FinCEN Final Rule – Customer Due Diligence Requirements for Financial Institutions

FinCEN Final Rule – Customer Due Diligence Requirements for Financial Institutions

The Financial Crimes Enforcement Network (FinCEN) on May 11, 2016, released its long-awaited Customer Due Diligence Requirements for Financial Institutions final rule. FinCEN views the rule as a means to further strengthen customer due diligence efforts currently required for “Covered Financial Institutions ” and their efforts related to the Bank Secrecy Act. The focus of the proposed rule is twofold. The first element codifies existing and expected current practices related to:

• Identifying and verifying the identity of the customer
• Understanding the nature and purposes of customer relationships
• Conducting ongoing monitoring to maintain and update customer information
• Identify and report suspicious transactions

The second element requires covered financial institutions to identify and verify the natural persons who are the identified as beneficial owner(s) and the natural person who control accounts classified as Legal Entity Customers, subject to certain exemptions.

Additionally, the final rule includes measures that include “explicit reference” to the pre-existing requirements of a covered financial institution’s Anti-Money Laundering Program. FinCEN refers to these requirements as “pillars ” of a Program, which they consider to be the minimum standards of any effective Anti-Money Laundering Program. In this final rule, FinCEN introduces a fifth “pillar” related to risk-based continuous monitoring procedures.


A robust Customer Due Diligence program within the financial industry, with the addition of the identification of natural persons associated with legal entities, will strengthen federal regulator’s and law enforcement’s efforts related to the criminal activity within the financial industry by:

• Enhancing the resources of law enforcement, intelligence and financial institutions to identify the assets and accounts of terrorists and other entities that threaten national security
• Assist financial institutions in their risk management and compliance efforts
• Support cooperation with other countries related to FATCA tax reporting
• Promote consistency in application of rules across the industry
• Enhance financial transparency of Legal Entities

Beneficial Ownership Requirements for Legal Entity Customers

The final rule requires covered financial institutions establish and maintain Customer Due Diligence written supervisory procedures, reasonably designed to identify and verify the natural persons who are beneficial owners of legal entity accounts. FinCEN did not adopt a retroactive clause, therefore, this applies to accounts opened on or after the applicable date. FinCEN introduces a definition of “beneficial owner” to provide a clear understanding to the financial industry. This definition consists of two independent components, which it refers to as “prongs.” The definition includes an ownership prong and a control prong. Each prong is independent from the other.

An “Ownership Prong” is defined as:

Each individual, if any, who directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25% or more of the equity interest of a legal entity customer.

A “Control Prong” is defined as:

An individual with significant responsibility to control, manage, or direct a legal entity including

1. An executive officer or senior manager (e.g.) Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or
2. Any other individual who regularly performs similar functions.

Under the Ownership Prong, covered financial institutions are required to identify each individual who owns a 25% or more equity interest. Consequently, no more than four (4) individuals can be identified. If no one individual meets the 25% ownership test, a firm is permitted to NOT identify any individuals. FinCEN notes, however, the firm’s risk-based Customer Identification Program may prompt them to identify individuals with an equity interest of less than 25%.

Under the Control Prong, covered financial institutions are required to identify one (1) individual. In addition, if there is an instance in which a natural person meets both the ownership test and the control test, financial institutions are permitted to name the same individual under both prongs.

In cases where the 25% threshold equity ownership of a legal entity customer is not owned by any individual, but rather owned by an entity exempted from the definition of a legal entity, the covered financial institution is not required to identify an individual under the ownership prong. If the 25% threshold of ownership is owned by a trust (other than a statutory trust), the trustee is treated as the beneficial owner and identified as such under the ownership prong.

Important to note, the covered financial institution is required to verify the identity of the beneficial owner, not the ownership status of a beneficial owner. The covered financial institution may rely on the information supplied by the legal entity customer with respect to the identity of the beneficial owner(s) provided it has no knowledge that would lead it to question the reliability of the information provided. The covered financial institution may use photocopies or other reproduction of Customer Identification program documents, but should assess the risk associated with the types of reproductions accepted to insure their validity.

