For several months now, there have been rumors about a new set of frequently asked questions (FAQs) from FinCEN regarding the new CDD/UBO rules which require compliance by May 11, 2018.
Well, the mysterious FAQs are finally here.
Earlier today, the Financial Crimes Enforcement Network (FinCEN) released a set of updated FAQs regarding the new BSA rules that will be effective on May 11, 2018. These FAQs relate to the new customer due diligence requirements for ultimate beneficial owners on accounts for legal entity customers.
Overview of CDD/UBO FAQs
The FAQs released today are the second set of FAQs addressing the new CDD/UBO rules. The first set of FAQs was issued on July 19, 2016 and provided general clarification of the new rules. Basically, the original FAQs provided twenty-six questions and answers that were really nothing more than a consolidation of the main parts of the final rule, meaning that they didn’t address anything that wasn’t already addressed in the final rule. While these FAQs have been beneficial for training and communication purposes, they failed to address some key questions that were not specifically addressed in the final rule.
Today’s FAQs include thirty-seven new questions and answers regarding the new CDD/UBO rules, which require compliance on May 11, 2018. While several of today’s new FAQs do nothing more than reiterate the final rule or really won't apply to community banks or credit unions, the FAQs do provide much needed guidance in a few key areas such as drilling down beneficial ownership information on legal entities with complex structures, nondocumentary verification of beneficial owners, obtaining new Certification Forms for existing customers, product or service renewals, and trusts with multiple trustees.
While this article won't address every new FAQ included in the release by FinCEN, this article will focus on those FAQs that would appear to have the greatest potential impact on how community banks and credit unions can find compliance with the new rules by the May 11, 2018 deadline. Specifically, this article is comprised of three parts:
- An executive summary of what community banks and credit unions should consider regarding the most relevant FAQs.
- A detailed summary of the most Significant FAQs.
- A detailed summary of other important FAQs
Executive Summary: Considerations for Most Relevant FAQs
This executive summary is designed to provide an overview of the most relevant FAQs for community banks and credit unions. Each summary provides a basic overview of the FAQ and its implications for financial institutions. Each summary concludes with a recommendation of what financial institutions should consider in regards to the FAQ.
- Nondocumentary Verification for UBOs. FAQ 4 clarifies that nondocumentary verification is a necessary component for ultimate beneficial ownership verification. While many financial institutions were already planning to utilize nondocumentary verification for UBOs, some financial institutions were not planning for this. Based on FAQ 4, financial institutions should ensure that nondocumentary verification is incorporated into their UBO verification procedures.
- Existing Customer Certification. FAQ 7 explains that a financial institution does not need to re-verify an existing customer who is identified as a beneficial owner as long as they certify or confirm (verbally or in writing) the accuracy of the pre-existing CIP information. Therefore, Financial institutions will need to choose from two possible courses of action. First, they could just ignore this guidance altogether and request the information for every existing customer. Alternatively, they could choose to establish a procedure for certification of the pre-existing CIP information. For institutions that would like to certify or confirm pre-existing CIP information, a simple solution may be to create a “CIP Certification Form” for beneficial owners who are existing customers. Financial institutions will need to retain any such certification for five years after the closing of the new account.
- CD and Loan Renewals. The answer provided in question 12 makes it clear that FinCEN expects a new Certification Form for each CD and loan renewal. Once a Certification Form is initially obtain, FinCEN now provides two options for renewals. First, a financial institution can obtain a certification/confirmation that the beneficial owners of the legal entity customer have not changed. Alternatively, FinCEN has stated that a financial institution would not need to provide any type of certification for a renewal if a customer agrees - at the time it certifies its beneficial ownership information - to notify the financial institution of any changes in beneficial ownership information. While obtaining a Certification Form for a loan renewal should be an easy procedure to implement, obtaining a Certification Form for a certificate of deposit renewal will present a challenge for many financial institutions who traditionally have not had customer contact during the CD renewal process. Financial institutions will need to sort through the logistics of how they are going to either obtain Certification Forms for CD and loan renewals or how they will implement one of the alternative options for verification provided in the FAQ.
