Countdown checklist to compliance with FinCEN’s Customer Due Diligence Rule

The U.S. Treasury Department’s Customer Due Diligence (CDD) rule, also known as the beneficial ownership rule, was a long time coming but it goes into force this week. More than four years elapsed from the 2012 initial proposal from by the Financial Crimes Enforcement Network (FinCEN) — the Treasury Department’s lead agency in the fight against money laundering and terrorist financing — to the issuance of the final rule in 2016.

The final rule includes two core concepts:

• (1) U.S. covered financial institutions must understand the nature and purpose of their customers’ accounts and carry out a riskbased update of customer information, to ensure it remains relevant for understanding customer activity; and
• (2) U.S. covered financial institutions must obtain beneficial ownership information for each “legal entity” customer, i.e., an entity that files a public document with the Secretary of State, or similar state official or office, including any similar entity formed under the laws of a foreign jurisdiction. Collectively, these two concepts constitute a new “fifth pillar” of anti-money laundering (AML) compliance in the United States.

After the final rule was published, U.S. covered financial institutions (i.e., federally regulated banks and federally insured credit unions, mutual funds, brokers or dealers in securities, futures commission merchants, and introducing brokers in commodities) were given two years to prepare for implementation. These two years end on Friday, May 11 when the rule becomes effective. That leaves precious little time for a final readiness check.

Checklist for CDD rule compliance At a high level, the final checklist for a covered financial institution to achieve compliance with the new CDD rule should include the following: • Gap analysis : The institution has a clear understanding of differences between its current practices and what is required by the CDD rule. • Policies, procedures and other documentation : Policies, procedures, customer onboarding forms and other related know-your-customer (KYC) templates are updated to capture the requirements of the two core concepts of the rule, including trigger events that would require updating of KYC information and documentation requirements. • Roles and responsibilities : The institution has a plan for dealing with tactical issues (e.g., identifying who within the organization will reach out to foreign regulators to determine whether they maintain information on beneficial owners of institutions they license and supervise) and for determining whether all requests for beneficial ownership information will be centralized (see “Other competing regulatory requirements” section below). • Technology upgrades/modifications : Customer onboarding systems have been enhanced, as necessary, to: (1) capture information that may not have been requested from customers previously; (2) identify when newly collected information may trigger enhanced due diligence requirements; (3) link customers with common beneficial owners; and (4) facilitate sanctions screening of beneficial owners. • Customer risk rating methodology : The customer risk rating methodology has been revised, as needed, to incorporate the risk of a beneficial owner, if not already considered, and to capture any other newly collected information with risk rating implications. • Training : Affected personnel (e.g., account and relationship personnel, customer service staff and those involved in customer onboarding. KYC collection and updating, customer risk rating, transaction monitoring, sanction screening) have undergone customized training on the new CDD rule and the institution’s policies and procedures for complying with it. • Customer awareness : The institution has produced materials to help customers, specifically legal entity customers, understand the impact of the rule. These include but are not limited to account inserts, website or lobby notices, and scripts provided to all personnel who have direct contact with customers. No claim to original U.S. Government Works. • Staffing needs assessment : The institution has performed a staffing needs assessment to consider additional time and resources that may be required for customer onboarding and KYC updating (including how any delays in account opening may affect the customer experience), as well as potential staffing increases that may be needed. • Compliance monitoring : Compliance monitoring programs have been updated to incorporate the requirements of the new rule. • Internal audit : Audit work programs have been updated to include the requirements of the new rule. • Management and board reporting : Standard AML reporting for management and the board of directors has been updated to include key performance indicators and key risk indicators related to compliance with the rule. • CDD rule “hotline”/designation of SME : The institution has designated a point of contact for inevitable questions that will arise during implementation.

As FinCEN suggests in its recently released Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions, these straightforward steps for ensuring compliance with the new CDD rule belie the level of effort required for compliance. Beyond a number of practical implementation challenges, U.S. covered financial institutions must also factor in the impact of extraterritorial and other competing regulatory requirements. Extraterritorial impact The CDD rule applies to U.S. covered financial institutions.

It also applies to a U.S. office of a foreign banking organization or a multinational financial company, or an affiliate of a foreign banking organization where the possibility exists that customers onboarded outside of the United States may also wish to do business in United States or vice versa. In these cases, the institution and its network offices must consider how the rule – specifically, the beneficial ownership requirements – may differ from the requirements in the various countries in which they operate.

The intent of the beneficial ownership rule across the globe is consistent – identify the natural person(s) who own a legal entity – but the details are not. Variances may involve the types of legal entity customers that are included and that are exempted, as well as the steps that are required to validate the identity of beneficial owners. Extraterritoriality works in both directions. U.S. covered financial institutions onboarding customers that may wish to conduct business with their non-U.S. network will also need to consider beneficial ownership standards in other jurisdictions. Of note, the U.S. standards are not the strictest in all cases.

Finally, U.S. covered financial institutions that open accounts for persons from other jurisdictions may also have to consider the impact of non-AML related requirements, such as the EU General Data Protection Regulation (GDPR) that governs the collection, maintenance and retention/destruction of information of EU persons. Customer due diligence and GDPR requirements can be reconciled, but problems may arise if both sets of requirements are not given due consideration. Other competing regulatory requirements Apart from the potential cross-border difference referenced above, U.S. covered financial institutions must remember that beneficial ownership requirements of other U.S. laws and regulations may also differ from those of the FinCEN CDD rule.

For example: • s 312 of the USA PATRIOT Act of 2001 includes beneficial ownership requirements, at a 10 percent threshold, for foreign financial institutions that operate under an offshore license; operate in a jurisdiction that has been designated as non-cooperative with international AML standards and/or operate in a jurisdiction designated by the Secretary of Treasury as warranting special measures; and for private banking accounts at an unspecified threshold. • U.S. tax law, e.g., the Foreign Account Tax Compliance Act (FATCA), also establishes a 10 percent threshold for beneficial ownership. These requirements mean that, absent deliberate coordination, customers could be asked for different information by different groups within a covered financial institution. With the effective date of the FinCEN CDD rule just days away, most covered financial institutions will conclude that their checklists are complete and they are ready to move on to implementation. Produced by Thomson Reuters Accelus Regulatory Intelligence 11-May-2018

Published 08-May-2018 by Carol Beaumier

If you are interested in learning more about this news update, please read more here