By Levi J. Smith & Olivia Cares, Summer Associate
The May 11, 2018, implementation deadline for the Financial Crimes Enforcement Network’s (FinCEN) Beneficial Ownership Rule (the New Rule) has now passed, and there are fundamental changes in the daily customer due diligence (CDD) obligations of banks and other financial institutions.
The New Rule adds a fifth pillar to the existing Bank Secrecy Act/Anti-Money Laundering (BSA/AML) structure. The well-established “four pillars” of the BSA/AML structure require: (1) internal control policies, (2) the presence of at least one designated compliance officer, (3) independent compliance testing, and (4) employee training. Pursuant to the New Rule, banks and other covered institutions must now create and maintain written procedures designed to identify and verify the underlying beneficial owners of their legal entity customers.
Legal entity customers include privately held corporations, general partnerships, and limited liability companies. (Publicly held companies and entities already providing beneficial ownership information to state or federal agencies are excluded from the New Rule.) Banks, mutual funds, securities brokers, and futures commission merchants are defined as “covered institutions” under the New Rule. Covered institutions are now required to obtain identifying information with respect to their legal entity customers including names, addresses, dates of birth, and social security numbers from the natural persons identified as the entities’ beneficial owners under either of two tests:
(1) The “ownership test” – defines a beneficial owner as any individual who directly or indirectly owns a 25 percent or greater equity interest in a legal entity customer. By including indirect ownership structures, the New Rule seeks to address the risk of bad actors shielding their identity through a subsidiary structure and places the responsibility on covered institutions to obtain and verify the identifying information from beneficial owners.
(2) The “control test” – requires covered institutions to obtain identifying information from at least one natural person with significant responsibility to control or manage the legal entity customer.
The New Rule supplements existing BSA/AML obligations. Covered institutions are still required to implement appropriate risk-based procedures under the other four pillars of the CDD structure. As set forth in a FAQ published by FinCEN, an example where a risk-based assessment may require the covered institution to perform additional due diligence pursuant to the New Rule is when “a financial institution may reasonably conclude that collecting beneficial ownership information at a lower equity interest than 25 percent would not help mitigate the specific risk posed by the customer.” If this is the case, the heightened risk may be mitigated by “other reasonable means, such as enhanced monitoring or collecting other information.”
The New Rule requires more disclosure than legal entity owners have come to expect, and banks and other covered institutions should anticipate change in the coming months to customer service requirements and in day-to-day branch operations. For example, the New Rule requires beneficial ownership information be disclosed and certified at each account opening. FinCEN’s interpretation of “account opening” includes each time a loan is renewed or a certificate of deposit is rolled over. Since loan renewals are frequently automatic, covered institutions have a new obligation to detect and anticipate renewals, notify customers, and gather information before the renewal. Legal entity customers also have an ongoing obligation to update beneficial ownership information when changes to that information occur, such as when a partner sells her interest or simply moves to a new address.
While the transition period during implementation may be tedious, covered institutions must also recognize that violations of the New Rule may expose them to various levels of penalties. Where a covered institution’s beneficial ownership pillar is deficient or nonexistent, the institution may be subject to a cease-and-desist order or informal enforcement action.
Because of FinCEN’s new Beneficial Ownership Rule, banks are now charged with an extensive duty to acquire, verify, and maintain their legal entity customers’ beneficial ownership information and to develop and maintain related policies and procedures.