On April 3 2018 the Financial Crimes Enforcement Network (FinCEN) issued new frequently asked questions (FAQs) regarding its customer due diligence (CDD) rule.
The CDD rule applies to banks, broker-dealers in securities, mutual funds, futures commission merchants and introducing brokers in commodities – collectively, covered financial institutions (CFIs).
The CDD rule includes four core elements of customer due diligence, each of which should be included in the anti-money laundering (AML) programme of a CFI:
- customer identification and verification;
- beneficial ownership identification and verification;
- understanding the nature and purpose of customer relationships to develop a customer risk profile; and
- ongoing monitoring for reporting of suspicious transactions and, on a risk basis, maintaining and updating customer information.
The beneficial ownership requirement is new. FinCEN has described the other elements as pre-existing AML programme requirements for CFIs, although the third and fourth prongs were, at most, implicit requirements.
FinCEN issued new FAQs on the CDD Rule on July 19 2016. These FAQs are timely because the May 11 2018 compliance date for the CDD rule is fast approaching.
This update summarises several key takeaways regarding the beneficial owner requirement from the new FAQs.
FinCEN clarifies that the private label retail credit exception is available only for credit that can be used solely to make purchases at the private label retailer. However, the FAQs will likely create significant concern regarding this topic because they suggest that the exception is available because of the low risk associated with opening such accounts "at the brick and mortar store". Nothing in the CDD rule states that the private label retail exception is unavailable for online merchant private label credit products. In a follow-up communication with the FinCEN Resource Centre, FinCEN confirmed that the exemption is available only for physical locations, notwithstanding the lack of an express reference to this effect in the rule itself.
The CDD rule's beneficial ownership identification requirement requires a CFI to collect from each legal entity customer information about "individual(s) that are beneficial owner(s)". This requires CFIs to obtain the identities of each individual who meets this definition directly or indirectly, including through multiple corporate structures. Accordingly, with respect to legal entity customers that are directly owned by other legal entities, CFIs must look upstream through all relevant tiers of ownership to the individual owners of each legal entity customer. The CFI has no independent obligation to investigate the ownership structure. Instead, it may rely on the information provided by its legal entity customer's representative, provided that the CFI does not have knowledge that would reasonably call into question the reliability of the information.
The CDD rule requires a CFI to verify each identified individual beneficial owner according to risk-based procedures that contain the elements required for verifying individual account owners under its customer identification programme. The FAQs clarify that although the legal entity beneficial ownership verification procedures must include the same elements as the customer identification programme, the procedures included within the elements need not be identical. The FAQs describe a CFI's ability to use photocopies of documentary evidence of identity (eg, a driver's licence of the beneficial owner) as an example of a permitted difference from customer identification programme verification procedures.
A CFI must collect the same information about the beneficial owners of a legal entity customer as it collects from individual customers under its customer identification programme. Such information includes name, date of birth, address, and social security number or other government identification number. The FAQs specify that the address requirements for a legal entity customer's beneficial owners are the same as the address requirements under the customer identification programme rule.
The FAQs confirm that a CFI may identify a beneficial owner of a legal entity customer who is not physically present at the time of account opening by obtaining the required information on the certification form or equivalent information from the legal entity customer's representative, provided that the CFI does not have knowledge that would reasonably call into question the reliability of the information. In addition, the CFI may verify the identity of a beneficial owner who is not physically present when the account is opened by reviewing a photocopy of a valid identity document of such person or other valid means.
The CDD rule requires a CFI to identify and verify the beneficial owners of a legal entity customer each time a new account is opened. However, the FAQs clarify that if a beneficial owner is an existing customer, the CFI may rely on information in its possession provided that:
- the beneficial owner is subject to the CFI's customer identification programme;
- the information is up to date and accurate; and
- the representative of the legal entity customer certifies or confirms (verbally or in writing) the accuracy of the information.
The CDD rule requires that all information used to identify and verify a beneficial owner of an account be retained for the specified period. For identifying information, this period is five years from the date when the account was closed; for verifying information, it is five years from the date when the record was made. The FAQs clarify that where a CFI relies on pre-existing information in its possession, the information (including a record of verbal or written confirmation of such information) must be retained in accordance with these requirements with respect to the new account. Further, the FAQs clarify that CFIs must retain for five years from the date when the record was made:
- a description of each document on which it relied to verify the identify of the beneficial owners of its legal entity customer;
- any non-documentary verification methods used;
- the results of its verification procedures; and
- any substantive discrepancies identified during identity and verification.
The CDD rule requires CFIs to satisfy the identity and verification requirements of beneficial owners of a legal entity customer for each account opened by the legal entity customer. However, a CFI may use information previously provided by the legal entity customer for an existing account if the customer certifies or confirms (verbally or in writing) that the information is up to date and accurate when each new account is opened, and the CFI does not have knowledge that would reasonably call into question the reliability of the information. A record of such certification or confirmation would need to be made and retained for the required period in connection with the opening of the new account.
FinCEN clarifies that the beneficial ownership requirements apply to accounts opened by a legal entity customer. Generally, but subject to certain limitations, the requirements do not apply to accounts (or sub-accounts) created by the CFI for its own administrative or operational purposes and not at the request of the legal entity customer.
The FAQs clarify that each time an account is renewed (eg, a loan renewal or a certificate of deposit rollover), the renewal is considered as the opening of a new account for which the CFI is required to satisfy the identification and verification requirements. The FAQs provide that if the legal entity customer is the same before and after renewal, the beneficial owner requirements may be satisfied if the customer certifies or confirms that the beneficial owner information is up to date and accurate when each new account is opened and the CFI does not have knowledge that would reasonably call into question the reliability of the information. A record of such certification or confirmation would need to be made and retained in connection with the opening of the renewal as if it were a new account. Further, because the risk of money laundering with regard to loans and certificates of deposit is low, FinCEN indicates that if the customer agrees to notify the CFI of a change in beneficial ownership information at the time when it is provided, this agreement may be considered the customer's certification or confirmation provided that the loan or certificate of deposit is outstanding.
FinCEN expressly states that CFIs are not required to satisfy the legal entity customer beneficial ownership identity and verification requirements for accounts opened before May 11 2018. However, they are required to obtain or update legal entity customer beneficial owner information if – after May 11 2018 – they become aware of changes to such information during the normal course of their monitoring of customer risk.
The FAQs provide clarifications of certain exclusions from the defined term 'legal entity customer', including the following:
- The exclusion for non-profit corporations and similar entities from the equity prong of the beneficial ownership test does not require the entity to be tax-exempt.
- Unlike publicly traded US companies, companies listed on foreign exchanges are not excluded from the definition of 'legal entity customer'.
- The exclusion for foreign financial institutions established in a jurisdiction where the applicable regulator maintains beneficial ownership information regarding such institution does not depend on whether the foreign regulator's beneficial ownership requirements match US requirements.
- Examples of excluded non-US governmental departments, agencies or political subdivisions include embassies or consulates.
- Examples of non-excluded, profit-seeking non-US governmental departments, agencies or political subdivisions include sovereign wealth funds, airlines and oil companies.
For further information on this topic please contact Joel D Feinberg, David E Teitelbaum or Gretchen E Lamberg at Sidley Austin LLP's Washington DC office by telephone (+1 202 736 8000) or email (firstname.lastname@example.org, email@example.com or firstname.lastname@example.org). Alternatively, contact Connie M Friesen at Sidley Austin LLP's New York office by telephone (+1 212 839 5300) or email (email@example.com). The Sidley Austin website can be accessed at www.sidley.com.
This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.