The Financial Crimes Enforcement Network (FinCEN) of the U.S. Treasury Department recently issued clarifications of requirements for Customer Due Diligence (CDD) under the Customer Due Diligence Requirements for Financial Institutions (CDD Rule) and related Bank Secrecy Act regulations. The guidance, FIN-2020-G002, was issued August 3, 2020 and includes three Frequently Asked Questions. These new FAQs supplement prior comprehensive FAQs issued in advance of the May 2018 CDD Rule compliance effective date. April 2018 and July 2016 FAQs answered 37 and 26 questions respectively (See FIN-2018-G001 and FIN-2016-G003).
The CDD Rule requires that, among other things, covered institutions identify information about customers to assess potential financial crime risks, including identifying the beneficial owners (natural persons) of legal entity customers who own, control or profit from companies’ accounts. Both 25% entity owners and entity controlling persons must be identified, subject to certain limited exceptions. In addition to requiring effective written policies and procedures to identify and verify customers and beneficial owners, the CDD Rule requires covered institutions to develop customer risk profiles and to monitor and report on suspicious transactions. Earlier this year in April 2020, the FFIEC released updates to a number of sections of the Bank Secrecy Act / Anti-Money Laundering (BSA/AML) Examination Manual clarifying mandatory requirements or supervisory expectations, including highlighting customer risk profile development and testing relating to potential customer money laundering, terrorist financing and other illicit financial activities. (SR 2011).
Exercising “exceptive” relief authority, FinCEN has extended permanent relief from the beneficial ownership requirements of its new Customer Due Diligence (CDD) rule to existing autorenewing CDs and safe deposit boxes, as well as existing autorenewing commercial lines of credit and credit cards that do not require underwriting review and approval. FinCEN reasoned that these products pose such a low risk for money laundering and terrorist financing activity that the benefits of requiring the collection of this information does not outweigh the impacts of compliance on financial institutions and their customers. Specifically, institutions need not treat rollovers or renewals of such products as “new accounts” requiring the collection of the beneficial ownership elements of the CDD rule, whether or not the initial accounts were established prior to the rule’s May 11, 2018 effective date.
FinCEN previously issued temporary relief to autorenewing CDs and loan products established prior to May 11, 2018, and in a second release extended this relief through September 9, 2018. The new release both extends this treatment indefinitely and expands it to include certain safe deposit box rentals, such that the exception applies now to any of the following occurring on or after May 11, 2018:
A rollover of a CD, defined as a deposit account that has a specified maturity date, prior to which funds cannot be withdrawn without the imposition of a penalty, and which does not permit the customer to add funds;
A renewal, modification, or extension of a loan (e.g., setting a later payoff date) that does not require underwriting review and approval;
A renewal, modification, or extension of a commercial line of credit or credit card account (e.g., setting a later payoff date) that does not require underwriting review and approval; and
A renewal of a safe deposit box rental (e.g., upon the automatic deduction of the rental fee as agreed-upon between a bank and its customer).
FinCEN is careful in this September 7, 2018, release to explain that it does not relieve institutions of the obligation to collect and verify the identity of beneficial owners of legal entity customers where the initial account opening of such accounts occurs on or after May 11, 2018. It does mean, however, that institutions need not collect beneficial ownership information for certain older accounts of the types described above (those opened prior to May 11, 2018) solely because they are rolled over or renewed.
The temporary exception that FinCEN extended to autorenewing CDs and loans established prior to the May 11, 2018 compliance effective date of its beneficial ownership requirements was scheduled to expire on August 9, 2018. On August 8, FinCEN published a short release in which it announced the extension of this relief through September 8, 2018. FinCEN noted that it was providing this extension in order to further consider the issues raised by the application of these aspects of its Customer Due Diligence (CDD) rules to such products.
As a reminder, this exception only applies to CDs and loans that (i) automatically rollover or renew and (ii) were established prior to May 11, 2018. Such accounts or loans established subsequent to this date (and older accounts that are renewed on new or modified terms) are fully subject to the CDD rules, and all accounts are subject to its general due diligence and monitoring requirements. In particular, institutions should continue to collect or update beneficial ownership information as other “risk events” warrant for particular customers–including those whose autorenewing CDs or loans or other accounts were established prior to May 11, 2018. FinCEN has given as an example of such risk or “trigger” events an unexplained spike in cross-border wire transfers. Moreover, as we noted previously, OFAC’s strict liability framework continues to apply to any U.S. person that does business with a sanctioned party, so institutions that do not collect beneficial ownership information may be exposed to this type of risk.