Definition of Legal Entity Customer

The final rule includes a definition of “Legal Entity Customer” to mean:

A corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account.

This includes limited partnerships, business trusts, and general partnerships created by filings with a state office. It does not include sole proprietorship, trusts and estate or probate type accounts.

The final rule includes an extensive list of entities excluded from the definition, which includes an exemption for entities excluded from the definition of a “customer” under CIP rules. The following types of entities are exempted:

• A financial institution regulated by a Federal functional regulator or a bank regulated by a State bank regulator
• A department or agency of the United Sates, or any State or any political subdivision of a State
• A entity established under the laws of the United States, of any state or of any political subdivision of any State, or under an interstate compact between two or more States, that exercises governmental authority on behalf of the United States or of any such State or political subdivision
• Any entity (other than a bank) whose common stock or analogous equity interest are listed on the NYSE, NYSE MKT or Nasdaq stock exchanges.
• Any entity organized under the laws of the United States or of any State at least 51% of whose common stock or analogous equity interest are held by a listed entity
• An issuer of a class of securities registered under Section 12 of the Exchange Act of 1934 or that is required to file reports under Section 15(d) of that Act;
• Any majority-owned domestic subsidiary of any entity who securities are listed on a U. S. stock exchange;
• An investment company, as defined in Section 3 of the Investment Company Act of 1940, that is registered with the SEC under that Act;
• An investment adviser, as defined in Section 202(a)(11) of the Investment Adviser Act of 1940, that is registered with the SEC under that Act;
• An exchange or clearing agency, as defined in Section 3 of the Exchange Act of 1934, that is registered under Section 6 or 17A of that Act;
• Any other entity registered with the SEC under the Exchange Act of 1934;
• A registered entity, commodity pool operator, commodity trading advisor, retail foreign exchange dealer, swap dealer, or major swap participant, each as defined in Section 1a of the Commodity Exchange Act that is registered with the CFTC;
• A public accounting firm registered under Section 102 of the Sarbanes-Oxley Act, and
• A bank holding company, defined in Section 2 of the Bank Holding Company Act of 1956, or savings and loan holding company
• A pooled investment vehicle that is operated or advised by a financial institution
• An insurance company regulated by a State
• A financial market utility designated by the Financial Stability Oversight Council under Dodd Frank
• A foreign financial institution established in a jurisdiction where the regulator of such institution maintains beneficial ownership information regarding such institution
• A non-US. Governmental department, agency, or political subdivision that engage only in governmental rather than commercial activities
• Any legal entity only to the extent that it opens a private banking account

FinCEN determined that the following legal entity customers are subject to the control prong only as the ownership interests in these types of entities either do not exist or change frequently:

• A pooled investment vehicle that is operated or advised by a financial institution that is not an Excluded Legal Entity (i.e. non-U.S. managed mutual funds, hedge funds and private equity funds)
• Any legal entity that is established as nonprofit corporate or similar entity (including a charitable, nonprofit, not-for profit, nonstock, public benefit or similar corporation) and has filed its organization’s document with the appropriate State authority as necessary

Finally, two additional carve out exemptions to the definition of a “legal entity customer” are included in the final rule, and thus exempted:

• Trusts, although statutory trusts may fall under the scope of the proposed definition.
• Intermediaries who have no CIP requirements related to the intermediary’s underlying clients, pursuant to existing guidance, would treat the intermediary and not the intermediary’s underlying clients as its legal entity. Trust and attorney escrow accounts would all under the intermediary account practices.

Verification of Beneficial Owners

The final rule applies to new accounts. FinCEN is not making it a requirement to “look back” for the ownership test on legal entities. Rather the ownership requirement applies to legal entity customers that open new accounts, going forward, from the applicable date of the rule.

