What You

May Not Know

About the Beneficial
Ownership Rule
BY CHRIS SIMPKINS, CAMS, CFE

A
S THE REQUIRED IMPLEMENTATION DATE of May 11, 2018 for
the Financial Crimes Enforcement Network’s (FinCEN’s) Customer Due
Diligence (CDD)/Beneficial Ownership rule creeps ever closer, the process and
procedural challenges that financial institutions may face are crystallizing. As is often
the case, a rule that initially seemed rather straightforward has yielded multiple devils in the details.
This article addresses some of those challenges and posits some possible solutions.
To recap briefly the basic tenets of the rule as expressed in FIN- tify its ultimate beneficial owner or owners and not ‘nominees’ or
2016-G003 (FinCEN’s first set of frequently asked questions (FAQs) ‘straw men’…The CDD Rule requires covered financial institutions
on the topic): “The CDD Rule outlines explicit customer due to establish and maintain written procedures that are reasonably
diligence requirements and imposes a new requirement for these designed to identify and verify the beneficial owners of legal en-
financial institutions to identify and verify the identity of beneficial tity customers. These procedures must enable the institution to
owners of legal entity customers, subject to certain exclusions and identify the beneficial owners of each customer at the time a new
exemptions…FinCEN intends that the legal entity customer iden- account is opened, unless the customer is otherwise excluded or the

