By Mitch Hoppenworth
Financial Institutions are facing another compliance deadline as the U.S. Treasury Department’s Financial Crimes Enforcement Network‘s (FinCEN) new rules and obligations for customer due diligence (CDD) kick in. These rules were published under the Bank Secrecy Act (BSA) and add requirements for covered financial institutions to identify and verify beneficial owners of legal entity customers. FinCEN considers these new requirements highly important to preventing financial crimes.
The new rule essentially adds additional requirements fundamental to an effective Anti-Money Laundering (AML) program which will bring about substantial changes in existing policies and procedures.
This is a new requirement that calls for financial institutions to collect information to verify the identity of each individual who either directly or indirectly owns more than 25% of the equity interests of the legal entity customer. In addition, financial institutions must collect information to identify at least one individual who has significant responsibility for the control or management of the legal entity customer. For any legal entity customer there can be multiple beneficial owners.
Federally regulated banks, federally insured credit unions, mutual funds, and security brokers and dealers are among those within the scope of the CDD rule. Existing “Know Your Customer” (KYC) programs at these organizations, which are established to monitor and understand the customer’s risk profile, will need to be enhanced. These changes will likely include event driven risks which can be identified through transaction monitoring as an example.
These financial institutions are required to capture and verify information for beneficial owners at the time of an account opening which includes physical address, Internal Revenue Service identification number (i.e. social security number or tax identification number), and date of birth.
As the rule was enacted in May 2016, is it safe to assume that after two years the impacted organizations are compliant, confident, and ready for the implementation date? These organizations have likely already heavily invested in a robust KYC or Customer Information Program (CIP), so these new rules shouldn’t pose a significant burden on their programs, right?
It’s hard to tell. Much of the commentary on the CDD Final Rule indicates that the practical application of these new rules may not be straightforward. Making substantial changes to complex processes invites many challenges. In fact, under this rule the exponential increase in data and documentation for collection, screening, and monitoring will challenge both human and technological resources. Outsized expenditures of resources are already devoted to AML and KYC programs and compliance with the CDD Final Rule is very expensive and burdensome.
So, what are organizations to do? Of course, they will make their best efforts to comply with the CDD Final Rule. However, at the same time, the real cost of compliance will continue to garner the wrong kind of attention with organizations and eventually reach its limits if it hasn’t already. Technologies have brought many efficiencies to these programs but are nowhere near a complete replacement for the number of resources in process heavy, manual review programs such as these.
Third party companies with experience in project management, process efficiencies, and a deep pool of legal talent can help reduce CDD costs and drive efficiencies. Organizations looking for third party assistance should also be looking for those with experience rooted in an understanding of financial regulations and a successful track record in the financial services industry of delivering compliant, cost effective solutions.