For many years, BSA Officers have focused on the four pillars of a BSA/AML program: Designated AML officer, System of Internal Controls, Training, and Independent Testing. We have all worked long and hard to hone our skills and programs to adhere to these four pillars. The new CDD rule, which goes into effect May 11, 2018, is adding a fifth pillar to your BSA/AML program. BSA/AML officers will need to ensure their program includes ongoing due diligence of their customer base.
There are two key components of the new requirement:
- Maintain written procedures that are reasonably designed to identify and verify the beneficial owners of legal entity customers; and
- Have appropriate risk-based procedures for conducting ongoing CDD to understand the nature and purpose of customer relationships. Also, conduct ongoing monitoring to identify and report suspicious transaction, and based on risk, maintain and update customer information.
In my opinion, it is best to start with defining whether your institution is considered a "covered financial institution". According to FinCEN, the definition of a covered financial institution encompasses federally regulated banks and federally insured credit unions, mutual funds, brokers or dealers in securities, futures commission merchants, and introducing brokers in commodities. Basically, almost everyone that is reading this is a covered financial institution.
The second place is defining a "beneficial owner". According to FinCEN, a beneficial owner is:
- each individual, if any, who, directly or indirectly, owns 25% or more of the equity interests of a legal entity customer (i.e., the ownership prong); AND
- a single individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or any other individual who regularly performs similar functions (i.e., the control prong). This list of positions is illustrative, not exclusive, as there is significant diversity in how legal entities are structured.
Once you have pulled this information together, it's time to establish a committee of colleagues and begin the process planning for the new rule roll out. In some cases, BSA/AML officers can make changes to what you do without affecting a lot of groups; this isn't one of those instances. Similar to when the CIP was implemented, the new CDD Beneficial Ownership rules affect multiple departments. Everyone will need to gather a group of colleagues in deposits, IT, lending, and operations. It would be best if you include additional management as well as the BSA officer in the committee to assist the decision making and implementation process. In the end, everyone needs to have open minds with the changes. New information will need to be gathered from your customers, but at least we are all in this together. The end result needs to be a balance of BSA/AML risk mitigation and customer friendly. We will all be in the same boat, but the organization that makes it the easiest, all while complying with the rules, will win the business and meet regulatory requirements.