On July 30, 2014, the Financial Crimes Enforcement Network (“FinCEN”), a bureau of the U.S. Department of the Treasury (“Treasury”), issued a notice of proposed rulemaking (“NPRM”) requesting input from various industries and other interested parties on customer due diligence (“CDD”) requirements for certain financial institutions.1 This NPRM follows FinCEN’s March 5, 2012 Advanced Notice of Proposed Rulemaking (“ANPRM”)2 and an extensive industry outreach initiative.3 The revised CDD proposal demonstrates the benefit of working with industry to reach a practical and workable framework. Financial institutions that would be initially covered by this CDD rule include banks, broker- dealers, mutual funds, futures commission merchants and introducing brokers in commodities (“covered financial institutions”). FinCEN has expressed interest in possibly extending CDD requirements to additional financial institutions, including money services business, casinos, insurance companies and other entities subject to FinCEN’s regulations. Accordingly, these institutions, and other entities, such as investments advisors and pooled investment vehicles, may find it beneficial to comment on the NPRM. The comment period will close Oct. 3, 2014.
Elements of a CDD Rule
The proposed CDD rule sets forth covered financial institutions’ CDD requirements so that each of the following CDD elements is explicitly referenced in a corresponding requirement within FinCEN’s anti- money laundering (“AML”) program rules for each industry.4 Under the proposed rule, CDD is composed, at a minimum, of four key elements:
(1)Ientifyiganderifyigte ientiyf cusmer;
(2)Ientifyiganderifyigte ientiyf benefcialwersf legalentiy csmes(i.e., te atual ersswownr ctl egaletties;
(3)Uerstaigte atueadprsefcutmerelatish; and
- See NPRM, Customer Due Diligence Requirements for Financial Institutions, 79 Fed. Reg. 45,151 (Aug. 4, 2014).
- See ANPRM, Customer Due Diligence Requirements for Financial Institutions, 77 Fed. Reg. 13,046 (March 5, 2012).
- In 2012, FinCEN conducted an extended series of public hearings to gather information on its ANPRM. These hearings were held on Sept. 13, 2012 (Washington, D.C.), Sept. 28, 2012 (Chicago), Oct. 5, 2012 (New York), Oct. 29, 2012 (Los Angeles) and Dec. 3, 2012 (Miami). Summaries of these hearings are available at www.fincen.gov.
4 See, e.g., 31 C.F.R. § 1010.210.
(4)Coctingigirigomaitainandute csmerinmatndtoidetiy adrertsusiciostraactis.
The first element is deemed satisfied by existing customer identification program (“CIP”) requirements for covered financial institutions.5 Accordingly, the NPRM focuses on the final three elements of CDD.
Requirement to Identify Beneficial Owners of Legal Entity Customers
The proposed rule requires covered financial institutions to identify and verify the identity of beneficial
owners of their legal entity customers. Under this proposal, covered financial institutions must look beyond a nominal account holder to identify the natural person who owns or controls certain legal entity customers.
- Definition of Beneficial Owner. FinCEN has proposed a definition of “beneficial owner” that includes two independent prongs: ownership and control.
- Under the ownership prong, a covered financial institution would have to identify “[e]ach individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25 percent or more of the equity interests of a legal entity customer.”
- Under the control prong, a covered financial institution would have to identify “[a]n individual with significant responsibility to control, manage, or direct a legal entity customer, including (A) [a]n executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or (B) [a]ny other individual who regularly performs similar functions.”
Accordingly, a covered financial institution has to identify each individual satisfying the ownership prong (i.e., each natural person who owns 25 percent or more of the equity interests in a legal entity customer, even if that person is several entities removed from the legal entity customer), in addition to one individual satisfying the control prong (i.e., an individual person with significant managerial control of a legal entity customer). Under the ownership prong, no more than four individuals are required to be identified. Under the control prong, one individual is required to be identified. If no individual owns 25 percent or more of the equity interests, the covered financial institution may identify only one beneficial owner under the control prong (and no beneficial owner under the ownership prong). If appropriate, the same individual(s) may be identified as a beneficial owner under both prongs.
