (the Rule), which requires covered financial institutions to identify and verify the identity of beneficial owners of legal entity customers. To help institutions get ready, FinCEN issued FAQs on April 3, 2018, to explain and clarify the scope of the Rule. This article summarizes the Rule and provides ten practical tips for those financial institutions still working to update their policies in advance of the Rule's effective date.
What Is the Beneficial Ownership Rule?
FinCEN, part of the U.S. Treasury, administers the anti-money laundering (AML) rules for financial institutions under the Bank Secrecy Act (BSA). The Rule amends existing BSA regulations to clarify and strengthen customer due diligence (CDD) requirements for certain covered financial institutions, including banks and credit unions; broker-dealers; mutual funds; and futures commission merchants and introducing brokers in commodities. Specifically, covered institutions must implement written procedures to identify and verify (a) 25% or greater beneficial owners, and (b) a single individual with significant control over the entity, taken together to mean "beneficial owner," each time a new account is opened.
Practical Tips for Compliance with the Beneficial Ownership Requirements
Covered institutions should take steps to update their existing AML procedures to incorporate the beneficial ownership requirements. The best way to prepare for the Rule is to review your financial institution's existing AML program and update policies, procedures, and forms to account for the Rule. This process may require a number of changes to existing processes, including:
- Updating data input screens to capture beneficial ownership information
- Coordinating with AML software vendors to address collection and transfer of information
- Updating account opening documents (applications, signature cards, certification forms)
- Updating policies and procedures (customer identification program (CIP), CDD, account opening, suspicious activity monitoring and reporting, etc.)
- Training (employees and customers)
To help with this process, we highlight some of the most significant lessons from FinCEN's new FAQs, along with additional tips to help financial institutions implement the new Rule.
1. What are the standards for verifying the identity of beneficial owners?
Covered institutions may generally rely on information provided by the legal entity customer, and FinCEN provides a sample Certification Form that account applicants may complete to provide beneficial ownership information (but institutions are not required to use it). The financial institution must then verify the individual's identity through identifying documents or other standard CIP methods, but is not required to verify the individual's status as a beneficial owner.
Although the verification process for beneficial owners must contain the same elements as existing CIP procedures, they are not required to be identical—for example, a covered institution may accept photocopies of a driver's license to verify the identity of beneficial owners if the beneficial owner is not present, which is not permissible under existing CIP rules.
2. How to handle legal entity customers with complex ownership structures.
The Rule requires identification of indirect beneficial owners, meaning those that may hold ownership in the legal entity customer through a series of intermediary legal entities. For example, if Company A owns 50% of the legal entity customer, and if an individual, in turn, owns 60% of Company A, then that individual (with an indirect ownership of 30%) would be a beneficial owner for purposes of the Rule.
3. How to handle existing customers under the Rule.
If a beneficial owner of a new legal entity account is an existing customer and is already subject to the financial institution's CIP, then the institution may rely on information in its possession to fulfill the Rule requirements, provided the existing information is up to date and accurate, and the legal entity customer certifies or confirms (verbally or in writing) the accuracy of the preexisting CIP information.
4. What to do when a single legal entity customer opens multiple accounts.
Generally, covered financial institutions must identify and verify the legal entity customer's beneficial ownership information for each new account opening. However, an institution that has already obtained a certification form (or its equivalent) for the beneficial owners of the legal entity customer may rely on that information to fulfill the beneficial ownership requirement for subsequent accounts, provided the customer certifies (verbally or in writing) that such information is up to date and accurate at the time each subsequent account is opened, and the institution maintains a record of such certification.
5. Keep records of all beneficial ownership certification documents.
The FAQ clarifies that all sets of beneficial ownership certifications must be retained, even if the financial institution has updated the beneficial ownership information on the account of a legal entity customer, and subsequently a new account is opened on behalf of the same legal entity. In this situation, the financial institution would need to retain the original set collected at account opening, the updated set, and a third set for the new account.
6. The Rule does not apply to accounts for internal recordkeeping or operational purposes.
The FAQ clarifies that subaccounts will not be considered a "new account" or an "account" for purposes of the Beneficial Ownership Rule when a financial institution creates an account for its own administrative or operational purposes and not at the customer's request.
7. The Rule applies to product or service renewals.
The FAQ explains that covered financial institutions are required to have their legal entity customers certify the beneficial owners for existing customers during the course of a financial product renewal (e.g., a loan renewal or certificate of deposit), because each time a loan is renewed or a certificate of deposit is rolled over, the bank establishes another formal banking relationship and a new account is established.
However, in the case of a loan renewal or CD rollover, because these products are not generally treated as new accounts by the industry and the risk of money laundering is low, if at the time the customer certifies its beneficial ownership information it agrees to notify the financial institution of any change in such information, such agreement can satisfy the certification requirement.
8. There is no obligation to update beneficial ownership information absent specific risk-based concerns during routine periodic reviews.
Covered financial institutions are not required to obtain or update beneficial ownership information during routine periodic reviews of existing accounts, unless risk-based concerns are present. Absent such a risk-related trigger or event, collecting or updating beneficial ownership information is at the discretion of the covered financial institution.
9. What is required to confirm claims of exclusion from the definition of "legal entity customer"?
A covered financial institution may rely on information provided by a legal entity customer for purposes of confirming that the customer qualifies for an exclusion from the rule, provided the institution has no knowledge of facts that would reasonably call into question the reliability of such information. Financial institutions should specify the type of information they will obtain and rely upon to determine eligibility for exclusions in their risk-based policies and procedures.
10. How does the Rule impact currency transaction reports
Unless there is a reason to believe otherwise, covered financial institutions should assume that different businesses that share a common owner are operating separately and independently from each other and the common owner. Thus, absent contrary information, financial institutions should not aggregate transactions involving those businesses with each other or with those of the common owner for purposes of CTR filing.