In a unique administrative ruling under delegated “exceptive” authority, on May 16, 2018 FinCEN issued relief from its new beneficial ownership requirements through at least August 9, 2018, for “certain financial products and services that automatically rollover or renew (i.e., certificate of deposit (CD) or loan accounts) and were established before the Beneficial Ownership Rule’s Applicability Date, May 11, 2018.”
FinCEN acknowledged in its notice that “some covered institutions have not treated such rollovers or renewals as new accounts and have established automatic processes to continue the banking relationship with the customer.”
The exception is effective retroactively from May 11, 2018 and expires on August 9, 2018. FinCEN added that it was considering whether additional relief may be appropriate for such products and services established prior to May 11, 2018 and expected to rollover or renew thereafter.
We will explore how we got here, but first, some practical considerations:
Institutions that have already set into motion new systems, procedures, and communications to collect this info on renewable loans and CDs established prior to May 11 will need to decide whether to discontinue these measures, or alternatively to conclude there is now greater flexibility for handling customers that do not adhere to them – e.g., by failing to submit a completed ownership certification form. The prevailing view among our clients seems to be the latter.
Institutions that were still rushing to implement such measures will need to decide whether to put these plans on hold or to continue to develop them as to loans and CDs established prior to May 11, 2018. The preference within the industry in this regard appears to be a function of how far along these plans are into production, and the extent to which they constitute separate solutions specific to these existing account types.
Any discussions with examiners and auditors about any changes to implementation plans in light of this release should be direct and documented. We would encourage institutions to think broadly and generously about the purpose of these rules and the BSA generally, and what risks to the bank (such as sanctions exposure or fraud) might be mitigated by the spirit if not the letter of FinCEN’s new rules. OFAC’s strict liability framework for doing business with sanctioned parties is unaffected by the relief afforded by FinCEN’s May 16 notice.
Institutions should consider ways to continue socializing their views to FinCEN, through trade associations or otherwise, as this interim relief appears directly responsive to industry feedback such as that provided in an April 27 hearing held by the House Financial Services Committee (e.g., “. . . there is no reason to believe that an auto-renewal is evidence that a change in beneficial ownership might have occurred. The FAQ 12 guidance is further complicated by the fact that these products include contractual provisions requiring the financial institution to auto renew them without interruption.”)
Let’s revisit how this unfolded as a regulatory matter.
The supplemental FAQs issued by FinCEN on April 3, 2018 provided certain interpretations of its own final rules, originally published on May 11, 2016, including that it believed a bank established a “new account” each time an autorenewing loan or CD renewed (see FAQ 12). FinCEN opined at that time on ways a bank could comply with the Beneficial Ownership certification requirements implicated by the opening of a “new account” for a legal entity customer in such cases, namely by (1) providing the required information and certification on FinCEN’s new form or its equivalent once and (2) agreeing at that time to notify the bank of any change in such information going forward. FinCEN’s view then was that a customer’s agreement to notify a bank of any changes in its beneficial ownership information can be considered a “certification” of this information for purposes of subsequent rollovers of renewable products.
Just in time for the effective date of FinCEN’s Customer Due Diligence (CDD) and Beneficial Ownership Rules, on May 11, 2018 the Federal Financial Institutions Examination Council (FFIEC) published updates to its Bank Secrecy Act/Anti-Money Laundering Examination Manual. The FFIEC is an interagency body comprised of representatives of the U.S. Federal Reserve Board, the FDIC, OCC, CFPB, NCUA, and state banking regulators. The agencies’ changes (1) replace existing CDD sections of the manual and (2) add new Beneficial Ownership overview and exam procedures sections, in each case corresponding to the new CDD and Beneficial Ownership requirements.
The publication of this new content was announced through separate press releases by the FDIC, OCC, and NCUA. The OCC’s release (OCC Bulletin 2018-12) makes the technical point that the new CDD content replaces pages 56-59 of the FFIEC manual, last updated in 2014, and the FDIC’s release (FIL-26-2018) adds that the new sections will be incorporated into the manual in its next update. The FFIEC’s examination manual is used by the bank regulators in conducting supervisory BSA/AML exams and features step-by-step review procedures to be used by examiners, consistent with the FFIEC’s statutory purpose of establishing uniform forms and regulatory examination processes.