As such, the definition of legal entity customer is limited to entities that open an account post-applicable date. Also noted, in situations where a legal entity opens an account in addition to a previously existing (pre-applicability date) account, the new requirement to identify ownership and control will apply. In addition if a covered financial institution, in the normal course of business, learns that an existing legal entity customer’s beneficial ownership has changed, it is required to take steps to identify the beneficial owner at that time.

The final rules require covered financial institutions obtain the identity and verify the identity of the beneficial owners of the legal entity customer unless the entity is excluded or the account is exempt. The covered financial institution must adopt policies and procedures to obtain, at the opening of the account, the identity of the beneficial owner as defined in the rule by taking one of two actions. First, the institution may use the “Certification Form” as provided in Appendix A of the Final Rule or second, obtain the information required on the Certification by another means, such as a custom account onboarding form.

The information required to be obtained and documented is as follows:

• Name, address, date of birth and Social Security number or passport number or other similar information in the case of foreign persons for the beneficial owner(s)
o Each individual, if any, who owns, directly or indirectly, twenty-five percent (25%) or more of the equity interests of the legal entity customer and
o An individual with significant responsibility for managing the legal entity customer (e.g. a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice-President or Treasurer)
o Name and title of natural person opening the account
o Name and address of legal entity for which the account is being opened
o Name and signature of the person making the certification

The individual completing the form on behalf of the entity must certify that to the best of his or her knowledge, the information is accurate. There is no requirement to independently verify that the information provided on behalf of the legal entity is accurate unless the institution has reason to doubt its accuracy.

Then the financial institution, in compliance with its Customer Identification Program, must take the necessary steps to verify the identity of the beneficial owners within a reasonable time post account opening. If the institution uses documentary verification, it may choose to use photocopies or other reproduction as it deems prudent.

Citing certain types of accounts that pose a low threat of money laundering, FinCEN is exempting four types of legal entity customer accounts:

1. Entities whose purpose is point-of-sale credit products including private label credit cards, solely for the purchase of retail goods and services at the associated retailers up to $50,000.
2. Entities whose purpose is to finance the purchase of postage and for which payments are remitted directly to the financial institution to the provider of the postage products.
3. Entities whose purpose is to finance insurance premiums and for which payments are remitted directly by the financial institution to the insurance provider or broker.
4. Entities whose purpose is to finance the purchase of leasing of equipment and for which payments are remitted directly by the financial institution to the vendor or lessor of this equipment.

If the legal entity customer makes payments to or receives payments from a third party, exemptions 2 – 4 are not applicable. In cases where there is a possibility of a cash refund on the exempted account activity under exempted accounts 2-4, then the beneficial owner must be identified and verified by the financial institution, either at the time of initial refund, or the time the refund occurs.

As stated in the proposal and the final rule, the purpose of this rule is to create a clear Customer Due Diligence framework for U.S. financial institutions and enhance current Anti-Money Laundering practices within the financial industry. Consequently, covered financial institutions must incorporate the beneficial ownership information collected into its Customer Identification Program including compliance with Office of Foreign Assets (OFAC) regulations, currency transaction reporting aggregation requirements and Bank Secrecy Act regulations.

In response to industry comments, FinCEN is extending existing guidance that allows financial institutions to rely on other financial institutions to conduct CIP when sharing customers to the Customer Due Diligence requirements subject to the conditions of the guidance:

• The financial institution can establish that the reliance was reasonable.
• That the other financial institution is subject to an AML program rule and is regulated by a federal functional regulator.
• The other financial institution enters into a contract and provides the required annual certifications regarding their AML and CIP programs.

This extension allows for a consistent approach to the new requirements by allowing financial institutions to incorporate the new requirements into their current processes.


Covered financial institutions must have procedures for maintaining a record of all information obtained in connection with identifying and verifying beneficial owners, including retention of the certification form or other compliant record, and a record of any other related identifying information reviewed or collected for a period of five years after the account is closed. If an institution uses non-documentary verification processes, it must include a description of such processes and the results including resolution of any discrepancies. Verification records must be retained for a period of five years after the record is made.

