On August 4, 2014, FinCEN released proposed rules that would require banks and certain other financial institutions to identify the “beneficial owners” of their business entity customers and to verify the identity of each such beneficial owner (the “Proposal”). If the Proposal results in final rules that are substantially identical to the proposed rules, financial institutions might be unable to comply without violating the federal Fair Credit Reporting Act (“FCRA”).
Under the Proposal, “beneficial owners” would generally include at least one manager of the entity and each individual owning 25% or more of the entity. This could mean up to five individuals if no manager also owns 25% or more of the entity.
The Proposal would require a financial institution first to identify the customer’s beneficial owners. This should be reasonably manageable because institutions would be able to provide a certification form to its customer and require that the customer name its beneficial owners. Financial institution’s would not be required to take independent steps to verify the status of such persons as beneficial owners.
The potential legal conflict arises under the second prong of the Proposal, under which the financial institution would be required to verify the identity of those persons whom it has been told are the customer’s beneficial owners. The Proposal would require a financial institution to verify the identity of each beneficial owner using risk-based procedures that are “identical to the covered financial institution’s Customer Identification Program procedures required for verifying the identity of customers that are individuals.”
Whether in a deposit or loan context, banks often will obtain a single credit report or other consumer report for the combined purposes of an initial OFAC screen, to confirm the customer’s creditworthiness, and to verify the customer’s identity under the institution’s Customer Identification Program (“CIP”). Such reports are “consumer reports” under the FCRA and therefore subject to the FCRA’s rules, including with respect to when such reports may be obtained.
Modern entertainment, whether it be books or movies, oftentimes grapple with the issues of “who are you?” As a story line develops the audience is kept guessing as characters turn out to have different motivations or identities than what they were first perceived to have. Political thrillers oftentimes involve agents of shadowy groups behind which the true masterminds operate. How much effort will it take to reach the truth? FinCEN has recently come out with some proposed guidance that addresses this issue in the context of the legal entities that financial institutions do business with.
In a proposed rulemaking published in late July, FinCEN proposed a new regulatory requirement to identify beneficial owners of legal entity customers. Going forward, the essential elements of customer due diligence will include: (i) identifying and verifying the identity of customers; (ii) identifying and verifying the identity of beneficial owners of legal entity customers (i.e., the natural persons who own or control legal entities); (iii) understanding the nature and purpose of customer relationships; and (iv) conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions.
The first element is already something which financial institutions address as part of their customer identification program (“CIP”). The second element is the subject of the proposed rulemaking. In order to identify the beneficial owner, a covered financial institution must obtain a certification from the individual opening the account on behalf of the legal entity customer (at the time of account opening). The certification form requires the individual opening the account on behalf of a legal entity customer to identify the beneficial owner(s) of the legal entity customer by providing the beneficial owner’s name, date of birth, address and social security number (for U.S. persons). Significantly, the rule also requires financial institutions to verify the identity of the individuals identified as beneficial owners on the certification form. The procedures for verification are to be identical to the procedures applicable to an individual opening an account under the existing CIP rules.
The proposed definition of “beneficial owner” includes two independent prongs: an ownership prong (clause (1)) and a control prong (clause (2)). A covered financial institution must identify each individual under the ownership prong (i.e., each individual who owns 25 percent or more of the equity interests), in addition to one individual for the control prong (i.e., any individual with significant managerial control). If no individual owns 25 percent or more of the equity interests, then the financial institution may identify a beneficial owner under the control prong only. If appropriate, the same individual(s) may be identified under both criteria.
FinCEN recently announced that it would hold the second in a series of outreach events on the advanced notice of proposed rulemaking (ANPR) published in March 2012 on customer due diligence (CDD) and beneficial ownership requirements for financial institutions. FinCEN is seeking further clarification on a number of issues and to engage with representatives from affected financial institutions on these issues at the roundtable discussion.
The roundtable discussion is scheduled for September 28, 2012 at the U.S. Commodity Futures Trading Commission offices in Chicago, Illinois. The morning session (9:00 a.m. to 12:00 p.m. Central time) is for futures commission merchants and introducing brokers; the afternoon session (1 p.m. to 4 p.m. Central time) is for all other interested financial institutions. Requests to attend the roundtable are due by September 21.
On February 29, 2012, FinCEN released an advance notice of proposed rulemaking on customer due diligence and beneficial owners, proposing to make a customer due diligence obligation explicit for ALL customers (to “clarify, consolidate and harmonize” the federal banking agencies’ expectations) and extending the requirement to collect (and possibly verify) beneficial owner information for most or all customers as well.
FinCen’s advance notice of proposed rulemaking (ANPRM), seeks public comment on a range of questions regarding the development of a customer due diligence (CDD) regulation that would “(i) codify, clarify, consolidate, and strengthen existing CDD regulatory requirements and supervisory expectations, and (ii) establish a categorical requirement for financial institutions to identify beneficial ownership of their accountholders, subject to risk-based verification and pursuant to an alternative definition of beneficial ownership.” Comments received in response to the ANPRM will likely be influential in FinCEN’s development of a more formal and detailed proposed rule on the topic.
FinCEN is initially considering a CDD rule to cover banks, broker dealers, mutual funds, futures commission merchants, and introducing brokers in commodities, and thus the ANPRM is focused on those institutions. The scope of the ANPRM, however, includes all industries subject to FinCEN’s anti-money laundering (AML) program requirements. FinCEN believes that a CDD rule may be appropriate for all financial institutions under its purview and will consider extending a CDD rule to other types of institutions in the future. Thus, FinCEN is specifically requesting comments from all other financial institutions covered by FinCEN regulations as well, including providers of prepaid access and other types of money services businesses (MSBs), insurance companies, casinos, non-bank mortgage lenders and originators, and dealers in precious metals, stones and jewels.
FinCEN has announced a new outreach effort targeted at depository institutions under $5 billion in total assets to determine how these institutions comply with the Bank Secrecy Act and the specific compliance hurdles they confront. If your institution has assets under $5 billion, please see our client alert about FinCEN’s outreach proposal.
As part of its ongoing outreach efforts, FinCEN is now seeking to engage smaller to moderate size depository institutions who are working to implement the four pillars of the Bank Secrecy Act regulatory regime: (1) policies, procedures and internal controls; (2) designation of a compliance officer; (3) ongoing training; and (4) independent testing.