BSA/AML ‘customer due diligence’ rule compliance required May 11; congressional hearing slated Friday

The 2016 revised customer due diligence rule is the first FinCEN rule to require financial institutions to obtain “beneficial ownership” information on “legal entity” customers.

Financial institutions have about 2 1/2 weeks to ensure they’re in compliance with a “customer due diligence” (CDD) rule published two years ago by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). A House subcommittee plans a hearing Friday on the rule’s implementation from the financial institution perspective, with witnesses yet to be named as of press time.

With a compliance deadline of May 11, the provisions add to the arsenal of BSA/anti-money laundering rules implemented by FinCEN in its fight against money laundering and the financing of criminal or terrorist activity.

The final rule requires all “covered” institutions – depository institutions as well as brokers or dealers in securities, mutual funds, futures commission merchants, and introducing brokers in commodities – to collect and verify the personal information of the real people (also known as “beneficial owners”) who own, control, and profit from companies (“legal entity customers”) when those companies open accounts. Under this new requirement, institutions will have to identify and verify the identity of any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity.

In issuing the final rule, FinCEN listed four core elements of CDD that it said should be “explicit requirements in the anti-money laundering (AML) program for all covered financial institutions, in order to ensure clarity and consistency across sectors.” These are (1) customer identification and verification, (2) beneficial ownership identification and verification, (3) understanding the nature and purpose of customer relationships to develop a customer risk profile, and (4) ongoing monitoring for reporting suspicious transactions and, on a risk-basis, maintaining and updating customer information.

The first of these elements was already an AML program requirement, the agency said, and the 2016 rule addressed the second. “The third and fourth elements are already implicitly required for covered financial institutions to comply with their suspicious activity reporting requirements,” it said.

The National Credit Union Administration (NCUA) has said it plans to begin examining for credit union compliance during the second half of this year. The Office of the Comptroller of the Currency (OCC) also included this in its 2018 supervisory plan.

Friday’s hearing, “Implementation of FinCEN’s Customer Due Diligence Rule – Financial Institutions Perspective,” is scheduled for 9:15 a.m. ET by the House Financial Services Subcommittee on Financial Institutions and Consumer Credit.

FinCEN Final Rule, Customer Due Diligence Requirements for Financial Institutions

Frequently Asked Questions (April 3, 2018)