Covered financial institutions must assess and enhance their AML programs to be in compliance with the specific requirements of the new Rule by May 11, 2018. Is your firm ready?
Beneficial Owner Identification: Covered financial institutions must implement procedures to identify and verify each beneficial owner of and a control person for each new account of a “legal entity” customer.
AML Compliance Program: Covered financial institutions must add a “fifth pillar” to their AML programs: Using the information obtained by CDD, firms must understand the nature of the customer relationship to develop a risk profile and use that profile for AML monitoring and surveillance.
If your firm is a federally regulated bank, federally insured credit union, securities broker or dealer, futures commission merchant, introducing commodities broker, or mutual fund company subject to Bank Secrecy Act (“BSA”) AML requirements, it is a covered financial institution and subject to the Rule.
With certain exceptions contained in the Rule, a “legal entity” customer is any customer other than a natural person, unincorporated association or sole proprietorship. For example, a corporation, a general and a limited partnership, and a limited liability company are all legal entity customers.
Some legal entity customers are excluded from the Rule, e.g., public companies registered on a national stock exchange; bank holding companies; financial institutions regulated by a federal functional regulator or a bank regulated by a state banking regulator; foreign regulated financial institutions that are subject to equivalent ownership and control disclosure requirements.
While SEC-registered investment advisors are not specifically covered, the practical effect of that exclusion remains to be seen, as discussed below.
A beneficial owner is each individual who, directly or indirectly, owns 25% or more of the equity interest in or controls more than 25 % of the voting power of a legal entity customer.
The definition and requirements of a beneficial owner include control person, defined as a single individual with significant responsibility to control, manage or direct a legal entity customer. Examples include the CEO, President, COO, CFO, Managing Partner, General Partner, Managing Member, and Managing Director. That person may be but need not also be a beneficial owner.
The identification and verification procedures for beneficial owners/control persons are similar to those for individual customer identification. FINCEN has even provided a form for covered financial institutions to use for purposes of collecting this information.
The financial institution may rely on the beneficial ownership information provided by the customer, so long as it has no knowledge of facts that would reasonably call into question the reliability of the information. The financial institution must maintain records of beneficial ownership and may rely on another financial institution for the performance of these requirements, to the same extent as under the existing CIP rules.
Prior to the issuance of this Rule, the BSA required covered financial institutions to maintain an AML program comprising “four pillars”:
The new Rule adds a “fifth pillar” for AML compliance programs.
The fifth pillar elements include:
In its executive summary of the Rule, FinCEN noted that many of these fifth pillar elements are familiar to AML compliance professionals (e.g., element one is already an existing BSA/AML program requirement, and elements three and four have been implicitly required in order to comply with the BSA/AML duty to detect and report suspicious activity).
Only element two – the beneficial ownership identification and verification requirement – is truly new.
The beneficial ownership identification is added to assist law enforcement in conducting investigations of financial crimes by enabling them to identify the individuals who may be hiding behind legal entities and legal entity accounts to disguise the origins and movement of criminal activities and proceeds. Because the European Union and other jurisdictions already have such a requirement, and the US has been criticized for not fully imposing one, firms can expect that this Rule will be the focus of regulators and criminal law enforcement authorities.
Covered financial institutions must assess and enhance their AML programs to be in compliance with the specific requirements of the new Rule by May 11, 2018. There is no expectation that FinCEN will entertain an extension.
Please do not assume that just because your firm is not a covered financial institution (e.g., Registered Investment Advisor) that there will be no impact from the Rule. Covered financial institutions will also expect their counterparties and customers to provide this information. Some large covered financial institutions may take this opportunity to “scrub” all their data on existing relationships and not limit themselves to complying with the Rule only for new accounts.