One doesn’t generally expect new substantive guidance or interpretation to emerge from the FFIEC examination procedures, but a review of this new content emphasizes the following:
(1) BSA/AML exams including scope periods on or after May 11, 2018 will feature scrutiny of new accounts opened on or after that date. At this point, the CDD and Beneficial Ownership rules are live and in full effect, and institutions will be expected to adhere to them. For example, the revised examiner’s guide specifies: “3. On the basis of a risk assessment, prior examination reports, and a review of the bank’s audit findings, select a sample of new accounts opened for legal entity customers since May 11, 2018 to review for compliance with the Beneficial Ownership Rule.” The transition and implementation period for this rule is officially over.
Jonathan and I discuss two major deals for our us: the formation of Bryan Cave Leighton Paisner (BCLP) and the return or Barry Hester in this latest episode of The Bank Account.
Bryan Cave Leighton Paisner LLP is the result of the mergers of historically U.S.-based Bryan Cave LLP and historically U.K.-based Berwin Leighton Paisner LLP. As a truly global firm with over 1,600 lawyers operating literally around the clock, we believe Bryan Cave Leighton Paisner is well positioned to serve clients around the globe. Our blog is still available at BankBryanCave.com, but is also now available at BankBCLP.com. We’ll figure out over time what our branding looks like.
Barry Hester re-joins our financial institutions practice after serving for many years as an assistant general counsel for EverBank and TIAA FSB. In this episode of The Bank Account, we talk with Barry about his experience with the “good guy” and “bad guy” banking compliance laws. The “good guy” laws include the Servicemembers Civil Relief Act and the Military Lending Act, while the “bad guy” laws include the Bank Secrecy Act and Anti-Money Laundering laws. As noted in the podcast, Barry has already been busy contributing good content for our blog, with a post last week about FinCEN’s new FAQ on the Customer Due Diligence rules.
As discussed previously, we are sponsoring two teams, one of lawyers and one of bankers, for the Atlanta Ragnar Trail Run on April 13th and 14th. Sixteen of us will be taking turns running five mile legs at the Georgia International Horse Park over a 24-hour (or so) period. Team BSA (or Bankers Speed Ahead) will generally consist of our friendly bankers, while Team AML (or Awkwardly Moving Lawyers) will consist of our compatriots from the firm. I expect our next podcast will relay some interesting stories from the trails.
The Financial Crimes Enforcement Network (FinCEN) published long-awaited additional Frequently Asked Questions on April 3, 2018 (the “Guidance”) relating to its Customer Due Diligence (CDD) Rule, which FinCEN promulgated pursuant to the Bank Secrecy Act (the “CDD Rule”). This comes at a time when most covered institutions are in the final stages of implementing plans to comply with the CDD Rule by its May 11, 2018 compliance applicability date. FinCEN previously published technical amendments to the Rule on September 29, 2017 and an initial set of FAQs on July 19, 2016. While such Guidance does not have the weight of authority of statute or regulation, it has traditionally helped to form the basis for examination and enforcement expectations. Here we will focus on themes in the new Guidance relating to application of the rule to existing customers.
As a reminder, the CDD Rule was originally published on May 11, 2016 after years of public hearings and comment periods. The rule sets forth CDD as a “fifth pillar” of a BSA/AML compliance program in addition to those established by the Bank Secrecy Act itself: system of internal controls, the appointment of a responsible officer, training, and independent testing. CDD entails upfront due diligence and ongoing monitoring, and this rule establishes the collection of Beneficial Ownership information as a required element of CDD for legal entity customers. In releasing the CDD Rule, FinCEN emphasized that CDD is not technically a new requirement but has always been an expected part of a BSA/AML program that results in effective suspicious activity monitoring and risk mitigation.
As part of its continuing but slow expansion of the types of financial institutions that are subject to anti-money laundering (AML) obligations under the Bank Secrecy Act and USA PATRIOT Act, FinCEN proposed on August 25, 2015, to require certain investment advisers to establish and maintain AML programs and file suspicious activity reports (the Proposed Rules). The Proposed Rules go further than FinCEN’s 2002 and 2003 proposals for investment advisors, which generally were limited to proposing AML program requirements only, without additional suspicious activity reporting and certain other record keeping requirements.
In explaining its rationale for the Proposed Rules, FinCEN acknowledges that advisers work with financial institutions that are already subject to BSA requirements, such as when executing trades through broker-dealers to purchase or sell client securities, or when directing custodial banks to transfer assets. FinCEN notes, however, that these institutions may not have sufficient information to assess suspicious activity or money laundering, and that investment advisers therefore have an important role to play in safeguarding the financial system from terrorist activities and financial crime.
