Implementation of New BSA and Customer Due Diligence Rule is Coming

Following a two-year period allowing institutions to prepare for compliance, the implementation date for the new rule on Bank Secrecy Act (BSA) customer due diligence is drawing close.

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a final rule for customer due diligence on May 11, 2016. This rule codifies existing regulatory expectations concerning customer due diligence and imposes a new requirement on covered financial institutions to identify and verify the natural persons behind institutions’ legal entity customers. Covered institutions must be in compliance with this new requirement by May 11, 2018.

The new rule applies when an account is opened by a new or existing “legal entity customer.” In this context, a legal entity customer would be a corporation, limited liability company, limited partnership, general partnership, business trust, or any other entity created by a filing with a Secretary of State or similar office. For each new account opened by a legal entity customer, the covered institution must identify the beneficial owners under either of the following criteria:

  • Each individual, if any, who directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise, owns 25% or more of the equity interests of the legal entity customer.

  • A single individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer, a senior manager, or any other individual who regularly performs these functions.

Once a covered institution identifies the beneficial owners of a legal entity customer, it must verify the ownership information using reasonable and practicable risk-based procedures. These procedures would include the elements employed by the covered institution in verifying the identity of individual customers under the institution’s customer identification program (CIP).

Under the new rule, covered institutions are permitted to rely on information provided by a legal entity customer regarding the identity of its beneficial owners, absent information that would reasonably call into question the reliability of that information. Further, in most cases, covered institutions are permitted to rely on another financial institution’s identification and verification of the legal entity customer’s beneficial owners.

Under the new rule, covered institutions must develop written procedures that contain the elements required for verifying the identity of customers that are individuals under CIP requirements. Just like its CIP for individual customers, an institution must collect the name, date of birth, address, and Social Security number or other government identification number for any individuals who own 25% or more of the equity interest of the legal entity. Moreover, it must collect the same information for an individual with significant responsibility to control and/or manage the legal entity at the time a new account is opened.

At the time a new account is opened for a legal entity, a covered institution is required to obtain a certification from the individual opening the account on behalf of the legal entity, identifying the beneficial owners of the entity. FinCEN has provided a sample certification in Appendix A of the new rule that may be used for this purpose.

The BSA/AML Examination Manual of the Federal Financial Institutions Examination Council (FFIEC) states that the objective of customer due diligence is to enable a bank to predict with relative certainty the types of transactions in which a customer is likely to engage, in order to assist the bank in determining when transactions are potentially suspicious. Banking agency examiners will expect covered institutions to capture enough customer information and expected transactions up front at account opening in order to form reasonable expectations— and then monitor the account for transactional patterns and amounts that may deviate from these expectations.

With the new rule’s implementation date looming, covered institutions should be well on their way toward completion of written policies and procedures that incorporate the identification of beneficial owners of legal entity customers into their BSA/AML compliance program. Several resources are available to institutions seeking to ensure compliance in this area. Foremost is the FFIEC’s BSA/AML Examination Manual, available on the FFIEC website ( Covered institutions should focus particularly on the manual’s “Appendix K: Customer Risk vs. Due Diligence and Suspicious Activity Monitoring.”

The FFIEC website also contains the 2010 interagency publication “Guidance on Obtaining and Retaining Beneficial Ownership Information.” FinCEN has made available on its website some FAQs regarding the scope of the customer due diligence requirements.

In addition to revising and updating policies and procedures on customer due diligence, regulatory officials have emphasized the importance of

  • Updating employee training programs and job aids.

  • Incorporating customer due diligence into the BSA audit program.

  • Updating risk assessments.

  • Addressing risk in third-party vendors and systems.

Future Legislation

On January 9, 2018, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing that focused on ways to strengthen BSA enforcement and compliance. Committee Chairman Mike Crapo (R-Idaho) stressed the need to sharpen the focus of a “modernized, more efficient U.S. counter-threat finance architecture.” Specifically relevant to the regulatory expectations placed on covered institutions regarding customer due diligence, the committee is considering beneficial ownership legislation for companies formed in the United States.

The proposed legislation, the Counter Terrorism and Illicit Finance Act, may include provisions requiring government collection of beneficial ownership information on companies at the time of incorporation. This information would be received and maintained by FinCEN and could be accessed by law enforcement and financial institutions. FinCEN’s responsibility for receiving and maintaining this beneficial ownership information would ease this regulatory burden for insured institutions.

While this legislation appears to have bipartisan support, its fate is still uncertain.

The above is based on an excerpt from The RMA Journal, May 2018 article “Implementation of New BSA and Customer Due Diligence Rule is Coming” by Bernard Mason, RMA’s regulatory relations liaison. You can read the article in its entirety here.

Washington - The Week Ahead, March 25-29, 2019

Read More

The Why, How, and What of Effective Risk Reports

Read More

Op Risk, Regulatory Compliance, and Credit Top Challenges for Banks in 2018, According to RMA Survey

Read More

comments powered by Disqus