Why Comply With 2018 CDD Requirement Now

The OCC entered into a Consent Decree with Business Bank of Texas on July 20, 2016 after the OCC initially announced its intentions to issue a Cease and Desist (C&D) Order.
Previously, we issued a blog on the Beneficial Ownership FAQs (posted August 18, 2016) which stated that May 11, 2018 was the applicability date for the following requirements:

  • Identification and Verification of Legal Entity Customers; and
  • Requirement to add a new “fifth pillar”:
    • Understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
    • Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.

Section IV of the Consent Decree (page 7) contains requirements which are verbatim or very similar in nature to the May, 2018 regulatory requirements.  It’s interesting to note that Business Bank of Texas within 90 days of the order must: “develop and thereafter ensure bank adherence to appropriate policies and procedures for collecting CDD when opening new accounts and when the bank obtains event-driven information.”
The new policies to be developed require the bank to give “consideration to FinCEN’s recently issued regulation on CDD, which has an applicability date of May 11, 2018.”  This would seemingly cause this bank to comply with the new Beneficial Ownership requirements in the fourth quarter of 2016 instead of by the May 11, 2018 date.  A concern is that this might create a competitive disadvantage if Business Bank of Texas’s peer banks choose to wait until the applicability date to implement the identification and verification requirements.
Per the Consent Decree, the bank’s written BSA policies are required to address or obtain the following from customers:

  • understanding of the nature and purpose of customer relationships;
  • purpose of the account;
  • information to be obtained by bank personnel for individuals with ownership or control over the account, such as beneficial owners, signatories or guarantors; and
  • occupation or type of business of customer or other individuals with ownership or control over the account.

Thirteen pages of this unusually long Consent Decree exclusively addressed BSA/AML issues.  The following functions are also addressed in the written agreement to a greater degree than normal when compared to other BSA/AML agreements:

  • BSA Risk Assessment;
  • Workload and skillsets of current BSA staff;
  • Level of BSA experience necessary to implement BSA monitoring tools;
  • Succession planning for BSA Officer;
  • Structure and Oversight of the BSA Department;  and
  • Authority and independence of BSA Officer

The Consent Order may be found at:  https://www.occ.gov/static/enforcement-actions/ea2016-069.pdf