The Financial Crimes Enforcement Network (FinCEN) of the U.S. Treasury Department recently issued clarifications of requirements for Customer Due Diligence (CDD) under the Customer Due Diligence Requirements for Financial Institutions (CDD Rule) and related Bank Secrecy Act regulations. The guidance, FIN-2020-G002, was issued August 3, 2020 and includes three Frequently Asked Questions. These new FAQs supplement prior comprehensive FAQs issued in advance of the May 2018 CDD Rule compliance effective date. April 2018 and July 2016 FAQs answered 37 and 26 questions respectively (See FIN-2018-G001 and FIN-2016-G003).
The CDD Rule requires that, among other things, covered institutions identify information about customers to assess potential financial crime risks, including identifying the beneficial owners (natural persons) of legal entity customers who own, control or profit from companies’ accounts. Both 25% entity owners and entity controlling persons must be identified, subject to certain limited exceptions. In addition to requiring effective written policies and procedures to identify and verify customers and beneficial owners, the CDD Rule requires covered institutions to develop customer risk profiles and to monitor and report on suspicious transactions. Earlier this year in April 2020, the FFIEC released updates to a number of sections of the Bank Secrecy Act / Anti-Money Laundering (BSA/AML) Examination Manual clarifying mandatory requirements or supervisory expectations, including highlighting customer risk profile development and testing relating to potential customer money laundering, terrorist financing and other illicit financial activities. (SR 2011).
Exercising “exceptive” relief authority, FinCEN has extended permanent relief from the beneficial ownership requirements of its new Customer Due Diligence (CDD) rule to existing autorenewing CDs and safe deposit boxes, as well as existing autorenewing commercial lines of credit and credit cards that do not require underwriting review and approval. FinCEN reasoned that these products pose such a low risk for money laundering and terrorist financing activity that the benefits of requiring the collection of this information does not outweigh the impacts of compliance on financial institutions and their customers. Specifically, institutions need not treat rollovers or renewals of such products as “new accounts” requiring the collection of the beneficial ownership elements of the CDD rule, whether or not the initial accounts were established prior to the rule’s May 11, 2018 effective date.
FinCEN previously issued temporary relief to autorenewing CDs and loan products established prior to May 11, 2018, and in a second release extended this relief through September 9, 2018. The new release both extends this treatment indefinitely and expands it to include certain safe deposit box rentals, such that the exception applies now to any of the following occurring on or after May 11, 2018:
A rollover of a CD, defined as a deposit account that has a specified maturity date, prior to which funds cannot be withdrawn without the imposition of a penalty, and which does not permit the customer to add funds;
A renewal, modification, or extension of a loan (e.g., setting a later payoff date) that does not require underwriting review and approval;
A renewal, modification, or extension of a commercial line of credit or credit card account (e.g., setting a later payoff date) that does not require underwriting review and approval; and
A renewal of a safe deposit box rental (e.g., upon the automatic deduction of the rental fee as agreed-upon between a bank and its customer).
FinCEN is careful in this September 7, 2018, release to explain that it does not relieve institutions of the obligation to collect and verify the identity of beneficial owners of legal entity customers where the initial account opening of such accounts occurs on or after May 11, 2018. It does mean, however, that institutions need not collect beneficial ownership information for certain older accounts of the types described above (those opened prior to May 11, 2018) solely because they are rolled over or renewed.
The temporary exception that FinCEN extended to autorenewing CDs and loans established prior to the May 11, 2018 compliance effective date of its beneficial ownership requirements was scheduled to expire on August 9, 2018. On August 8, FinCEN published a short release in which it announced the extension of this relief through September 8, 2018. FinCEN noted that it was providing this extension in order to further consider the issues raised by the application of these aspects of its Customer Due Diligence (CDD) rules to such products.
As a reminder, this exception only applies to CDs and loans that (i) automatically rollover or renew and (ii) were established prior to May 11, 2018. Such accounts or loans established subsequent to this date (and older accounts that are renewed on new or modified terms) are fully subject to the CDD rules, and all accounts are subject to its general due diligence and monitoring requirements. In particular, institutions should continue to collect or update beneficial ownership information as other “risk events” warrant for particular customers–including those whose autorenewing CDs or loans or other accounts were established prior to May 11, 2018. FinCEN has given as an example of such risk or “trigger” events an unexplained spike in cross-border wire transfers. Moreover, as we noted previously, OFAC’s strict liability framework continues to apply to any U.S. person that does business with a sanctioned party, so institutions that do not collect beneficial ownership information may be exposed to this type of risk.
In a unique administrative ruling under delegated “exceptive” authority, on May 16, 2018 FinCEN issued relief from its new beneficial ownership requirements through at least August 9, 2018, for “certain financial products and services that automatically rollover or renew (i.e., certificate of deposit (CD) or loan accounts) and were established before the Beneficial Ownership Rule’s Applicability Date, May 11, 2018.”
FinCEN acknowledged in its notice that “some covered institutions have not treated such rollovers or renewals as new accounts and have established automatic processes to continue the banking relationship with the customer.”