- Trusts With Multiple Trustees. Question 19 provides a bit of relief to financial institutions as it states that financial institutions are expected to only collect and verify the identity of one co-trustee of a multi-trustee trust who owns 25 percent or more of the equity interests of a legal entity customer. Some financial institutions will want to reconsider their procedures for verification of trustees if their anticipated procedures were going to require verification of more than one trustee of a multi-trustee trust.
- Legal Entity as a Trustee. FAQ 20 provides guidance where the trustee of a trust that is a beneficial owner is a legal entity (rather than an individual). This FAQ explains that since the trust is the beneficial owner, then a business that owns a trust does not need to provide the ultimate beneficial owners of the business. This FAQ does state, however, that the financial institution should collect identification information on the legal entity trustee as part of its CIP. In addition, the FAQ explains that a natural person who controls the trust should always be identified under the control prong of the CDD rules. Financial institutions may need to revise their existing procedures to ensure compliance with FAQ 20.
- Using the workflow in question 3 for training purposes. While many financial institutions have already created training material to help employees understand which individuals are ultimate beneficial owners, the flow chart example from Question 3 could prove beneficial as a training tool.
- Required Addresses. Question 5 discusses what address should be obtained for financial institutions. Specifically, FAQ 5 states that the address requirements for certification under the CDD Rule are the same as those outlined in the CIP rule. For an individual beneficial owner, covered financial institutions must obtain either a residential or a business street address. If neither is available, acceptable substitutes may include an Army Post Office (APO) or Fleet Post Office (FPO) box number, or the residential or business street address of next of kin or of another contact individual. Financial institutions should consider whether updated procedures are warranted.
- Record Retention. FAQ 9 addresses how a financial institution is to retain documentation of beneficial ownership identification and verification when there are multiple beneficial ownership certification documents due to updated information and additional new accounts. In addition, FAQ 9 provides a clear expectation for retention of “any verbal or written confirmation of pre-existing [CIP] information.” Financial institutions should ensure that they record retention requirements align with FAQ 9.
- Certification for Multiple Accounts by the Same Legal Entity. Question 10 explains FinCEN’s expectations when a single legal entity opens multiple accounts (whether or not simultaneously) at a financial institution. In short, FAQ 10 allows financial institutions to allow the customer to certify or confirm (verbally or in writing) that such information is up-to-date and accurate at the time each subsequent account is opened. Financial institutions must decide if they want to implement a procedure to certify the accuracy of existing Certification Forms, or if they want to just obtain a new Certification form for each new account opened by the legal entity customer.
- Updating BO Information from a Triggering Event. This round of FAQs place a greater emphasis on obtaining updated beneficial ownership information upon a risk-based triggering event. Financial institutions should ensure that updating UBO information is included as a part of their enhanced due diligence and suspicious activity monitoring programs.
- Verifying Exclusion Claims. Question 21 explains FinCEN’s expectation for when a legal entity claims to be excluded under the beneficial ownership rules. This FAQ specifically states that financial institutions are “expected to address and specify, in their risk-based written policies and procedures, the type of information they will obtain and reasonably rely upon to determine eligibility for exclusions.” Financial institutions should ensure they have risk-based written policies and procedures to address and specify the type of information thy will obtain and reasonably rely upon to determine eligibility for exclusions.
Significant FAQs
In addition to the executive summary provided previously in this article, we have included an in depth analysis of each FAQ that appears to provide relevant information that will impact community banks and credit unions. The first group of FAQs appear to have the potential to have a significant impact on certain financial institutions. These FAQs are as follows:
Question 4: Methods of Verifying Beneficial Ownership Information
While this question begins by providing an answer that is substantially similar to FAQ 4 from the 2016 FAQs, this question appears to provide clarification that both documentary and nondocumentary verification is expected. Specifically, the question states the following:
Documentary verification may included unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s licence or passport. Non-documentary methods of verification may include contacting a beneficial owner; independently verifying the beneficial owner’s identity through the comparison of information provided by the legal entity customer (or the beneficial owner, as appropriate) with information obtained from other sources; checking references with other financial institutions; and obtaining a financial statement.
