On May 11, 2018, the new Customer Due Diligence Requirements for Financial Institutions (the “CDD Rule” or the “Rule”)[1] are scheduled to come into effect. On April 3 of this year, the promulgator of the CDD Rule, the Financial Crimes Enforcement Network (FinCEN), issued a new Guidance[2] to assist covered financial institutions[3] in understanding the scope of the Rule. According to the Rule, covered financial institutions must collect, maintain, and report beneficial ownership information. They must also adopt written risk-based procedures that are reasonably designed to identify and verify the identity of beneficial owners of legal entity customers and to include such procedures in their AML compliance program. The Guidance notes that a covered financial institution with notice of or a reasonable suspicion that a customer is evading or attempting to evade beneficial ownership or other customer due diligence requirements should consider whether it should not open an account, close an account, or file a suspicious activity report, regardless of any interpretations established in the Guidance.
Establishing Risk-based Procedures
As noted in the Guidance, covered financial institutions must develop written internal policies, procedures, and internal controls with respect to collecting, maintaining, and updating beneficial ownership information for legal entities. Furthermore, covered financial institutions must perform ongoing customer due diligence including regular monitoring to identify and report suspicious activity and, on a risk basis, to maintain and update customer information. Subject to certain exclusions or exceptions, covered financial institutions must identify and verify the identity of the beneficial owners of all legal entity customers at the time each new account is opened, a loan is renewed, a certificate of deposit is rolled over, or another new formal banking relationship is established, even if the legal entity is an existing customer.
Absent specific risk-based concerns, covered financial institutions are not required to conduct retroactive reviews to obtain beneficial ownership information from customers whose accounts were opened prior to May 11, 2018. However, when a financial institution becomes aware of information about a customer during the course of a normal risk-based monitoring that indicates a possible change of beneficial ownership, the obligation to obtain or update beneficial ownership information on legal entity customers is triggered even for accounts established before May 11, 2018. Absent such a risk-related trigger or event, collecting or updating of beneficial ownership information is at the discretion of the covered financial institution, which may choose to implement stricter written internal policies and procedures than the requirements prescribed by the Rule.
Identifying Beneficial Owners of Legal Entity Customers
According to the CDD Rule, a legal entity includes a corporation, a limited liability company, or another entity that is created by a filing of a public document with a Secretary of State or similar office, a general partnership, and any similar business entity formed in the United States or a foreign country. However, for the purposes of the Rule, a legal entity does not include a sole proprietorship, an unincorporated association, or a natural person opening an account on his or her own behalf.
According to the Rule, beneficial owners include the following persons:
(1) Each individual, if any, who owns, directly or indirectly, 25 percent or more of the equity interests of the legal entity customer (the Ownership Prong); and
(2) An individual with significant responsibility for managing the legal entity customer (the Control Prong). Such persons would include, for example, a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer.
Accordingly, a legal entity may have multiple “beneficial owners”. All legal entities would have at least one individual under the Control Prong. They would also have between zero (in case no person meets the 25% minimal ownership requirement) and four individuals (in case each of them owns 25% of the equity in the legal entity customer) under the Ownership Prong. If appropriate, the same individuals may be listed under both prongs.
For legal entity customers with complex ownership structures – for example, in cases where a legal entity owns 25 percent or more of a legal entity customer – covered financial institutions must obtain from their legal entity customers the identities of individuals who satisfy the definition, either directly or indirectly through multiple corporate structures. Therefore, the equity holdings by the ultimate beneficial owners must be aggregated to see if the totality of their direct and indirect equity interests in a legal entity customer meets or exceeds the 25 percent requirement. The Guidance notes that a covered financial institution need not independently investigate the legal entity customer’s ownership structure and may accept and reasonably rely on the information provided by the legal entity customer’s representative, provided that the institution has no knowledge of the facts that would reasonably call into question the reliability of such information.
In addition to the aforementioned requirements, a covered financial institution may also voluntarily choose to identify additional individuals or use a lower threshold than 25% if it deems appropriate on the basis of risk. In all cases it is important that covered financial institutions establish and maintain written procedures that are reasonably designed to identify and verify the identity of beneficial owners of legal entity customers and include such procedures in their AML compliance program.
Although the CDD Rule’s beneficial ownership verification procedures must contain the same elements as existing Customer Identification Program (“CIP”) procedures, they need not be identical to them. For example, under the CIP procedures a financial institution may not accept photocopies of a driver’s license from the legal entity customer to verify the beneficial owner(s)’ identity if the beneficial owner is not present. However, under the CDD Rule a covered financial institution may verify the identity of a beneficial owner who does not appear in person, through a photocopy or other reproduction of a valid identity document. The CDD Rule also permits covered financial institutions to use non-documentary methods of verification such as contacting the beneficial owner, comparing information provided by the beneficial owner or the legal entity customer with other sources, obtaining a financial statement, or checking references with other financial institutions.
Article by Alex Nisengolts
[1] Customer Due Diligence Requirements for Financial Institutions, published on May 11, 2016, as amended on September 29, 2017, available at https://www.fincen.gov/resources/statutes-regulations/federal-register-notices/customer-due-diligence-requirements.
[2] FinCEN Guidance, FIN-2018-G001, issued on April 3, 2018, available at https://www.fincen.gov/sites/default/files/2018-04/FinCEN_Guidance_CDD_FAQ_FINAL_508_2.pdf.
[3] Covered financial institutions include mutual funds, banks, brokers-dealers, introducing brokers in commodities, futures commission merchants and certain other institutions.