The exception is effective retroactively from May 11, 2018 and expires on August 9, 2018. FinCEN added that it was considering whether additional relief may be appropriate for such products and services established prior to May 11, 2018 and expected to rollover or renew thereafter.
We will explore how we got here, but first, some practical considerations:
Institutions that have already set into motion new systems, procedures, and communications to collect this info on renewable loans and CDs established prior to May 11 will need to decide whether to discontinue these measures, or alternatively to conclude there is now greater flexibility for handling customers that do not adhere to them – e.g., by failing to submit a completed ownership certification form. The prevailing view among our clients seems to be the latter.
Institutions that were still rushing to implement such measures will need to decide whether to put these plans on hold or to continue to develop them as to loans and CDs established prior to May 11, 2018. The preference within the industry in this regard appears to be a function of how far along these plans are into production, and the extent to which they constitute separate solutions specific to these existing account types.
Any discussions with examiners and auditors about any changes to implementation plans in light of this release should be direct and documented. We would encourage institutions to think broadly and generously about the purpose of these rules and the BSA generally, and what risks to the bank (such as sanctions exposure or fraud) might be mitigated by the spirit if not the letter of FinCEN’s new rules. OFAC’s strict liability framework for doing business with sanctioned parties is unaffected by the relief afforded by FinCEN’s May 16 notice.
Institutions should consider ways to continue socializing their views to FinCEN, through trade associations or otherwise, as this interim relief appears directly responsive to industry feedback such as that provided in an April 27 hearing held by the House Financial Services Committee (e.g., “. . . there is no reason to believe that an auto-renewal is evidence that a change in beneficial ownership might have occurred. The FAQ 12 guidance is further complicated by the fact that these products include contractual provisions requiring the financial institution to auto renew them without interruption.”)
Let’s revisit how this unfolded as a regulatory matter.
The supplemental FAQs issued by FinCEN on April 3, 2018 provided certain interpretations of its own final rules, originally published on May 11, 2016, including that it believed a bank established a “new account” each time an autorenewing loan or CD renewed (see FAQ 12). FinCEN opined at that time on ways a bank could comply with the Beneficial Ownership certification requirements implicated by the opening of a “new account” for a legal entity customer in such cases, namely by (1) providing the required information and certification on FinCEN’s new form or its equivalent once and (2) agreeing at that time to notify the bank of any change in such information going forward. FinCEN’s view then was that a customer’s agreement to notify a bank of any changes in its beneficial ownership information can be considered a “certification” of this information for purposes of subsequent rollovers of renewable products.
Just in time for the effective date of FinCEN’s Customer Due Diligence (CDD) and Beneficial Ownership Rules, on May 11, 2018 the Federal Financial Institutions Examination Council (FFIEC) published updates to its Bank Secrecy Act/Anti-Money Laundering Examination Manual. The FFIEC is an interagency body comprised of representatives of the U.S. Federal Reserve Board, the FDIC, OCC, CFPB, NCUA, and state banking regulators. The agencies’ changes (1) replace existing CDD sections of the manual and (2) add new Beneficial Ownership overview and exam procedures sections, in each case corresponding to the new CDD and Beneficial Ownership requirements.
The publication of this new content was announced through separate press releases by the FDIC, OCC, and NCUA. The OCC’s release (OCC Bulletin 2018-12) makes the technical point that the new CDD content replaces pages 56-59 of the FFIEC manual, last updated in 2014, and the FDIC’s release (FIL-26-2018) adds that the new sections will be incorporated into the manual in its next update. The FFIEC’s examination manual is used by the bank regulators in conducting supervisory BSA/AML exams and features step-by-step review procedures to be used by examiners, consistent with the FFIEC’s statutory purpose of establishing uniform forms and regulatory examination processes.
One doesn’t generally expect new substantive guidance or interpretation to emerge from the FFIEC examination procedures, but a review of this new content emphasizes the following:
(1) BSA/AML exams including scope periods on or after May 11, 2018 will feature scrutiny of new accounts opened on or after that date. At this point, the CDD and Beneficial Ownership rules are live and in full effect, and institutions will be expected to adhere to them. For example, the revised examiner’s guide specifies: “3. On the basis of a risk assessment, prior examination reports, and a review of the bank’s audit findings, select a sample of new accounts opened for legal entity customers since May 11, 2018 to review for compliance with the Beneficial Ownership Rule.” The transition and implementation period for this rule is officially over.
The Financial Crimes Enforcement Network (FinCEN) published long-awaited additional Frequently Asked Questions on April 3, 2018 (the “Guidance”) relating to its Customer Due Diligence (CDD) Rule, which FinCEN promulgated pursuant to the Bank Secrecy Act (the “CDD Rule”). This comes at a time when most covered institutions are in the final stages of implementing plans to comply with the CDD Rule by its May 11, 2018 compliance applicability date. FinCEN previously published technical amendments to the Rule on September 29, 2017 and an initial set of FAQs on July 19, 2016. While such Guidance does not have the weight of authority of statute or regulation, it has traditionally helped to form the basis for examination and enforcement expectations. Here we will focus on themes in the new Guidance relating to application of the rule to existing customers.
