By Laura Glynn, Director of Global Regulatory Compliance, Fenergo
A mere five weeks from implementation of its FinCEN Final Rule (CDD) on May 11th, 2018, FinCEN has released their eagerly awaited frequently asked questions(FAQ) document, providing additional guidance under 37 questions pertaining to the rule. This guidance provides much-needed clarifications on a number of fronts, including beneficial ownership thresholds, account definitions, risk-based monitoring, treatment of non-US listed entities and pre-existing customers. I’ve explored several of these below:
- Beneficial Ownership Threshold
FinCEN has reiterated that the specified threshold (25%) is a floor, not a ceiling. It has left to the discretion of covered financial institutions (FIs) to implement stricter thresholds if they so choose.In addressing a requirement to impose stricter thresholds for certain customers, FinCEN directs that any incremental risk factors may be mitigated by other reasonable means including enhanced monitoring, collection of additional non-mandatory information and recording information relating to expected account activity.
- Identification and Verification Procedures
The FAQ document clarifies that although the CDD Rule’s verification procedures are required to contain similar elements, they do not need to be identical. The FAQ outlines the example of a financial institution choosing to accept photocopies of identification documents, which would not meet the standard under the Customer Identification Program (CIP) rules. This derogation is expressly authorized within the CDD rule (e.g. covered financial institutions may use photocopies or other reproduction documents for documentary verification). Financial institutions should determine the documentation standards on the outcome of appropriate risk-based analysis towards the identification and verification (ID&V) of beneficial owners.
- Existing customers as beneficial owners of new legal entity customer accounts
Where the individual identified as the beneficial owner is:
- (i) an existing customer of the financial institution, and
- (ii) is subject to the financial institution’s CIP,
a financial institution may re-use the information previously collected to identify and verify the legal entity customer, provided the existing information is up-to-date, accurate, and the legal entity customer’s representative certifies or confirms (verbally or in writing) the accuracy of the pre-existing CIP information.
- FinCEN Certification Template
As previously confirmed, financial institutions are not required to use the template certification and may use alternative formats such as the institutions’ own forms or any other means that comply with the substantive requirements of this obligation. In this instance, covered FIs should retain the form and not file it with FinCEN.
- Document retention periods for ID&V records
Covered FIs are required to retain all beneficial ownership information collected about a legal entity customer. Identifying information, including the Certification Form or its equivalent, must be maintained for a period of five years after the legal entity’s account is closed. Verification records must be retained for a period of five years after the record is made.
- Certification of a beneficial owner of multiple accounts
If an institution that has already obtained a Certification Form (or its equivalent) for the beneficial owner(s) of the legal entity customer,the FI may rely on that information to fulfil the beneficial ownership requirement for subsequent accounts, provided the customer certifies or confirms (verbally or in writing) that:
- (i) such information is up-to-date and accurate at the time each subsequent account is opened, and
- (ii) the financial institution has no knowledge of facts that would reasonably call into question the reliability of such information.
- Sub-Accounts and Trading Accounts
FinCEN has provided a degree of additional clarity regarding the beneficial ownership treatment of accounts.The beneficial ownership requirement applies to a “new account,” which is defined to mean “each account opened … by a legal entity customer”.An account (or sub-account) relating to a legal entity customer will not be considered a “new account” or an “account” for purposes of the Rule when a financial institution creates such an account (or sub-account) for its own administrative or operational purposes and not at the customer’s request.
- Product or Service Renewals
FinCEN has offered additional clarify around the issue of product or service renewals with regards to beneficial ownership information. Under this classification, FinCEN maintains consistency with the definition of “account” as per CIP rules.
- For pre-existing customers of such products and renewals, FIs must obtain certified beneficial ownership information at the time of the first renewal following May 11th, 2018.
- At the time of each subsequent renewal, the customer must certify or confirmt hat the beneficial ownership information previously obtained is accurate and up-to-date. If the institution has no knowledge of facts that would reasonably call into question the reliability of the information held, they would not be required to collect the beneficial ownership information again.
- For loan renewals or CD rollovers (generally assumed to have a lower degree of risk), FinCEN has clarified that these will not be treated as new accounts.If at the time the customer certifies its beneficial ownership information, it also agrees to notify the financial institution of any change in such information, such agreement can be considered the certification or confirmation from the customer and should be documented and maintained as such, so long as the loan or CD is outstanding.
- Pre-existing accounts (Monitoring & Scheduled Reviews)
As previously confirmed, no formal look-back is required for pre-existing accounts, however, the obligation to update existing records is triggered when a financial institution becomes aware of information about the customer during the course of normal monitoring relevant to assessing or re-assessing the risk posed by the customer, and where such information indicates a possible change of beneficial ownership. If no specific risk events are identified during the normal monitoring process, there is no obligation on the financial institution to request or update beneficial ownership information for existing accounts. FinCEN has clarified the following:
- Risk-based procedures for regular review processes should be created and maintained.
