The Financial Crimes Enforcement Network (“FinCEN”) recently published its final rule under the Bank Secrecy Act of 1970, as amended (the “BSA”) on customer due diligence requirements for banks, broker-dealers, mutual funds and futures commission merchants and introducing brokers in commodities (“covered financial institutions”). The rule requires that covered financial institutions identify and verify the identity of the beneficial owners of legal entity customers. The rule also amends the minimum anti-money laundering program (“AML program”) standards for covered financial institutions by expressly requiring risk-based procedures for conducting ongoing customer due diligence. The full text of the rule is available here.
The USA PATRIOT Act of 2001 amended the BSA to authorize the Secretary of the Treasury to require covered financial institutions to keep records and file reports having a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings. The Secretary of the Treasury delegated to FinCEN the authority to implement, administer, and enforce compliance with the BSA and to impose AML program requirements on covered financial institutions. In furtherance of this goal, FinCEN requires covered financial institutions to create customer identification programs (“CIP programs”) that include procedures to identify and verify customer information when customers open accounts. Under the current rules, covered financial institutions are required to perform customer due diligence on the individual or legal entity opening an account and are not explicitly required to perform customer due diligence on the beneficial owners of the legal entity customers.
Identifying Beneficial Owners of Legal Entity Customers
The new FinCEN rule expands CIP program minimum requirements to require covered financial institutions to identify and verify the identity of the natural persons who own or control their legal entity customers (“beneficial owners”). A covered financial institution may identify beneficial owners by obtaining the required information on the standard certification form, which is included as Appendix A to the rule, or by any other means that comply with the substantive requirements of this obligation. The identification and verification procedures are similar to those required for individual customers under the current CIP program requirements. However, for beneficial owners, a financial institution may rely on copies of identity documents as well as information supplied by the legal entity customer regarding the identity of its beneficial owner(s), provided that it has no knowledge of facts that would reasonably call into question the reliability of the information.
The rule defines a beneficial owner as any individual who directly or indirectly owns 25 percent or more of the equity interests of a legal entity customer or who has significant responsibility to control, manage or direct a legal entity customer (including an executive officer or senior manger or any other individual who regularly performs similar functions). A legal entity customer is defined in the new rule as an entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction. Covered financial institutions are not required to collect beneficial owner information for certain specified legal entity customers including banks, investment companies, investment advisors, bank holding companies, certain pooled investment vehicles, and state-regulated insurance companies.
Even if an entity is a legal entity customer, the new rule does not require a covered financial institution to identify and verify the identity of beneficial owners if that customer is engaged in certain exempted activities. For example, covered financial institutions do not need to collect beneficial owner information if a customer opens an account that is at the point-of-sale to provide credit products, including commercial private label credit cards, solely for the purchase of retail goods and/or services, up to a limit of $50,000.
FinCEN declined to impose a categorical, retroactive requirement on covered financial institutions to collect beneficial owner information on existing accounts. However, FinCEN stated that covered financial institutions should obtain beneficial ownership information from existing customers when, in the course of their normal monitoring, a financial institution detects information relevant to assessing or reevaluating the risk of such customer.
Expanded Anti-Money Laundering Program Requirements
The rule also amends the AML program minimum standards to explicitly require risk-based procedures for conducting ongoing customer due diligence. The rule states that this requires an understanding of the nature and purpose of customer relationships for the purpose of developing a customer risk profile. Further, the rule provides that customer due diligence should also include ongoing monitoring to identity and report suspicious transactions and to maintain and update customer information (as needed, on a risk basis), which includes information regarding the beneficial owners of legal entity customers.
These provisions do not impose a requirement to update customer information on a prescribed continuous or periodic basis, but rather, as necessary based on normal monitoring of facts relevant to assessing the risk posed by a particular customer. FinCEN has indicated that it views these amendments as not imposing new requirements, but rather as clarifying and making explicit the activities that covered financial institutions are expected to undertake to satisfy their existing obligations.
In order to ensure compliance with the minimum standards in the final rule, firms should review their customer due diligence policies and existing AML/CIP programs. The final rule becomes effective on July 11, 2016, and covered financial institutions must comply with the rule by May 11, 2018.