On May 11, 2016, FinCEN published new rules for customer due diligence for financial institution customers who are legal entities such as corporations, trusts or partnerships. Until now, it has been sufficient for a financial institution to verify the identity of the legal entity who is a customer. Under the new rules, the financial institution must also determine the identity of the “beneficial owner(s)” of the entity and verify their identity information. The new rules also amend the AML program requirements for financial institutions to include ongoing customer due diligence for legal entity customers.
Financial institutions must reform their AML compliance programs to comport with the new rules by May 11, 2018.
There are two separate, alternate tests for determining the beneficial ownership of a legal entity. The first is the ownership test. Under the ownership test each person that owns or controls, directly or indirectly, 25% or more of the entity is a beneficial owner. Accordingly, under the beneficial ownership test, there could be no beneficial owner or as many as four. The second test is the control test. Under the control test, the beneficial owner is a single individual with significant responsibility to control or manage the entity. For a corporation, normally, this would be the President or Chief Executive Officer even though the person may have no ownership in the entity.
The tests are alternative. For any particular customer, the financial institution may choose to use:
- the ownership test and identity all of the persons who qualify as beneficial owners under that test; or
- it could use the control test and identify the person deemed to be in control of the entity.
If the ownership test is used, all of the persons who meet the 25% or more ownership test are beneficial owners and all must be identified. If the control test is used only one person must be identified. The identity of the beneficial owners must be certified to by either the legal entity or the person opening the account for the legal entity. To facilitate this, FinCEN has included as an appendix to the final regulation a form entitled, “Certification Regarding Beneficial Owners of Legal Entity Customers.”
After identifying the beneficial owner or owners, the personʼs identity must be verified in the same manner that you would verify the identity of any person that is a customer. You obtain documentation verifying the personʼs date of birth, address and so forth. Then, in the same manner as for other customers, you must make a record of the identity and the identifying documents and retain it for five years.
There are numerous exceptions to the rule of which entities’ beneficial owner(s) must be identified. All regulated financial institutions, companies listed with the Securities and Exchange Commission and many other categories of regulated or quasi-regulated entities are exempt.
In addition to the requirement to identify and verify the beneficial owner(s) of certain legal entities that open new accounts, the Customer Due Diligence (CDD) Rules formalized the requirement that covered financial institutions incorporate ongoing CDD obligations into their AML compliance programs. At present, AML compliance programs are required to address four facets: (1) a system of internal controls to ensure ongoing compliance; (2) independent testing for compliance; (3) an individual designated as responsible for coordinating and monitoring day-to-day compliance; and training for appropriate personnel. The new Customer Due Diligence Rules have created a fifth facet which will now be officially required. Covered financial institutions will be required to include “appropriate risk-based procedures for conducting ongoing customer due diligence” in their AML compliance programs. Specifically, these procedures must include, but are not limited to:
- Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
- Conducting ongoing monitoring to identify and report suspicious transactions and to maintain and update customer information (which includes information regarding the beneficial owners of legal entity customers).
Particularly for legal entity customers, financial institutions will need an event triggering process to verify that the entityʼs beneficial owner has not changed. For example, if a CEO who was previously identified as the beneficial owner is being removed as the signer on a checking account, the institution will have an obligation to inquire if that person is still the beneficial owner.
Two years comes and goes a lot faster than most of us realize. It is the obligation of a financial institutionʼs BSA officer to learn the requirements of the new rule, enhance the institutionʼs AML program, policies and procedures to accompany the change and then educate the institutionʼs employees who are impacted by what their new obligations are. I donʼt think you need to start yesterday, but I would plan to have everything in place by a year from now.