By: Dan Frechtling, SVP of Marketing and Chief Product Officer
The new Customer Due Diligence Final Rule announced by FinCEN last week was less radical than some anticipated. It has been called both cooperative and soft. It’s cooperative because it was created in collaboration with banks. It’s soft because some believe it trusts banks too much and will let criminals through. But while the rule did not reflect drastic change, it gives a boost to consistent tenets of Customer Due Diligence (CDD). FinCEN essentially asks financial institutions to carry on with prior CDD guidance.
Two common themes were reinforced:
- Understanding the nature and purpose of customer relationships to develop a customer risk profile
- Ongoing monitoring of transactions and maintaining and updating customer information on a risk basis
This consistency and stability is beneficial for banks and Third-Party Payment Processors (TPPPs) as they apply CDD best practices.
Proponents cite the six years of preparation as a model of effective government-industry collaboration. “Building on years of important work with stakeholders, the actions we are finalizing today mark a significant step forward to increase transparency and to prevent abusive conduct within the financial system,” said Treasury Secretary Jacob J. Lew. A FinCEN spokesman added, “The rule includes a very thorough regulatory impact assessment, and the costs and benefits were weighed.” But Ross Delston, an AML expert and lawyer, said it was so soft “we should be calling it the pillow-top regulation.”
The main reasons include a long implementation period and no verification if firms are being truthful about beneficial owners. The purpose of the rule is to combat financial crime, promote consistent supervision of financial institutions, increase financial transparency of legal entities, and demonstrate US leadership in protecting the international financial system.
Key aspects of the rule
The Customer Due Diligence Final Rule, also known as the Beneficial Ownership Rule, was outlined as follows:
The rule contains three core requirements: (1) identifying and verifying the identity of the beneficial owners of companies opening accounts; (2) understanding the nature and purpose of customer relationships to develop customer risk profiles; and (3) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.
Banks obligations vis-a-vis beneficial owners are defined as follows:
Financial institutions will have to identify and verify the identity of any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity. The first aspect, 25%+ ownership, is straightforward. The second “control” clause describes a person with significant managerial power over the legal entity. Not all businesses will have owners with more than 25%, but they will always have at least one individual with managerial control.
Banks have until May 11, 2018 to implement the rule in their policies.
Reinforcement of past CDD themes
The reminders to “understand the nature and purpose of customer relationships” and “maintain and update customer information” re-emphasize existing regulatory expectations.
In the new rule, FinCEN repeats multiple times what it’s said in the past. On page 8 it explains these two practices “comprise the minimum standard of CDD, which FinCEN believes is fundamental to an effective AML program.” On page 19, it reiterates, “FinCEN viewed this part of the rulemaking as not imposing new requirements, but rather making explicit the activities that covered financial institutions are already expected to undertake, based on guidance and supervisory expectations, in order to satisfy their existing obligations.”
But what do these practices mean?
Understanding “the nature and purpose of customer relationships” is partially explained on page 57 of the FFIEC BSA/AML examination manual. Under this approach, the bank should obtain information at account opening sufficient to develop an understanding of normal and expected activity for the customer’s occupation or business operations. This understanding may be based on account type or customer classification…
The obligation to “maintain and update customer information” is referenced on the same page:
CDD processes should include periodic risk-based monitoring of the customer relationship to determine whether there are substantive changes to the original CDD information (e.g.,change in employment or business operations)… Financial institutions should expect to be held to existing Know Your Customer (KYC) and Know Your Customer’s Customer (KYCC) standards. This includes keeping an eye on adverse changes in reputation.
How G2 helps financial institutions stay compliant with FinCEN rules
While the rule is rooted in law enforcement, it guides banks with better ways to KYC. Banks and TPPPs need to know who they do business with as a matter of sound management and risk mitigation. G2 KYC Solutions are a set of tools and services that integrate into a bank or processor’s existing workflow to enhance its KYC process.
G2 KYC Solutions include:
- G2 KYC Risk Score: A risk scoring tool
- G2 Business Classification: NAICS, NACE, MCC or custom classification portfolio scan
- G2 Reputation Monitoring: Monitoring for adverse changes in business customer reputation
- G2 Business Customer Monitoring: Watch list checks and ongoing monitoring for changes in business classification, such as sale of illegal goods
Collectively, these solutions allow banks and processors to establish a risk-based approach, understand their customer relationships and update their customer information. They can improve their compliance with FinCEN’s request to understand customer relationships upfront and ongoing. Financial institutions also stay in line with other requirements from the OCC, FDIC, CFPB and other bureaus.