Based on this, it appears that the expectation for non-documentary verification is clear. Therefore, financial institutions that were not initially planning to utilize nondocumentary verification for all beneficial owners (including both loan and deposit accounts) will need to ensure that their policies and procedures include acceptable methods of nondocumentary verification.
Question 7: Existing Customers as Beneficial Owners
Question 7 provides us with guidance on what CIP expectations there are for a beneficial owner who is an existing customer of the financial institution, meaning that the financial institution has already conducted CIP on the individual. In short, FAQ 7 states that CIP is not required for a beneficial owner if they are also an existing customer which the bank has verified through CIP, as long as the financial institution has up-to-date information. In addition, FAQ 7 states that the representative opening the legal entity account must certify verbally or in writing that the beneficial owner’s pre-existing CIP information is still accurate. Specifically, the FAQ states:
However, if the individual identified as the beneficial owner is an existing customer of the financial institution and is subject to the financial institution’s CIP, a financial institution may rely on information in its possession to fulfill the identification and verification requirements, provided the existing information is up-to-date, accurate, and the legal entity customer’s representative certifies or confirms (verbally or in writing) the accuracy of the pre-existing CIP information.
The biggest take away from this guidance is that each financial institution who does not want to obtain entirely new verification information on an existing customer who is identified as a beneficial owner will now need to establish a procedure to have the legal entity representative (who is opening the account) certify to the accuracy of the pre-existing CIP information. Financial institutions will need to decide if they want to ignore this guidance and just request the information for every existing customer, or if they want to establish a procedure for certification. A simple solution for this may be to create a “CIP Certification Form” which can be used for beneficial owners who are existing customers.
It should also be noted that Question 9 (discussed later) makes it clear that any verbal or written confirmation of pre-existing CIP information must be retained until five years after the closing of the new account in order to comply with the recordkeeping requirements of the regulation.
Question 12: Product or Service Renewals
This question probably addresses the biggest concern from the financial industry: is beneficial ownership information required on automatic CD renewals and loan renewals? Unfortunately, most of the industry is not going to like the answer provided in this question.
In short, FinCEN is making it clear that they expect a new certification form for each CD and loan renewal - at least for the first time it renews after May 11, 2018. Once an account has an existing Certification Form on file, then FinCEN states that it would be acceptable to get a certification from the customer that the beneficial owners of the legal entity customer have not changed. Alternatively, FinCEN has stated that a financial institution would not need to provide any type of certification for a renewal if a customer agrees - at the time it certifies its beneficial ownership information - to notify the financial institution of any changes in beneficial ownership information.
While the two alternatives listed in FAQ 12 are nice, most financial institutions will initially find the logistics of implementing these alternatives to be challenging. For example, some renewals will be required to have a new Certification Form (if the account was opened before May 11, 2018) while other accounts will not need one (if the account was opened after May 11, 2018). Due to these logistical challenges in ensuring compliance, some financial institutions will find it easier to just require a Certification Form for each renewal.
For clarification purposes, the full answer to FAQ 12 is as follows:
Yes. Consistent with the definition of “account” in the CIP rules and subsequent interagency guidance,14 14. See “Interagency Interpretive Guidance on Customer Identification Program Requirements under Section 326 of the USA PATRIOT Act, FAQs: Final CIP Rule,” p. 8 (April 28, 2005). each time a loan is renewed or a certificate of deposit is rolled over, the bank establishes another formal banking relationship and a new account is established. Covered financial institutions are required to obtain information on the beneficial owners of a legal entity that opens a new account, meaning (in the case of a bank) for each new formal banking relationship established, even if the legal entity is an existing customer. For financial services or products established before May 11, 2018, covered financial institutions must obtain certified beneficial ownership information of the legal entity customers of such products and services at the time of the first renewal following that date. At the time of each subsequent renewal, to the extent that the legal entity customer and the financial service or product (e.g., loan or CD) remains the same, the customer certifies or confirms that the beneficial ownership information previously obtained is accurate and up-to-date, and the institution has no knowledge of facts that would reasonably call into question the reliability of the information, the financial institution would not be required to collect the beneficial ownership information again. In the case of a loan renewal or CD rollover, because we understand that these products are not generally treated as new accounts by the industry and the risk of money laundering is very low, if at the time the customer certifies its beneficial ownership information, it also agrees to notify the financial institution of any change in such information, such agreement can be considered the certification or confirmation from the customer and should be documented and maintained as such, so long as the loan or CD is outstanding.
