Since the early 2000s firms have had to establish an Anti-Money Laundering (AML) program that was built on four key elements:
- Establish and implement policies and procedures to achieve compliance with the provisions within the Bank Secrecy Act (BSA)
- Independent testing for compliance
- Designation of an individual(s) responsible for the program
- Ongoing training for appropriate persons within the firm
Unfortunately, prior to May 11, 2016, the current guidelines left a fairly big hole in the AML fabric. Firms were NOT required to verify the identity of any individuals that were beneficial owners or controlling parties of legal entity accounts. This meant that the bad guys could hide behind various types of entity accounts without having to provide any documentation to prove their identity.
With the new final rules published by the Financial Crimes Enforcement Network (FinCEN) on May 11, that hole has been plugged. Firms will now be required to include a fifth key element to their program: addressing a more robust Customer Due Diligence for legal entity customers. Firms will now be required to verify two types of natural persons for qualifying legal entity customers. One is the list of beneficial owners, which they define as anyone who directly or indirectly owns 25% or more of the equity interest in the legal entity. The other is the controlling person, which is defined as the individual with significant responsibility to control, manage, or direct the legal entity.
The final rule is pretty clearly defined, but it does introduce a handful of exemptions and carve outs. Most firms look at these exemptions as a double-edged sword. On one hand it is great to reduce the amount of effort and surveillance by reducing the population of accounts. But on the other, it means that any program–-automated or otherwise-–needs to provide the means to identify the exempted accounts and properly exclude them. This normally results in complexity, which means some unforeseen costs of implementation that firms really need to be aware of as they plan their program updates.
Identification and maintenance of the natural persons is a great step, but FinCEN didn’t stop there. They also require firms to incorporate these identified persons within their existing efforts to comply with the ongoing monitoring of activities and updates for the customers and provided guidance on recordkeeping requirements. This means a couple of additional things for firms. First, the rule will need to be part of a firm’s onboarding process, account screening, transaction monitoring, and ongoing account maintenance. And, secondly, firms will need to have procedures for maintaining a record of all information obtained about the natural persons for five years after the account is closed. And like always, a clear audit trail of when everything was done and by whom is also required.
At IFS we stand ready to help incorporate your new CDD requirements into your existing onboarding and account maintenance functionality. If you're already an IFS client, feel free to reach out to your project manager. If you're not a client, but are interested in how IFS can help you comply with the CDD requirements, click the button below:
Federal Register - www.federalregister.gov/articles/2016/05/11/2016-10567/customer-due-diligence-requirements-for-financial-institutions