4  |  ABA BANK COMPLIANCE  |  MAY–JUNE 2018 SHUTTERSTOCK/ JORGEN MCLEMAN
 account is exempted.” (www.ffiec.
gov/bsa_aml_infobase/documents/
FAQs_for_CDD_Final_Rule_(7_15_16).
pdf) Sounds easy, right? However, one of the
issues that has proven to be the most vexing within the
industry is, ironically, the definition of “new account” in the context above.
The “New Account” Conundrum
The CDD rule adopts the same basic definition of “account” as previously
expressed within the Customer Identification Program (CIP) rule issued in
2003. The FAQs to that rule, published in January 2004, noted the following:
“For purposes of the CIP rule, each time a loan is renewed or a certificate of
deposit is rolled over, the bank establishes another formal banking relation-
ship and a new account is established.” (www.fincen.gov/sites/default/files/
guidance/finalciprule.pdf )
The second set of FAQs relevant to the CDD rule published by FinCEN
on April 3, 2018, confirms that the same stance applies to beneficial own-
ership. The response to Question 12 of those FAQs begins by quoting the
same verbiage from January 2004 and then specifies a financial institution’s
obligation: “For financial services or products established before May 11,
2018, covered financial institutions must obtain certified beneficial owner-
ship information of the legal entity customers of such products and services
at the time of the first renewal following that date.” (www.fincen.gov/sites/
default/files/2018-04/FinCEN_Guidance_CDD_FAQ_FINAL_508_2.pdf)
Thus, for example, a certificate of deposit owned by a legal entity will become
a “new account” upon its first rollover after May 11, 2018.
Commercial loan renewals typically require involvement on the part of
financial institution associates, affording an opportunity for the collection of
beneficial ownership information on a possibly long-standing commercial
relationship. However, certificate of deposit renewals are often automatic, and
MAY–JUNE 2018  |  ABA BANK COMPLIANCE  |  5
WHAT YOU MAY NOT KNOW ABOUT THE BENEFICIAL OWNERSHIP RULE
as a result, they do not allow for the collection of information. Thus,
financial institutions are grappling with how to monitor renewals
of certificates of deposit owned by legal entities to ensure beneficial
ownership information is properly collected at the appropriate time.
With a new account, beneficial ownership information is to be col-
lected prior to account opening; thus, financial institutions will need
to develop procedures to highlight upcoming (maybe within the
next thirty days?) relevant certificate of deposit renewals to begin
the information collection process. The question then arises, what
if the financial institution is unable to collect it? Presumably, in
compliance with the requirements of the rule, the renewal would
not occur; and the certificate of deposit would be redeemed to
the owners.
FinCEN did provide some light at the end of the tunnel on this
topic, however, regarding future renewals and rollovers. Again
Thus, essentially, the beneficial owners
must be known each time a new account
is opened; if they were previously
known and confirmed to remain as such
with the opening of subsequent accounts,
the rule’s requirements would
presumably be satisfied.
quoting from the second set of FAQs relevant to the CDD rule, “In
the case of a loan renewal or CD rollover, because we understand
that these products are not generally treated as new accounts by
the industry and the risk of money laundering is very low, if at
the time the customer certifies its beneficial ownership infor-
mation, it also agrees to notify the financial institution of any
change in such information, such agreement can be considered
the certification or confirmation from the customer and should
be documented and maintained as such, so long as the loan or CD
is outstanding.” That is certainly helpful, but financial institutions
will need to consider how best to document that agreement from
the customer onto the beneficial ownership certification form
(possibly by adding a statement to that effect that is unique for
CD and loan products).
Collection of Information
Do we really have to collect beneficial ownership information
every time a new account is opened? When the final rule was
first released, initial readings and commentaries did interpret
the rule as requiring the collection of beneficial ownership in-
formation with every new account. However, the rule appears
to be more nuanced than that; referencing the same quote from
above from the rule’s FAQs, a financial institution’s “procedures
6  |  ABA BANK COMPLIANCE  |  MAY–JUNE 2018
must enable the institution to identify the beneficial owners of
each customer at the time a new account is opened.” Thus, es-
sentially, the beneficial owners must be known each time a new
account is opened; if they were previously known and confirmed
to remain as such with the opening of subsequent accounts, the
rule’s requirements would presumably be satisfied. Thus, some
financial institutions are opting for the inclusion on the beneficial
ownership certification form, a re-certification statement along
the lines of, “I certify that the beneficial ownership information
previously provided remains valid as of this date.”
The second set of FAQs relevant to the CDD rule confirms
FinCEN’s acceptance of this strategy. Quoting from the response
to question 10 within those FAQs, “However, an institution that
has already obtained a Certification Form (or its equivalent) for
the beneficial owner(s) of the legal entity customer may rely on
that information to fulfill the beneficial ownership requirement
for subsequent accounts, provided the customer certifies or con-
firms (verbally or in writing) that such information is up-to-date
and accurate at the time each subsequent account is opened and
the financial institution has no knowledge of facts that would
reasonably call into question the reliability of such information.”
However, this article began by noting that there were multiple
devils in the details; and this possible solution represents one of
those. If a financial institution chooses to opt for a re-certification
statement, the previously provided beneficial ownership informa-
tion must presumably be accessible to the new account associ-
ate and in a manner to be provided to or at least viewed by the
