FinCEN s New Customer Due Diligence Requirements and Their Impact on Community Banks

Similar documents
Preparing for Your BSA Compliance Exams. Ted Dreyer, Senior Attorney Wolters Kluwer

Regulatory Notice 17-40

CUSTOMER DUE DILIGENC

UNDERSTANDING THE CUSTOMER DUE DILIGENCE FINAL RULE

BSA CDD/EDD and Beneficial Ownership and other BSA Hot Topics

Lawyer Insights. AML and Sanctions Compliance Issues Facing Cryptocurrency Companies. June 4, by Richard S. Garabedian and Shaswat K.

FinCEN Proposes to Expand Financial Institution Customer Due Diligence Requirements

BSA Regulatory Discussion on Emerging Issues. Salt Lake City ACAMS Chapter Meeting June 21, 2018

On May 11, 2016, in the wake of the

FinCEN's Customer Due Diligence Final Rule What You Need To Know

Beneficial Ownership Rules. Iowa Bankers Association

RE: Customer Due Diligence Requirements for Financial Institutions, Docket No. FINCEN

ACFE and ACAMS South Florida Chapter 2015 AML/Fraud Conference

Conducting KYC of Third Parties: Best Practices for Conducting Due Diligence

FinCEN s Customer Due Diligence Requirements: Final Rule. Washington Bankers Association October 6, 2017

Practical Suggestions for an Effective AML/OFAC Compliance Function

Prepare for Customer Due Diligence Final Rule

June 9, Ladies and Gentlemen:

BENEFICIAL OWNERSHIP REFERENCE GUIDE

Regulatory Notice 18-36

Sanctions Risk Management Symposium

Anti-Money Laundering. How to set up a strong Compliance Program

Implementing New CDD Rules for BSA Part I Legal Entities 2016

March 4, Dear Ms. Gottlieb:

New Bank Secrecy Act Beneficial Owners Rule May 2017

Developments in Anti-Money Laundering Regulation for Investment Advisers and Funding Portals. May 2016

TokenLot, LLC BSA Officer TokenLot, LLC Board of Directors

10 ESSENTIAL TERMS FOR BITCOIN REGULATION

Bank Secrecy Act & Anti-Money Laundering for Directors. Mike Lee Director of Regulatory Advocacy

BSA/AML Hot Topics and UIGEA Daniel Hastings Financial Institution Examiner - FDIC

BSA/AML & OFAC Volunteer Compliance Training. Agenda

CITIZENS, INC. BANK SECRECY ACT/ ANTI-MONEY LAUNDERING POLICY AND PROGRAM

Federal Reserve Bank of Dallas

How to Ace Your BSA Exam & Risk Assessment

Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Employee & Agent Training

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. ) ) ) ) ) ) ) ) ) )

Customer Identification Programs, Anti-Money Laundering Programs, and. Beneficial Ownership Requirements for Banks Lacking a Federal Functional

FINCEN S CUSTOMER DUE DILIGENCE AND BENEFICIAL OWNERSHIP RULE

for Boards 2015 Spring Leadership Development Conference

BSA/AML/OFAC for Bankers Jennifer Morrison Education Chair, COAFP for Buckeye Financial Forum, April 24, 2017

Bank Secrecy Act. Presented by: Martin (Marty) Mitchell, CRCM Managing Director, ProBank Austin

TRUST COMPANY BUSINESS

New Customer Due Diligence Rules for Beneficial Ownership: Implementation Game Plan

MODERNIZING ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING LAWS AND REGULATIONS. White Paper July

Anti-Money Laundering Primer for Health Insurers

Securities Industry Association Futures Industry Association

ANTI-MONEY LAUNDERING IN

UNITED STATES OF AMERICA DEPARTMENT OF THE TREASURY COMPTROLLER OF THE CURRENCY CONSENT ORDER

Financial Institutions Webinar: AML Regulation and Enforcement What to Expect, How to Prepare

Bank Secrecy Act Errors & Exceptions: How Does Your Credit Union Compare?

