Did you hear it? The alarm clock that just rang to signal the ‘one-year warning’ for May 11, 2018. That is the effective date for the Financial Crimes Enforcement Network (FinCEN) Customer Due Diligence (CDD) enhanced rules and the need for financial institutions to add a fifth pillar to the BSA/AML program.
There are two key components of the new requirement:
- Maintain written procedures that are reasonably designed to identify and verify the beneficial owners of legal entity customers; and
- Have appropriate risk-based procedures for conducting ongoing CDD to understand the nature and purpose of customer relationships. Also, conduct ongoing monitoring to identify and report suspicious transaction, and based on risk, maintain and update customer information.
The FinCEN definition of a covered financial institution covers federally-regulated banks and federally insured credit unions, mutual funds, brokers or dealers in securities, futures commission merchants, and introducing brokers in commodities.
According to FinCEN, a “beneficial owner” is:
- each individual, if any, who, directly or indirectly, owns 25% or more of the equity interests of a legal entity customer (i.e., the ownership prong); AND
- a single individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or any other individual who regularly performs similar functions (i.e., the control prong). This list of positions is illustrative, not exclusive, as there is significant diversity in how legal entities are structured.
Under the Bank Secrecy Act, a financial institution’s compliance program must be written, approved by the board of directors, and noted in the board minutes. A financial institution must have a BSA/AML compliance program commensurate with a BSA/AML risk profile it develops from a risk assessment process. The new CDD rules are effective for accounts that open on or after of May 11, 2018 (applicability date). Beginning then, the risk assessment process and the resulting BSA/AML risk profile should reflect the beneficial ownership rules, the rules’ effect on the financial institution’s level of risk, and steps that it has taken to mitigate the risk.
The BSA/AML compliance program must currently provide for the following minimum elements which are commonly referred to as the ‘four pillars’ of the program:
- A system of internal controls to ensure ongoing compliance.
- Independent testing of BSA/AML compliance.
- Designate an individual or individuals responsible for managing BSA compliance (BSA compliance officer).
- Training for appropriate personnel.
The CIP must currently be included as part of the BSA/AML compliance program, and the FinCEN guidance has long addressed the four pillars. Now financial institutions will need to either add a new fifth pillar for the CDD rules or augment the written policies with new internal control procedures that address the nature and purpose of customer relationships relative to developing a customer risk profile and conducting ongoing monitoring to identify and report suspicious transactions.
Broad-based retroactive measures on existing accounts are not required by the new CDD rules; however, FinCEN expects financial institutions to employ measures to bring existing accounts up-to-date based on events, such as significant company ownership management changes, identification of suspicious activity, or other account changes.
Around the Industry:
CFPB seeks RESPA reform input as part of 5-year mortgage rule review.
On the Horizon:
House Financial Services Committee passes CHOICE reform measure – will CFPB be restructured?
What does a legal case have to do with mortgage compliance? See this.