Financial institutions are constantly at risk of frauds using them as an avenue for their money-laundering activities or terrorist financing. It is becoming all the more important to put protectionist strategies in place. Various anti-money laundering procedures have been developed over time. But are these enough in the wake of rising financial crime in the U.S?
The Treasury, through the Financial Central Enforcement Network (FinCEN), issued final rules under the Bank Secrecy Act, effective July 11, 2016. They are aimed at strengthening customer due diligence requirements for financial institutions.
The rules include a new requirement to identify and verify the identity of beneficial owners of legal entity customers. This rule is binding on all covered financial institutions and must be complied with by May 11, 2018. With only a few months to the d-date, how prepared are you to implement this rule? Before we get down to how to get ready for it, let’s try and understand a few terms relating to this rule:
1. Covered Financial Institutions- this means a broker or dealer in securities registered or required to be registered, with the Securities and Exchange Commission (SEC) under the Securities Exchange Act, with exceptions; a futures commission merchant or an introducing broker registered, or required to be registered, with the Commodity Futures Trading Commission under the Commodities Exchange Act, with exceptions; or a mutual fund.
They can simply be described as financial institutions subject to Customer Identification (CIP) requirements, including banks, brokers, dealers in securities, mutual funds, futures commission merchants and introducing brokers in commodities.
2. A legal entity customer- this could be a limited liability firm, a corporation, or other establishment constituted by filing a public document with a secretary of state or similar office, a general partnership and any other similar entity formed under the laws of a foreign jurisdiction, that opens an account.
This does not include:
- An investment company registered with the SEC
- An investment adviser registered with the SEC
- An exchange or clearing agency
- A financial establishment controlled by a Federal functional controller or a bank modulated by a State bank controller
- Any other entity registered with the SEC
- A registered entity, commodity pool operator, commodity trading advisor, retail foreign exchange dealer, the swap dealer or major swap participant
- A bank holding company, or savings and loan holding company
- A financial market utility designated by the Financial Stability Oversight Council under Title VII of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.
- A foreign financial institution established in a jurisdiction where the regulator of such institutions maintains beneficial ownership information regarding it
- A foreign governmental department, firm or legislative subdivision that takes part only in government and not commercial activities
It also does not include:
- Natural persons
- Sole proprietorships
- Unincorporated associations e.g a neighborhood association
3. Beneficial Owner this can mean the ultimate owner of a financial security rather than any nominee who may have been appointed to hold legally the financial security on behalf of the beneficial owner.
It can also be understood as a person enjoying the benefits of ownership even though title to some form of property is in another name. It is an individual or group of individuals who indirectly have the power to influence transaction decisions regarding a specific security, like shares in a company.
A beneficial owner, in relation to the final rule, will be individuals who fit in any of these two categories
1. Ownership Prong- this is a natural person who owns 25% or more of the legal entity customer. This may not be straight-forward. This may require going through a number of layers of legal institutions to ascertain that an individual is a 25% owner of the applying customer. The illustrations below should provide a better understanding of this.
Assume that four separate legal firms, W, X, Y, Z, each own 25% of your customer. The information you must collect will be dependent on the specific ownership of the four entities. For instance, assuming further that:
- Each of the four firms has multiple owners, and none owns more than 25% or more of the firm. Here, you need not collect any information under the ownership prong.
- All four firms are each owned by a single individual. This means that each individual ultimately owns 25% of your legal entity customer. In this scenario, you must collect information on all four individuals.
- Entity W is owned by individual A, while X, Y, and Z are owned by multiple owners. Only information on individual A will be relevant because only A owns 25% of your legal entity customer.
- Assume that 50% of your customer is owned by a publicly traded company. The remaining 50% is owned by two individuals, each with a 25% stake. You will need to collect information on the two individuals. A publicly traded company is exempt from the final rule, therefore information on it will not be necessary.
Based on the 25% requirement, no more than 4 persons can be designated under this prong.
2. Control prong- the legal entity customer must provide information for one person with significant managerial control. This will include job titles such as President, Managing Director, COO, CFO, CEO, etc. Only one person need be designated here.
How to Identify and Verify Beneficial Owners
Being a covered financial established, it will be necessary to prepare written procedures to identify and confirm beneficial owners of any legal entity customers who open new accounts on or after May 11, 2018. You can achieve this by gathering personal information. FinCEN provides a form as an appendix in the Final Rule which can facilitate this.
You can confirm this information by carrying out your regular CIP procedures. In circumstances where the beneficial owner is not present at account opening, you can use photocopies of identity documents. However, you must conduct risk-based analyses of the types of photocopies or reproductions you will accept.
At the very least, you must subject this information to an OFAC (Office of Foreign Assets Control) screening. This will be in line with ensuring that an individual is not in any way related to narcotics trafficking, the proliferation of weapons of mass destruction, or terrorism.
The bottom line need for verification of the identity of a beneficial owner is to ascertain that they are who they say they are.
What the Final Rule does not Require You to Do
You are not required to verify a beneficial owner’s status. You do not need to determine who owns what portion of the legal entity. You also do not have to verify if the entity’s structure is aiming to avoid a 25% ownership threshold. You are allowed to rely on the information submitted by the customer unless you suspect they may be providing false information.
The Fifth Pillar The final rule added a pillar to the four already put in place. These pillars are considered fundamental to an effective Anti-Money Laundering program. The traditional pillars were:
- A system of internal controls
- Designation of an AML/ BSA Compliance Officer
- Testing and auditing
The fifth pillar requires covered institutions to:
- Understand the nature and purpose of relationships, to develop a customer risk profile.
- Conduct ongoing monitoring for reporting suspicious transactions
- To maintain and update customer information, using a risk-based approach
You are however not required to update beneficial ownership information on a continuous basis. Identification and verification are considered a one-off activity when a new account is opened, not a periodic obligation.
If however, you gather information that is relevant to re-assessing the customer’s risk, update the customer information, including beneficial ownership information. The updates are hence to be event-driven within normal monitoring.
We have the background information. But are we ready?
You need to ask yourself a series of questions and take some steps as you prepare to implement the final rule. These include:
- What business lines and departments will be impacted by the rule?
- What are your risk assessment methodologies in relation to beneficial ownership and customer due diligence requirements? Here, consider if,
- You need to refine you AML-specific risk appetite statements accordingly
- Your risk assessment will impact your acceptance of customers with complex business structures or relationships
- Update and appraise your existing CIP, authentication and continuing monitoring policies such as BSA policy, OFAC policy, and New Account Opening policies. Ask yourself if you will rewrite sections of the policies to include beneficial ownership or have a separate CIP section.
- Update and evaluate these procedures:
- CTR Aggregation Procedures
- New Account Opening Procedures
- Suspicious Activity Monitoring Procedures
- Onboarding Processes and Procedures. Will you conduct CIP on signatories? Are there enough lines in place to enter beneficial ownership information? Is there a chance you’ll limit an account if you are unable to verify some beneficial owners?
- Update your training programs to ensure consistent understanding of the Final Rule. How will you determine whether a new customer is a legal entity subject to the Final Rule?
- Update these forms:
- Certification form- will you use your own or adopt FinCEN’s?
- New Account Worksheets
- Signature card
The Final Rule is a milestone in the campaign against money laundering in the United States. Protect your institution from frauds by complying with the stipulated requirements. With only a few months to go, ensure that you have set up the necessary systems to facilitate the change.