FinCEN’s Proposed Customer Due Diligence Requirements

FinCEN’s Proposed Customer Due Diligence Requirements

The Financial Crimes Enforcement Network (FinCEN) has issued a proposed rule adding new customer due diligence (CDD) requirements, including a requirement to identify the beneficial owners of commercial account customers. The proposal stems from FinCEN’s advance notice of proposed rulemaking from March of 2012. Though FinCEN held five public hearings and received ninety comments on the advance notice, the proposed rule is similar to what was proposed in the advance notice. One significant change is that the proposed rule will not apply to trust customers, as was suggested in the advance notice.

Currently, financial institutions are required to identify beneficial owners of accounts in two limited situations — for private banking accounts and correspondent accounts of foreign financial institutions. Under the proposed rule, financial institutions will have to identify and verify the identity the beneficial owners of all of their legal entity accounts, as described below.

Identifying and verifying the identity of beneficial owners and legal entity customers

The proposed rule imposes two new requirements: to (1) identify and (2) verify the beneficial account owners. This requirement applies only to your “legal entity customers,” a term that FinCEN defines to include corporations, limited liability companies, partnerships, and similar business entities (with several exemptions enumerated in the rule — for example, several exemptions apply to entities regulated by the SEC or CFTC).

The first new requirement is to identify “beneficial owners” of legal entity accounts. The proposed definition of a “beneficial owner” includes two prongs — an ownership prong and a control prong. Under the ownership prong, financial institutions must identify each individual, if any, who directly or indirectly owns 25% or more of the legal entity’s stock or equity interests. Under the control prong, financial institutions must identify a single individual with “significant responsibility to control, manage, or direct” the legal entity customer, such as an executive officer or senior manager. As a result, at least one, and up to five, beneficial owners could be identified for any legal entity customer.

To comply with the identification requirement, the proposed rule requires financial institutions to obtain a standard certification form (Appendix A) on which its customers will identify their beneficial owners. However, the rule does not state that a financial institution may rely on the certification form. FinCEN noted that it “expects financial institutions to be able to rely generally on the representations of the customer when answering the financial institution’s questions about the individual persons behind the legal entity” — but the rule text itself does not confirm that a financial institution may rely on a customer’s certification form.

The second new requirement is to verify the beneficial owners’ identities under your existing Customer Identification Program (CIP) procedures. Note that the rule does not require you to verify that those individuals are in fact beneficial owners — the requirement is to verify each beneficial owner’s identity, not the beneficial owner’s status.

Expanded anti-money laundering (AML) program requirements

The proposed rule also expands FinCEN’s current AML program requirements, adding new language codifying FinCEN’s existing expectations. Those expectations include implementing internal controls, conducting independent testing, designating individuals responsible for compliance, training, and conducting ongoing customer due diligence — which should include developing customer risk profiles and monitoring for updated customer information and suspicious activities. Because these elements should already be included in a financial institution’s current suspicious activity reporting and AML program, FinCEN says financial institutions should not have to take any new actions to comply with these changes.

Effective Date

The proposal states that the final rule’s effective date will be one year after the final rule is issued, meaning that financial institutions will have one year to implement the final requirements. Note that the new requirements will apply only to accounts that are opened after the final rule takes effect.

Comments

Comments on the proposed rule are due by October 3, 2014.