Effective May 11, 2018, covered financial institutions1 are required to comply with the customer due diligence rule (the Rule) that the Financial Crimes Enforcement Network (FinCEN) finalized in May 2016. The Rule mandates the identification and verification of beneficial owners of legal entity customers.2

Although covered financial institutions are expected to have already implemented the requirements imposed by the Rule, the following takeaways from FinCEN’s FAQs, published on April 3, 2018, may help financial institutions tackle some of the challenges they may experience in complying with the Rule.

Managing Regulators’ Expectations, Which May Be at Odds With the Rule’s 25 Percent Ownership Threshold. Under the Rule, aside from having to identify an individual with significant managerial responsibility (the “control prong”), covered financial institutions are required to collect information on individuals, if any, who hold, directly or indirectly, 25 percent or more of the equity interests of a legal entity customer (the “ownership prong”). As financial institutions finalize their internal policies and procedures regarding beneficial ownership, they must reconcile the Rule’s 25 percent threshold with conflicting guidance and expectations from banking regulators recommending a lower ownership threshold (e.g., 10 percent), depending on customer risk. To ensure compliance with the Rule and effectively manage regulatory expectations, financial institutions will want to properly document their beneficial ownership requirements and specify the risk-based scenarios in which a lower threshold will be adopted. Financial institutions may benefit from establishing bright-line rules defining the circumstances warranting a deviation from the 25 percent threshold. For example, a financial institution may opt to impose a 10 percent threshold on legal entity customers domiciled in certain high-risk jurisdictions. Clear guidelines will facilitate compliance and ensure that standards regarding beneficial ownership are consistent throughout the institution.

Remaining Consistent in the Application of the Customer Identification Program (CIP) Requirements and the Rule. The CIP rule forms the basis for certain definitions or principles adopted by the Rule, including the definition of “account” and the requirements for customer verification. The term “account” under the Rule is defined by reference to the definition in the CIP rule, i.e., a formal banking relationship established to provide or engage in services, dealings or other financial transactions including a deposit account, a transaction or asset account, a credit account, or other extension of credit.3 Moreover, covered financial institutions must verify the identity of each beneficial owner according to risk-based procedures that contain, at a minimum, the same elements financial institutions are required to use to verify the identity of individual customers under the CIP rule. Given the interconnectedness between the CIP requirements and the Rule, financial institutions will want to remain consistent in their treatment of similar issues arising under both rules.

Relying on Exclusions From the Definition of “Legal Entity Customer.” Several types of legal entity customers are excluded from the collection and verification requirements of the Rule on the basis that beneficial ownership information for these entities is generally available from other credible sources. Some examples include financial institutions regulated by a federal functional regulator and certain issuers of securities with reporting requirements to the Securities and Exchange Commission. A financial institution may rely on information provided by the legal entity customer to determine whether the entity is excluded from the definition of a legal entity customer, provided that it has no knowledge of facts that would reasonably call into question the reliability of such information. Covered financial institutions are expected to specify, in their risk-based written policies and procedures, the type of information they will obtain to determine eligibility for exclusions.

Leveraging Information Collected on Existing Accounts to Comply With the Rule’s Requirements on New Accounts. In general, covered financial institutions must identify and verify the beneficial ownership information of a legal entity customer at the time each new account is opened, regardless of the number of accounts opened over a specific period of time. This means, for example, that if a corporate client opens 10 accounts over the course of a few days, the financial institution would have to collect beneficial ownership information with respect to each of those accounts as they are opened. However, an institution that has already collected beneficial ownership information from a legal entity customer in compliance with the Rule may rely on that information to fulfill the beneficial ownership requirement for subsequent accounts, provided that the customer certifies or confirms that such information is accurate and up-to-date at the time each subsequent account is opened and the financial institution has no knowledge of facts that would reasonably call into question the reliability of such information. The institution would also need to maintain a record of such certification or confirmation, including for both verbal and written confirmations by the customer. Similarly, if the beneficial owner of a legal entity customer is an existing customer of a financial institution and is subject to the financial institution’s CIP, the financial institution may rely on such information to fulfill the Rule’s requirements, provided the same conditions outlined above are met.

Identifying Beneficial Owners of Legal Entities Owned by Trusts. If a trust owns directly or indirectly — through any contract, arrangement, understanding, relationship or otherwise — 25 percent or more of the equity interests of a legal entity customer, one of the beneficial owners4 of the legal entity customer under the ownership prong is the trustee, regardless of whether the trustee is a natural person or a legal entity. In the event that the trustee is not a natural person, a covered institution must still collect identification information on the legal entity trustee as part of its CIP, consistent with the institution’s risk assessment and the customer’s risk profile. For example, if the equity interests of Company A are held 50 percent by a trust (whose trustee is Law Firm X), 25 percent by Individual 1 and 25 percent by Individual 2, the beneficial owners under the ownership prong would be Law Firm X, Individual 1 and Individual 2, whereas the beneficial owner under the control prong would be an individual with significant managerial responsibility. A covered financial institution would have to collect information on a total of four beneficial owners for Company A. Furthermore, where there are multiple trustees or co-trustees, financial institutions are expected to collect and verify the identity of, at a minimum, one co-trustee of a multitrustee trust who owns 25 percent or more of the equity interests of a legal entity customer that is not subject to an exclusion. A covered financial institution may choose to identify additional co-trustees based on their own risk assessment and in accordance with the institution’s account opening procedures.

Ultimately, a covered financial institution is not required to independently investigate a legal entity customer’s ownership structure and may accept and reasonably rely on the information presented by the legal entity customer regarding the status of its beneficial owners, provided that the institution has no knowledge of facts that would reasonably call into question the reliability of the information. However, financial institutions should not turn a blind eye to apparent red flags discovered through their onboarding or monitoring processes.

Applying the Rule to Loans, Certificates of Deposit (CD) and Other Similar Financial Products. Given that each time a loan is renewed or a certificate of deposit is rolled over, a financial institution initiates another formal banking relationship and a new account is established, covered financial institutions must obtain certified beneficial ownership information of the legal entity customers of such products and services at the time of the first renewal or rollover that occurs on or after May 11, 2018. For each subsequent renewal, however, to the extent that the legal entity customer and the financial service or product (e.g., loan or CD) remains the same, the customer certifies or confirms that the beneficial ownership information previously obtained is accurate and up-to-date, and the institution has no knowledge of facts that would reasonably call into question the reliability of the information, the financial institution would not be required to collect beneficial ownership information again. Moreover, because FinCEN has recognized that loan renewals or CD rollovers are not generally treated as new accounts by the industry and the risk of money laundering is very low, if at the time the customer certifies its beneficial ownership information, it also agrees to notify the financial institution of any change in such information and the agreement is documented by the institution, the agreement can be considered the certification or confirmation for as long as the loan or CD remains outstanding.

Addressing Customer Evasion or Attempted Evasion of Beneficial Ownership Requirements. A covered financial institution with notice of or reasonable suspicion that a customer is evading or attempting to evade beneficial ownership or other customer due diligence requirements should consider whether it should not open an account, close an existing account or file a suspicious activity report, consistent with its risk assessment and internal policies and procedures.