Final Rule by the Financial Crimes Enforcement Network
Published in Federal Register 11 May 2016
Compliance with Final Rule by 11 May 2018
From time to time rule changes appear on matters regarding due diligence. The updated due diligence requirements from FinCen represent a strong shift in due diligence requirements for covered financial institutions. The following is a summary of what is to be expected and some comments on the impact of the rule changes. It is not a replacement for reading and understanding the new regulations published in the Federal Register.
The U.S. Financial Crimes Enforcement Network (FinCEN) expanded the due diligence obligations for certain financial institutions that are subject to the current customer identification program requirements. FinCen issued new rules under the Bank Secrecy Act to address due diligence requirement, specifically customer due diligence requirements for the financial services industry and expanded the definition of “Financial Institution”.
A significant change is the including of Registered Investment Advisors into the definition of a Financial Institution.
FinCEN indicated that the proposed definition of investment adviser
would capture both primary advisers and subadvisers. In addition, FinCEN indicated that the following types of advisers may be within scope:
(i) dually registered investment advisers, and advisers that are affiliated with or subsidiaries of entities required to establish AML programs;
(ii) certain non-U.S. investment advisers;
(iii) investment advisers to registered investment companies;
(iv) financial planners;
(v) pension consultants; and
(vi) entities that provide only securities newsletters and/or research reports.
The inclusion of RIAs within the definition of a financial institution for purposes of the BSA’s implementing regulations will require RIAs to comply with the BSA regulatory requirements that are generally applicable to financial institutions. This includes the information sharing provisions of Section 314(a) of the Patriot Act, the currency transaction report (CTR) requirements, the recordkeeping and travel rule (subject to certain exceptions), and the requirement to create and retain records for extensions of credit and cross-border transfers of currency, monetary instruments, checks, investment securities, and credit when transactions exceed $10,000.
These entities and or persons are added to the definition of already covered financial institutions, which include insured banks, commercial banks, U.S. branches and agencies of foreign banks, federally insured credit unions, savings associations, Edge corporations, federally regulated trust companies, broker-dealers, futures commission merchants, introducing brokers in commodities and mutual funds. State-chartered trust companies that do not accept federally insured deposits and are not subject to regulation by a federal regulator appear not to fall within the definition of covered financial institution.
The new rules require the identification of the beneficial owners of all legal entity customers at the time each new account is opened. Covered financial institutions are not presently required to know the identity of the individuals who own or control their legal entity customers (also known as beneficial owners). This enables the secretion of ill-gotten gains to access the financial system anonymously. The beneficial ownership requirement is designed to address this issue. FinCen declined to impose a categorical, retroactive requirement. Based upon their understanding of the significant changes to processes and systems that would be required to implement a retroactive requirement. They reasonably concluded that retroactive application would be unduly burdensome.
The key elements of CDD include:
(i) Identifying and verifying the identity of customers;
(ii) Identifying and verifying the identity of beneficial owners of legal entity customers (i.e., the natural persons who own or control legal entities);
(iii) Understanding the nature and purpose of customer relationships; and
(iv) Conducting ongoing monitoring.
The key term here is a natural person. As ownership and control can be either linked or de-linked both have to be addressed. For the new ruling, a legal entity owned substantially by one or two people but controlled by a third party who has no equity in the legal entity presents a new challenge. All three would be subject to the new Customer Due Diligence requirements, not just the owner and not just the control person but all three of them.
The threshold for disclosure of beneficial ownership is 25% or greater. This does not just apply to the legal entity but also to any entity that might control the legal entity. The Customer Due Diligence process may have to penetrate several layers of legal entities to arrive at the natural persons.
Specifically, A two prong approach is used for the definition of beneficial owner:
Each individual, if any, who directly or indirectly owned 25 percent of the equity interests of a legal entity customer (the ownership prong); and a
Single individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager or any other individual who regularly performs similar functions (the control prong).
It is understood that the number of beneficial owners identified will vary from legal entity customer to legal entity customer due to the ownership prong— there could be as few as zero and as many as four individuals who satisfy this prong. All legal entities, however, will be required to identify one beneficial owner under the control prong. It was also understood that financial institutions had the discretion to identify additional beneficial owners as appropriate based on risk.
At a minimum, the financial institution’s procedures must contain the elements required under the CIP rule. A covered financial institution may use photocopies or other reproductions of documentary evidence in connection with carrying out its CIP procedures on the beneficial owners. The rule does not require a financial institution to update beneficial ownership information of legal entity customers. However, the financial institution will be required to obtain and verify beneficial ownership information for a legal entity customer each time the customer opens a new account or based upon the risk presented by a particular customer relationship and patterns or transactions identified by the financial institution during the course of monitoring customer activity. At these or other times a financial institution may decide to obtain or update beneficial ownership information.
A financial institution may rely on information provided by a legal entity customer regarding the identity of its beneficial owners, provided the financial institution does not have any knowledge of facts that would reasonably call into question the reliability of such information.
A financial institution could gather this information from a legal entity customer by obtaining a FinCen certification for the individual opening the account, or it could collect the information required through other means if the individual opening the account certifies the accuracy of the information to the best of his or her knowledge.
The Rule mandated the use of the certification form, so the Final Rule adopted by FinCEN provides additional flexibility to covered financial institutions. The Final Rule also requires each covered financial institution to verify the identity of each beneficial owner identified to the financial institution using reasonable and practicable risk-based procedures. The procedures must at a minimum contain the elements required under the CIP rule. A financial institution may also use photocopies or other reproductions of documentary evidence in connection with carrying out its CIP procedures on beneficial owners.
