It has been several months since the U.S. Department of the Treasury announced the final publication of the Customer Due Diligence (CDD) rule, and financial institutions continue to scramble to bring their organizations into compliance with the rule before it takes effect in May 2018. Of course, while large institutions may have the resources to meet the requirements of the CDD rule, many smaller financial firms may not, and consequently may instead be facing difficulties implementing and complying with the rule.
Although there is no true substitute for direction from compliance professionals, hopefully this article provides some guidance for smaller organizations in tackling the new CDD rule.
The CDD rule requires “covered financial institutions” (as defined by 31 C.F.R. § 1010.605(e)(1)) to identify the “beneficial owners” of “legal entity customers.”
In plain English: the rule requires federally regulated and/or insured institutions and brokers to gather, verify, and record the identities of the actual individuals who own and control a company when said company opens an account.
However, the new requirements are far more extensive than the above statement makes them sound. For example, the CDD rule also amends existing anti-money laundering (AML) program requirements for each covered institution to, among other things, conduct ongoing suspicious activity monitoring and reporting.
Under the rule, a beneficial owner is defined as each individual in each of the two following prongs:
According to FinCEN’s FAQ, “a legal entity will have a total of between one and five beneficial owners” – at least one person under the control prong, and between zero to four persons under the ownership prong.
For each individual who qualifies as a beneficial owner under the either of the above prongs, financial institutions must collect the following information:
The information must be verified at the time a new account is opened, most typically through the review by the institution of a current government-issued form of identification bearing a photograph of the individual, such as a driver’s license or passport.
The rule notes that these verification requirements are similar to existing customer identification program (CIP) verification requirements for individual customers.
That is the million-dollar question, isn’t it?
While there are no easy shortcuts, those familiar with the new rule along with current federal regulations may have noticed relationships and similarities between many CDD and existing AML and CIP requirements.
For instance, the CDD rule requires covered institutions’ procedures for identifying and verifying the identity of beneficial owners to “at a minimum, contain the same elements as required for verifying the identity of customers that are individuals under the applicable CIP rule.” In addition, the CDD rule uses the same definition of “account” as that used for CIP purposes.
Furthermore, covered financial institutions are required to include these procedures in the institution’s AML compliance program.
The point here is that, while the CDD does impose a broad array of new regulations on financial institutions, many simply build on existing CIP and Bank Secrecy Act (BSA)/AML requirements. As such, there should be no need to reinvent the wheel in many circumstances, and organizations may be able to save time and money in the implementation of CDD rule requirements by leveraging existing CIP and BSA/AML compliance programs.