Tighter U.S. CDD requirements and what they mean for foreign banks…Deadline to Comply is MAY 2018

In the aftermath of the Panama Papers controversy, governments have been discussing ways to promote more financial transparency.

Financial Crimes Enforcement Network (FinCEN) has proposed tighter Customer Due Diligence requirements (CDD). requiring covered financial institutions to also verify the identity of beneficial owners those behind legal entity customers. The addition of a “fifth pillar” requires appropriate risk-based procedures for the ongoing customer due diligence monitoring. Covered Financial institutions will have to comply with these new requirements by May 11, 2018.

Getting in on the act, the Treasury Department proposed legislation that, if enacted, would require all companies formed in the United States to report beneficial ownership information to the Treasury Department.

The final legislative proposal by the Justice Department will surely keep foreign banks and governments up at night. This proposal would enhance the ability of law enforcement officials to obtain information from domestic and foreign banks so they can investigate and prosecute money laundering and terrorist financing cases. The proposal doesn’t stop there it would also allow the Justice Department the power to link a broader set of crimes to money laundering and terrorist activities.

These regulatory changes and legislative proposals by the U.S. government is a demonstration of strength to financial institutions around the globe that the United States will not tolerate money laundering or terrorist financing.

Financial institutions should consider these key takeaways:

  • FinCEN’s model certification form will not be required and will not trigger a safe harbor.
  • Financial institutions will be able to obtain the required information on beneficial owners by any means they deem appropriate.
  • The individual opening the account on behalf of the legal entity customer must certify, to the best of their knowledge, the accuracy of the information.
  • Financial institutions will be required to identify at least one and as many as five beneficial owners for each new account opened by a legal entity customer.
  • The rule defines a beneficial owner as each individual, if any, who directly or indirectly owns 25 percent or more of the equity interests of a legal entity customer and a single individual with significant responsibility to control, manage or direct a legal entity customer (e.g., chief executive officer, chief financial officer, chief operating officer, managing member, president, vice president).
  • Financial institutions will have to identify one beneficial owner with significant control, regardless of whether any individual meets the 25 percent threshold.
  • Financial institutions will be required to collect the beneficial ownership information every time a new account is opened, even if the customer has existing accounts for which the institution already obtained such information.
  • Financial institutions will have the discretion to identify additional beneficial owners or to establish a lower percentage threshold for beneficial ownership based on their own risk assessment.
  • Financial institutions are permitted to use information gained through the legal entity customer regarding the identity of its beneficial owners, provided the institution has no reason to question the reliability of the information.
  • Financial institutions will need to verify the identity of beneficial owners, but are not obligated by means of research to prove whether that individual is, in fact, a beneficial owner.
  • The burden to identify beneficial ownership will largely lie on the legal entity customer and not on the financial institution, however, institutions will want to consider implementing risk-based policies to assess the reliability and avoid over-reliance on a customer’s representation.
  • Financial institutions will not be categorically required to gather beneficial ownership information for accounts established before the applicability date, however, they should consider collecting beneficial ownership information for existing accounts on a risk-basis.
  • All accounts opened on or after the deadline date will need to apply these new rules to them. Financial institutions are still expected to gather beneficial ownership information during routine monitoring for accounts opened prior to the deadline date.

The two main takeaways from FinCEN’s new “Fifth Pillar”, which codifies existing obligations:

  • Financial institutions must understand the nature and purpose of all customer relationships for the purpose of developing a customer risk profile;
  • Financial institutions must conduct ongoing monitoring to identify and report suspicious transactions and, on a risk-basis, maintain and update customer information.

Before, these two elements were implicitly required within an institution’s suspicious activity reporting obligations. However, it would be wise for financial institutions to update their internal procedures to satisfy these obligations.

Furthermore, FinCEN has emphasized that beneficial ownership information should be treated similarly to a customer identification program this would help to ensure compliance with other sanction’s requirements such as OFAC’s 50 percent rule. Beneficial owner information could also be useful in helping financial institutions to detect whether transactions are “by” or on “behalf” of the same person.

Key focuses of the European Union’s CDD requirements.

  • The Fourth AML Directive, which member states have to comply with by June 2017, will also strengthen existing CDD and beneficial ownership requirements.
  • EU member states have to establish central registers of beneficial owners and make them accessible to financial institutions and other designated parties.
  • Member states have the authority to set lower beneficial ownership thresholds than the currently mandated threshold of an interest exceeding 25 percent.

The EU’s CDD requirements differ in certain respects from FinCEN’s final rule:

  • The EU requirements are centered around a risk-based approached, whereas FinCEN provides specific requirements.
  • Although both use “ownership” and “control” thresholds to define beneficial owners, FinCEN’s requires that only one individual be identified under the “control” threshold while the fourth directive does not specify how many need to be identified. For instance, where multiple individuals may exercise control over a legal entity a financial institution in the EU may have to identify more than one individual under the “control” threshold in accordance with the institution’s assessment of risk.
  • The fourth directive also does not specifically provide for reasonable reliance on representations made by customers regarding their beneficial owners. This could suggest that EU regulators may expect financial institutions to conduct appropriate risk-based due diligence to independently vet the reliability of the information provided by a customer.

One thing is for sure that financial institutions with global compliance programs this all adds an additional layer of complexity and the differences between U.S. and EU CDD requirements will need to be managed, especially if their approach is to implement the strictest requirements of the jurisdictions in which they operate.

Posted by Paul Hamilton