Implementing FinCEN’s New Customer Due Diligence Rules and Codification of Fifth Pillar of AML Compliance

— June 2016

Implementing-FinCEN-Article-MarionBy Eric M. Marion, Silver, Freedman, Taff & Tiernan LLP

Banks are often considered to be the first line of defense against financial fraud and terrorist financing. In recent years they have essentially been deputized in an effort to identify their customers and provide assistance to law enforcement. Customer due diligence (CDD) requirements for financial institutions are not new. However, with increased demands for transparency, one element of CDD, beneficial owner identification, has gained focus in recent years. On May 11, 2016, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) published a final rule under the Bank Secrecy Act intended to clarify and strengthen CDD requirements for banks and other covered financial institutions.

The final CDD rule imposes a new and separate requirement to identify and verify the beneficial owners of legal entity customers. The rule also adds explicit CDD requirements that banks must understand the nature and purpose of customer relationships and conduct ongoing monitoring as components of their core anti-money laundering (AML) program. Legal entity customers that fall within the rule will be required to disclose up to four beneficial owners who own 25 percent or more of the equity interests of the legal entity and name an individual who has significant responsibility for managing the legal entity, who may also be a beneficial owner. In response to comments to minimize the economic impact on small entities, the transition period for compliance was extended from the proposed one year to two years, May 11, 2018.

In the rule, FinCEN designated four core elements of CDD as constituting explicit requirements in the AML program for all covered financial institutions:

(1) Customer identification and verification,

(2) Beneficial ownership identification and verification for legal entity customers,

(3) Understanding the nature and purpose of customer relationships to develop a customer risk profile, and

(4) Ongoing monitoring for reporting suspicious transactions and, on a risk-basis, maintaining and updating customer information.

The first element presently is an AML program requirement and the third and fourth elements are already implicitly required in order to comply with suspicious activity reporting. The new rule adds the second element and amends the AML program rules to include the third and fourth elements as explicit requirements. Together, FinCEN expressly incorporates the third and fourth elements as a ‘‘fifth pillar’’ in the AML program rules.

Takeaways from the final rule:

•The requirement to monitor beneficial ownership is a snapshot in time, not a continuous obligation; updating is based on risk and generally triggered through normal monitoring of the customer relationship.

•Collection of beneficial ownership information may be achieved through the use of the Certification Form included as an appendix in the final rule or through another means designed to obtain the required information, the accuracy of which is certified by the individual opening the account. Use of the Certification Form does not constitute a blanket safe harbor.

•The identification of beneficial owners provided by the legal entity customer may be relied upon unless there is knowledge of facts that would reasonably call into question the reliability of such information.

•Beneficial ownership verification procedures must contain the elements of the customer identification program (CIP), but are not required to be identical. Photocopies or other reproductions of documents for non-present beneficial owners are permitted, subject to risk-based analyses.

•The rule only applies to legal entity customers that open new accounts after the effective date, May 11, 2018, and does not require a look back at pre-existing accounts, unless the risk profile of an existing customer changes.

In the final rule, FinCEN deliberately avoided the use of more technical terms of art associated with the exercise of control through ownership to avoid creating a definition using complex legal terms difficult for customers and front-line employees to understand and apply. As adopted, the definition of control is intended to be broadly applicable in light of the diversity of types of domestic and foreign legal entities.

There are several categories of legal entities excluded from the beneficial ownership certification requirements, including most financial institutions, companies registered with the U.S. Securities and Exchange Commission or traded on a national securities exchange, regulated insurance companies, etc., where law enforcement has other means to readily identify owners. Certain pooled investment vehicles and nonprofit corporations are only required to complete the control prong of the beneficial ownership requirement of the certification. As such, it will be critical for line employees to be able to identify the type of legal entity and whether it is an exempt entity or an entity subject to modified certification requirements.

The new rule has been drafted to align with and be integrated within a financial institution’s current CIP. While the data collection procedures may be an extension of current CIP practices, the application of the rule will require additional training for front-line employees who may not be familiar with the different types of applicable entities and their ownership structure.