customer opening the new account. Consider this scenario: a
commercial builder that operates as an LLC is negotiating multiple
development deals, two of which are finalized in the same week.
The builder’s beneficial ownership information is provided at
the time of application of the first deal, and that application then
winds its way through the underwriting and approval process.
When the same builder finalizes the second deal of the week a
few days later, and again approaches the financial institution for
financing, the builder’s representative states that the beneficial
ownership information is the same as it was at the time of the
first application.
However, that first application has yet to be approved. Thus, the
beneficial ownership information is on the certification form ac-
companying that first loan’s application. However, that information
has yet to be entered into the financial institution’s core system.
If the second application is being discussed with a different loan
officer, or if a different representative of the builder is negotiating
the second request for credit, then the usage of the re-certification
statement would require the retrieval of the beneficial ownership
certification form from the first application to know what was
truly being re-certified.
Similar scenarios could be imagined with a start-up business
attempting to open multiple deposit accounts in its first week.
Thus, while the usage of a re-certification statement to confirm
previously provided information, would satisfy the requirements
of the rule, a financial institution must consider the effects on
its workflow and processes. In some situations, it may just be
simpler to collect beneficial ownership information with each
account opening.
Intermediary Legal Entities
On the bright, sunny morning of May 12, 2018, Snidely Whiplash—the
representative of Testament LLC—enters your financial institution desiring
to open an account in the name of his company. When asked about benefi-
cial ownership, he explains that Testament LLC is 100% owned by Snidely
Enterprises LLC, which is itself owned 50% by Whiplash Enterprises LLC,
and 50% by Luthercorp. No surprise, Whiplash Enterprises is partially owned
by him, but 50% is owned by Nathaniel Warchester. Similarly, Luthercorp is
50% owned by Lena Luthor and 50% owned by Lex Luthor. Thus, each of the
four individuals own 25%, through a variety of legal entities, of Testament
LLC. Those four names will be entered as beneficial owners…but what about
the intermediary legal entity names? Do those need to be recorded? If so,
where? Many core software vendors that have released updates for recording
beneficial ownership information have only allowed five slots—four for the
beneficial owners and one for the controlling/managing authority.
To be fair, that is in accordance with the first set of FAQs, which state that,
“…a legal entity will have a total of between one and five beneficial owners
(i.e., one person under the control prong and zero to four persons under
the ownership prong).”
However, it is hard to imagine that the desire would not exist from the perspec-
tives of regulators and law enforcement for a financial institution to somehow
record the involvement of (from the example above) Snidely Enterprises LLC,
Whiplash Enterprises LLC, and Luthorcorp. (What if those entities—but not
their owners—were later part of a 314(a) request or possibly added to the
OFAC list?) A revised beneficial ownership certification form could collect this
information, possibly with a question for each beneficial owner as to whether
their ownership is “via any legal entity(ies)” and then requiring the entity(ies)
to be named. Then, a financial institution would have to decide where to record
that entity information. If the core system did not have available fields, could
the information be recorded within the financial institution’s AML system in
such a way as to allow OFAC and 314(a) checks of the names? Again, there
appears to be no stated requirement to record the intermediary legal entity
names, but time will tell whether it becomes a best practice expectation. Now,
speaking of those core software limitations…
conclude” that there are more efficient and effective ways to do so.
However, a financial institution is still allowed to collect information at
a lower threshold, based on its own risk assessment of the customer; and
there are certainly times where it may be prudent to do so. (For example, if
an existing high-risk individual customer is found to be a 10% owner of a
new legal entity opening an account with your institution, your assessment
of that entity’s risk will be impacted accordingly. Would a financial institution
not record that 10% ownership interest in that case just because it fell below
25%?) Thus, for those situations, the process of recording beneficial owner-
ship information at a lower threshold faces some practical difficulties when
confronted with many of those core software limitations referenced above.
If many of those systems only allow five slots for the recording of benefi-
cial ownership information, where would additional owner information be
recorded (other than on an expanded beneficial ownership certification form,
presumably, and possibly within the institution’s AML system)? Financial
institutions may also unwittingly create a best practice expectation for their
institution, if not others, that will be difficult to maintain. If a financial institu-
tion chooses to collect beneficial ownership information to the 10% level on
some high-risk customers, they must then clearly distinguish to which high-
risk customers the lower threshold would be applied (and why), and choose
how soon that information must be collected after the high-risk designation
(presuming it did not occur at account opening). What if the customer fails
to comply or fails to comply in a timely manner? Will the financial institu-
tion close the account because the customer is non-cooperative, even though
the actual regulatory requirements for the collection of beneficial ownership
information have been met?
The result could be a continual inconsistency within a financial institution’s
high-risk customer population that may never be fully resolved. Without
the force of a regulatory requirement to prompt customer participation,
the difficulties of enforcement may very well outweigh the possible benefits.