- Scheduled reviews are not a trigger event in their own right.
- Covered financial institutions may update their records to reflect a change of information for an existing beneficial owner, e.g. if a change of address for an existing beneficial owner whose identity information has already been collected and verified, then full re-certification would likely not be required.If, however, the updated information constituted a change of beneficial ownership, then the new beneficial owner’s identity would need to be collected, certified and verified.
- FinCEN has clarified that there are no material differences between certifying the new beneficial owner of a new account and risk-based triggers for updating a customer’s record. If, during the course of regular reviews, certain information relating to an existing beneficial owner has changed, this is the only piece that will need to be verified e.g. change of address.
- Legal Entity Customer Exclusions
As per previous guidance; a financial institution may rely on information provided by the legal entity customer to determine whether the legal entity is excluded from the definition of a legal entity customer, provided that it has no knowledge of facts that would reasonably call into question the reliability of such information. FinCEN has re-confirmed the position for US listed entity exclusion and has restated that this exclusion does not apply to foreign listed entities.
- Covered FIs are expected to address and specify, in their risk-based written policies and procedures, the type of information they will obtain and reasonably rely upon to determine eligibility for exclusion.
- FinCEN has provided clarification provided regarding sole proprietorship and unincorporated associations.Neither a sole proprietorship nor an unincorporated association is a separate legal entity from the associated individual(s), therefore, beneficial ownership is not inherently obscured.
- Companies listed on foreign exchanges are not excluded from the definition of legal entity customer. Such companies may not be subject to the same or similar public disclosure and reporting requirements as companies publicly traded in the United States. In addition, FinCEN has directed that a risk-based approach may not be adopted for these foreign listings.
- FinCEN has clarified that the U.S. Government will not maintain a list of non-U.S. jurisdictions where the regulator of financial institutions within that jurisdiction maintains beneficial ownership information regarding the financial institutions they regulate or supervise.
- The exclusion from the definition of legal entity customer for charities and non-profit entities is not limited to those entities that meet the definition or description of charitable, non-profit, or similar entities under the IRC.
- The rule does not require covered financial institutions to research the specific transparency requirements imposed on a foreign financial institution by its regulator and compare them with those imposed on U.S. financial institutions by U.S. Federal functional regulators. However, if the foreign regulator does not collect and maintain beneficial ownership information on the foreign financial institution it regulates, then U.S. financial institutions will have to collect and maintain beneficial ownership information on accounts opened by foreign financial institutions in compliance with the Rule.
- Legal Entity Owned By Trust
Where the legal entity is owned by a Trust, then the appropriate beneficial owner is the trustee. The FAQ states that for LE-owned by trusts and managed by multiple trustees, then covered financial institutions should ID&V a single trustee, as a minimum, and additional co-trustees on a risk-based approach.
- Currency Transaction Report (CTR)
Covered FIs are not required to list the beneficial owners during a standard CTR filing.They must, however, list a beneficial owner in Part 1 of the CTRonly if the financial institution has knowledge that the transaction(s) requiring the filing is made on behalf of the beneficial owner and results in either cash in or cash out totalling more than $10,000 during any one business day.
The FAQ clarifies that unless the FI is in possession of information to the contrary, they may presume that businesses which share a common owner are completely separate and operating independently and, therefore, transactions across these separate businesses should not be aggregated for CTR purposes.The FAQ provides examples of when this might not be the case, i.e. where businesses are staffed by the same employees and are located at the same address, the accounts of one business are repeatedly used to pay the expenses of another business or of the common owner: in such a scenario, the transactions would be aggregated for CTR purposes.
- Nature & Purpose of Account
This information should be used to develop a baseline against which customer activity, such as the customer’s expected use of wires or typical number of deposits in a month, can be assessed for possible suspicious activity reporting. If account activity changes, particularly with regard to whatshould be anticipated based on the original nature and purpose of the account, risk-based monitoring may identify a need to update customer information, including, as appropriate, beneficial ownership
A clear requirement of the CDD rule is that FIs understand “the nature and purpose of customer relationships to develop a customer risk profile.” There has been a degree of uncertainty in how this should be documented and against what parameters. The FAQ provides some guidance by noting that the profile may, but doesn’t necessarily have to, include a system of risk ratings or categories of customers. Accordingly, the documentation that is required to demonstrate an understanding of the nature and purpose of a customer relationship would vary with the type of customer, account, service, or product.
FinCEN has acknowledged that they may issue additional FAQs/guidance or grant exceptive relief as appropriate.