New Customer Due Diligence Rules for Beneficial Ownership: Implementation Game Plan

New Coordinates. Boards of Directors Face Growing AML Accountability By Saverio Mirarchi

Regulatory Compliance Update

FinCEN's Beneficial Ownership Rule: New Due Diligence Requirements for Customer Ownership and Control

Customer Due Diligence for Beneficial Owners. Othel Rife Risk Advisory Services Manager RSM US LLP

Bank Secrecy Act and OFAC Compliance Board of Directors Training

Beneficial Ownership NEW JERSEY BANKERS ASSOCIATION COMPLIANCE CONFERENCE JUNE 2017

Bank Of America Corporation Aml Policy Manual

Jamie L. Howell, CUCE

BSA Modernization Can Strengthen Law Enforcement and Ease Compliance

Foreign Vendor Due Diligence: Ensuring Banks Perform Sufficient Due Diligence When Contracting with Foreign Vendors

AML/CTF and Sanctions Policy

Proposed Special Measure Against Lebanese Canadian Bank SAL RIN 1506 AB11

2015 Bank Secrecy Act

Testimony of. John Lewis. Senior Vice President Corporate Affairs and General Counsel. United Nations Federal Credit Union.

5th Pillar Of AML Compliance Is Here, But Questions Remain

NFA Self-Exam Checklist - Futures Commission Merchants (FCMs Only)

IMPLEMENTING THE BENEFICIAL OWNERSHIP RULES. April 18, 2018 Charles Horn, Melissa Hall, Ignacio Sandoval

Bank Secrecy Act Examination Procedures. Sections 313, 314, and 319(b) of the USA PATRIOT Act (31 CFR , , , 103.

center/terrorist-illicit-finance/documents/national%20money%20laundering%20risk%20assessment%20%e2%80%93% pdf.

PROVIDING BANKING SERVICES TO MARIJUANA RELATED BUSINESSES UNDER I-502

Client Update FinCEN Issues New Rule Requiring Identification of Beneficial Owners and Risk- Based Customer Due Diligence

Beneficial Ownership and Due Diligence for Commercial Lenders NEW JERSEY BANKERS ASSOCIATION COMMERCIAL REAL ESTATE CONFERENCE JUNE 29, 2017

Bank Secrecy Act. CUNA Must Know Mondays. November 17, 2014

Bank Secrecy Act Hot Topics!

2018: The Year Ahead in AML Compliance

UNITED STATES OF AMERICA DEPARTMENT OF THE TREASURY FINANCIAL CRIMES ENFORCEMENT NETWORK

AGENT ANTI-MONEY LAUNDERING COMPLIANCE PROGRAM FOR MONEY ORDER SALES

Risk Management and Regulatory Examination/Compliance Seminar

UNITED STATES OF AMERICA DEPARTMENT OF THE TREASURY FINANCIAL CRIMES ENFORCEMENT NETWORK

BSA/AML Literacy Test 1

Opening Donation, Memorial & Other Accounts for Nongovernment Organizations (NGOs)

TRUST COMPANY BUSINESS

Bank Secrecy Act OFAC FinCEN

Note on the application of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

Anti-Money Laundering and Terrorist Financing Prevention Compliance Program Creation Guide

The Criminal Finances Act 2017: The Six Guiding Principles to Inform Prevention Procedures

Notice of Proposed Rulemaking Customer Due Diligence Requirements for Financial Institutions (RIN 1506-AB-25)

by: Stephen King, JD, AMLP

COMPLIANCE MANAGEMENT: THE ART OF BOARD REPORTING

Anti-Money Laundering and Terrorist Financing Prevention Compliance Program Creation Guide

Bank Secrecy Act. The board establishes adequate policies and procedures in accordance with anti-money laundering laws and regulations.

Anti-Money Laundering and U.S. Compliance

An Overview of FinCEN s Customer Due Diligence Rule

Federal Bank Secrecy Act / Anti-Money Laundering (BSA/AML) Oversight

Money Laundering and Terrorist Financing Risks in the E-Money Sector

Beneficial Ownership:

Submitted via web: November 2, Ms. Jennifer Shasky Calvery Director FinCEN P.O. Box 39 Vienna, VA 22183

UNITED STATES OF AMERICA DEPARTMENT OF THE TREASURY FINANCIAL CRIMES ENFORCEMENT NETWORK ASSESSMENT OF CIVIL MONEY PENALTY

Recent Developments on AML/CFT Rules and Enforcement Actions. Oliver Muñoz Esquivel Legal Advisor (CNV)

Transcription:

October 2016 FinCEN s New Customer Due Diligence Requirements and Their Impact on Community Banks On May 10, 2016, the Financial Crimes Enforcement Network ( FinCEN ) issued a final rule regarding customer due diligence ( CDD ) requirements for covered financial institutions (for this purpose, banks, securities firms including broker-dealers, mutual funds and futures commission merchants, as well as introducing brokers in commodities). 1 As a result, prior to the effective date of the final rule, covered financial institutions, including community banks, will need to evaluate and update their BSA/AML policies and, as necessary, update related procedures and systems to incorporate the expanded CDD requirements of the rule. The rule is consistent with federal banking regulators renewed emphasis on third-party risk and the importance of implementing due diligence procedures to assess such risk. 2 The CDD Rule The regulation creates a fifth pillar of a BSA/AML program. To maintain an adequate BSA/AML program under this new requirement, covered financial institutions must meet four elements of the regulation. These are: identifying and verifying the identity of customers, identifying and verifying the identity of beneficial owners of legal entity customers, understanding the nature and purpose of customer relationships, and conducting ongoing monitoring to maintain and, on a risk basis, update customer information and to identify and report suspicious transactions. The first element identifying and verifying the identities of customers is already addressed within the Customer Identification Program rules ( CIP ). The three remaining elements would be addressed by two rule changes: (1) The implementation of a specific requirement to collect beneficial ownership information on the natural person behind legal entities, subject to specific exemptions; and (2) the addition of explicit CDD requirements that would address understanding the nature and purpose of customer relationships and conducting ongoing monitoring. Community banks already identify and verify the identities of customers consistent with their CIP obligations. The rule, however, also modifies an existing BSA pillar by requiring banks to risk-weight new customers, rather than just using customer identifications to verify their identities. In addition, covered financial institutions must have a well- 1 See: https://www.hunton.com/files/news/41852c69-4fe2-4ad8-967d 9703dc3c048e/Presentation/NewsAttachment/2acfbfc6-498f-4a84-9311-97605acfc83b/fincen-expands-customerdue-diligence-requirements-june2016.pdf 2 FinCEN indicated that although the rule would not initially apply to other firms that currently or in the future may be required to have BSA/AML programs, such as money services businesses, FinCEN is considering extending CDD requirements to such firms in the future. 1

developed understanding of the nature and purpose of their relationships and monitor for any suspicious activity. Even if a bank has familiarity with its clients and customers, banks will now have to develop customer risk profiles and conduct ongoing monitoring of existing customers. Beneficial Ownership Rules FinCEN is imposing a new requirement that financial institutions identify the beneficial owners of legal entity customers, subject to certain exceptions. For these purposes, beneficial owners are identified by obtaining a certification form directly from the individuals opening the new account of the legal entity customer. The definition of beneficial owner for BSA/AML purposes is the natural person(s) who ultimately owns or controls the customer and/or the person on whose behalf a transaction is being conducted. It also incorporates those persons who exercise ultimate effective control over a legal person or arrangement. FinCEN s goal is to capture both the concept of ownership and that of effective control. FinCEN then goes on to say, however, that the standards in the final rules are minimum standards. Therefore, beneficial ownership should be verified consistent with the bank s existing CIP practices. Under current rules, a financial institution must obtain beneficial ownership information if it offers foreign private banking accounts or correspondent accounts for foreign financial institutions. The final regulations reflect a two-prong definition of beneficial owner. The prongs are: Ownership Prong: Each individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25% or more of the equity interests of a legal entity customer; and Control Prong: An individual with significant responsibility to control, manage or direct a legal entity customer, including (A) an executive officer or senior manager (e.g., a chief executive officer, chief financial officer, chief operating officer, managing member, a general partner, president, vice president, or treasurer); or (B) any other individual who regularly performs similar functions. 3 Each prong is intended to be an independent test. Thus, a financial institution must identify each individual who owns 25% or more of the equity interests. Conversely, there may be no beneficial owners at the 25% or more level. Again, these are minimum requirements. In cases where an individual is both a 25% owner and meets the definition for control, that same individual could be identified as the beneficial owner under both prongs. This could create a challenge where an individual is a beneficial owner for one business under the control prong and a beneficial owner for another business under the ownership prong. Like other covered financial institutions, community banks if they do not do so already will have to apply an additional level of scrutiny to the account opening process for legal entity customers and document the beneficial ownership information. Training will need to be conducted to ensure all account opening personnel have a good understanding of the twoprong beneficial ownership tests and how to apply those tests during the initial account opening discussions. Beneficial ownership certification forms will have to be completed at the time of account opening. Depending on the complexity of their customers business structures, banks are faced with an increased burden to actively monitor beneficial owners and evaluate their risk on a going-forward basis. Understanding the Nature and Purpose of Customer Relationships The rules now provide that the financial institution must understand the nature and purpose of customer relationships in order to develop a customer risk profile. In such context, FinCEN believes that it is well understood that a bank should obtain information at account opening sufficient to develop an 3 The certification form is no longer mandatory. A covered financial institution may substitute its own form provided the individual certifies the information. 2

