Final Rule for Customer Due Diligence Requirements for Financial Institutions
On May 6, 2016, the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) published a final rule under the Bank Secrecy Act (“BSA”) to codify new customer due diligence (“CDD”) requirements. The new rules amend 31 CFR Parts 1010, 1020, 1023, 1024 and 1026. The new rule can be accessed here.
The purpose of these rules is to clarify and strengthen customer due diligence requirements for “covered institutions” which are identified as banks; brokers or dealers in securities; mutual funds; futures commission merchants and brokers in commodities. The rules contain explicit customer due diligence requirements and include a new requirement to identify and verify the identity of beneficial owners of legal entity customers, subject to certain exclusions and exemptions.
The final rules are effective July 11, 2016 and covered financial institutions must comply with these rules by May 11, 2018.
Purpose of this Regulatory Action
Covered financial institutions are not presently required to know the identity of the individuals who own or control their legal entity customers (also known as beneficial owners). According to FinCEN, this gap enables criminals and others looking to hide ill-gotten proceeds to access the financial system anonymously. It is the intention of FinCEN that the beneficial ownership requirement will address this weakness. In addition, FinCEN also indicates that these new rules will provide supplementary information that will assist law enforcement in financial investigations, help prevent evasion of targeted financial sanctions, improve the ability of financial institutions to assess risk, facilitate tax compliance, and advance U.S. compliance with international standards and commitments.
It is also the purpose of this action to provide clarification and specific requirements with respect to customer due diligence (CDD). For FinCEN, the key elements of CDD include: (i) identifying and verifying the identity of customers; (ii) identifying and verifying the identity of beneficial owners of legal entity customers (i.e., the natural persons who own or control legal entities); (iii) understanding the nature and purpose of customer relationships to develop a customer risk profile; and (iv) conducting ongoing monitoring for reporting suspicious transactions and, on a risk-basis, maintaining and updating customer information. Collectively, these elements comprise the minimum standard of CDD, which FinCEN believes is fundamental to an effective AML program. The first element is already an AML program requirement and the second will be required by this final rule. The third and fourth elements are already implicitly required for covered financial institutions to comply with their suspicious activity reporting requirements. The AML program rules for all covered financial institutions are being amended by the final rule in order to include the third and fourth elements as explicit requirements.
Costs and Benefits
The implementation of this Rule will definitely impact the bottom line of your institution. According to FinCEN’s analysis, this is a significant regulatory action because it is likely to result in a final rule that may have an annual effect on the economy of $100 million or more.
The direct effect to financial institutions will include time and resources understanding the Rule and its implications to the institution’s business model; amending policies, procedures and forms; updating customer intake and maintenance systems; updating and delivering training on the new Rule requirements; adding new categories to the cash aggregation and transaction monitoring systems; additional funding for expanded audits; etc.
Because the benefits of the Rule cannot be quantified, FinCEN utilized a breakeven analysis to determine how large the final Rule’s benefits would have to be in order to justify its estimated costs. The RIA uses Treasury’s estimate of $300 billion in illicit proceeds generated annually in the United States due to financial crimes, to determine the minimum level of effectiveness that the final rule would need to achieve for the benefits to equal the costs. Based on this analysis, using the upper bound of its cost assessment, FinCEN concluded that the final rule would only have to reduce illicit activity by 0.6 percent to yield a positive net benefit. The Treasury Department believes that the final rule will reduce illicit activity by a greater amount than this.
There will also be other interpretation and compliance challenges like level of reliance on information provided by the customers, impact of the Rule on existing customers, examiners expectations depending on the institution risk profile, implications of this Rule to other compliance requirements like CTR aggregation, Sections 314(a) and (b) inquiries and OFAC screening thresholds.
Summary of the Major Provisions of the Rule
- Beneficial Ownership
Covered financial institutions must identify and verify the identity of the beneficial owners of all legal entity customers (other than those that are excluded) at the time a new account is opened (other than accounts that are exempted). The financial institution may comply either by obtaining the required information on a standard certification form or by any other means that comply with the substantive requirements of this obligation. FinCEN provided a template for the Certification Form in Appendix A to the Rule and is encouraging institutions to use it.
The financial institution may rely on the beneficial ownership information supplied by the customer, provided that it has no knowledge of facts that would reasonably call into question the reliability of the information. The identification and verification procedures for beneficial owners are very similar to those for individual customers under a financial institution’s customer identification program (CIP), except that for beneficial owners, the institution may rely on copies of identity documents. Financial institutions are required to maintain records of the beneficial ownership information they obtain, and may rely on another financial institution for the performance of these requirements, in each case to the same extent as under their CIP rule.
The terms used for the purposes of the final rule, including account, beneficial ownership, legal entity customer, excluded legal entities, new account, and covered financial institution, are set forth in the final rule. Financial institutions should use beneficial ownership information as they use other information they gather regarding customers (e.g., through compliance with CIP requirements), including for compliance with the Office of Foreign Assets Control (OFAC) regulations, and the currency transaction reporting (CTR) aggregation requirements.
