buckle-upThere are a lot of good safety ideas out there: wear a helmet while riding a bike, don’t stand on swivel chairs, wear sunscreen, etc. Many of these are unenforced, common sense rules, but some of them graduate into law. For example, depending on which state you live in, not wearing a seatbelt could have some serious legal consequences where once it was merely a really bad idea.
Similarly, financial institutions are subject to a myriad of good ideas that range from what the industry calls “best practices” to full-blown regulatory requirements. Customer due diligence is one of those “seatbelt” ideas that is potentially in transition from guidelines to law.
Previously, FinCEN identified what it considers to be the four pillars of effective customer due diligence. These pillars are:

  1. Identifying and verifying the identity of customers/members;
  2. Identifying and verifying the identity of beneficial owners of legal entity customers/members;
  3. Understanding the nature and purpose of the customer/member relationship; and
  4. Conducting ongoing monitoring to maintain and update customer/member information and to identify suspicious activity.

The proposed rule would incorporate each of the above pillars into the regulatory customer due diligence requirements. Since identifying and verifying the identity of customers/members (Pillar #1) is already specifically incorporated into the regulatory requirements, the proposed rule focuses on the other three pillars. Let’s take a look at the proposed changes.
For pillars 3 and 4, there is really nothing new. As key factors to identifying suspicious activity, financial institutions have long been required to understand expected customer/member activity, to develop customer/member risk profiles, and—based on that information—monitor account activity for unusual or suspicious transactions. The proposed rule is just incorporating these program guidelines expressly into the regulation.

Operational Changes for Beneficial Owners

Pillar #2 is where you will want to focus your attention. FinCEN is proposing a new requirement that financial institutions identify the natural person or persons who are the beneficial owners of your legal entity customers/members. You would be required to verify the identity of beneficial owners, but are not expected to verify their status as beneficial owners. For that, you may rely on the information provided by the customer/member.
A legal entity is defined as a corporation, limited liability corporation, partnership or other similar business entity (either domestic or foreign) that opens a new account after the implementation date of the final rule. You would not be required to apply this new requirement to existing accounts, although FinCEN encourages financial institutions to update existing records with this information over time.

The Two Prongs

The proposed rule defines a beneficial owner as having two aspects or, to use the language in the proposed rule, two “prongs.” The first prong is the “ownership” prong. An individual is a beneficial owner if he or she, directly or indirectly, through any contract arrangement, arrangement or understanding, relationship, etc., owns 25% or more of equity interest in the legal entity customer/member. Equity interest could include shares or stock in a corporation, membership interests in an LLC, and other similar types of interests in a legal entity. To satisfy the ownership prong, you would be required to identify each individual who owns at least 25% ownership in the entity.
The second prong is the “control” prong. An individual is a beneficiary owner if he or she has significant responsibility to control, manage, or direct the legal entity customer/member. This would include an executive officer or senior manager or any other person who performs similar functions. For the control prong, you would be expected to identify at least one individual. Both prongs could identify the same person or persons. In addition, you would be expected to look beyond any corporate parent companies or holding companies that may exist in order to identify a natural person beneficial owner, no matter how far removed that natural person may be.
FinCEN points out in the proposed rule that these requirements represent the minimum standards, but a financial institution may set more stringent standards, such as identifying all equity owners with at least a 10% ownership interest.

Exemptions from the Beneficial Ownership Requirement

The proposed rule identifies certain types of legal entities that are exempt from the beneficial ownership requirement. First, customers/members that are currently exempt from CIP requirements, such as federally-regulated financial institutions (banks, credit unions, broker/dealers in security funds, mutual funds, futures commission merchants), publicly held companies traded on certain U.S. stock exchanges, domestic government agencies, etc. are also exempt from the beneficial owner requirements. In addition, the proposed rule identifies a long list of other legal entities that would be exempt because the beneficial ownership information is either available from another source or is not applicable, such as for non-profit charitable organizations. Trust accounts would, also, not be subject to the proposed beneficial owner requirements. Special rules would apply if the customer/member is an intermediary.
Standard Certification Form— To facilitate compliance with identifying the beneficial owner, FinCEN is proposing the use of a Standard Certification Form that would be completed and signed at the time the account is opened. You would then need to verify the identity, but not the status, of each beneficial owner in accordance with your existing CIP program. FinCEN encourages financial institutions to keep this information as current as possible, but does not impose any specific updating requirements.
Record Retention— In accordance with existing requirements, you would be required to retain the Standard Certification Form and other identification information for a period of five years after the account is closed and retain the document or information relied on for verification of identity for a period of five years after the record is made. Internal policies would need to state how any discrepancies in verifying the information would be handled.
As you can see, in most cases, the proposed rule just incorporates and clarifies previous guidance, with one major exception: it would add a new requirement regarding a financial institution’s duty to identify the beneficial owners of legal entities. Once the comment period has ended (10/3/14) and a final rule is issued, the proposed rule provides for an effective date of one year from the date the final rule is issued.
Whether or not this “seatbelt” concept remains a good idea or law, it may be a good time to evaluate your customer due diligence practices to see how they measure up.
For the full text of the proposed rule, see: http://www.fincen.gov/statutes_regs/files/CDD-NPRM-Final.pdf