Connect ► twitter| youtube|  Log In ► Members Only  |  Corporate One Safekeeping  |  Search

Important updates to FinCEN’s Final Rule on Customer Due Diligence

By: Jennifer Morrison, VP, Senior Risk Manager

The Financial Crimes Enforcement Network’s (FinCEN’s) final rule on Customer Due Diligence (CDD) went into effect on May 11. Meant to clarify and strengthen existing Member Due Diligence (MDD) requirements, the new rule requires financial institutions to identify and verify the identity of beneficial owners of legal entity customers, subject to certain exemptions. Since the new rule was implemented, there have been a couple of critical updates.

Examination manual updates for Beneficial Ownership

On May 11, the Federal Financial Institutions Examination Council (FFIEC) released updates to the BSA/AML Examination Manual, coinciding with the Applicability Date of the Final Rule. It is imperative that all BSA/AML and Compliance professionals obtain the FFIEC updates as they form the basis for your federal and state examinations.

Two sections were released: Beneficial Ownership Requirements for Legal Entity Customers section and an updated CDD section. Both sections include updates to the prescribed Examination Procedures. The Beneficial Ownership section also conveniently provides an Appendix 1 with a list of “Exclusions from the definition of a Legal Entity Customer” (member).

Allow me to offer three reminders. First, FinCEN has elevated CDD or in our case, Member Due Diligence (MDD), to the level of a fifth pillar of an effective BSA/AML program. This means that deficiencies in a credit union’s MDD program, just as is the case with any of the four remaining pillars, can lead to regulatory penalties as dire as a Cease and Desist, as well as monetary penalties. FinCEN has every financial institution’s attention.

Second, the FFIEC examination manual updates make clear there is no expectation for a retroactive review of existing Legal Entity Customers (members) with respect to the ownership and control prongs. However, it is also clear there is an expectation that the customer/member due diligence program must be risk-based and commensurate with the risk profile of the credit union and commensurate with the Member Risk Profile. The member risk assessment must be part of your ongoing monitoring of your member relationship.

The CDD manual update provides a list of considerations for “understand[ing] the nature and purpose of the customer [member] relationship,” and it is recommended that you incorporate this list in your procedures for your member risk profile assessment (if you have not already), regardless of whether your member is a Legal Entity.

Finally, your BSA/AML program must be risk-based, both at the entity level and at an individual member level. There is a clear mandate that you have not only assessed your credit union’s BSA/AML risk exposures, but that you have also assessed each new member creating individual risk profiles. Further, the required ongoing monitoring of all members is not just for the identification of possible suspicious and illegal activities. Your ongoing monitoring must feed information back to an ongoing risk assessment of each of your members, elevating the risk profile of members to “higher risk,” triggering additional member due diligence, including obtaining beneficial ownership information on your “higher risk” legacy members.

The CDD update goes on to prescribe “factors that may be relevant in determining when it is appropriate to review a customer [member] relationship,” and again, it is important to note that the new CDD section applies to all members, not just Legal Entity members.

FinCEN responds to concerns about automatic account renewals and rollovers

On April 3, FinCEN released a second set of FAQs to address some significant and recurrent questions. One question raised a number of issues for financial institutions:

  • Question 12 answers the question as to whether an account renewal is a “new account.” Unfortunately, the answer is YES, including the rollover of certificates of deposit and loan renewals.

On May 16, and in response to the feedback received from the Q&A, FinCEN released the Ruling: Beneficial Ownership Requirements for Legal Entity Customers of Certain Financial Products and Services with Automatic Rollovers or Renewals (FIN-2018-R002). Following the release of the second set of FAQs, financial institutions expressed to FinCEN that their institutions did not consider automatic renewals and rollovers to be “new accounts,” and they also revealed their concerns that they would not be able to fully comply with the new Rule in the short, remaining period of time (April 3 to May 11, 2018).

Retroactive to May 11, FinCEN provided 90-day, limited exceptive relief from the obligations of the Beneficial Ownership Requirements for Legal Entity Customers with respect to certain financial products and services that automatically rollover or renew (i.e. CD and loan accounts) that were established prior to the Rule’s Applicability Date of May 11. The exception extends through and includes August 9, 2018, after which FinCEN expects compliance.

During the 90-day period, financial institutions are expected to identify and develop procedures to be in compliance with the new Rule for products and services that automatically renew or rollover. In other words, this is just a gift of additional time to be in compliance and in no way a loosening of the application of the Rule to such accounts.