Complying with FinCEN’s Customer Due Diligence Requirements: Check for a PULSE
May 11, 2018, was the effective date of FinCEN’s new Customer Due Diligence Requirements for Financial Institutions (the “Rule”) and banks, broker-dealers, mutual funds and other covered financial institutions subject to the Rule must ensure that their internal policies and procedures have been brought into compliance. In basic terms, the Rule requires covered financial institutions to obtain and verify the identities of natural persons who own or control legal entity customers. As at least one commenter has noted, the Rule essentially requires financial institutions to “find the beating heart” in each corporate account as part of the regulatory effort to prevent potential bad actors from accessing and abusing the financial system anonymously.
How will your financial institution find the beating hearts within its corporate clients? You may recall a simple way to determine whether a human heart is beating: check for a pulse. When assessing your organization’s compliance with the Rule, check for a PULSE: Procedures, Uncover beneficial owners, Legal entities, Services sought and Exclusions as described below.
Prior to the Rule’s effectiveness, FinCEN regulations required covered financial institutions (“CFIs”) to maintain anti-money laundering (“AML”) programs incorporating four core pillars: internal controls, independent testing, a designated compliance official and employee training. The Rule explicitly creates a fifth AML program pillar that requires CFIs to implement and maintain appropriate written risk-based procedures for conducting ongoing customer due diligence. The AML procedures must be reasonably designed to identify and verify the beneficial owners of each legal entity customer at the time of account opening unless an exclusion or exemption applies to the customer or the customer account.
You must ensure that your institution’s AML program has been amended, in writing, to include risk-based procedures for conducting ongoing due diligence. The procedures must be designed to help the institution understand the nature and purpose of customer relationships and to conduct ongoing monitoring to identify and report suspicious transactions. The customer due diligence procedures must also provide for the updating and maintenance of customer information on a risk-based basis.
Uncover Beneficial Owners
The Rule requires CFIs to follow its written procedures to (1) identify the beneficial owner(s) of each legal entity customer at the time a new account is opened, and (2) verify the identity of each beneficial owner identified to the CFI.
The Rule sets forth two types of beneficial owners in its customer identification requirements: individuals who meet the test for “ownership” and individuals who meet the test for “control:”
- Ownership: Identify each individual who, directly or indirectly, owns 25% or more of the equity interests of a legal entity customer as a beneficial owner. Up to four individuals may be required to be identified under this beneficial ownership prong.
- Control: Identify at least one individual with significant responsibility to control, manage or direct the legal entity customer (such as a Chief Executive Officer, Managing Member, General Partner or other such individual acting in an executive officer or senior management position). Generally, at least one beneficial owner must be identified for each legal entity with respect to the control prong.
In practice, for any legal entity customer, between one (i.e. no persons meet the 25% equity ownership interest threshold, one control person must be identified) and five (i.e. four persons each own 25% of the equity plus one control person) beneficial owners must be identified.
The identity of each beneficial owner must be verified to the extent reasonable and practicable. At a minimum, identity verification procedures must contain the elements currently existing in the CFI’s customer identification program, including collecting customer information directly from the entity and using other documentary methods to confirm the accuracy of the responsive information. The Rule does not require institutions to conduct independent research into the accuracy of information supplied by legal entity customers as long as the CFI has no knowledge of facts that would reasonably call into question the information’s reliability.
Ensure that your institution properly conducts customer due diligence on those entities meeting the Rule’s definition of a legal entity customer. A “legal entity customer,” subject to exclusions described below, is defined as a corporation, limited liability company, general partnership, and any other entity created by filing a public document with the secretary of state or similar office, such as a business or statutory trust. The definition also includes similar business entities formed in a foreign country. Keep in mind that legal entity customers do not include, for example, other types of business organizations such as sole proprietorships, unincorporated associations, estate planning trusts, or natural persons opening accounts on their own behalf.
Because the Rule requires CFIs to conduct risk-based procedures for customer due diligence, there may be circumstances when an institution could determine that collection and verification of beneficial ownership information at a lower threshold than the statutorily prescribed 25% ownership may be warranted based on the CFI’s own assessment of its risk relating to its customer.
Consider the type of services or transactions requested by the legal entity. Your institution could, for example, determine that the decision to lend to a newly formed entity with a complex ownership structure that is seeking to secure a very sizable loan merits an investigation into the owners of 10% or even 5% of the equity interest in the legal entity.
Exclusions and Exemptions
Your customer due diligence procedures should take care to determine whether an exclusion or exemption to the Rule applies to (1) the legal entity itself and (2) the type of customer account. The Rule provides a number of exclusions for certain entities based on the determination that, because the beneficial ownership information is available from other reliable sources, it is not necessary for the CFI to reconstruct that information for the entity at account opening. Publicly-traded U.S. companies are excluded, as well as regulated financial institutions and companies with common stock or equity interest listed on the New York, American or Nasdaq stock exchanges. CFTC-registered entities, state-regulated insurance companies and U.S. entities with at least 51% of its common stock or analogous entity interest held by a listed entity are also excluded.
Certain types of accounts are also exempt from the Rule’s identification and verification requirements. Subject to certain limitations, legal entity customers that are at the point-of-sale to provide credit products for the purchase of retail goods or services at a retailer may be exempt. In addition, subject to limitations, financings of the purchase or lease of equipment for which payments are sent directly by the CFI to the vendor may also be exempt.
If you have any questions concerning the material discussed above, please contact Frank A. Mayer, III at 610.205.6007, Stephanie R. Hager at 610.478.2088 or the Stevens & Lee attorney with whom you regularly work.
This News Alert has been prepared for informational purposes only and should not be construed as, and does not constitute, legal advice on any specific matter. For more information, please see the disclaimer.