High Risk Customers

If CDD requires knowledge of beneficial ownership to the 25% level, would
not enhanced due diligence (EDD) require knowledge to a lower level? This
argument has been made at several conferences and seminars by both indi-
vidual bankers and regulators. Essentially, if knowledge of beneficial ownership
to the 25% level is expected of any new legal entity customer (or any legal
entity customer opening a new account), would not a greater expectation for
high-risk customers on whom EDD is continually performed exist? If such
an expectation exists, it has not been required by any regulatory authority.
In fact, FinCEN addresses this topic directly in the second set of FAQs
relevant to the CDD rule with question two, the response to which states that,
“A financial institution may reasonably conclude that collecting beneficial
ownership information at a lower equity interest than 25% would not help
mitigate the specific risk posed by the customer or provide information
useful to the financial institution in analyzing the risk. Rather, any addi-
tional heightened risk could be mitigated by other reasonable means, such
as enhanced monitoring or collecting other information, including expected
account activity, in connection with the particular legal entity customer.” In
other words, is lowering the threshold for beneficial ownership collection
to 10% or 20% really the best way to mitigate the additional risk posed by a
customer? FinCEN is stating that a financial institution could “reasonably

MAY–JUNE 2018  |  ABA BANK COMPLIANCE  |  7

WHAT YOU MAY NOT KNOW ABOUT THE BENEFICIAL OWNERSHIP RULE

Requirement for Information
What is the retention requirement for past beneficial ownership
information that is no longer valid or no longer required to be
maintained? Remember Testament LLC? Well, let us assume for
the sake of argument that Snidely Whiplash was not happy with
having to provide beneficial ownership information. Thus, after
the initial opening of the account, Mr. Whiplash returns with
updated ownership documents revealing that another entity—
Grimm Enterprises LLC, owned by Benjamin J. Grimm—now
owns 10% of Testament LLC, thus diluting every other beneficial
owner’s ownership percentage to below 25%.
At that point, should a financial institution just delete in its
systems, the beneficial ownership information previously recorded
but for the one controlling authority? Presumably, yes, as no one
individual would own 25% or more of the legal entity any lon-
ger. However, the original beneficial ownership certification form
would still exist and should be maintained in accordance with
record retention requirements for account opening documents.
The second set of FAQs relevant to the CDD rule addresses this
very point; specifically, in the response to question nine, FinCEN
states that, “Covered financial institutions are required to retain
all beneficial ownership information collected about a legal entity
customer. Identifying information, including the Certification
Form or its equivalent, must be maintained for a period of five
years after the legal entity’s account is closed.” Additionally, actions
such as these would seem suspicious and ideally should prompt a
review of the relationship, possibly leading to a SAR filing.
The example above is exaggerated, but there will be many non-
controversial occurrences where one owner simply sells his inter-
est in a legal entity to another individual. Such occurrences will

Key Information to Remember

About FinCEN’s Beneficial Ownership Rule on Enhanced Customer Due Diligence
By David McCrea, CRCM, and Kathleen W. Yeh, CRCM

Four Elements of the CDD Program:
Under the rule, the Customer Due Diligence
(CDD) program for many businesses and other
legal entities will now consist of the following
four elements:
■■  Identifying and verifying the identity of
customers;
■■  Identifying & verifying the identity of
beneficial owners with 25% or more equity
interest of your legal entity customers;
■■  Understanding of the nature and purpose
of customer relationships (to develop a
customer risk profile); and
■■  Ongoing monitoring and reporting of
suspicious transactions and, on a risk-basis,
maintaining and updating of customer
information.
The Beneficial Ownership rule applies
primarily to privately held business entities that
are opening new accounts. Depending on your
institution’s customer base, the privately held
“limitation” could affect your financial institu-
tion greatly. Of course, as we know, whether it
directly affects current customer relationships
or not, your program will need to be revised
to address the new requirements. The “who”
aspects of enhanced CDD and beneficial owner-
ship are explored below.
Who is a Beneficial Owner?
Beneficial owners are broken into two catego-
ries: individuals who own more than 25% of an
entity (the “ownership” prong) and individuals
who control an entity (the “control” prong). A
point of clarification: the individual(s) owning an
entity and the individual(s) controlling an entity
may or may not be the same. Let’s define those
two prongs:
■■  Ownership may be direct or indirect. The
rule does not explicitly define indirect
ownership, but the intention is that the
legal entity customer should identify the
ultimate beneficial owner(s), not nominees
or “straw owners.” However, the rule
does provide some guidance on indirect
ownership, describing an owner as someone
who, “through any contract, arrangements,
understanding, relationship or otherwise,
owns 25 percent or more of the equity
interests of a legal entity customer.”
■■  Control of an entity is defined as “significant
responsibility to control, manage, or direct a
legal entity.” This includes, but is not limited
to, executive officers or senior managers.
Who is a Legal Entity Customer?
■■  A corporation, limited liability company, or
other entity that is created by the filing of a
public document with a secretary of state or
similar office;
■■  A general partnership;
■■  A limited partnership or business trust
created by a filing with a state office; or
■■  An entity similar to the above, but formed
under the laws of a foreign jurisdiction.
A legal entity customer does not include (for the
purposes of this rule):
■■  Sole proprietorships and unincorporated
associations—even if those businesses filed
with the Secretary of State;
■■  Financial institutions or banks regulated by a
federal or state banking regulator;
■■  Departments or agencies of the United
States, of any state, or of any political
subdivision of any state;
■■  Entities established under the laws of
the United States, of any state, or of any
political subdivision of any state, or under an
interstate compact between two or more
states, that exercise governmental authority

