This summer the Financial Crimes Enforcement Network ("FinCEN”) issued a notice of proposed rulemaking proposing a rule that, if adopted, would mandate that financial institutions require their legal entity customers to identify natural persons meeting certain ownership thresholds. 1
The proposed rule represents a departure from current FinCEN regulations, under which financial institutions exercise their own judgment in making risk-based assessments whether to require beneficial owner information for legal entity accounts. The proposed rule would apply to all financial institutions currently subject to customer identification program (“CIP”) requirements: banks, broker-dealers, mutual funds, futures commission merchants, and introducing brokers in commodities (“covered financial institutions”).
The notice of proposed rulemaking (“NPR”) follows multiagency guidance issued in 2010 regarding customer due diligence, which stated that there is heightened money laundering risk associated with legal entity accounts, but did not propose to categorically require beneficial owner identification.2
- The proposed rule can be found at 79 Fed. Reg. 45151, available at http://www.fincen.gov/statutes_regs/files/CDD- NPRM-Final.pdf.
- See FIN-2010-G001, “Guidance on Obtaining and Retaining Beneficial Ownership Information,” March 5, 2010,
In 2012, FinCEN issued an advanced notice of proposed rulemaking (the “ANPR”), which set forth FinCEN’s rationale for an express beneficial owner identification requirement, and sought comment on particular aspects of the proposed rulemaking.3 The ANPR noted in particular that though existing CIP rules may implicitly require beneficial owner identification based on risk-based assessments, in FinCEN’s view there was a lack of uniformity and consistency across financial institutions in how those obligations were being carried out, and noted the importance of such information in efforts to combat terrorism and more traditional money-laundering.
Covered financial institutions are already required to have robust policies and procedures to conduct customer due diligence (“CDD”) and comply with recordkeeping and reporting requirements, such as the filing of suspicious activity reports (“SARs”).4
Explicit requirements include obtaining, and in some cases verifying, customer identification information pursuant to the mandatory CIP and filing SARs. Only in limited circumstances must covered financial institutions obtain beneficial ownership information: in the contexts of private banking accounts and correspondent accounts.5 Firms that offer private banking accounts must take reasonable steps to identify the nominal and beneficial owners of such accounts.6 Those that offer correspondent accounts for certain foreign financial institutions must take reasonable steps to obtain information about the identity of persons with authority to direct transactions through an account that is payable-through, i.e., the sources and beneficial ownership of funds in the account.7
With respect to certain accounts, covered financial institutions must collect sufficient information to develop a customer risk profile that can be used to identify higher-risk customers and accounts, investigate unusual and suspicious activity, and make an informed decision whether to file a SAR. Also, they must monitor suspicious activities, which is important in assisting criminal investigations and to facilitate tax reporting and
- See our March 2012 client publication about the ANPR, available at
- See, e.g., Federal Financial Institution Examination Council Bank Secrecy Act Anti-Money Laundering Examination Manual; Financial Industry Authority, Updated AML Template for Small Firms (Jan. 2010); and National Association of Securities Dealers, Notice to Members 02-21 (Apr. 2002).
5 See, e.g., 12 C.F.R. §§ 208.62, 211.5(k), 211.24(f), 225.4(f), and 353.3 (2013); and 31 C.F.R. § 1023.320 (2013).
6 31 C.F.R. § 1010.620(b)(1) (2013).
7 31 C.F.R. § 1010.610(b)(1)(iii)(A) (2013).
investigations.8 A CIP must address situations where, prompted by a risk assessment of a new account opened by a customer that is not an individual, additional information about individuals with authority over the account should be obtained.9
Implicit requirements are those that FinCEN believes covered financial institutions must follow to achieve compliance with existing regulations. One example is the obligation to conduct adequate ongoing diligence to ensure that customer information is accurate and to determine whether filing a SAR is appropriate, which flows from the BSA/AML requirement to maintain accurate customer risk profiles and risk assessments and to report suspicious activity.10
Because covered financial institutions must consider potentially suspicious activities in the context of the normal or appropriate activities of a particular customer, it follows that they should understand the nature and purpose of an account or customer relationship to assess the risk presented by the relationship and effectively monitor for suspicious activity. In particular cases, this requirement may mean that beneficial ownership information needs to be obtained.11 The proposed rule would codify these and other similar requirements, requiring banks and securities firms to establish and maintain policies and procedures for ongoing monitoring of all client relationships.
The NPR states that CDD consists of at least the following four elements:
The NPR notes that (1) is already expressly required by existing CIP requirements, and in FinCEN’s view (3) and (4) are implicit in existing CIP requirements. This note therefore focuses on the proposed rule’s requirements regarding identification of legal entity customer beneficial owners.
