Are you prepared for the new CDD rule?
In May 2016, the Treasury Department issued final rules under the Bank Secrecy Act to clarify and strengthen customer due diligence (CDD) requirements. The new regulation is the most significant change to BSA since the USA PATRIOT Act. To prepare for the new CDD rule, a multitude of changes will be needed to financial institutions’ account opening and Know Your Customer (KYC) procedures.
With less than 18 months until the rule’s deadline, many questions remain. Below is a list of frequently asked questions provided by my firm’s experts.
Q1. What is “beneficial ownership”?
A. At the time a new account is opened for a legal entity, financial institutions are required to obtain a certification from the individual opening the account on behalf of the legal entity, identifying the beneficial owner(s) of the entity.
Q2. When will the new rule be in effect?
A. The rule took effect 60 days after its publication in the Federal Register, on July 11, 2016.
Q3. When must we be compliant?
A. You have two years (until May 11, 2018) at the very latest to update your policies and procedures and to implement your new processes, but do not be surprised if your examiners ask to see your implementation plan.
Q4. Is the rule retroactive?
A. No, you will only need to obtain this information going forward. However, if a legal entity opens a new account, another certification must be obtained. This is true even for legal entities with existing relationships. Examiners will also require a risk-based approach to updates if, during normal monitoring, there appear to be changes to the beneficial ownership information. In some cases this may require re-certification, even for existing accounts.
Q5. How does this apply to loan accounts?
A. This rule applies to all accounts, including checking, savings, certificates, and loans.
Q6. Are we required to add beneficial owners to our core systems, or are notes sufficient?
A. You are required to aggregate for currency transaction report (CTR) purposes and for suspicious activity monitoring. So at a minimum, this information must be in your CTR and AML monitoring systems.
Q7. What CIP information should I collect for beneficial owners?
A. You will collect the same basic customer identification program (CIP) information that you collect today: name; date of birth for individuals; address; and identification number.
Just as you do for signers on the account, you will be required to verify the identity of each listed beneficial owner using risk-based procedures to the extent that is reasonable and practicable.
You have the option to accept a copy of the identification for beneficial owners. This is because they will often not be present at account opening. You are not required to retain actual copies, but you do need to document what you collected for five years after the account is closed.
When updating your CIP policies and procedures, you may choose to re-write the section of your policies to include beneficial ownership or create a separate sub-section of CIP for beneficial ownership.
Q8. The new rule refers to a two-prong approach to beneficial ownership. What does this mean?
A. The new rule takes a two-prong approach—ownership and control—for the identification of beneficial owners. You will have to consider both:
Ownership prong—For the ownership prong, you need to identify any natural persons with a 25% or more ownership of the legal entity. You do not need to calculate or determine this; you can rely on the certification provided by the customer. If something alerts you that they are providing untrue information, you should file a SAR.
• There is no obligation for financial institutions to determine beneficial ownership or analyze calculations. They may rely on information provided by the individual on the certification form.
• There may be no beneficial owner with 25% or more. If this is the case, there may be no beneficial owners listed for the ownership prong.
• There is no obligation to determine if the entity is structuring to avoid a 25% threshold.
• If an entity is an owner, you are not required to identify/verify natural persons behind the entity.
• Use a trustee as the beneficial owner if a trust owns 25% or more of a legal entity.
Control prong—You will also have to collect at least one individual from the control prong.
This is to be a natural person within the management structure who has significant responsibility to control, manage or direct the legal entity.
Q9. To identify beneficial owners for the ownership prong, how far down will we be expected to research to find the natural person?
A. If the natural person is not 25% or more, you are not required to drill down at all. For example if an individual person owns 75% and a company owns 25% of an entity, you will only need to list the individual.
Q10. How do we have non-governmental organizations (NGOs), charities, and religious organizations such as churches complete the certification of beneficial ownership?
A. NGOs, charities, and religious organizations such as churches are excluded from the ownership prong, so you only need to list one person who has significant control over the entity for the control prong.
Q11. In our current policies and procedures we collect more than the basic CIP elements for accountholders/signers. Will we be criticized if we do not request this same extra information for beneficial owners?
A. No, as long as you collect the basic required information for the beneficial owners.
Be clear and detailed in your updated policies and procedures, and remember you can always make a risk-based decision to request more information than is listed in your policy.
Q12. If the individual opening the account does not provide CIP on the beneficial owners, should we refuse to open the account?
A. Yes, this is basic CDD information that will be required under the new rule and should be made clear in your updated policies and procedures.
Q13. Can we accept non-documentary verification for CIP information for beneficial owners as we do for our existing owners/signers?
A. Yes, your CIP verification policy and processes for beneficial owners may be similar to what you currently have in place today for signers/owners.
Q14. Are we required to conduct OFAC checks on beneficial owners? How about 314(a) scans?
A. You are required to conduct OFAC scans on beneficial owners. It is not required to conduct 314(a) scans. That would be optional.
Q15. Should we be collecting the same customer due diligence information at account opening for each new account? And what about consumer accounts?
A. Regulators say that the level of sophistication of analysis for a CIP program and the collection of customer due diligence information may vary by bank. A detailed analysis is important because with any type of product or category of customer, there will be accountholders that pose varying levels of risk.
Even though the beneficial ownership rules are specifically written for business entities, an institution may also make a risk-based decision to request additional information for consumer accounts as well.
Q16. What can we do now to begin preparing for the new regulation?
A. Start by preparing a checklist and even a taskforce to start understanding the changes that will need to be made within your institution. This includes costs, timelines, and so on. (A sample checklist and other beneficial ownership resources are available at bankerstoolbox.com)
The deadline for complying with the new CDD rule is technically in 2018, but it is likely that regulators will start asking about your banks plans as soon as this year. It is important to begin understanding and preparing for beneficial ownership now. To ensure compliance well before the deadline, staying ahead of the game is key.
About the author
Terri Luttrell is the senior manager of professional services at Banker’s Toolbox. She helps clients in enhancing their suspicious activity monitoring program, improving written procedural practices, and evaluating their institution’s use of their automated systems. She is a member of National ACAMS (Association of Certified Anti-Money Laundering Specialists) and is on the Board of the Central Texas ACAMS Chapter. She is CAMS-Audit certified.
- The Deutsche Bank-Commerzbank Teaching Moment: Learn From History or Risk it All
- How Dutch Bank ABN AMRO Describes Strategy and How it Differs from US Banks
- Compliance Automation to Increase Consumer Protection and Enhance Customer Experience
- Predict Illicit Transactions Faster, Meet Regulators’ Expectations Earlier
- Fending Off Tech Giants Through Digital Transformation