8  |  ABA BANK COMPLIANCE  |  MAY–JUNE 2018

really be no different than the changing of trustees on a trust or
the changing of authorized signers on a business. The original
information will still be available on imaged documents, but no
requirement to record such legacy information within a core system
will exist. Instances like these will need to be understood by the
institution and explainable in an examination or investigation.
314(a) Expectations
How do 314(a) expectations apply to beneficial ownership? Quot-
ing again from the FAQs on the rule: “FinCEN does not expect
the information obtained under the CDD Rule to add additional
314(a) requirements for financial institutions. The regulation
implementing section 314(a) does not require the reporting of
beneficial ownership information associated with an account or
transaction matching a named subject in a 314(a) request. Cov-
Complicating this matter further
is a slight inconsistency in verbiage
between the FAQs and the actual
regulation in the Federal Register.
ered financial institutions are required to search their records for
accounts or transactions matching a named subject and report
whether a match exists using the identifying information provided
in the request.”
Complicating this matter further is a slight inconsistency in
verbiage between the FAQs and the actual regulation in the Federal
Register. Quoting from the relevant portion of the Federal Register:

on behalf of the United States or any such
state or political subdivision;
■■  Entities whose common stock or analogous
equity interests are listed on the New
York Stock Exchange, the American Stock
Exchange, or the NASDAQ Stock Exchange;
■■  Subsidiaries of any entity that is organized
under the laws of the United States or of
any state and at least 51 percent of whose
common stock or analogous equity interest is
owned by the listed entity;
■■  Issuers of securities registered under Section
12 of the Securities Exchange Act of 1934;
■■  Investment companies, investment advisors,
and any other entities registered with the
Securities and Exchange Commission;
■■  Exchange or clearing agencies;
■■  Registered entities, commodity pool operators,
commodity trading advisors, retail foreign
exchange dealers, swap dealers, or major
swap participants that are registered with the
Commodity Futures Trading Commission;
■■  Public accounting firms;
■■  Pooled investment vehicles that are operated
or advised by a financial institution;
■■  State-regulated insurance companies;
■■  Financial market utilities designated by the
Dodd-Frank Act;
■■  Foreign financial institutions established in
jurisdictions where the regulator of such
institutions maintains beneficial ownership
information;
■■  Non-U.S. governmental departments,
agencies, or political subdivisions that engage
only in governmental activities; and
■■  Private banking customers (because they are
already subject to FinCEN’s private banking
account rule).
Additional Key Take-Aways of the Rule:
■■  The new rule applies only to some
businesses and other legal entities, not
personal accounts.
■■  Beneficial owners are those individual(s) who
own more than 25% of the entity or who
control the entity.
■■  Banks are responsible for collecting identity
information of beneficial owners but are not
responsible for verifying the actual ownership
or control.
■■  Individual(s) authorized to open the account
need to provide the information on the
beneficial owners of the legal entity and
certify the accuracy of the information
provided.
■■  Customer Identification Program (CIP)
information for beneficial owners must
be collected with every new account, and
confirmed with each subsequent account,
not just when the customer is new to the
financial institution.
■■  Financial institutions must have the capability
to perform initial, periodic, and ad hoc OFAC
screening of beneficial owners.
A BO U T THE AU THO RS
DAVID MCCREA, CRCM, a Director with Treliant,
is an experienced executive with a background
in compliance, Bank Secrecy Act/Anti-Money
Laundering (BSA/AML), operations, vendor manage-
ment, security, and fraud/loss control at banks,
thrifts, and a core banking software company.
He currently serves as a Faculty Member of the
American Bankers Association’s (ABA) Compliance
School, is an instructor for an Executive
Development Program provided to several state
banking associations, and is a frequent speaker for
state banking associations. He can be reached at
dmccrea@treliant.com.
KATHLEEN W. YEH, CRCM, an independent
consultant, is a compliance professional with
a background in Bank Secrecy Act/Anti-Money
Laundering (BSA/AML), deposit/retail banking,
lending, risk management, and compliance man-
agement systems. She has experience in leading
BSA/AML/deposit/lending compliance programs
and has served as the compliance subject matter
expert for new product rollouts, system implemen-
tations, and system upgrades. She has successfully
led banks and thrifts through regulatory changes,
designed and facilitated regulatory compliance
training, developed and evaluated internal controls,
and managed examination processes. She can be
reached at katsw@hotmail.com.