8 For example, suspicious activity monitoring requirements would facilitate the new tax reporting provisions of the Foreign Account Tax Compliance Act, which requires overseas financial institutions to identify US account holders and to report certain information about their accounts to the Internal Revenue Service. See generally, Internal Revenue Service, “Regulations Relating to Information Reporting by Foreign Financial Institutions and Withholding on Certain Payments to Foreign Financial Institutions and Other Foreign Entities,” REG-121647-10 (Feb. 8, 2012), available at http://www.irs.gov/pub/newsroom/reg-121647-10.pdf.
Beneficial Owner Identification
The proposed rule requires beneficial ownership identification for “legal entity customers,” defined to include the following types of entities: corporations, limited liability companies, partnerships, and similar business entities, whether organized under US or foreign law.
Excluded from the definition of legal entity customer and, accordingly, from beneficial owner identification requirements are those types of entities that are currently excluded from the customer identification requirements of the CIP rules, as well as some additional types of entities. Accordingly, the types of entities excluded from the beneficial ownership identification requirement of the proposed rule include:
- Financial institutions regulated by federal functional regulator (i.e., federally regulated banks, brokers or dealers in securities, mutual funds, futures commission merchants, and introducing brokers in commodities);
- Publicly held companies traded on certain US stock exchanges, and any majority-owned domestic subsidiary of any entity whose securities are listed on a US stock exchange;
- Registered investment advisers or an exchange or clearing agency;
- Domestic government agencies and instrumentalities and certain legal entities that exercise governmental authority; and,
- Charities or non-profit entities meeting certain conditions.
The NPR notes that most trusts would not fall under the definition of “legal entity customer,” and, accordingly, would not be subject to the beneficial ownership identification requirements of the proposed rule.12
Responding to industry concerns, the NPR notes that with respect to intermediated accounts and pooled investment vehicles, where the covered financial institution does not have any CIP obligation with respect to the intermediary’s clients under current CIP rules, the financial institution can treat the intermediary itself as the legal entity customer. Accordingly, the covered financial institution need only require the identification of the beneficial owners of the intermediary itself, rather than the intermediary’s clients.
The proposed rule only requires beneficial owner identification for legal entity customers that open new accounts after the date of implementation of the proposed rule. Covered financial institutions would not be required to identify beneficial owners of existing legal entity customer accounts.
The proposed rule requires the identification of all individuals that meet either the “ownership test” or “control test”:
- Ownership test: requires identification of any individual who, directly or indirectly, owns 25% or more of the equity interests of the legal entity customer
12 The NPR notes, however, that this exclusion does not mean that FinCEN necessarily considers trusts to poses a reduced money laundering or terrorist risk, but rather that the exclusion is due to the impracticality of subjecting the variety of trusts to proposed rule’s beneficial owner identification requirements, and FinCEN’s level of comfort with financial institutions’ existing CIP for trusts.
- Control test: requires identification of one individual with significant responsibility to control, manage, or direct the legal entity customer, which may be an executive officer or any other person.
The beneficial owners identified must be natural persons. For the ownership test, this means that several layers of legal entities may need to be “looked through” to determine whether an individual is a 25% owner. The NPR notes that covered financial institutions need not conduct such analysis themselves, but generally may rely on the representations of the legal entity customer.
With respect to pooled investment vehicles that are not excluded from the definition of legal entity customer, such as hedge funds, the NPR notes that FinCEN is aware of the difficulties associated with determining 25% beneficial owners due to fluctuating ownership percentages. FinCEN is considering, therefore, whether to exempt such vehicles from the ownership test component of beneficial owner identification.
The NPR includes a standard certification form at Appendix A, which the must be used by covered financial institutions to obtain beneficial owner information of legal entity customers.
The proposed rule requires that covered financial institutions verify the identity of all disclosed beneficial owners in the same manner as current CIP requirements (for example, by collecting a driver’s license or other similar identification document). The proposed rule does not require that the covered financial institution verify that a beneficial owner reported by a legal entity customer in fact beneficially owns the legal entity customer.
When a covered financial institution shares customers with another financial institution, a financial institution may rely upon the other financial institution to collect the beneficial owner certification form provided that: (i) such reliance is reasonable; (ii) the other financial institution is subject to an AML program rule and is regulated by a federal functional regulator; and (iii) the other financial institution enters into a contract and provides annual certifications regarding its AML program and CIP requirements. This extends existing CIP guidance to beneficial owner identification.
The proposed rule, if adopted, would in many cases represent a departure from current practice with respect to legal entity account opening requirements, and impose a new compliance obligation on covered financial institutions. The public comment period will close on October 3, 2014.