- Anti-Money Laundering Program Rule Amendments
The BSA requires financial institutions to establish anti-money laundering (AML) programs, which, “at a minimum,” have four elements. These four elements are considered by FinCEN and other regulators as the “four pillars” of an effective AML program. In the CDD final rule, FinCEN codified these four pillars in the FinCEN regulations pertaining to each type of covered financial institution and added a fifth multi-part pillar pertaining to CDD. The AML program requirement for each category of covered financial institutions was amended by the Rule to explicitly include risk-based procedures for conducting ongoing customer due diligence, to include understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile.
A customer risk profile refers to the information gathered about a customer at account opening used to develop a baseline against which customer activity is assessed for suspicious activity reporting. This may include self-evident information such as the type of customer or type of account, service, or product. The profile may, but need not, include a system of risk ratings or categories of customers.
In addition, customer due diligence also includes conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For these purposes, customer information shall include information regarding the beneficial owners of legal entity customers (as defined in §1010.230). The first clause of paragraph (ii) sets forth the requirement that financial institutions conduct monitoring to identify and report suspicious transactions. Because this includes transactions that are not of the sort the customer would be normally expected to engage, the customer risk profile information is used (among other sources) to identify such transactions. This information may be integrated into the financial institution’s automated monitoring system, and may be used after a potentially suspicious transaction has been identified, as one means of determining whether or not the identified activity is suspicious.
When a financial institution detects information (including a change in beneficial ownership information) about the customer in the course of its normal monitoring that is relevant to assessing or reevaluating the risk posed by the customer, the Rule requires that the institution must update the customer information, including beneficial ownership information. Such information could include, e.g., a significant and unexplained change in the customer’s activity, such as executing cross-border wire transfers for no apparent reason or a significant change in the volume of activity without explanation. It could also include information indicating a possible change in the customer’s beneficial ownership, because such information could also be relevant to assessing the risk posed by the customer. This applies to all legal entity customers, not just new accounts.
This provision does not impose a categorical requirement that financial institutions must update customer information, including beneficial ownership information, on a continuous or periodic basis. Rather, the updating requirement is event-driven, and occurs as a result of normal monitoring. But you know what the examiners will expect.
The CDD Rule is just one of several actions the Department of the Treasury is proposing.
- Beneficial Ownership Legislation
Treasury also announced it is sending beneficial ownership legislation to Congress. The Administration is committed to working with Congress to pass meaningful legislation that would require companies to know and report adequate and accurate beneficial ownership information at the time of a company’s creation, so that the information can be made available to law enforcement. As part of the legislation outlined, companies formed within the United States would be required to file beneficial ownership information with the Treasury Department, and face penalties for failure to comply. The misuse of companies to hide beneficial ownership is a significant weakness in the U.S. anti-money laundering/counter financing of terrorism regime that can only be resolved by Congressional action. The new draft legislation is an amended version of an Administration Budget proposal, reflecting discussions with Congress, law enforcement entities, and others.
The proposed legislation also contains technical amendments to the current Geographic Targeting Order (GTO) authority which would clarify FinCEN’s ability to collect information under GTOs, such as bank wire transfer information. The most recent GTOs temporarily require certain U.S. title insurance companies to record and report the beneficial ownership information of legal entities making “all-cash” purchases of high-value residential real estate. All-cash purchases may be conducted by individuals attempting to hide their assets and identity by purchasing residential properties so these GTOs assist the U.S. government in better understanding potential illicit finance vulnerabilities in our real estate sector. On January 2016, FinCEN issued GTOs focused on the Borough of Manhattan in New York City, New York, and Miami-Dade County, Florida. FinCEN intends to evaluate the information it gains from these GTOs and determine what next steps would best protect the U.S. financial system from criminal abuse. Options could include broadening the GTOs to other areas, or using the information to inform a more comprehensive rulemaking.
- Foreign-Owned Single-Member LLC Proposed Regulations
Treasury also announced proposed regulations to require foreign-owned “disregarded entities”, including foreign-owned single-member limited liability companies (LLCs), to obtain an employer identification number (EIN) with the IRS. Overall, the federal tax system has very strong information reporting requirements for most types of entities formed in the United States. These requirements allow the IRS to determine whether there is any federal tax liability and if so, how much, and to share information with other tax authorities as appropriate. However, there is a narrow class of foreign-owned U.S. entities – typically single member LLCs– that have no obligation to report information to the IRS or to get a tax identification number. These “disregarded entities” can be used to shield the foreign owners of non-U.S. assets or non-U.S. bank accounts. Once these regulations are finalized, they will allow the IRS to determine whether there is any tax liability, and if so, how much, and to share information with other tax authorities. This will strengthen the IRS’s ability to prevent the use of these entities for tax avoidance purposes, and will build on the success of other efforts to curb the use of foreign entities and accounts to evade U.S. tax.
This article only provides a summary of the most significant changes. We encourage you to fully read the Rule and understand its compliance implications. If you would like to learn more about how Global RADAR can assist you with your customer due diligence requirements, contact us.