Question 19: Trusts With Multiple Trustees
Over the past several months, there has been quite a bit of discussion on how to verify trustees on a beneficial owner that is a trust. FAQ 19 clarifies that the trust is the beneficial owner and states that only one trustee must be verified. The full answer is as follows:
No. If a trust owns directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, the beneficial owner under the ownership/ equity prong is the trustee. Where there are multiple trustees or co-trustees, financial institutions are expected to collect and verify the identity of, at a minimum, one co-trustee of a multi-trustee trust who owns 25 percent or more of the equity interests of a legal entity customer that is not subject to an exclusion. A covered financial institution may choose to identify additional co-trustees as part of its customer due diligence, based on its risk assessment and the customer risk profile and in accordance with the institution’s account opening procedures.
Question 20: Legal Entity as a Trustee
Similar to question 19, FAQ 20 provides guidance where a legal entity is the trustee of a trust that is a beneficial owner. This FAQ explains that since the trust is the beneficial owner, then a business that owns a trust does not need to identify the ultimate beneficial owners of the business. The FAQ does state, however, that CIP on such a business would be required.
If a trust owns directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise, 25 percent or more of the equity interests of a legal entity customer, the beneficial owner for purposes of the ownership/equity prong is the trustee, regardless of whether the trustee is a natural person or a legal entity.19 19. See 31 CFR 1010.230(d)(3). In circumstances where a natural person does not exist for purposes of the ownership/equity prong, a natural person would not be identified. However, a covered institution should collect identification information on the legal entity trustee as part of its CIP, consistent with the covered institution’s risk assessment and the customer risk profile.
This FAQ continues on to clarify that a natural person who controls the trust should always be identified under the control prong of the CDD rules.
Other Important FAQs
In addition to the significant FAQs outlined above, there are several more questions and answers that provide additional clarification which each financial institution should consider. These FAQs include the following:
Question 3: Legal Entity Customers With Complex Ownership Structures
This question relates to when a second legal entity is a partial owner of the legal entity opening the new account. This question essentially answers the question of: How do you determine the beneficial owners when a business is owned by one or more businesses?
While much of the information provided in this FAQ is consistent with current understandings of the rule, this FAQ clarifies how to determine which individuals would be considered beneficial owners when a second legal entity is an owner of a legal entity customer. In addition, this question provides a useful flow chart that breaks down which individuals are considered beneficial owners, based on their ownership of each business. In summary, each individual’s ownership should be divided down to determine how much of the customer they own. For example, let’s assume that our customer is owned by Company A and Company B. If Betty owns 40% of Company A and 33 ⅓ of Company B, then Betty is considered a beneficial owner as she indirectly owns 36 ⅔ percent of our legal entity customer.
Question 5: Required Addresses
Question 5 discusses what address should be obtained for financial institutions. Specifically, FAQ 5 states that the address requirements for certification under the CDD Rule are the same as those outlined in the CIP rule. For an individual beneficial owner, covered financial institutions must obtain either a residential or a business street address. If neither is available, acceptable substitutes may include an Army Post Office (APO) or Fleet Post Office (FPO) box number, or the residential or business street address of next of kin or of another contact individual.
Question 9: Record Retention
This question addresses how a financial institution is to retain documentation of beneficial ownership identification and verification when there are multiple beneficial ownership certification documents due to updated information and additional new accounts. Specifically, FAQ 9 states the following:
Covered financial institutions are required to retain all beneficial ownership information collected about a legal entity customer. Identifying information, including the Certification Form or its equivalent, must be maintained for a period of five years after the legal entity’s account is closed.10 10. See 31 CFR 1010.230(i)(2). However, all verification records must be retained for a period of five years after the record is made.11 11. Id. Therefore, whether a financial institution must retain a set of identification or verification records is dependent upon the date an account is opened and closed, or the date a record is made.
