On July 19, 2016, FinCEN issued FIN-2016-G003 with the following subject line: Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions (“FAQ”)
FinCEN’s stated purpose in issuing these FAQs was to assist covered financial institutions in understanding the scope of the Customer Due Diligence (CDD) requirements for financial institutions which were published in the Federal Register on May 11, 2016 and which become fully effective on May 11, 2018. The May, 2016 CDD Rule is available at: www.gpo.gov/fdsys/pkg/FR-2016-05-11/pdf/2016-10567.pdf
FinCEN’s release noted the FAQs are to be considered as interpretive guidance with respect to the CDD rule. The May, 2016 CDD rule contained a new regulatory requirement for all entities which meet the 31 C.F.R. Part 1010 definition of a financial institutions and 25 of the 26 Q&As provide additional guidance for the identification and verification requirements of the beneficial owners of legal entity customers.
Additional regulatory requirements for banks are set forth in FinCEN’s Part 1020. This new rule added to Part 1020 essentially formalizes previous guidance by adding the requirement that banks implement risk-based procedures, such as by developing a customer risk profile, in order to serve as a springboard for conducting ongoing customer due diligence.
While not addressed in the guidance, banks which currently have some form of beneficial ownership identification and verification program for business entities similar to the new legal entity customer definition, may find portions of the guidance helpful during the ongoing maintenance of any current programs developed as a result of the previous implicit guidance provided by FinCEN or a bank’s prudential regulatory agency. FinCEN has also noted it intends to issue additional FAQs or guidance as appropriate in the future and we hope that future guidance will more robustly address the new fifth pillar expectations.
While there is little new information contained in the FAQs, they do contain a condensed version of the new rule and are in a form which make them a good training resource. The rule and these FAQs do two things: 1) Explicitly state that FinCEN’s goal is to obtain ownership and control information of natural persons involved with a legal entity; and 2) Add a fifth CDD pillar to the traditional “four pillars” of an effective BSA/AML program by requiring covered financial institutions to establish risk-based procedures for conducting ongoing customer due diligence in order to identity potential suspicious activity.
A number of the Q&As contain particularly pertinent information and I am bringing these to your attention below. The Q&As below begin with #5 from the FAQ document as it was the only one that addressed the new fifth pillar requirement. For the sake of brevity, questions from the FAQ are summarized as a subject matter and the full answer is provided below the highlighted subject matter heading:
Q5 – Changes to BSA/AML Program:
Yes. The CDD Rule amends the AML program requirements for each covered financial institution to explicitly require covered institutions to implement and maintain appropriate risk based procedures for conducting ongoing customer due diligence, to include: understanding the nature and purpose of the customer relationships; conducting ongoing monitoring to identify and report suspicious transactions; and, on a risk basis, to maintain and update customer information. A covered financial institution’s AML program must include, at a minimum: (1) a system of internal controls; (2) independent testing; (3) designation of a compliance officer or individual(s) responsible for day-to-day compliance; (4) training for appropriate personnel; and (5) appropriate risk-based procedures for conducting ongoing CDD to understand the nature and purpose of customer relationships and to conduct ongoing monitoring to identify and report suspicious transactions, and, on a risk basis, to maintain and update customer information.
Q4 – Requirements regarding Beneficial Owners:
The CDD Rule requires covered financial institutions to establish and maintain written procedures that are reasonably designed to identify and verify the beneficial owners of legal entity customers. These procedures must enable the institution to identify the beneficial owners of each customer at the time a new account is opened, unless the customer is otherwise excluded or the account is exempted. Also, the procedures must establish risk-based practices for verifying the identity of each beneficial owner identified to the covered financial institution, to the extent reasonable and practicable. The procedures must contain the elements required for verifying the identity of customers that are individuals under applicable customer identification program (“CIP”) requirements. In short, covered financial institutions are now required to obtain, verify, and record the identities of the beneficial owners of legal entity customers.
Q9 – Definition of Beneficial Owner:
Defines beneficial owner as each of the following: each individual, if any, who, directly or indirectly, owns 25% or more of the equity interests of a legal entity customer (i.e., the ownership prong); and a single individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or any other individual who regularly performs similar functions (i.e., the control prong). This list of positions is illustrative, not exclusive, as there is significant diversity in how legal entities are structured.
Q20 – Legal Entity Customer (LEC): (Please also read Q &A #21 which provide a detailed list of entities which are excluded from the definition of a LEC
Corporation, limited liability company, other entity created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account. The definition also includes limited partnerships, business trusts that are created by a filing with a state office, and any other entity created in this manner. A legal entity customer does not include sole proprietorships, unincorporated associations, or natural persons opening accounts on their own behalf.
The FAQs also provides clarification as to the purpose and application of the rule along with an explanation of what entities are considered to be covered financial institutions. The key definitions of beneficial owner, legal entity customer and account are addressed in the FAQs. There is also reference to the impact, if any, to OFAC and 314(a) requirements.
A list of all of the Frequently Asked Questions and Answers is available on FinCEN’s website at:
https://www.fincen.gov/statutes_regs/guidance/pdf/FAQs_for_CDD_Final_Rule_(7_15_16).pdf