April 2018 JD Supra
jd supra logo

Here is what you need to know about the FinCEN’s Final CDD Rule effective May 11, 2018 was published by JD Supra on 5/1/18.

Covered Financial Institutions (CFI) have until May 11, 2018 to implement and comply with the Financial Crimes Enforcement Network (FinCEN) Final Customer Due Diligence Rule (the CDD Rule).   The CDD Rule imposes a new requirement for CFIs to identify and verify the identity of beneficial owners of legal entity customers.  Meaning, legal entity customers must identify to the CFIs their ultimate Beneficial Owner (BO) or owners and not “nominees” or “straw men.”

On July 19, 2016, FinCEN issued Frequently Asked Questions (FAQ) to assist CFIs in understanding the scope of the Customer Due Diligence.  On April 3, 2018, FinCEN issued additional FAQ’s to provide guidance to CFIs.  Under the CDD Rule, CFIs are federally regulated banks and federally insured credit unions, mutual funds, brokers or dealers in securities, futures commission merchants, and introducing brokers in commodities. The Guidance (FIN-2018-G001) issued on April 3, 2018 also states that if CFIs notice a reasonable suspicion that a customer is evading or attempting to evade BO or other CDD requirements, the CFIs should:

  • not open an account,
  • close an account, or
  • file a suspicious activity report,

CDD RULE Definition of BO

· Each individual, if any, who, directly or indirectly, owns 25% or more of the equity interests of a legal entity customer (ownership prong); and

· A single individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager (a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or any other individual who regularly performs similar functions (control prong).

Here is what you need to know about FinCEN’s CDD Rule FAQ’s:

