Examining Beneficial Ownership and Risk-Based Customer Due Diligence
In 2016, the Financial Crimes Enforcement Network issued its final rule on beneficial ownership, requiring “covered financial institutions” to establish due diligence procedures to identify and verify beneficial owners of a “legal entity customer” at the time a new account opens. The final rule also institutes a fifth “pillar” for anti-money laundering programs required under FinCEN’s rules for banks.
This fifth pillar requires banks to create risk-based procedures for conducting ongoing customer due diligence such as developing customer risk profiles, implementing ongoing monitoring to identify and report suspicious activity, and, on a weighted risk basis, updating customer information. Covered financial institutions were required to comply by May 11, 2018.
Covered financial institutions include depository institutions, including insured banks; commercial banks; savings associations; federally insured credit unions; federally regulated trust companies; US agencies and branches of a foreign bank and Edge Act corporations; securities broker-dealers; mutual funds; and futures commission merchants and introducing brokers in commodities. These entities are required to establish and maintain written procedures that are reasonably designed to identify and verify beneficial owners of legal entity customers.
A legal entity customer is a corporation, limited liability company, or other entity created by filing a public document with the Secretary of State or similar office; a general partnership; or any similar entity formed under the laws of a foreign jurisdiction that opens an account. With respect to these legal entity customers, there are two types of beneficial owners under the final rule.
The first type, who satisfy the “ownership” prong, includes each individual who, directly or indirectly, owns 25 percent or more of the equity interests of the legal entity customer. The second type, who satisfy the “control” prong, includes single individuals such as chief executive officers, vice presidents, and treasurers who have a significant responsibility to control, manage, or direct the legal entity customer. With respect to the control prong, at least one beneficial owner is required to be identified for each legal entity.
Covered financial institutions are also required to retain records of the information they obtain regarding beneficial ownership for five years. These records must include, at a minimum, the identifying information obtained and a description of documents that the financial institution reviewed to verify the beneficial owners’ identities. A reliance principle is also incorporated, meaning that covered financial institutions may rely on the information provided by legal entity customers regarding beneficial owners, so long as there is no reason to question the reliability of the information.
In regard to the risk-based due diligence requirements, the final rule also amends the AML program requirement to include risk-based procedures for customer due diligence. These amendments require a covered financial institution to understand the nature and purpose of its customer relationships in order to develop a customer risk profile. A customer risk profile is a representation of the cumulative information gathered during the account-opening process that is used to develop a baseline against which activity is assessed for suspicious activity reporting purposes.
Additionally, a covered financial institution is required to conduct ongoing monitoring to identify and report any suspicious transactions and to update its customer information on an “event-driven” basis.
If you have questions regarding the information presented in this alert, please contact Roger Cominsky, Financial Institutions & Lending Practice Area Chair and partner, at firstname.lastname@example.org.