MAY–JUNE 2018  |  ABA BANK COMPLIANCE  |  9

WHAT YOU MAY NOT KNOW ABOUT THE BENEFICIAL OWNERSHIP RULE
“The rule implementing Section 314(a)…does not authorize the
reporting of Beneficial Ownership information associated with
an account or transaction matching a named subject.” (www.
federalregister.gov/documents/2016/05/11/2016-10567/customer-
due-diligence-requirements-for-financial-institutions.) Notice the
distinction in verbal phrases—“does not require” versus “does not
authorize”—when describing the reporting of beneficial ownership
information associated with an account or transaction matching
a named 314(a) subject.
In either case, the rule appears to state that there is no require-
ment to report the beneficial owners of a matching legal entity
when responding to a 314(a) request. However, the verbiage from
the Federal Register appears to suggest that, not only is there no
requirement to do so, but also there is no authorization to do so.
In effect, a financial institution might find itself at risk by doing
so. (This would not, of course, preclude the reporting of such
information on a SAR that might result from an investigation
prompted by the appearance of the entity on a 314(a) list.)
The second set of FAQs relevant to the
CDD rule (published April 4, 2018) were
certainly beneficial in clarifying some
of the issues discussed above…but
implementation challenges remain.
However, for most financial institutions, that is not the most
relevant question related to 314(a) requests. Rather, most wonder
what to do if a beneficial owner—but not the entity that he/she
owns—is a match to a 314(a) request. Adopting the premise of
the statements from the rule and FAQ referenced above, the as-
sumption would be that beneficial ownership alone is not enough
to justify the reporting of a positive match. Consider the instruc-
tions for 314(a) searches: “The financial institutions must query
their records for data matches, including accounts maintained by
the named subject during the preceding 12 months and transac-
tions conducted within the last six months. Financial institutions
have two weeks from the posting date of the request to respond
with any positive matches. If the search does not uncover any
matching of accounts or transactions, the financial institution
is instructed not to reply to the 314(a) request.” (www.fincen.
gov/sites/default/files/shared/314afactsheet.pdf .) The specific
reference to “accounts maintained by…” suggests that a matched
party must be an owner or signer on an account, which a beneficial
owner may not be.
Thus, if no reporting requirements are added, then what’s the
challenge? As most financial institutions utilize a querying system
that matches all customer records to the 314(a) list once received,
financial institutions must now be cognizant of the fact that there
may be some positive matches that should not be reported. Pro-
cedurally, the identification of such matches could be achieved in
two ways. First, each positive match could be closely scrutinized
and investigated before reporting, allowing the discovery that the
10  |  ABA BANK COMPLIANCE  |  MAY–JUNE 2018
matching individual’s only connection to the financial institution
is as a beneficial owner (most institutions likely do this already).
Second, the ownership code used to identify beneficial owners
within a financial institution’s core system could be added as a
data point on the 314(a) query’s output.
Finally, despite what the letter of the rules and FAQ state, it does
seem somewhat counter-intuitive that law enforcement would not
want to know that an individual on the 314(a) list owns a legal entity
that banks with your financial institution. It is hoped that the up-
coming guidance referenced above will provide clarity on this issue.
Monitoring
When identifying your trigger events for updating beneficial own-
ership information, consider how monitoring will occur. Surveys
and questionnaires circulating throughout the industry over the
last two years have revealed some fairly common trigger events
that most financial institutions plan on adopting, including:
■■  The opening of a new account;
■■  Re-classification of a customer to a higher level of risk; and
■■  Change in address if a major change (generally into another
state or country).
The monitoring of such events will largely rely on associate
