On July 30, 2014, the Financial Crimes Enforcement Network (FinCEN) issued proposed rules under the Bank Secrecy Act (BSA) to strengthen customer due diligence (CDD) obligations within the BSA anti-money laundering (AML) regime. The proposal would apply to financial institutions that are subject to a customer identification program (CIP) requirement under FinCEN’s regulations (i.e., banks, broker-dealers, mutual funds, futures commission merchants and introducing brokers in commodities, collectively referred to as “covered financial institutions”). FinCEN, which developed the proposal in consultation with the Department of Justice and the federal functional regulators, explained that the proposal would help to “enhance financial transparency and safeguard the financial system against illicit use.”[1]
In its explanation of the proposal, FinCEN states that CDD consists of: (i) identifying and verifying the identity of customers; (ii) identifying and verifying the identity of the natural persons who own or control legal entity customers (known as “beneficial owners”); (iii) understanding the nature and purpose of customer relationships; and (iv) conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions. FinCEN notes that the first element (identifying and verifying customer identity) is already included in FinCEN’s AML regulations. To clarify FinCEN’s existing expectations for financial institutions, the proposal would explicitly codify the third and fourth elements of CDD: understanding the nature and purpose of customer relationships, and conducting ongoing monitoring. FinCEN explains that this aspect of the proposal is intended to be consistent with existing AML regulations and guidance. In addition, the proposal would establish a new requirement that covered financial institutions know and verify the identity of the beneficial owners who own or control an institution’s legal entity customers. Thus, the proposal would amend FinCEN’s regulations so that each of these “pillars” of CDD “is explicitly referenced in a corresponding requirement within FinCEN’s program rules.”
Under the proposal, covered financial institutions would be required to know and verify the identity of the beneficial owners of legal entity customers, subject to certain exemptions. “Beneficial owner” would be defined to mean (i) each person who owns 25 percent or more of the equity interests of a legal entity customer (the “ownership prong”); and (ii) a single individual “with significant responsibility to control, manage, or direct a legal entity customer” (the “control prong”).
Under the ownership prong, a financial institution would be required to identify no more than four individuals (and would not be required to identify anyone if no individual owns 25 percent or more of the equity interests of the legal entity customer). Financial institutions would have flexibility under the control prong to identify a single individual with significant managerial control, such as “a President, Chief Executive Officer or other senior executive, or any other individual acting in a similar capacity.” Each prong is an independent test, but FinCEN notes that an individual could be identified as a beneficial owner under both prongs if that individual is both a 25 percent owner and satisfies the control prong.
The proposed definition of “legal entity customer” would include corporations, limited liability companies, partnerships or other similar business entities (formed under either U.S. or foreign laws), that open a new account after the final rule takes effect. FinCEN states that it would interpret the term to exclude trusts other than those that are created through a filing with a state (e.g., statutory business trusts). In addition, the definition would specifically exclude all types of entities that are exempt from CIP requirements (e.g., federally regulated banks and other persons excluded from the definition of “customer” under FinCEN’s rule), as well as certain other entities whose beneficial ownership information “is generally available from other credible sources” (e.g., majority-owned domestic subsidiaries of an entity whose securities are listed on a U.S. stock exchange).
Covered financial institutions would be required to collect beneficial ownership information on a standard certification form and to verify the identity of each person listed as a beneficial owner through risk-based methods comparable to existing CIP procedures (e.g., by reviewing a driver’s license or other identifying document). Notably, the proposal would not require financial institutions to verify the listed person’s status as a beneficial owner. Thus, there would be no requirement to determine whether a person does in fact own or control a legal entity customer. FinCEN explained that financial institutions would be permitted to rely on a customer’s representations and that it “did not expect financial institutions – or customers – to undergo complex and exhaustive analysis to determine with legal certainty whether an individual is a beneficial owner under the definition.” FinCEN noted that this identity verification would facilitate law enforcement investigations “even if the verified individual is not the true beneficial owner” because it would allow law enforcement the ability to locate and investigate the person that the customer improperly listed on the certification form as a beneficial owner.
In addition, the proposal would explicitly require financial institutions, as part of their AML program required under the BSA, to (i) understand the nature and purpose of customer relationships, and (ii) conduct ongoing monitoring (for the purpose of maintaining and updating customer information and identifying and reporting suspicious activity). FinCEN states that these provisions are intended to clarify and codify FinCEN’s expectations rather than to “add to or otherwise change” covered financial institutions’ existing obligations under the BSA. The proposal emphasizes that these CDD requirements are necessary for the purpose of reporting suspicious activity and should apply “broadly to all account relationships maintained by the covered financial institution.”
FinCEN notes that the proposal, which would take effect one year from the date a final rule is issued, would advance the purposes of the BSA by, among other things, assisting financial investigations by law enforcement, advancing counter-terrorism and other national security interests, and improving a financial institution’s ability to assess and mitigate risk.
Comments on the proposed rule are due on or before October 3, 2014.
[1] Financial Crimes Enforcement Network: Customer Due Diligence Requirements for Financial Institutions, http://www.fincen.gov/statutes_regs/files/CDD-NPRM-Final.pdf.
This advisory is published by Alston & Bird LLP’s Financial Services & Products practice area to provide a summary of significant developments to our clients and friends. It is intended to be informational and does not constitute legal advice regarding any specific situation. This material may also be considered attorney advertising under court rules of certain jurisdictions.