  • CFIs may choose to implement stricter written internal policies and procedures for the collection and verification of BO information than the requirements of the CDD Rule.  CFIs can collect information on natural persons that own a lower percentage than 25%, as well as information on more than one individual that has managerial control.  CFIs need establish and maintain written procedures to identify and verify the identity of BO of legal entity customers and include such procedures in their Anti-Money Laundering (AML) compliance program.
  • CFIs must obtain from their legal entity customers the identities of individuals who satisfy the definition of BO, either directly or indirectly through multiple corporate structures and or complex ownership structures.
  • CFIs must verify the identity of each BO according to risk-based procedures that contain the same elements that the CFIs use to verify the identity of individual customers under applicable Customer Identification Program (CIP) requirements.  CFIs ought to conduct their own risk-based analysis to determine the methods of verification and the appropriate documents to accept. The CDD Rule authorizes covered CFIs to use photocopies or other reproduction documents for documentary verification which includes unexpired Government issued identification (driver’s license or passport).  Non-documentary methods of verification include contacting a BO; verifying the BO’s identity through the comparison of information provided by the legal entity customer (or the BO) with information obtained from other sources; checking references with other CFIs and obtaining a financial statement. 
  • Required address requirements for certification under CDD Rule are equal to those under CIP rule.
  • There is no requirement for a CFI to use the Certification Form that was presented in the CDD Final Rule (Appendix A to the Rule).  The Certification Form is optional and was presented as a possible method.  CFI’s must retain the Certification Forms that they choose to use and not file them with FinCEN.
  • If BO is unavailable to appear in person during the account opening process and chooses to provide the representative of the legal entity a copy of the BO driver’s license, the CFI must:
  • Obtaining a completed Certification Form or equivalent information from the legal entity customer’s representative and may rely on such information.
  • Verify the identity of a beneficial owner who does not appear in person, through a photocopy or other reproduction of a valid identity document, or by non-documentary means.
  • With respect to existing customers as BO’s of a new legal entity accounts, if the individual identified as the BO is an existing customer of the CFI and is subject to the CFI’s CIP, a CFI may rely on information in its possession to fulfill the identification and verification requirements, provided the existing information is up-to-date, accurate, and the legal entity customer’s representative certifies or confirms (verbally or in writing) the accuracy of the pre-existing CIP information.
  • CFIs must retain all BO information collected for a period of 5 years after the record is made.  There could be up to three possible sets of documentation:  the original set collected at account opening, the updated set and a duplicated set of the updated set when a new account is opened.
  • If a single legal entity opens multiple accounts, the CFI must identify and verify the legal entity customer’s BO information for each new account opening, regardless of the number of accounts opened or over a specific period of time. Sub-accounts opened by the CFI for operational purposes (not at the customer’s request) are NOT considered new accounts.
  • Each time a loan is renewed or a certificate of deposit is rolled over, the CFI establishes another formal banking relationship and a new account is established.
  • CFIs are NOT required to conduct retroactive reviews to obtain BO information from customers with accounts opened prior to May 11, 2018. 
  • CFIs do not have an obligation to solicit or update BO information as a matter of course during regular or periodic reviews, absent specific risk-based concerns.
  • CFIs may use existing monitoring processes to comply with CDD monitoring and updating obligations.
  • CFI’s may update their records to reflect a change of information for an existing BO using the same or similar processes the institution implemented to record account information it obtains from customers in connection with the CFIs account opening processes.
  • The fundamental elements of identification and verification are the same whether a CFI identifies and verifies the identity of the BO at the time a legal entity initially opens a new account or at the time of a triggering event.
  • CFIs are not required to look through a pooled investment vehicle to identify and verify the identity of any individuals who own 25 percent or more of its equity interests.
  • If a Trust owns directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, the BO under the ownership/equity prong is the Trustee.  If there are multiple trustees or co-trustees, the CFI’s are expected to collect and verify the identity of, at a minimum, one co-trustee of a multi-trustee trust who owns 25 percent or more of the equity interests of a legal entity customer.
  • There are legal entity customers that are excluded from the collection and verification requirements of the CDD Rule (such information is publicly available).
  • Sole proprietorships—individual or spousal—and unincorporated associations are not legal entity customers as defined by the CDD Rule.
  • Nonprofit entities (exempt or not tax-exempt) that are established as a nonprofit or nonstock corporation are excluded from the ownership/equity prong of the CDD rule as nonprofit entities generally do not have ownership interests.  Nonetheless, CFIs are required to collect BO information under the control prong from any such entity.
  • Companies traded publicly in the United States are excluded from the definition of legal entity customer. Companies listed on foreign exchanges are not excluded from the definition of legal entity customer.
  • CFIs may not take a “risk-based approach” to collecting the required beneficial ownership information from legal entity customers that are listed on foreign exchanges.
  • With respect to Foreign Financial Institutions (FFIs), the Rule excludes from the definition of “legal entity customer” an FFI created in a non-U.S. jurisdiction when the foreign regulator for that FFI collects and maintains information on the BO(s) of the regulated institution.  CFIs need to contact the relevant foreign regulator or use other reliable means to ascertain whether the foreign regulator maintains BO information for the FFIs that it regulates or supervises.
  • Embassies or consulates are examples of legal entity customers that are considered non-US governmental entities that are engaged in only government activities and qualify for exclusion from the Rule.
  • There is a point of sale exemption for retail credit accounts opened to facilitate purchases made at the retailer.
  • There is an equipment finance and lease exemption for accounts opened to finance the purchase or leasing of equipment.
  • For Currency Transaction Reports (CTRs), the CFI should presume that different businesses that share a common owner are operating separately and independently from each other and from the common owner.
  • A CFI is not required to list the BOs of a business, or trust or estate account, when completing a CTR.
  • CFIs may continue to follow their existing internal procedures for approving AML program changes, including changes that incorporate the Rule’s new program requirements.
  • A CFI’s understanding of the nature and purpose of a customer relationship can be developed by inherent or self-evident information, such as the type of customer or type of account, service, or product or other basic information about the customer including information obtained at account opening.  This information is essential to the development of a customer risk profile.

Don’t be a victim of your own making

The CDD Rule requires CFIs to establish and maintain written procedures that are designed to identify and verify the BO of legal entity customers.  CFIs have the responsibility to not open an account, to close an account or to file a SAR if a customer is evading or attempting to evade BO or other CDD requirements. CFIs ought to have in place all the right mechanisms, processes and procedures to comply with FinCEN’s Final Rule by May 11, 2018.  Consult your Specialist for guidance.