August 5, 2014
On July 30, 2014, the Financial Crimes Enforcement Network (FinCEN) issued a long-awaited Notice of Proposed Rulemaking (NPR), which would, as expected, mandate a beneficial ownership requirement as a key component of customer due diligence. The rule, if adopted, would also add a fifth pillar of AML compliance, which would require covered financial institutions to understand the nature and purpose of their customer relationships and conduct ongoing monitoring. The NPR is open for comment for 60 days following its publication in the Federal Register. The effective date of the requirements would be one year from the date a final rule is issued.
The last (2006) Mutual Evaluation Report (MER) by the Financial Action Task Force of the U.S. anti-money laundering regime rated the United States only partially compliant with customer due diligence standards and specifically cited the nation’s stance on beneficial ownership as noncompliant.
In March 2010, FinCEN, the federal bank regulators and the U.S. Securities and Exchange Commission (SEC), in consultation with the Commodity Futures Trading Commission (CFTC), issued guidance (“Guidelines”) to the financial services industry to clarify the regulators’ expectations for obtaining beneficial ownership information for certain types of accounts and customers. The Guidelines suggested that financial institutions take a risk-based approach to determining when beneficial ownership information should be obtained and did not prescribe specific conditions (apart from USA PATRIOT Act requirements to obtain beneficial ownership information in the case of certain private banking and correspondent banking arrangements) or levels of ownership that would trigger the need to obtain beneficial ownership information.
Nearly two years later, in February 2012, FinCEN issued an Advanced Notice of Proposed Rulemaking (ANPR), which would have established a common, prescriptive definition of a beneficial owner and would have mandated collection of beneficial ownership information, rather than leaving the decision to the discretion of an individual financial institution. The ANPR was presumably prompted by FinCEN’s belief that more explicit rules were required to clarify and strengthen due diligence requirements for beneficial owners.
In reaction to industry concerns expressed during the comment period for the ANPR, FinCEN engaged in an active industry outreach program that included hosting five roundtable meetings across the country to gain additional insights on current industry practices for obtaining information on beneficial owners, challenges, and potential costs.
In June 2013, the United States also committed to the G-8 Action Plan for Transparency of Company Ownership and Control, which advocates a number of core principles aimed at transparency of ownership and control of companies and legal arrangements.
This history led to the NPR issued in July 2014, the outcome of which will undoubtedly be an important area of review in the next MER of the United States, which is scheduled for late 2015/early 2016.
Summary of the NPR
In the preamble to the NPR, FinCEN states its belief that an effective customer due diligence (CDD) program must include, at a minimum:
- Identifying and verifying the identity of customers;
- Identifying and verifying the identity of beneficial owners of legal entity customers;
- Understanding the nature and purpose of customer relationships; and
- Conducting ongoing monitoring to maintain and update customer information and identify and report suspicious transactions.
FinCEN notes that the first element of CDD is already addressed by existing customer identification program (CIP) requirements and indicates that its intent in the NPR is to address the remaining three minimum elements. FinCEN does acknowledge, however, that elements 3 and 4 are also consistent with current regulatory expectations, but expresses the view that there is value in clearly articulating these four CDD principles in a single framework.
The NPR would require that “covered financial institutions” identify “beneficial owners” of new “legal entity customers” subject to certain exemptions explained below. “Covered financial institutions” are currently defined as those financial institutions subject to CIP requirements (banks, broker-dealers, mutual funds, future commission merchants and introducing brokers in commodities) but, prospectively, according to the NPR, this definition could be expanded to include other types of financial institutions such as money services businesses and insurance companies. Although the focus of the NPR is on obtaining beneficial owner information for new legal entity customers, FinCEN specifically is requesting comments on whether the beneficial ownership requirements should be applied retroactively to existing clients.
The NPR uses a two-prong concept – ownership and effective control – by defining a “beneficial owner” as a natural person, not another legal entity, who meets the following criteria:
- Ownership Prong: Each individual, up to four, who owns, directly or indirectly, 25 percent or more of the equity interest in a legal entity customer; and
- Control Prong: At least one individual who exercises significant managerial control (e.g., a C-suite executive) over the legal entity.