notification and/or action, whether that associate is on the front
line or in the BSA department. Thus, training and testing of the
CDD rule’s requirements and the related implementation strate-
gies, are essential.
However, one common trigger event was not mentioned
above—knowledge of a change in ownership. If identifying as a
trigger event, financial institutions need to word this one carefully.
Simply designating “a change in ownership” as a trigger event would
seemingly obligate a financial institution to know of every change
in ownership of a legal entity, on its books. Describing the trigger
event as “knowledge of a change in ownership” is preferable, as
the knowledge must exist before the requirement to update the
information is triggered. Of course we need to remember that if
one person at the institution “knows,” then the institution knows
and that the concept of “should have known” is lurking behind
the “knowledge” label as well.
Cognizant of the fact that many changes in legal entity owner-
ship occur without any notification to the entity’s financial institu-
tion and without any public reporting, some financial institutions
have chosen to not focus on trigger events. Instead they simply
update beneficial ownership information for all relevant legal
entity customers on a periodic basis, typically annually. Not only is
this a daunting task, but financial institutions choosing to pursue
this path should consider the risks of inconsistent results. Let us
assume that Awesome Bank has five legal entity customers with
existing beneficial ownership information, none of which has been
changed in the last year. Awesome Bank sends re-certification
requests to each customer; three of the five customers respond,
noting no changes, but two do not. Repeated attempts to get the
two remaining customers to respond, yield no results. Awesome
Bank then attempts to re-verify the information by other means
but is unsuccessful. Thus, they have no way of knowing if the
beneficial ownership information is still accurate.
Similar to the discussion above about lowering the 25% owner-
ship threshold based on high-risk status, the financial institution is now in the
position of deciding whether failure to respond to a re-certification request is
ample cause to close the relationship, even though the beneficial ownership
information currently on file may be totally accurate. In short, financial institu-
tions need to be wary of setting trigger events that are admirable in intent but
difficult to consistently practice and monitor, particularly if the trigger event sets
an expectation beyond those in the CDD rule itself. (The second set of FAQs
relevant to the CDD rule does make it clear that FinCEN does not expect peri-
odic reviews absent specific risk-based concerns. Quoting from the response to
question 14, “Covered financial institutions do not have an obligation to solicit or
update beneficial ownership information as a matter of course during regular or
periodic reviews, absent specific risk-based concerns…periodic reviews are not
by themselves a trigger to obtain or update beneficial ownership information.”)
Permissible Purpose
How does the concept of “permissible purpose” apply to beneficial owner-
ship? As stated in the FAQs, “…the procedures must establish risk-based
practices for verifying the identity of each beneficial owner identified to the
covered financial institution, to the extent reasonable and practicable. The
procedures must contain the elements required for verifying the identity
of customers that are individuals under applicable customer identification
program (“CIP”) requirements.” Thus, does this mean that a financial in-
stitution can just use the same methods it currently uses to verify customer
identities with beneficial owners as well? Maybe, maybe not.
Some financial institutions rely on services that perform a check at ac-
count opening of customers’ identity and bank history using credit report
data. The usage of credit report data places such actions under the purview
of the Fair Credit Reporting Act (FCRA), which requires a “permissible
purpose” before such checks can be performed. The definition of “permis-
sible purpose” includes using the information “in connection with a credit
transaction involving the consumer on whom the information is to be fur-