The FAQ goes on to make it clear that they expect retention of “any verbal or written confirmation of pre-existing information,” which was described in question 7. Specifically, the FAQ states:
For example, if a covered financial institution relies on pre-existing beneficial ownership information in its possession as true and accurate identification information when opening a new account for a legal entity customer, the financial institution should maintain the original records, and any updated information, including a record of any verbal or written confirmation of pre-existing information (for example, as described in Questions 7 and 10), until five years after the closing of the new account in order to comply with the recordkeeping requirements in the regulation.
Question 10: Certification For Multiple Accounts by the Same Legal Entity
This question explains FinCEN’s expectations when a single legal entity opens multiple accounts (whether or not simultaneously) at a financial institution. In short, this FAQ allows financial institutions to allow the customer to certify or confirm (verbally or in writing) that such information is up-to-date and accurate at the time each subsequent account is opened. Specifically, the answer states the following:
However, an institution that has already obtained a Certification Form (or its equivalent) for the beneficial owner(s) of the legal entity customer may rely on that information to fulfill the beneficial ownership requirement for subsequent accounts, provided the customer certifies or confirms (verbally or in writing) that such information is up-to-date and accurate at the time each subsequent account is opened and the financial institution has no knowledge of facts that would reasonably call into question the reliability of such information. The institution would also need to maintain a record of such certification or confirmation, including for both verbal and written confirmations by the customer.
Financial institutions must decide if they want to implement a procedure to certify the accuracy of existing Certification Forms, or if they want to just obtain a new Certification form for each new account opened by the legal entity customer.
Question 17: Updating BO Information from a Triggering Event
Several of the FAQs (14, 15, 16, 17) discuss obtaining updated beneficial ownership information upon a triggering event. While this information really isn’t new from the guidance in the final rule, FinCEN clarifies that they expect beneficial ownership information to be updated when a financial institution has a risk-based concern (such as would occur during suspicious activity monitoring).
FAQ clarifies that a triggering event should be treated the same way a financial instutition treats a new account in regards to collecting and/or updating beneficial ownership information. Specifically, the answer to FAQ 17 states the following:
On or after May 11, 2018, when a legal entity customer initially opens a new account or an existing account is updated to incorporate beneficial ownership information for the first time in response to a triggering event, covered financial institutions must identify and verify the identity of beneficial owners as set forth in section 1010.230(b).
In contrast, the breadth of information collected as the result of a triggering event during the normal course of monitoring to identify and report suspicious activity and to maintain and update customer information should be determined by what information has changed. That is, only the information that has changed must be updated (e.g., changing the address of the beneficial owner). To the extent that the triggering event results in a determination that the beneficial ownership of the legal entity may have changed entirely, the identity of any new beneficial owner(s) must be collected, certified, and verified, consistent with section 1010.230(b).
Question 21: Verification Exclusion Claims
FAQ 21 explains FinCEN’s expectation for when a legal entity claims to be excluded under the beneficial ownership rules. In short, the FAQ states that a financial institution may rely on information provided by the legal entity customer to determine whether the legal entity is excluded from the definition of a legal entity customer, provided that it has no knowledge of facts that would reasonably call into question the reliability of such information.
This FAQ continues on and specifically states that financial institutions are “expected to address and specify, in their risk-based written policies and procedures, the type of information they will obtain and reasonably rely upon to determine eligibility for exclusions.”
Conclusion
While today’s FAQs literally come 23 months into a 24 month implementation period, they do provide some much needed clarity in a few key areas. Therefore, financial institutions should take steps to incorporate this guidance into policies and procedures that will be utilized with the May 11, 2018 implementation of the final rule. As most financial institutions will not be able to revise their board approved policy by the May 11, 2018 deadline, it is recommended that applicable procedures be updated and additional training be provided as needed.
The April 3, 2018 FAQs can be found here.
The July 19, 2016 FAQs can be found here.
Thanks for reading this article. If you haven't done so already, make sure you check out our Compliance Clips - free 3-5 minute training videos on all topics of regulatory compliance.