In cases where an individual is both a 25 percent owner and meets the control definition, that same individual can be defined as a beneficial owner under both prongs. From an industry perspective, the second prong improves upon the definition in the ANPR. The earlier definition would have required the identification of the individual who had “greater responsibility than any other individual.”
Financial institutions would be able to meet the beneficial ownership identification requirement by obtaining a standard certification form at the time a new account is opened (which would include basic CIP elements). Acceding to comments from the industry that verifying the status of a beneficial owner would be prohibitively costly and often impractical, the NPR would not require covered financial institutions to verify that the natural persons identified on the form are, in fact, the beneficial owners.
The NPR defines “legal entity customers” to include corporations, limited liability companies, partnerships or similar business entities formed under the laws of a state of the United States or a foreign jurisdiction. In response to industry requests that certain customers be exempt from the beneficial ownership requirement, the NPR does provide some relief. It would not require identification of beneficial owners of legal entities that are exempt under the CIP rule or identification of beneficial owners of certain other legal entities where ownership information is generally available, such as investment advisers, majority-owned subsidiaries of publicly traded companies, and charities and non-profits. Most trusts would also be excluded from the beneficial ownership requirement, partially in acknowledgement of the actions already taken by the industry to collect information about the various parties that may be involved in trust arrangements. The NPR also makes it clear that covered financial institutions would not be expected to identify the beneficial owners of underlying customers in the case of correspondent and other intermediary relationships, but does remind the industry of the need to perform proper due diligence of the financial institution’s direct customer and the risk posed by its direct customer’s underlying clients.
The NPR indicates that beneficial ownership information should be updated using a risk-based approach, but requests specific comment on whether setting a mandated timeframe for updating would result in better, more reliable information. The NPR permits reliance on other financial institutions for beneficial ownership information subject to the same conditions that allow for CIP reliance and requires that all information gathered to comply with the beneficial ownership requirements be maintained for five years from the date an account is closed.
Understanding the Nature and Purpose of Customer Relationships
This element of CDD requires covered financial institutions to understand the nature and purpose of a customer relationship in order to develop a customer risk profile. The NPR specifically seeks comments on whether there is a need to define “customer risk profile” to ensure clarity on what that term means. The NPR acknowledges that it is industry practice to gain an understanding of how a customer is expected to use an account and indicates that it does not expect financial institutions to ask each and every customer for a statement of the nature and purpose of an account, recognizing that this information can often be intuitively derived. However, it does caution about the potential need to update a financial institution’s understanding in circumstances where activity may vary over time as well as the need to gain an understanding of the nature and purpose of an account, even for those customers that are CIP-exempt.
Conducting Ongoing Monitoring
The final element of CDD requires financial institutions to conduct ongoing monitoring for the purposes of maintaining and updating customer information and identifying and reporting suspicious activity. The NPR also acknowledges that financial institutions already engage in ongoing monitoring to meet existing obligations. Similar to the nature and purpose requirement discussed above, the NPR also reminds the industry that CIP-exempt customers should not be excluded from monitoring.
The Fifth Pillar
Collectively, the nature and purpose and ongoing monitoring requirements would be considered the fifth pillar of an AML compliance program, supplementing the four existing pillars: designation of an AML compliance officer, a system of internal controls, training and independent testing. While designating these activities as components of a fifth pillar highlights them and perhaps suggests some level of heightened enforcement, most would likely agree that they have always been considered important elements of the system of internal control.
Next Steps for the Industry
The proposed rule, if adopted, will require changes to financial institution policies and procedures, including account opening and customer onboarding procedures for legal entity customers and, potentially, changes to risk assessment methodologies. It will also require updating training and awareness programs, particularly for individuals who interact directly with clients and have responsibilities related to client onboarding.
The extent of change required will probably vary by type and size of institution, since many institutions have already implemented beneficial owner requirements over the course of the last several years while this topic has been debated. Nonetheless, it will be important for individual institutions to review the specific requirements of the proposal to determine the impact and for the industry as a whole to gain an understanding of the potential consequences of FinCEN’s adding a fifth pillar of AML compliance.