nished and involving the extension of credit to, or review or collection of an
account of, the consumer”; “in connection with a business transaction that is
initiated by the consumer”; and “to review an account to determine whether
the consumer continues to meet the terms of the account.”
Thus, in the context of the FCRA, is a beneficial owner who is not also
an authorized signer, a “consumer”? Since such a beneficial owner would
not actually have control over the account relationship in question, it could
certainly be argued that he/she is not. Thus, in cases such as these, there may
be no “permissible purpose” to verify a beneficial owner’s identity using such
a service. Again, regulatory clarity on this issue is desirable.
It should be stated that there is no apparent prohibition on using services
that do not use credit report data in an attempt to verify the identity of
RESOURCES
FinCEN’s Beneficial Ownership Rule Resources
In April, FinCEN released FAQs:
www.fincen.gov/sites/default/files/2018-04/FinCEN_Guidance_CDD_FAQ_FINAL_508_2.pdf
Online training specific to the new rule is available:
www.aba.com/Training/Online/Courses/Pages/FC-BSAAML-BOCDD.aspx
ABA Members can access www.aba.com/Compliance/Mem/Pages/comply_bsa_menu.aspx
where you will find a sample letter to alert customers, a sample lobby notice, FAQs, staff analysis and more.
beneficial owners. Similarly, if a financial institution relies on documentary
verification—such as collection and review of one or more forms of primary
identification—for customers, that financial institution could do the same for
beneficial owners. Thus, identity verification methods for beneficial owners
still exist; those methods may just not be the same that are used for customers.
Practically, for financial institutions that rely on services using credit report
data at account opening, steps will need to be taken to ensure that only signers
and the legal entity itself are submitted to the service for identity verification.
If CIF records are created for all parties at once and then submitted with
the push of a button, the financial institution will need to consider how to
exclude the CIF records for the beneficial owners from that submission (and
then how to recognize that alternative identity verification procedures will
still need to be performed for the beneficial owners).
Conclusion
The second set of FAQs relevant to the CDD rule (published April 4, 2018)
were certainly beneficial in clarifying some of the issues discussed above,
but implementation challenges remain. With little remaining time before the
applicability date of the rule, financial institutions are encouraged to be both
forward-thinking and practical in their application of the rule. Advanced
compliance goals that at first may seem achievable are often challenged by
the realities of day-to-day processes and procedures, and financial institutions
should be wary of setting a goal of exceeding compliance expectations that
not only fails but results in unnecessary demands and inconsistent results.
As compliance professionals have learned over the years, establish a plan
that includes evaluation of the pitfalls and uncertainties and then implement
the plan. Adjust to subsequent guidance and interpretation as they occur.
Waiting until everything is clear is not a very workable option. ■
A BO U T THE AU THO R
CHRIS SIMPKINS, CAMS, CFE, serves as the Bank Secrecy Act (BSA)/Office of
Foreign Asset Control (OFAC) Officer for Arvest Bank, having been in that role for
approximately 14 years. Chris joined Arvest with its acquisition of Superior Bank
(formerly Superior Federal Bank) in 2003, where Chris was serving as Superior’s
Audit Manager and had been a part (and at times, the entirety) of its Internal Audit
department since 1992. Within both roles, Chris has worked a variety of internal
fraud cases. Chris has achieved the certifications of Certified Public Accountant
(CPA–non-practicing), Certified Fraud Examiner (CFE), and Certified Anti-Money
Laundering Specialist (CAMS). Additionally, for the last four years, Chris has served
on the advisory board for the annual American Bankers Association/American Bar
Association Money Laundering Enforcement Conference—planning, moderating,
or speaking during a variety of sessions devoted to anti-money laundering issues.
He can be reached at csimpkins@arvest.com.