General Scope and Examination Authority
Under the Proposed Rules, covered investment advisers would include any persons who are registered or required to be registered with the SEC under section 203 of the Investment Advisers Act. This would include both primary advisers and subadvisers. However, because advisers with less than $100 million in regulatory assets under management are generally prohibited from registering with the SEC, those advisers would not be subject to the Proposed Rules.
On August 4, 2014, FinCEN released proposed rules that would require banks and certain other financial institutions to identify the “beneficial owners” of their business entity customers and to verify the identity of each such beneficial owner (the “Proposal”). If the Proposal results in final rules that are substantially identical to the proposed rules, financial institutions might be unable to comply without violating the federal Fair Credit Reporting Act (“FCRA”).
Under the Proposal, “beneficial owners” would generally include at least one manager of the entity and each individual owning 25% or more of the entity. This could mean up to five individuals if no manager also owns 25% or more of the entity.
The Proposal would require a financial institution first to identify the customer’s beneficial owners. This should be reasonably manageable because institutions would be able to provide a certification form to its customer and require that the customer name its beneficial owners. Financial institution’s would not be required to take independent steps to verify the status of such persons as beneficial owners.
The potential legal conflict arises under the second prong of the Proposal, under which the financial institution would be required to verify the identity of those persons whom it has been told are the customer’s beneficial owners. The Proposal would require a financial institution to verify the identity of each beneficial owner using risk-based procedures that are “identical to the covered financial institution’s Customer Identification Program procedures required for verifying the identity of customers that are individuals.”
Whether in a deposit or loan context, banks often will obtain a single credit report or other consumer report for the combined purposes of an initial OFAC screen, to confirm the customer’s creditworthiness, and to verify the customer’s identity under the institution’s Customer Identification Program (“CIP”). Such reports are “consumer reports” under the FCRA and therefore subject to the FCRA’s rules, including with respect to when such reports may be obtained.
FinCen Updates Customer Due Diligence Requirements
Modern entertainment, whether it be books or movies, oftentimes grapple with the issues of “who are you?” As a story line develops the audience is kept guessing as characters turn out to have different motivations or identities than what they were first perceived to have. Political thrillers oftentimes involve agents of shadowy groups behind which the true masterminds operate. How much effort will it take to reach the truth? FinCEN has recently come out with some proposed guidance that addresses this issue in the context of the legal entities that financial institutions do business with.
In a proposed rulemaking published in late July, FinCEN proposed a new regulatory requirement to identify beneficial owners of legal entity customers. Going forward, the essential elements of customer due diligence will include: (i) identifying and verifying the identity of customers; (ii) identifying and verifying the identity of beneficial owners of legal entity customers (i.e., the natural persons who own or control legal entities); (iii) understanding the nature and purpose of customer relationships; and (iv) conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions.
The first element is already something which financial institutions address as part of their customer identification program (“CIP”). The second element is the subject of the proposed rulemaking. In order to identify the beneficial owner, a covered financial institution must obtain a certification from the individual opening the account on behalf of the legal entity customer (at the time of account opening). The certification form requires the individual opening the account on behalf of a legal entity customer to identify the beneficial owner(s) of the legal entity customer by providing the beneficial owner’s name, date of birth, address and social security number (for U.S. persons). Significantly, the rule also requires financial institutions to verify the identity of the individuals identified as beneficial owners on the certification form. The procedures for verification are to be identical to the procedures applicable to an individual opening an account under the existing CIP rules.
The proposed definition of “beneficial owner” includes two independent prongs: an ownership prong (clause (1)) and a control prong (clause (2)). A covered financial institution must identify each individual under the ownership prong (i.e., each individual who owns 25 percent or more of the equity interests), in addition to one individual for the control prong (i.e., any individual with significant managerial control). If no individual owns 25 percent or more of the equity interests, then the financial institution may identify a beneficial owner under the control prong only. If appropriate, the same individual(s) may be identified under both criteria.
If you have any questions regarding anything discussed on this blog, the attorneys and other professionals of the Financial Institutions Group of Bryan Cave LLP are available to answer your questions. Please click here for a list of our Professionals or fill out the contact request form below.
Thank you for reaching out to us.
First, though, we have to tell you a couple of things:
Your email will not create an attorney-client relationship between you and us. Attorney-client relationships can only be created in writing, signed by both you and us.
Until you become a client:
You will not tell us anything you would not want made public.
We cannot respond to any question about the law or legal options.
We may represent a party adverse to you, now or in the future.
The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.