With less than a month for the mandatory compliance with the Financial Crimes Enforcement Network’s (FinCEN) final beneficial ownership rule (Rule), most banks and their compliance officers are fine tuning their compliance programs to implement its requirements. The Rule creates a new “fifth pillar” of Bank Secrecy Act/anti-money laundering compliance, requiring banks to have a risk-based customer due diligence procedure, in addition to being able to identify and verify the identity of beneficial owners of their legal entity customers.
While these efforts are ongoing, one question we have been receiving during these past few weeks relate to the “updating” portion of the fourth element. We all know that customer data deteriorates rapidly. In fact, if you fail to maintain it, you will find that much of it is useless within two or three years. It is extremely important that covered institutions develop and implement risk-based procedures for conducting ongoing customer due diligence, including regular monitoring to identify and report suspicious activity and, on a risk basis, to maintain and update customer information. However, it is also extremely important to highlight that financial institutions may exercise this discretion to collect or update beneficial ownership information on customers as often as they deem appropriate.
On April 3, 2018 FinCEN published an update to the “Frequently Asked Questions” (FAQs) on the Rule. The updated answers highlight several triggers that will require covered institutions to update the customer’s information, including that related to beneficial ownership.
Every Time a New Account is Opened
In general, covered financial institutions must identify and verify the identity of the beneficial owner(s) of legal entity customers at the time each new account is opened, whether on the same date of different dates. However, if the individual identified as the beneficial owner is an existing customer of the financial institution and is subject to the financial institution’s CIP, a financial institution may rely on information in its possession to fulfill the identification and verification requirements, provided the existing information is up-to-date, accurate, and the legal entity customer’s representative certifies or confirms (verbally or in writing) the accuracy of the pre-existing CIP information.
Question #9 indicates that covered financial institutions are required to retain all beneficial ownership information collected about a legal entity customer. Identifying information, including the Certification Form or its equivalent, must be maintained for a period of five years after the legal entity’s account is closed. However, all verification records must be retained for a period of five years after the record is made. Therefore, whether a financial institution must retain a set of identification or verification records is dependent upon the date an account is opened and closed, or the date a record is made. For example, if a covered financial institution relies on pre-existing beneficial ownership information in its possession as true and accurate identification information when opening a new account for a legal entity customer, the financial institution should maintain the original records, and any updated information, including a record of any verbal or written confirmation of pre-existing information, until five years after the closing of the new account in order to comply with the recordkeeping requirements in the regulation. Covered financial institutions must also retain a description of every document relied on for verification, any non-documentary methods and results of measures undertaken for verification, as well as the resolution of any substantive discrepancies discovered in identifying and verifying the identification information for five years after the record is made.
Changes detected during Monitoring Transactional Activity
The preamble to the Rule indicates that when a financial institution detects information (including a change in beneficial ownership information) about the customer in the course of its normal monitoring that is relevant to assessing or reevaluating the risk posed by the customer, it must update the customer information, including beneficial ownership information. Such information could include, e.g., a significant and unexplained change in the customer’s activity, such as executing cross-border wire transfers for no apparent reason or a significant change in the volume of activity without explanation. It could also include information indicating a possible change in the customer’s beneficial ownership, because such information could also be relevant to assessing the risk posed by the customer. This applies to all legal entity customers, including those existing on the applicability date.
However, financial institutions are not required to conduct retroactive reviews to obtain beneficial ownership information from customers with accounts opened prior to May 11, 2018. The obligation to obtain or update beneficial ownership information on legal entity customers with accounts established before May 11, 2018, is triggered when a financial institution becomes aware of information about the customer during the course of normal monitoring relevant to assessing or reassessing the risk posed by the customer, and such information indicates a possible change of beneficial ownership.
Internal Accounts and Subaccounts
The beneficial ownership requirement applies to a “new account”, which is defined to mean “each account opened … by a legal entity customer” [emphasis added]. An account (or subaccount) relating to a legal entity customer will not be considered a “new account” or an “account” for purposes of the Rule when a financial institution creates such an account (or subaccount) for its own administrative or operational purposes and not at the customer’s request, such as to accommodate a specific trading strategy, and the financial institution has already collected beneficial ownership information on such legal entity customer. The distinction between such accounts opened by customers and those opened solely by the financial institution is consistent with the Rule’s purpose to mitigate the risks related to the obfuscation of beneficial ownership when a legal entity tries to access the financial system through the opening of a new account.
This interpretation is limited to accounts (or subaccounts) created solely to accommodate the business of an existing legal entity customer that has previously identified its beneficial ownership. Thus, the following accounts (or subaccounts) would not fall within this interpretation:
- accounts (or subaccounts) created to accommodate a trading strategy being carried out by a separate legal entity, including a subsidiary of the existing legal entity customer; and,
- accounts (or subaccounts) through which the customer of a financial institution’s existing legal entity customer carries out trading activity directly through the financial institution without intermediation from the existing legal entity customer.
Product or Service Renewals
Financial institutions are required to have their legal entity customers certify the beneficial owners for existing customers during the course of a financial product renewal (e.g., a loan renewal or certificate of deposit). Consistent with the definition of “account” in the CIP rules and subsequent interagency guidance, each time a loan is renewed or a certificate of deposit is rolled over, the bank establishes another formal banking relationship and a new account is established. Covered financial institutions are required to obtain information on the beneficial owners of a legal entity that opens a new account, meaning (in the case of a bank) for each new formal banking relationship established, even if the legal entity is an existing customer. For financial services or products established before May 11, 2018, covered financial institutions must obtain certified beneficial ownership information of the legal entity customers of such products and services at the time of the first renewal following that date. At the time of each subsequent renewal, to the extent that the legal entity customer and the financial service or product (e.g., loan or CD) remains the same, the customer certifies or confirms that the beneficial ownership information previously obtained is accurate and up-to-date, and the institution has no knowledge of facts that would reasonably call into question the reliability of the information, the financial institution would not be required to collect the beneficial ownership information again. In the case of a loan renewal or CD rollover, because we understand that these products are not generally treated as new accounts by the industry and the risk of money laundering is very low, if at the time the customer certifies its beneficial ownership information, it also agrees to notify the financial institution of any change in such information, such agreement can be considered the certification or confirmation from the customer and should be documented and maintained as such, so long as the loan or CD is outstanding.
To the extent that a covered financial institution has monitoring processes in place that allow the institution to meet the Rule’s requirements, such institution may use its existing monitoring processes to comply with customer due diligence monitoring and updating obligations. As the preamble to the Rule states, “current industry practice to comply with existing expectations for SAR reporting should already satisfy this proposed requirement”.
As always, if the bank has notice of or a reasonable suspicion that a customer is evading or attempting to evade providing beneficial ownership or other customer due diligence requirements, the bank should consider whether it should not open an account, close an account, or file a suspicious activity report.
We hope you have found this article informative. To assist you address these new requirements, Global RADAR has introduced Ownership Mapper to help you manage Beneficial Ownership process. Simply register and try Global RADAR’s Ownership Mapper for free. Thank you.