As a reminder, the CDD Rule was originally published on May 11, 2016 after years of public hearings and comment periods. The rule sets forth CDD as a “fifth pillar” of a BSA/AML compliance program in addition to those established by the Bank Secrecy Act itself: system of internal controls, the appointment of a responsible officer, training, and independent testing. CDD entails upfront due diligence and ongoing monitoring, and this rule establishes the collection of Beneficial Ownership information as a required element of CDD for legal entity customers. In releasing the CDD Rule, FinCEN emphasized that CDD is not technically a new requirement but has always been an expected part of a BSA/AML program that results in effective suspicious activity monitoring and risk mitigation.
FinCen Updates Customer Due Diligence Requirements
Modern entertainment, whether it be books or movies, oftentimes grapple with the issues of “who are you?” As a story line develops the audience is kept guessing as characters turn out to have different motivations or identities than what they were first perceived to have. Political thrillers oftentimes involve agents of shadowy groups behind which the true masterminds operate. How much effort will it take to reach the truth? FinCEN has recently come out with some proposed guidance that addresses this issue in the context of the legal entities that financial institutions do business with.
In a proposed rulemaking published in late July, FinCEN proposed a new regulatory requirement to identify beneficial owners of legal entity customers. Going forward, the essential elements of customer due diligence will include: (i) identifying and verifying the identity of customers; (ii) identifying and verifying the identity of beneficial owners of legal entity customers (i.e., the natural persons who own or control legal entities); (iii) understanding the nature and purpose of customer relationships; and (iv) conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions.
The first element is already something which financial institutions address as part of their customer identification program (“CIP”). The second element is the subject of the proposed rulemaking. In order to identify the beneficial owner, a covered financial institution must obtain a certification from the individual opening the account on behalf of the legal entity customer (at the time of account opening). The certification form requires the individual opening the account on behalf of a legal entity customer to identify the beneficial owner(s) of the legal entity customer by providing the beneficial owner’s name, date of birth, address and social security number (for U.S. persons). Significantly, the rule also requires financial institutions to verify the identity of the individuals identified as beneficial owners on the certification form. The procedures for verification are to be identical to the procedures applicable to an individual opening an account under the existing CIP rules.
The proposed definition of “beneficial owner” includes two independent prongs: an ownership prong (clause (1)) and a control prong (clause (2)). A covered financial institution must identify each individual under the ownership prong (i.e., each individual who owns 25 percent or more of the equity interests), in addition to one individual for the control prong (i.e., any individual with significant managerial control). If no individual owns 25 percent or more of the equity interests, then the financial institution may identify a beneficial owner under the control prong only. If appropriate, the same individual(s) may be identified under both criteria.
On February 29, 2012, FinCEN released an advance notice of proposed rulemaking on customer due diligence and beneficial owners, proposing to make a customer due diligence obligation explicit for ALL customers (to “clarify, consolidate and harmonize” the federal banking agencies’ expectations) and extending the requirement to collect (and possibly verify) beneficial owner information for most or all customers as well.
FinCen’s advance notice of proposed rulemaking (ANPRM), seeks public comment on a range of questions regarding the development of a customer due diligence (CDD) regulation that would “(i) codify, clarify, consolidate, and strengthen existing CDD regulatory requirements and supervisory expectations, and (ii) establish a categorical requirement for financial institutions to identify beneficial ownership of their accountholders, subject to risk-based verification and pursuant to an alternative definition of beneficial ownership.” Comments received in response to the ANPRM will likely be influential in FinCEN’s development of a more formal and detailed proposed rule on the topic.
FinCEN is initially considering a CDD rule to cover banks, broker dealers, mutual funds, futures commission merchants, and introducing brokers in commodities, and thus the ANPRM is focused on those institutions. The scope of the ANPRM, however, includes all industries subject to FinCEN’s anti-money laundering (AML) program requirements. FinCEN believes that a CDD rule may be appropriate for all financial institutions under its purview and will consider extending a CDD rule to other types of institutions in the future. Thus, FinCEN is specifically requesting comments from all other financial institutions covered by FinCEN regulations as well, including providers of prepaid access and other types of money services businesses (MSBs), insurance companies, casinos, non-bank mortgage lenders and originators, and dealers in precious metals, stones and jewels.
If you have any questions regarding anything discussed on this blog, the attorneys and other professionals of the Financial Institutions Group of Bryan Cave LLP are available to answer your questions. Please click here for a list of our Professionals or fill out the contact request form below.
Thank you for reaching out to us.
First, though, we have to tell you a couple of things:
Your email will not create an attorney-client relationship between you and us. Attorney-client relationships can only be created in writing, signed by both you and us.
Until you become a client:
You will not tell us anything you would not want made public.
We cannot respond to any question about the law or legal options.
We may represent a party adverse to you, now or in the future.
The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.