Connect ► twitter| youtube|  Log In ► Members Only  |  Corporate One Safekeeping  |  Search

BSA/AML/OFAC: Beneficial ownership and Wolfsburg due diligence

By Jennifer Morrison, VP, Senior Risk Manager

On December 23, 2015, the Financial Crimes Enforcement Network (FinCEN) released “Notice of Availability of Regulatory Impact Assessment and Initial Regulatory Flexibility Analysis Regarding Customer Due Diligence Requirements for Financial Institutions.”

What does this mean?

The long and the short of it is that what has become known as “beneficial ownership” is probably one step closer to becoming a final regulation.

In July 2014, FinCEN released its latest version of “Customer Due Diligence Requirements for Financial Institutions” in the form of an Advanced Notice of Proposed Rulemaking (ANPR). Following its publication in the Federal Register in August 2014, a comment period opened.

Due to the significant cost estimates FinCEN received in responses during the comment period, FinCEN was required to have a breakeven and cost justification analysis performed by the General Accounting Office (GAO) in advance of enacting changes to “Customer Due Diligence Requirements for Financial Institutions.” In fact, the December 23, 2015, issue of American Banker stated that the cost to financial institutions and their customers for the “beneficial ownership” plan is between $700 million and $1.5 billion over the next ten years, per U.S. Treasury.

Given the global terrorism environment and especially following December’s San Bernardino attack, the regulatory environment is likely ready to push through the long-awaited changes to customer due diligence for financial institutions.

What is beneficial ownership?

New Year’s resolutions for BSA/AML/OFAC

Corporate One continues to include among our strategic initiatives efforts to help our members remain compliant with the BSA/AML/OFAC Examination Guidelines for frontline training as articulated by FFIEC. Stay tuned for our 2016 webinar schedule, as well as additional training opportunities across our products and services.

“Beneficial ownership” is a collective term that has become shorthand for proposed changes to the longer phrase “Customer Due Diligence Requirements for Financial Institutions.” The ANPR, as proposed, outlines significant changes in the lengths to which financial institutions, including credit unions, will be required to go to identify and verify the beneficial owners of Legal Entity Customers.

A beneficial owner is the natural person who ultimately owns or controls an account through which a transaction is being conducted. It also incorporates those persons who exercise ultimate and effective control over a legal person or arrangement.

A Legal Entity Customer, as per the ANPR, is a corporation, limited-liability company, partnership, or other similar business entity that opens a new account (membership) after the implementing date of the regulation. For most credit unions, this covers all business memberships and may also include accounts associated with trusts, nominees, and multiple combinations of humans and entities as well, if any.

The purpose in identifying “beneficial ownership” is to detect, and ultimately prevent, situations where a human is conducting business with a financial institution as a “front,” “straw-man” or “front company,” hiding the fact that the transactions themselves are owned and/or controlled by a person or entity that may not be the sort your credit union might want to be associated with, or worse, a person or entity on a sanctions list (OFAC).

Examples of some of these Legal Entity Customers that you might not want in your membership include adult entertainment companies, drug paraphernalia businesses, and marijuana-related businesses. Conducting business with entities on the government sanctions or OFAC list could result in significant fines to your credit union.

The ANPR, as proposed, allows depository financial institutions, including credit unions, to rely on the beneficial ownership provided by the human who opens the account/membership, and then verify such information.

Beneficial ownership, therefore, has two components: ownership and control.

The ANPR included a proposed form to be completed by the human opening the account or membership, listing legal persons with ownership of 25% or more. Following the completion of the form, the credit union will conduct due diligence on the legal persons listed on the form. However, the credit union accepts that the listed ownership shares are correct as stated. Remember that a “legal person” can be an entity.

The identification of “control” is also something that would be disclosed by the human completing the proposed form. For a legal entity customer, those exercising control are typically employees and/or owners of the legal entity customer that comprise the “C-suite,” such as the chief executive officer, chief financial officer, chief operating officer, chief risk officer, managing partner, owner/partner, etc. The credit union again accepts that the listed “controllers” are correct as stated but then will conduct due diligence on the legal person(s) listed.

It is important to note that the ANPR adds the burden of conducting due diligence on listed persons and entities that may or may not be part of your existing membership. Based on your risk assessment, credit unions will update beneficial ownership on a periodic basis, and based on the same assessment, conduct beneficial ownership updates on existing memberships (ANPR was vague on how to handle existing members).

Important things your credit union should be doing

Monitor for the release of the final rule. With a 30-day comment period following the December 23, 2015, release (from the date it was published in the Federal Register), the final rule may come at any time following the 30 days. It is likely that the credit union leagues, CUNA, and the NCUA will pick up the release of the final rule before it is published to the Federal Register, at which point it becomes final regulation. It is hoped that financial institutions will have at least a full year to implement the final rule.

Review the sources for verification that might be used in conducting due diligence on these additional natural persons and entities. Based on your credit union’s risk assessment, it is likely that the due diligence may include the search of public records, OFAC, and other government lists. Companies like Lexis-Nexis and Thompson Reuters are suppliers of access to public records. Even Web searches can be used to conduct due diligence.

The large, international financial institutions are already using the international standards for beneficial ownership in conducting their customer due diligence. This includes requests of Corporate One, for example, for the birth dates and home addresses of the members of our board of directors and executive management. This additional information allows the financial institution to verify results of public-records searches. But, also consider how you will retain this additional information with a mind toward privacy and confidentiality.

For example, we had one vendor who asked for the Social Security numbers of our directors and members of executive management. I asked how the information would be stored and secured, but the vendor could not supply evidence of a secure location. My response was that I will not provide this information until I can be assured of its security.

The Wolfsberg Group

Speaking of customer/member due diligence, the Wolfsberg Group1 is an association of global financial institutions named for the castle in Switzerland where its first working session was held. The Wolfsberg Group is among the international standards-setters for anti-money laundering. Among the standards released from the Wolfsberg Group are guidelines for international private banks, correspondent banking, and counter-terrorist financing.

In 2002, the Wolfsberg Group first issued guidelines on “Anti-Money Laundering Principles for Correspondent Banking.” It included 14 guidelines that extend to all relationships a financial institution maintains, including those with banks, broker-dealers, mutual funds, money services business, hedge funds, and credit card issuers.

Corporate One is the correspondent financial institution when it conducts financial transactions through settlement accounts maintained for its member credit unions (Respondents). A Respondent is: (1) a financial Institution that settles debit and credit transaction activity for some or all of its Reserve Bank transactions in the master account of a correspondent; or (2) a financial institution that maintains its required reserve balances in the master account of a correspondent.

Many of the multi-national financial institutions, including broker-dealers and credit card processors, use the Wolfsberg Group Anti-Money Laundering Questionnaire in conducting their customer due diligence, at least annually. Corporate One uses the questionnaire in its new member due diligence packet.

Consider incorporating the Wolfsberg questionnaire in your member due diligence, particularly if you serve money services businesses and/or persons or business entities that can act as third-party payment processors for entities and persons who may or may not be members of your credit union.


1 www.wolfsberg-principles.com/wolfsberg_principles.html