The new rules go on to emphasize that financial institutions are to implement risk-based procedures for conducting ongoing customer due diligence. A financial institution’s procedures must, at a minimum, allow it to:
1. Understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
2. Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, maintain and update customer information (including beneficial ownership information).
These AML program requirements clarify existing requirements under the Bank Secrecy Act. In particular, FinCEN reinforced its expectation that financial institutions should obtain information sufficient to permit the financial institution to develop an understanding of the customer’s normal and expected activity in order to form a baseline for purposes of identifying unusual or suspicious activity that may warrant additional inquiry or that forms the basis for a suspicious activity report.
It is a re-emphasis of KYC requirements. FinCEN wants the financial institution to affirmatively “know their client”. They wish to end the guessing by the financial institution at who they are or guessing about what might be normal traffic or suspicious activity. FinCEN wants the financial institution to know. It is our experience that financial institutions have skimped on KYC and often have no idea what is the normal activity in a customer’s business model or their transaction profile.
The Rules permit a financial institution to rely on the performance of another financial institution for the requirements of the Rules on any legal entity customer of the financial institution that is opening or has opened an account or has established a similar business relationship with another financial institution to provide or engage in services, dealings or other transactions, provided that
(i) such reliance is reasonable under the circumstances,
(ii) the other financial institution is subject to an anti-money laundering program rule under the Bank Secrecy Act and is regulated by a federal functional regulator, and
(iii) the other financial institution enters into a contract with the financial institution requiring it to certify annually that it has implemented its anti-money laundering program and that it will perform the specified requirements of the covered financial institution’s procedures.
Financial institutions are permitted to rely on other financial institutions under similar circumstances for purposes of fulfilling their obligations under FinCEN’s CIP rules, and the U.S. Securities and Exchange Commission (the “SEC”) has issued a series of no-action letters permitting broker-dealers to rely fully, in certain circumstances, on SEC-registered investment advisers registered to perform some or all of their CIP obligations.
The rules do not address whether broker-dealers may rely on SEC-registered investment advisers for purposes of compliance even though they are to be considered a financial institution.
Like any 3rd party promise of verification, it is wise to be very comfortable with the counterparties standards of care regardless of what may or may not be permitted at the financial institution will ultimately be held liable for failures even if the failure came from a 3rd party vouched credential for KYC, CIP and Beneficial ownership.
Exemptions
Covered financial institutions are exempt from the requirements to identify and verify the identity of the beneficial ownership only to the extent the financial institution opens an account for a legal entity customer that is:
(i) At the point-of-sale to provide credit products, including commercial private label credit cards, solely for the purchase of retail goods and/or services at these retailers, up to a limit of $50,000;
(ii) To finance the purchase of postage and for which payments are remitted directly by the financial institution to the provider of the postage products;
(iii) To finance insurance premiums and for which payments are remitted directly by the financial institution to the insurance provider or broker;
(iv) To finance the purchase or leasing of equipment and for which payments are remitted directly by the financial institution to the vendor or lessor of this equipment.
The exemptions do not apply to transaction accounts through which a legal entity customer can:
(i) make payments to, or receive payments from, third parties.
(ii) If there is the possibility of a cash refund on the account activity
If so, then beneficial ownership of the legal entity customer must be identified and verified by the financial institution as required by this section, either at the time of initial remittance or at the time such refund occurs.
Impact:
Real-estate
FinCEN Director Calvery brought the proposed FinCEN rule into the field of real estate transactions when she further stated in a New Your Times article, “we need to ensure transparency in the area of real estate.” The Article discussed, in general, the use of shell companies used to buy high-value real estate in the United States. The article “Towers of Secrecy” was convincing and damning how much money had been hidden in the shell companies. A majority of the Trump and Times Warner units were held in shell companies and a disturbing number of them, once the corporation veils had been pierced, were owned by foreign nationals who had been or were subject to financial investigations for fraud.
Real-estate has continued to hold itself apart from the AML and KYC regulations event though they as professionals and all of the participants are subject to the regulations. The buck passing is typical with the broker, shifting responsibility to the title company, the title company shifting responsibility to the escrow company, and if a lender is involved they all look to the lender for compliance. Our considerable experience has shown if the lender is a bank or a covered financial institution – the KYC, CIP compliance is done correctly, but neither the realtor nor the title company seeks confirmation of coverage.
In the very near future, all parties will be held responsible for failures in KYC and CIP from the agent to the broker, to the attorney, to the title company, and escrow company.
Card Payments Systems
Covered financial institutions are exempt from the beneficial ownership requirement with respect to private label credit card accounts to the limited extent that they are established at the point-of-sale to obtain credit products, including commercial private label credit cards, solely for the purchase of retail goods and/or services at the issuing retailer and have a credit limit of no more than $50,000.
In contrast, credit cards that are cobranded with major credit card associations do not possess the same limitations and characteristics that would protect them from abuse. For example, co-branded credit cards can be used at any outlet or ATM that accepts those associations’ cards. FinCEN, therefore, will require that covered financial institutions obtain and verify beneficial ownership information with respect to opening accounts for legal entities involving such co-branded cards.
Securities Industry
A significant impact will be on financial planners, investment managers, investment advisors, pension consultants, and entities that provide only securities newsletters and/or research reports – or as we have called them the tout services. A whole new way of customer intake and onboarding will have to be designed concurrently with drafting and adopting all of the required written policy and procedure manuals. The time and cost of client onboarding are going to go from de minimis to many hundreds of dollars.
Link to the Federal Register
https://www.federalregister.gov/articles/2016/05/11/2016-10567/customer-due-diligence-requirements-for-financial-institutions
Contributed by L. Burke Files, DDP CACM President
International Due Diligence Organization, Inc.
