Customer Due Diligence (‘CDD’) Redefined
Regulatory changes being the ever-tightening noose around the neck of the financial industry, FinCEN͛s Final Customer Due Diligence (CDD) Rule (Final Rule), will come into force effective May 11th, 2018. It will bring in new changes to how financial institutions can collect, maintain and act upon beneficial ownership information and conduct customer due diligence (CDD). The rule codifies new and existing CDD requirements under the Bank Secrecy Act (BSA) for covered financial institutions.
The background of this new rule takes us back to 2016 Bahamas Leak and Panama Papers scandal, which resulted in the financial details of hundreds of thousands of accounts being leaked into the public domain. These leaks highlighted the level of wealth being hidden from the government and regulatory scrutiny through the use of shell companies.
Under the Final Rule, covered financial institutions are now required to document procedures incorporated into their Anti Money Laundering (AML) compliance programs to identify and verify natural persons for each legal entity customer that opens an account on or after May 11, 2018. Once these natural persons are identified and verified, a covered FI must determine the beneficial owners of each legal entity. This is a significant addition to the current BSA/AML regime as covered FI’s are not “presently required to know the identity of the individuals who own or control their legal entity customers”. Many proponents of the Final Rule claim that this gap has enabled criminals, money launderers and terrorist financing organizations to process illegal proceeds through the financial services system through legal entities.
To make it clear, a beneficial owner includes –
(i) Significant Interest – Any individual who, directly or indirectly, owns 25 percent or more of the legal entity customer (the “Ownership Prong”); and
(ii) Significant Control – One individual who has “significant responsibility to control, manage, or direct the legal entity”. (the “Control Prong”). FinCEN believes that determining who fits within the Control Prong is “straightforward.” “[T]he legal entity customer must provide identifying information for one person with significant managerial control.”
How to brace yourself for the Upcoming Change –
Determine what business lines and departments will be impacted by the Rule.
Review your risk assessment methodologies taking into account the beneficial ownership and customer due diligence requirements.
Refine your AML-specific risk appetite statements accordingly.
Will your risk assessment impact your acceptance of customers with complex business structures or relationships
Update and evaluate your current CIP, verification and ongoing monitoring policies. These include:
i) BSA Policy
ii) OFAC Policy
iii) CIP/New Account Opening Policies
Many financial institutions (and certain jurisdictions such as the Cayman I slands) make it necessary to identify persons who own at least 10% of a legal entity customer. Normally in such instances where thresholds are higher than impending changes, abiding by the higher threshold prevails – although this is a decision that the business needs to determine on a circumstantial basis.
An example of what you may want to update and evaluate would be as follows (do take note that this list is not exhaustive and would vary based on the exact segment of the financial industry you are specifc to):
• New Account Opening Procedures
• Suspicious Activity Monitoring Procedures
• Transaction Aggregation Procedures
• Onboarding Processes and Procedures
a) What will you collect?
b) Will you conduct CIP on signatories?
c) If you use a vendor to conduct verification, will they be able to verify up to six people (up to four under the ownership prong, one under the control prong, and one signatory)?
d) Are there sufficient lines available to enter beneficial ownership information?
e) Have you updated your relationship codes?
f) Will you restrict an account if you are unable to verify one or more beneficial owners?
g) Will you leverage existing individual Customer Identification Program/Due Diligence information where the customer is also a beneficial owner of a covered legal entity?
h) Will new vendors and/or technology solutions be needed?
• Update your training programs to help ensure consistent understanding of the Final Rule and associated red flags.
• Customers will have questions. Do you have an easy-to-understand definition of “beneficial owner?”
• How will you determine whether a new customer is a “legal entity” subject to the Final Rule?
• Update forms such as Signature Cards & Certification Form. Alternatively the option of using FinCENs form is available, as deemed relevant to your business.
• New Account Worksheets
This checklist only scratches the surface of the changes you will need to implement in order to be prepared by the May 11, 2018 compliance date. And remember, as with any other aspect of BSA/AML, federal functional regulators may impose their own, additional supervisory expectations.
Beneficial Ownership in other Jurisdictions
There are slight variations in the definition of Beneficial Ownership (“BO”) among the jurisdictions, almost all of them have mandated a register of BOs. Hong Kong has also made it mandatory for legal persons to have a register of persons with significant control (PSC) and similar to Singapore, the register will be made available to competent authorities and not the general public. The USA has a state level register of beneficial ownership and had announced plans to have a central non-public register. Germany recently promulgated a law requiring all German companies to have the Beneficial Ownership Register (BOR). The United Kingdom implemented a central public register of BOs in 2016 while countries such as France, Netherlands, and Nigeria have committed themselves to soon implement a central public register. Australia, New Zealand, Indonesia, and Ireland are exploring the implications of having a public register. Recently, the British Virgin Islands implemented a central database of BOs called Beneficial Ownership Secure Search (BOSS) system, to which the law enforcement authorities have access. In February 2017, the European Union members agreed to a proposal that would allow information contained in BO registries to be made available to the public who demonstrate “legitimate interest” by which journalists, lobbyists and the likes would be precluded from accessing the information in the registers.
It must be noted that the new Singapore regulation is largely reflective of the UK’s BO regime but significantly differs from it in terms of its accessibility whereby the Register of Controllers (RoC) is not to be made public and companies can withhold information that is subject to legal privilege. Singapore’s BO regime enhances the transparency of legal persons without compromising on the confidentiality of natural persons.
We @ ARGUS (now Waystone Compliance) can help you Stay on top of statutory compliance requirements.