Formal Amendments to AML Program Requirements

This final rule amends FinCEN’s existing Anti-Money Laundering rules for covered financial institutions – bank, broker-dealers and mutual fund companies. The amended rule for broker-dealers retains the four traditional pillars of its AML rules and adds a formal “fifth” pillar.

To review the original four pillars are:

1. The establishment and implementation of policies, procedures and internal controls reasonably designed to achieve compliance with the applicable provisions of the Bank Secrecy Act and the implementing regulations
2. Independent testing for compliance to be conducted by the broker-dealer’s personnel or by a qualified third party
3. Designation of an individual or individuals responsible for implementing and monitoring the operations and internal controls of the program
4. Ongoing training for appropriate persons

The fifth pillar specifically addresses the elements of Customer Due Diligence by requiring appropriate risk-based procedures for conducting ongoing customer due diligence, including, but not limited to:

• Understanding the nature and purpose of customer relationships for the purposes of developing a customer risk profile, and
• Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information, including information regarding the beneficial owners of legal entity customers.

The nature of and purpose of the customer’s relationship with a covered financial institution is a core tenant of an AML program to enable an institution to identify and report suspicious activities. As institutions collect and analyze data related to the relationship such as customer profile (age, income, net worth) and purpose (investment objective, investment horizon) the data should provide the institution with baseline set of data and a “risk profile” on which activity in customer accounts is analyzed for any suspicious activity.

The final rule does not require a scheduled information updating component, rather FinCEN assumes that covered financial institution’s ongoing monitoring of account activities will trigger such updates in response to when the institution becomes aware of outdated information.


A few thoughts for consideration.

In light of recent SEC and FINRA disciplinary actions related to deficiencies in Anti-Money Laundering programs with fines imposed into the millions and billions, it is clear that regulatory bodies are determined to enforce a strong Anti-Money Laundering programs across the financial industry.

Firms need to review and update their customer onboarding policies, procedures and processes to obtain the identity of beneficial owners and control persons. Firms need to make sure that the identification of these persons is certified by the person with authority to open the account.

Next will be to incorporate the new identification data into AML programs. Firms need to include the data into their analysis for OFAC requirements, transaction reporting requirements, especially for aggregation and BSA requirements. Also for consideration are policies and procedures prompting action when a discrepancy is found and the steps to take for resolution.

Further firms need to update their books and records to record and retain the information received related to the beneficial owner and control persons as well as records created related to verification processes. And consideration of the record retention requirements is important.

Finally, firms should review their clearing agreements, if applicable, to outline and document responsibilities of all parties involved.

This is by no means a comprehensive list. Firms need to review this rule in light of their business model.
Applicability Date

In response to the industry’s request for sufficient time to implement the new CDD requirements, FinCEN is providing an applicability date of May 11, 2018.

Final Rule FinCEN Customer Due Diligence Requirements for Financial Institutions Verus Consulting

About Verus Consulting Group LLC

Verus Consulting Group LLC (Verus) is a professional consulting and advisory firm formed in 2008, specializing in the financial services industry. The firm’s directors each bring 30 plus years of experience to the table when discussing clients’ needs, and consultants on average have 15 plus years of financial industry experience. When you hire Verus, you can trust that we will bring practical knowledge and experience to your project.

Our Company: The name Verus translates to the words True and Genuine. Our name truly reflects who we are and the approach we take with our clients. We establish a relationship of trust and value with our clients, and provide more than a consulting experience; Verus provides a lasting partnership.

Our Expertise: Our consultants provide expertise across all levels of operations, project management and business analysis within banking, trust, brokerage and IT environments. Leadership coupled with expertise in these areas allows Verus to lead even the most complex projects, conversions, implementations and integrations.

6 July 2016

Jane Young
Compliance & Regulatory Manager

Experience You Can Trust. Contact us for further information.

Verus Consulting Group LLC
999 Vanderbilt Road
Suite 200
Naples FL 34108