- Definition of Legal Entity Customer. FinCEN has proposed a definition of “legal entity customer” to include a corporation, limited liability company, partnership or other similar business entity (whether formed under the laws of a state or of the United States or of a foreign jurisdiction). FinCEN interprets this definition to include all entities that are formed by a filing with the Secretary of State (or similar office), as well as general partnerships and unincorporated nonprofit associations.
5 See, e.g., 31 C.F.R. § 1010.220.
- Exemptions and Exclusions. Covered financial institutions will not be required to identify beneficial owners of the new accounts6 established for the following legal entity customers: (1) legal entities that are exempt under the current CIP rule; (2) certain legal entities whose beneficial ownership information is generally available from other credible sources; and (3) trusts that are not created through a filing with a state (e.g., statutory business trusts), which would include most, but not all, trusts.
- Customers Exempt from CIP. The definition of “legal entity customer” for purposes of the beneficial ownership requirement excludes all the same types of entities that are excluded from the definition of “customer” for purposes of the CIP rules, including exclusions based on CIP rule guidance issued by FinCEN and the Federal functional regulators, as well as certain other entities further described below. These entities include:
- A financial institution regulated by a Federal functional regulator (e.g., federally regulated banks, brokers or dealers in securities, mutual funds, futures commission merchants and introducing brokers in commodities) or a bank regulated by a State bank regulator;
- Domestic government agencies and instrumentalities;
- Certain legal entities that exercise governmental authority;
- Publicly held companies traded on certain U.S. stock exchanges; and
- Domestic subsidiaries of publicly held companies traded on certain U.S. stock exchanges.
- When Beneficial Ownership Information Is Available from Other Credible Sources. The definition of “legal entity customer” exempts legal entity customers whose beneficial ownership information is generally available from other credible sources. These entities include:
- An issuer of a class of securities under Section 12 of the Securities Exchange Act of 1934 (“ ‘34 Act”) or that is required to file reports under Section 15(d) of that Act;
- Any majority-owned domestic subsidiary of any entity whose securities are listed on a U.S. stock exchange;
- An investment company, as defined in Section 3 of the Investment Company Act of 1940 (“‘40 Act”), that is registered with the Securities and Exchange Commission (“SEC”) under that Act;
- An investment advisor, as defined in Section 202(a)(11) of the ‘40 Act, that is registered with the SEC under that Act;
- An exchange or clearing agency, as defined in Section 3 of the ‘34 Act, that is registered under Section 6 or 17A of that Act;
- FinCEN does not address the treatment of ERISA accounts in this NPRM. See 31 C.F.R. § 1020.220(a)(2)(iii), excluding from the definition of the term “account,” “an account opened for the purpose of participating in an employee benefit plan established under the Employee Retirement Income Security Act of 1974.”
- Any other entity registered with the SEC under the ‘34 Act;
- A registered entity, commodity pool operator, commodity trading advisor, retail foreign exchange dealer, swap dealer, or major swap participant, each as defined in Section 1a of the Commodity Exchange Act (“CEA”), that is registered with the Commodity Futures Trading Commission (“CFTC”);
- A public-accounting firm registered under Section 102 of the Sarbanes- Oxley Act; and
- A charity or nonprofit entity that is described in Sections 501(c), 527 or 4947(a)(1) of the Internal Revenue Code of 1986, that has not been denied tax exempt status, and that is required to and has filed the most recently required annual information return with the Internal Revenue Service.
- Existing Customers. The obligation to identify beneficial owners of a “legal entity customer” applies only to legal entity customers opening new accounts at the covered financial institution after the date of the rule’s implementation, and not retroactively. FinCEN notes that although it is not proposing a prescriptive rule requiring financial institutions to look back and obtain beneficial ownership information for preexisting accounts, when in the course of monitoring, the financial institution becomes aware of information relevant to assessing the risk posed by a customer, it is expected to update the customer’s relevant information (including obtaining beneficial ownership information for existing customers on a risk basis) accordingly.
