The Financial Crimes Enforcement Network (FinCEN) recently proposed regulations under the Bank Secrecy Act (BSA) in an effort to combat illicit financial activity, including terrorist financing and money laundering. The proposed regulations impose additional requirements for bank’s customer due diligence programs.
Background – Four Core Elements. According to FinCEN, customer due diligence programs have 4 core elements:
- Identifying and verifying the identity of customers;
- Identifying and verifying the identity of beneficial owners of customers that are legal entities;
- Understanding the nature and purpose of customer relationships; and
- Conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions.
The proposed regulations did not address element 1, which is covered under existing regulations.
Beneficial Ownership. The most significant proposed regulation relates to element 2. In particular, banks would be required to identify the natural persons (as opposed to a legal entity) who are beneficial owners of customers that are legal entities. Legal entities include corporations, partnerships, and limited liability companies, but do not include trusts other than those trusts created through a filing with the state (for example, a statutory business trust). The requirement would not apply to legal entity customers that are exempt from the customer identification requirements under BSA’s CIP rules, such as publicly traded companies.
The definition of a “beneficial owner” includes an ownership test and a control test, either of which if satisfied would deem a person to be a beneficial owner. A beneficial owner is:
- each individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25% or more of the equity interests of a legal entity customer; and
- an individual with significant responsibility to control, manage or direct a legal entity customer (including CEO, CFO, COO, managing member, general partner, president, vice president or treasurer), or any other individual who regularly performs similar functions.
If no individual owns 25% or greater, then the bank would not be required to identify any individual under the ownership prong. If the legal entity customer is held by other legal entities, the bank would identify the natural person(s) who indirectly own a 25% or greater ownership interest, regardless of how many legal entities removed the natural person is from the customer. Under the control prong, the bank must identify one individual.
Banks would be required to verify the identity of beneficial owners under existing CIP practices, but would not be required to verify that the persons identified are in fact beneficial owners. Banks would generally be able to rely upon representations made by the legal entity customer when answering inquiries regarding the natural persons behind the customer, including whether someone identified as a beneficial owner is in fact a beneficial owner.
At the time a new account is opened, banks would obtain a standardized certification form from the individual opening the account on behalf of the legal entity customer. With respect to existing accounts, banks may consider identifying beneficial owners of existing customers when updating customer information on a risk basis.
Banks would verify the identity of the beneficial owners using existing CIP practices (documentary or non-documentary methods) as they deem appropriate under their identity verification procedures for natural persons. Beneficial ownership would be updated as appropriate on a risk basis, for example upon the occurrence of red flags or suspicious activity. According to FinCEN, this should be consistent with existing practice for updating other customer information.
Understanding the Nature and Purpose of Customer Relationships and Ongoing Monitoring. Although the proposed rule addresses the third and fourth core elements listed above, the proposed regulations relating to such elements explicitly state existing expectations for effective suspicious activity reporting and AML programs. For example, under the proposed regulations, banks would be required to understand the customer relationship for purposes of identifying those transactions that the customer would not normally be expected to engage and to conduct ongoing monitoring to detect suspicious transactions. These are already required for an effective AML program, but FinCEN proposes to explicitly incorporate such expectations into its regulations.
Conclusion. According to FinCEN, the proposed regulations set forth minimum standards. Other regulators may impose additional requirements for customer due diligence and AML programs. In addition, banks may determine, on their own risk assessment, to apply greater due diligence program requirements (such as a 10% beneficial ownership threshold or, if aware of a debt holder who effectively controls a legal entity customer, identification and verification of the identity of such person).
FinCEN invited comments from the public regarding the proposed regulations.
For the text of the proposed rule, please see http://www.fincen.gov/statutes_regs/files/CDD-NPRM-Final.pdf.