understanding of normal and expected activity for the customer s occupation or business operations. This quote comes from existing BSA/AML examination guidance. FinCEN notes, however, that in some circumstances, an understanding of the nature and purpose of a customer relationship can also be developed by inherent or self-evident information about the product or customer type or basic information about the customer. Such basic information that FinCEN notes could be telling include annual income, net worth, domicile, or principal occupation or business. For existing long-standing customers, the financial institution already may have a robust history of activity that could be highly relevant in understanding future expected activity or for purposes of detecting aberrations. Significantly, FinCEN states that this aspect of CDD applies to all accounts and not just to customers for CIP purposes. Thus, the exemptions referenced in the definition used for CIP would not apply. Monitoring FinCEN intends for the monitoring element to be consistent with current suspicious activity reporting and BSA/AML program requirements. FinCEN believes that conducting ongoing monitoring is implicit in the requirement to file SARs. The BSA/AML manual notes that the internal controls of a bank s BSA/AML program should provide sufficient controls and monitoring systems for timely detection and reporting of suspicious activity. There is no periodic requirement to update information. Instead, when a financial institution becomes aware of information relevant to assessing the risk posed by a customer, it is expected to update the customer s relevant information accordingly. The BSA/AML Manual provides that CDD processes should include periodic risk-based monitoring of the customer relationship to determine whether there are substantive changes to the original CDD information (e.g., change in employment or business operations). Implementation of the CDD Rule for Community Banks In its final rule, FinCEN took pains to point out that these pillars are really not new in that most financial institutions are already employing most, if not all, of such elements in their BSA/AML program. Nonetheless, the final rule does add a requirement to understand the nature and purpose of customer relationships, conduct ongoing due diligence and update information, and identify the beneficial owner of business clients. While the formal implementation date is not required until May 11, 2018, community banks should begin revising their BSA/AML programs sooner rather than later, especially because FinCEN believes that much of the final rule reflects existing regulatory expectation and practices. There is a view that community bank risk profiles are such that implementation of the final rule should be less burdensome on them than at the larger banks because of the following assumptions: community banks tend to have fewer commercial clients than the big banks (and those commercial client community banks are likely to have simpler beneficial ownership structures); community banks tend to have less client turnover and those clients likely require fewer reviews to reassess their BSA/AML risk profiles; and community banks already know their customers better than their larger counterparts. Notwithstanding this generalized view and given their resources compared with some of the larger banks, community banks in particular may have to make detailed changes to their anti-money laundering policies, procedures, technology and documentation files. For that reason, preparation should begin now to train staff in the new requirements and to execute them on time. As noted, the essence of the final rule is that it requires bank employees to identify the beneficial owners of legal entity customers. Determination of who exercises control of a business, however, often requires a complex legal analysis. Indeed, this assessment will require employees to have a fundamental understanding of the variety of legal structures to determine the right information to collect or to help the customer know what to provide. This may require extensive training for those employees who open deposit or loan accounts for commercial customers. Banks will also incur additional costs for account 3