- Trusts. The definition of “legal entity customer” does not include trusts other than those that might be created through a filing with a state (e.g., statutory business trusts), which is a small proportion of trusts. FinCEN notes that given the variety of possible trust arrangements and the number of persons who may have roles in them, financial institutions are already taking a risk-based approach to collecting information with respect to various persons.7 FinCEN expects financial institutions to continue these practices and notes that it will consider additional rulemaking or guidance to strengthen or clarify this expectation.
- Intermediated Account Relationships. With respect to accounts held by covered financial institutions for intermediaries on behalf of third parties, the proposed rule clarifies that institutions do not need to identify or verify the beneficial owners of clients of intermediated accounts. FinCEN has proposed that although covered financial institutions would be required to identify the beneficial owners of the intermediary (i.e., the covered financial institution’s direct
- FinCEN learned through its outreach initiative that, in addition to identifying and verifying the identity of the trust for purposes of CIP, financial institutions generally also identify and verify the identity of the trustee, who would necessarily have to open the account for the trust. FinCEN also noted, citing The Bank Secrecy Act Anti-Money Laundering Examination Manual, issued by the Federal Financial Institutions Examination Council, that guidance to the banking industry provides “in certain circumstances involving revocable trusts, the bank may need to gather information about the settlor, grantor, trustee, or other person with the authority to direct the trustee, and who thus have authority or control over the account, in order to establish the true identity of the customer.”
customer) (unless the intermediary is exempt under one of the specific exemptions described above), they would not be required to identify the beneficial owners of an intermediary’s underlying clients if the covered financial institution has no CIP obligation with respect to those underlying clients. For example, respondent banks in correspondent banking relationships would not have to identify the beneficial owners of their own clients; a broker-dealer that appropriately maintains an omnibus account for an intermediary may treat the intermediary, and not the underlying clients, as its legal entity for purposes of the beneficial ownership requirement (provided these accounts meet the elements set forth in 2003 guidance8); pursuant to a clearing agreement under which traditional allocation of functions are established,9 only an introducing firm would be obligated to obtain beneficial ownership information of the customers it introduced to the clearing firm; and, in the context of give-up arrangements, only the clearing broker would be responsible for obtaining beneficial ownership information regarding the underlying customers. FinCEN cautioned, however, that institutions may still need to inquire into these intermediary relationships as part of their broader AML obligations.
- Non-Exempt Pooled Investment Vehicles. Under the proposal, non-exempt pooled investment vehicles, such as hedge funds (whose ownership structure may continuously fluctuate), are not currently exempt from the definition of “legal entity customer.” The term “non-exempt pooled investment vehicle” means: (1) any company that would be an investment company as defined in Section 3(a) of the ‘40 Act, but for the exclusion provided by either Section 3(c)(1) or Section 3(c)(7) of that Act; or (2) any commodity pool under Section 1a(10) of the CEA that is operated by a commodity pool operator registered with the CFTC under Section 4m of the CEA.
FinCEN is considering, however, whether: (1) non-exempt pooled investment vehicles that are operated or advised by financial institutions that are proposed to be exempt should also be exempt from the requirement by a covered financial institution to obtain beneficial ownership information; and (2) if not exempted, whether a covered financial institution should only be required to identify the beneficial owners of non-exempt pooled investment vehicles under the control prong of the “beneficial owner” definition (as opposed to both the ownership prong and the control prong). FinCEN is also considering whether such an approach, if adopted, may best be addressed through inclusion of such vehicles within the scope of the rule followed by the issuance of subsequent guidance or a specific exemption or exception from the application of the ownership prong of the requirement.
- See Joint Guidance (Frequently Asked Questions) – Question and Answer Regarding the Broker-Dealer Customer Identification Program Rule (Oct. 1, 2003). Guidance with respect to intermediaries in the banking context is far more limited; therefore, banks may want to consider these issues carefully.
- See FinCEN Guidance, FIN-2008-G002, Customer Identification Program Rule No-Action Position Respecting Broker-Dealers Operating Under
- Identifying the Natural Person Who Exercises Ownership of a Legal Entity. FinCEN recognizes that identifying a natural person under the ownership prong of the definition of beneficial owner may require looking through multiple corporate entities and complex legal holding structures. Under the proposal, regardless of how many corporate parents or holding companies removed the natural person is from the legal entity customer, where a legal entity customer is owned by (or controlled through) one or more other legal entities, the customer itself is required to look through those other legal entities to determine which natural persons own 25 percent or more of the equity interests of the legal entity customer. The term “equity interest” refers to an ownership interest in a business entity and is interpreted broadly to apply to a variety of legal structures and ownership situations, such as “shares of stock in a corporation, membership interests in a limited liability company, and other similar ownership interests in a legal entity.”
- Standard Certification Form. The proposed rule includes a standard certification form that financial institutions would be required to use to document the beneficial ownership of their legal entity customers. The form would require the individual opening the account on behalf of the legal entity customer to: (1) provide the name, date of birth, address and identification number for each beneficial owner; and (2) certify that the information provided on the form is true and accurate to the best of his or her knowledge. Note that the form does not readily capture the requirement that a covered financial institution may have to look through multiple corporate entities and complex legal holding structures to determine which natural persons ultimately own 25 percent or more of the equity interests of the legal entity customer. Financial institutions would not necessarily be required to update information obtained through the certification, though FinCEN notes they should do so when appropriate based on risk or routine account maintenance.
- Verification of Identity of a Beneficial Owner Rather Than Status. FinCEN clarified that it is not proposing to require financial institutions to verify the status of an individual as a beneficial owner, only the identity of the beneficial owner. A financial institution may rely on the beneficial ownership information provided by their customers on the certification and verify the identity of a beneficial owner under its procedures for verifying the identity of customers that are natural persons (i.e., through documentary or non-documentary methods). These procedures should enable the financial institution to form a reasonable belief that it knows the true identity of each beneficial owner of each legal entity customer.
- Updating Beneficial Ownership Information. FinCEN is not proposing that covered financial institutions be required to update or refresh periodically the beneficial ownership information obtained under this rule, but it expects covered financial institutions to update beneficial ownership information when in the course of ongoing monitoring (including obtaining beneficial ownership information for existing customers on a risk basis), the covered financial institutions become aware of information relevant to assessing the risk posed by the customer. (See discussion in “Ongoing Monitoring” section below.)
- Reliance on Other Financial Institutions. Under current rules, one financial institution may rely on another to conduct CIP with respect to shared customers, provided that: (1) such reliance is reasonable; (2) the other financial institution is subject to an AML program rule and is regulated by a Federal functional regulator; and (3) the other financial institution enters into a contract
and provides annual certifications regarding its AML program and CIP requirements.10 The proposed rule would permit such reliance for purposes of complying with the beneficial ownership requirement, including obtaining the certification form required under the proposed rule, if those same three conditions are met, and would not hold a covered financial institution responsible for the failure of the relied-upon financial institution to adequately fulfill the covered financial institution’s beneficial ownership responsibilities, provided it can establish that its reliance was reasonable and that it has obtained the requisite contracts and certifications. A covered financial institution will need some clarification from FinCEN regarding the extent to which it can use such a reliance agreement outside this safe harbor context.
Elements of an AML Program
The proposed rule captures the third and fourth elements of CDD (see above) and establishes, in the AML program requirement, a new fifth pillar that would require covered financial institutions to understand the nature and purpose of their customer relationships and conduct ongoing monitoring. Currently, the four pillars of an AML program include: (1) a system of internal controls to ensure ongoing compliance; (2) independent testing for compliance; (3) designation of individual(s) responsible for coordinating and monitoring day-to-day compliance; and (4) training for appropriate personnel. FinCEN has proposed language for the new fifth pillar to state:
(5)Arite rsasedrocedresfrctingigcsmerde iience, toince,bt t e lmied to:
(i)Uerstaig te atue adprsefcsmerrelatshs frte rsef eeiga cusmerriskrofie;and
(ii)ctingigitrigomaitainanduate csmerinmatnandto ientifyadeportsusicis trasacts.
- Understanding the Nature and Purpose of Customer Relationships. FinCEN states that this element to the amendment to the AML program rule is intended to clarify the existing expectations for financial institutions to understand the nature and purpose of customer relationships in order to develop a customer risk profile, which is necessary for purposes of complying with the existing requirement to: (1) report suspicious activity (i.e., identifying transactions in which the customer would not normally be expected to engage); and (2) maintain an effective AML program. Although FinCEN appears to appreciate the confusion that the March 2010 beneficial ownership guidance created in the industry11 and appears to have understood that the manner in which different industries determine the nature and purpose of customer relationships in certain industries differ, its stated expectation that these existing practices will meet the requirements of the rule is concerning. For example, securities firms do not presently obtain a customer risk profile, and there is no requirement that they do so.
10 See 31 C.F.R. § 1020.220(a)(6).
- On March 5, 2010, FinCEN, the SEC and the Federal banking regulators issued joint guidance on obtaining and retaining beneficial ownership information. See FinCEN, Guidance on Obtaining and Retaining Beneficial Ownership Information (March 5, 2010). As FinCEN notes, “Industry reaction to this guidance has been one reason for pursuit of the clarity entailed in making requirements with respect to CDD and beneficial ownership explicit within FinCEN’s regulations.” NPRM, 79 Fed. Reg. at 45,154 n.16. FinCEN does not take a definitive position in the NPRM on the guidance, advising instead that “[t]he future status of previous guidance … such as” this one “will be addressed at the time of the issuance of a final rule.” NPRM, 79 Fed. Reg. at 45,156 n.27.
Further, FinCEN’s statement that obtaining basic information about a customer, “such as annual income, net worth, domicile, or principal occupation or business” (which is often collected for suitability purposes in the securities industry), may be relevant to understanding the nature and purpose of the customer relationship fails to appreciate the reason this information is collected and how it is used. Such references to existing procedures that do not exist or to information that is not required to be collected by certain financial institutions are destined to lead to enforcement actions in which regulators penalize covered financial institutions for violations of past practices without having clearly stated what they are required to do.
- Ongoing Monitoring. Under the proposal, when in the course of monitoring, the financial institution becomes aware of information relevant to assessing the risk posed by a customer, it is expected to update the customer’s relevant information accordingly. The proposed requirement to update a customer’s profile as a result of ongoing monitoring (including obtaining beneficial ownership information for existing customers on a risk basis) is different and distinct from a categorical requirement to update the information received from the customer at the outset of the account relationship. FinCEN proposes that this element of the amendment to the AML program rule is intended to be consistent with a financial institution’s current requirements to conduct ongoing monitoring for the purpose of maintaining and updating customer information and identifying and reporting suspicious activity. FinCEN notes that “codifying these supervisory and regulatory expectations as explicit requirements within FinCEN’s AML program requirements is necessary to make clear that the minimum standards of CDD include ongoing monitoring of all transactions by, at, or through, the financial institution.”
FinCEN asserts that it does not intend for these aspects of the AML program rule amendment to necessarily require modifications to existing practices or procedures with respect to customer onboarding procedures, ongoing monitoring or suspicious activity reporting, and that it intends for this AML program rule amendment to clarify existing supervisory and regulatory expectations. FinCEN overstates what financial institutions are doing with respect to ongoing monitoring insofar as it affects customer information, and financial institutions need to review this proposed requirement carefully to determine whether they are in fact doing what FinCEN thinks they are doing.
FinCEN further notes that the scope of the fifth pillar should not be limited to “customers” for purposes of the CIP rules, but rather should extend more broadly to encompass all account relationships maintained by the covered financial institution. It is not clear, however, what is meant by the distinction and how beneficial ownership applies to account relationships.
Complement to FATF Standards
The four elements of CDD in the proposed rule parallel the CDD measures set forth in the Financial Action Task Force (“FATF”) standards on anti-money laundering/countering the financing of terrorism (“AML/CFT”).12
FinCEN notes that a general requirement for U.S. financial institutions to obtain beneficial ownership information advances both the purpose of the Bank Secrecy Act by facilitating reporting and investigations in support of tax compliance, and also national commitments made to foreign
- See NPRM, 79 Fed. Reg. at 45,156.
counterparties in connection with combatting offshore tax evasion and other financial crimes. Pursuant to many intergovernmental agreements and the provisions commonly known as the Foreign Account Tax Compliance Act (“FATCA”), which requires foreign financial institutions to identify U.S. account holders, including legal entities with substantial U.S. ownership, and to report certain information about those accounts to the Internal Revenue Service, the United States has committed to reporting reciprocal information to its FATCA partners.13
Although FinCEN has proposed an effective date of one year from the date the final rule is issued to give covered financial institutions “time to modify existing customer onboarding processes to incorporate the new beneficial ownership requirement” in a cost-effective manner, it does not appear to be giving covered financial institutions time to adopt the third and fourth elements of CDD (the fifth pillar). Although it recognizes that these two CDD requirements may necessitate revisions to written policies and procedures, FinCEN states that it believes the two CDD requirements set forth in the proposed rule will not require covered financial institutions to perform any additional activities or operations. Financial institutions should review FinCEN’s position and provide relevant comment.
FinCEN is seeking comment from covered financial institutions and other interested parties on all aspects of the NPRM, and in particular, comments on the following issues:
· The definitions of “beneficial owner” and “legal entity customer”;
- Whether the requirement to collect beneficial ownership information should be applied retroactively with respect to legal entity accounts already established;
· The proposed exemptions from the definition of “legal entity customer”;
- Whether the proposed treatment of intermediated accounts is sufficiently clear, such that if an intermediary is the customer, and the covered financial institution has no CIP obligation with respect to the intermediary’s underlying clients pursuant to existing guidance, a financial institution should treat the intermediary, and not the intermediary’s underlying clients, as its legal entity customer;
- Whether non-exempt pooled investment vehicles (e.g., hedge funds) that are not proposed to be exempt from the beneficial ownership requirement but are operated or advised by financial institutions that are proposed to be exempt should also be exempt from the beneficial ownership requirement;
- In the event that such vehicles are not exempt, whether covered financial institutions should be required to identify beneficial owners under only the control prong of the “beneficial owner” definition, as opposed to under both the ownership and control prongs, because of these vehicles’ continuously fluctuating ownership structures; or
- Whether such an approach, if adopted, may best be addressed through inclusion of such vehicles within the scope of the rule with subsequent guidance or specific exemption or exception from the application of the ownership prong of the requirement.
- See Hiring Incentives to Restore Employment Act of 2010, Pub.L. 111-147, Section 501(a); see also
- The procedures used by financial institutions to collect and record information on trusts during their CDD process and whether that information is readily searchable, retrievable and accessible to law enforcement;
- The proposed certification form and the practical ability of financial institutions to incorporate the form into their account opening processes, and whether the information that the form requires should be permitted to be collected through other means (i.e., automated electronic account opening processes);
- Whether requiring financial institutions to utilize existing CIP procedures for verification of the identity of beneficial owners is sufficiently clear, appropriate and efficient;
- Whether mandating a specific timeframe for the updating of beneficial ownership information would result in better information being available on beneficial ownership than relying on financial institutions to update the information in due course, consistent with the risk-based approach;
- Whether required recordkeeping procedures for beneficial ownership information should be identical to those required with respect to CIP recordkeeping requirements (e.g., retaining any identifying information collected, including the beneficial ownership certification form, and any information related to verifying the identification information, for a period of five years after the date the account is closed);
- Whether the proposed requirements regarding understanding the nature and purpose of customer relationships and ongoing monitoring are sufficiently clear;
- Whether FinCEN should define any of the terms used in those proposed requirements to clarify that such requirements apply broadly to all account relationships maintained by covered financial institutions;
- Whether FinCEN should define the term “customer risk profile,” or whether the term is sufficiently understood by covered financial institutions; and
- Whether any covered financial institutions have been able to meet the existing AML program requirements and SAR requirements without understanding the nature and purpose of customer relationships and conduct ongoing monitoring.
- Whether it is necessary for the language in each pillar of the AML program requirement to be identical across FinCEN’s rules and to those of FinCEN’s sister organizations; and
- Whether the proposed effective date of one year from the date of the issuance of the final rule is a sufficient amount of time to enable covered financial institutions to implement the requirements of the rule in a cost-effective manner.