Published on:

Firm FinCEN’s Customer Due Diligence Rule and Implementation

In the September 2018 edition of the National Association of Minority and Women Owned Law Firms (“NAMWOLF”) Newsletter, Jacklyn Fetbroyt,  Member of KHF, writes Firm FinCEN’s Customer Due Diligence Rule and Implementation.

JF-Square-300x275

In 2016, the Financial Crimes Enforcement Network (FinCEN) issued its final rule on customer due diligence and beneficial ownership requirements (the “CDD Rule,” 31 CFR Parts 1010, 1020, 1023, et al.), promulgated under the Currency and Foreign Transactions Reporting Act of 1970, as amended by the USA PATRIOT Act of 2001 and other legislation, which legislative framework is commonly referred to as the ‘‘Bank Secrecy Act.” Notably, the Bank Secrecy Act lacks a requirement that financial institutions know the identity of the beneficial owners of their accounts – i.e., the individuals who control legal entity customers – which therefore allow a shield of anonymity for the beneficial owners. To address this perceived weakness and the limit the money laundering that it enabled, FinCEN issued the CDD Rule on May 11, 2016, and it became effective on July 11, 2016; however, covered financial institutions—including federally regulated banks, federally insured credit unions, mutual funds, brokers and dealers in securities, futures commission merchants, and introducing brokers in commodities—had until May 11, 2018, to come into full compliance with the CDD Rule.

The CDD Rule establishes four core requirements:

  1. To identify and verify the identity of customers;
  2. To identify and verify the identity of the beneficial owners of companies opening accounts;
  3. To understand the nature and purpose of customer relationships to develop customer risk profiles;
  4. To conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.

Covered financial institutions are not required to retroactively identify and verify existing customers’ beneficial ownership information, but any new account (even for an existing customer) and all product renewals require CDD Rule compliance.  The CDD Rule, however, did not provide specific account-opening procedures.  Instead, covered financial institutions can retain existing procedures and modify them in a way that accommodates for compliance with the CDD Rule.   Financial institutions must implement risk-based procedures for conducting customer due diligence, focused on the nature of the customer relationship which allows the financial institution to develop a customer risk profile.  The draft rule circulated for comment included a Certification Regarding Beneficial Owners of Legal Entity Customers (the “Certification Form”) to be completed by customers to identify beneficial owners but, after comments were received, FinCEN determined that the use of the Certification Form should be permissive, such that covered financial institutions can satisfy the requirement through (1) the use of FinCEN’s Certification Form; (2) the use of the financial institution’s own forms, so long as they meet the requirements of 31 CFR §1010.230(b)(1); or (3) any other means that satisfy the substantive requirements of §1010.230(b)(1).

Covered financial institutions are not required to retroactively identify and verify existing customers’ beneficial ownership information, but any new account (even for an existing customer) and all product renewals require CDD Rule compliance.  The CDD Rule, however, did not provide specific account-opening procedures.  Instead, covered financial institutions can retain existing procedures and modify them in a way that accommodates for compliance with the CDD Rule.   Financial institutions must implement risk-based procedures for conducting customer due diligence, focused on the nature of the customer relationship which allows the financial institution to develop a customer risk profile.  The draft rule circulated for comment included a Certification Regarding Beneficial Owners of Legal Entity Customers (the “Certification Form”) to be completed by customers to identify beneficial owners but, after comments were received, FinCEN determined that the use of the Certification Form should be permissive, such that covered financial institutions can satisfy the requirement through (1) the use of FinCEN’s Certification Form; (2) the use of the financial institution’s own forms, so long as they meet the requirements of 31 CFR §1010.230(b)(1); or (3) any other means that satisfy the substantive requirements of §1010.230(b)(1).

The Certification Form (found at Appendix A to § 1010.230) requires that each individual who directly or indirectly owns twenty-five percent (25%) or more of the equity interests of a legal entity and wishes to open or renew an account, provide their name, date of birth, address, and social security or, if foreign, passport number and country of issuance or something equivalent. The same information is required for one individual with significant responsibility for managing the legal entity. Unless the covered financial institution has reason to believe the information is false, it may rely on the information provided by the customer in the Certification Form.

Covered financial institutions are not, however, required to identify beneficial ownership (direct or indirect) at a lower threshold (that is, below 25%) but FinCEN recommends, as stated in its April 3, 2018 Guidance Memorandum re: Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions, that “collection and verification of beneficial ownership information at a lower threshold may be warranted, based on the financial institution’s own assessment of its risk relating to its customer [and] … any additional heightened risk could be mitigated by other reasonable means, such as enhanced monitoring or collecting other information…”  Financial institutions should use beneficial ownership information as they use other information they gather regarding customers (e.g., through compliance with CIP requirements), including for compliance with the Office of Foreign Assets Control regulations, and the currency transaction reporting (CTR) aggregation requirements.

The CDD Rule will require financial institutions to invest significant time and money to revamp customer due diligence. FinCEN estimates that compliance with the CDD Rule will increase the time to open new business accounts by 15 to 30 minutes per account. Time spent monitoring accounts will also increase to comply with the rule. Hopefully, if a bank’s CDD Rule compliance is implemented alongside new technologies and improvements to existing procedures, reduction in loss due to fraud could counteract the new regulatory burden imposed by this rule.

While the CDD Rule will undoubtedly cause some degree of hardship for banks, if the rule performs as intended, it will enable both law enforcement and banks to more easily identify illicit money flows that previously may have gone unnoticed under the Bank Secrecy Act.

Jacklyn Fetbroyt is a founding member of Philadelphia law firm Kang Haggerty & Fetbroyt LLC and is currently the co-chair of the NAMWOLF Financial Services Litigation Practice Area Committee. Among other things, KHF represents banks and other financial institutions in transactional work, work-out, creditors rights, and compliance issues.