opening platforms to be able to process the new forms and integrate the information into existing systems. Although third-party vendors are likely to provide most institutions particularly small community banks with the necessary software to comply with the proposed rule, banks will incur additional costs to purchase or license the software. In addition, all institutions will need to adapt and adjust the software and test it for compatibility with existing systems, which takes time by IT, compliance and line-of-business employees. FinCEN asserts that, because financial institutions have been subject to CIP rules for more than ten years, they should be able to leverage these procedures in complying with these new requirements. This underestimates the impact the proposed CDD rule would have on account opening procedures and BSA/AML monitoring. When a financial institution collects additional information about its customers, regulators will expect new procedures and controls to be established to track and process that information. These aspects of an institution s compliance program are particularly important because internal controls are one of the four pillars of an anti-money laundering compliance program. It will take time for banks to identify affected policies and procedures and ensure appropriate updates are implemented. For example, one issue that community banks identified in comments to the proposal is the need to develop software that allows them to not merely identify but track beneficial owners. Not all community bank IT systems identify or track these individuals. Therefore, at a minimum, all financial institutions will have to build or refine their software systems (or purchase in some cases) to track beneficial ownership information. And once tracking systems are developed or added into existing systems, all the new data processing capacity will have to be integrated into other systems, such as SAR monitoring and CTR reporting programs. In this regard, there are at least three areas that community banks can and should implement now: Update their BSA/AML risk assessment. A core component of any BSA/AML program is a risk assessment. Community banks should update their BSA/AML risk assessment program to reflect the requirements of the final rule. Among other things, banks should ensure their risk assessments take into account information received through beneficial ownership collection (e.g., a low-risk domestic entity is majority owned by a foreign entity in a high-risk jurisdiction). On a risk basis, monitor for material deviations from expected or usual account activity. The purpose behind the requirement to develop a customer risk profile is so banks can allocate monitoring resources efficiently and tailor their monitoring to better detect potentially suspicious activity (i.e. material deviations from expected or routine activity). Banks should have policies and procedures for allocating monitoring resources to, and tailoring monitoring strategies for, specific customer risk profiles typologies. Incorporate new definitions in their risk-based analysis. The customer due-diligence rules also adopt a few new definitions. A legal entity under the rules includes corporations, partnerships, limited partnerships, and limited-liability corporations and partnerships; corporate entities that require a filing with a state secretary of state or other officer; and any corporate entity chartered in a foreign country that does business in the United States. Under the rules, an account means a loan, deposit or any other service for which the bank establishes a contractual relationship with the legal entity. It is well established that banks must have a written CIP that allows them to form a reasonable belief that they know the true identity of each customer. The CIP is part of the bank s general know your customer requirement, which also includes enhanced due diligence requirements in certain situations. The new requirements effectively require banks to modify their policies and procedures to engage in enhanced due diligence for their customers and accounts they maintain, which will require banks to obtain additional customer information and conduct additional monitoring. This additional information could include: the source of the funds and wealth; 4

the customer s occupation or type of business; financial statements; references; the domicile of the business; the proximity of the customer s residence, place of employment, or place of business to the bank; a description of the customer s primary trade area and whether international transactions are expected to be routine; a description of the business operations, the anticipated volume of currency and total sales, and a list of major customers and suppliers; and explanations for changes in account activity. Although third-party vendors are likely to provide most institutions particularly small community banks with the necessary software to comply with the proposed rule, community banks have other reasons to collect beneficial information that can provide additional efficiencies and reduce costs. Beneficial ownership information can be critical to addressing risks posed by OFAC and FCPA deficiencies or violations that can, and have, resulted in serious enforcement actions for failure to address or mitigate these risks. To the extent an account holder engages in international transactions, financial institutions often need to know the beneficial owners of the account holder in order to comply with OFAC sanction requirements or to conduct meaningful due diligence of the account. From an FCPA perspective, a company or bank may have to identify the beneficial owners of its third-party intermediaries. Conclusion In sum, the new requirements pose challenges for community banks in particular and will require additional and early preparation (and training) in order for them to meet their obligations under the new CDD rules. In some cases, community banks may deem it necessary to overhaul their compliance policies and procedures to account for these new requirements. In other cases, depending on how robust their compliance programs and the scale of their operations, they may only need to make modest changes. In either case, there are synergies associated with the new rule s requirements that can be leveraged as part of the bank s OFAC and FCPA compliance programs, ultimately enhancing a bank s BSA/AML program. Contacts Peter G. Weinstock pweinstock@hunton.com Shaswat (Shas) K. Das sdas@hunton.com John J. Delionado jdelionado@hunton.com Carleton Goss cgoss@hunton.com 5

Peter G. Weinstock, John J. Delionado, Shaswat K. Das and Carleton Goss are attorneys in the corporate and litigation teams at Hunton & Williams LLP. This article presents their views and does not necessarily reflect those of Hunton & Williams or its clients. The information presented is for general information and education purposes. No legal advice is intended to be conveyed; readers should consult with legal counsel with respect to any legal advice they require related to the subject matter of the article. They may be reached at (214) 468-3395, (305) 536-2752, (202) 955-1520, or (214) 468-3330, or pweinstock@hunton.com, jdelionado@hunton.com, sdas@hunton.com, or cgoss@hunton.com, respectively.. Attorney advertising materials. These materials have been prepared for informational purposes only and are not legal advice. This information is not intended to create an attorney-client or similar relationship. Please do not send us confidential information. Past successes cannot be an assurance of future success. Whether you need legal services and which lawyer you select are important decisions that should not be based solely upon these materials. 6

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback