Here at RegSmart, we want to equip you with as much knowledge as possible. In part 2 of this two-part series, we will review the remaining 9 important facts to consider with regard to Beneficial Ownership (For Part 1, please click here).
For most institutions, compliance with the beneficial ownership rules of 31 CFR 1010.230 has been a race to meet obligations that the industry does not fully understand and that the regulators have not fully defined. A recipe for success, no doubt. The original rule was and is required reading, but some very critical questions were not completely answered until FinCEN published FAQs April 3, 2018, just about one month before the rule would take effect.
If you’re looking for a summary of all the FAQs including on more obscure rules such as the treatment of private label retail credit accounts (FAQ 29) or equipment leasing transactions (FAQ 31), you need to slog through the FinCEN FAQs. If you want to understand 90+% of your compliance obligations (including some obscure ones like how to treat beneficial ownership information with a 314(a) request), read on…
We have an annotated version of this paper, with our advice and specific references to rules, regulations, and guidance available. Just email us at info@beregsmart.com and we’ll send it to you.
1. Your policies and procedures require that you obtain a certification (either on a FinCEN form or an appropriate substitute) from the individual opening the account on behalf of the legal entity customer identifying the “beneficial owners” (including, when applicable, 25% Owners and Controlling Persons).
The certification may be in paper or electronic format. The certifying person must guaranty the information is accurate to the best of the certifying person’s knowledge. You may rely on the information in the certification unless you have reason to believe the information is inaccurate. [31 CFR 1010.230(b)(1); See also FinCEN’s April 3, 2018 FAQs, Questions 3, 6, and 13]
2. Your policies and procedures require that you VERIFY the identifying information (name, address, DOB, SSN or passport no., etc.).
The Rules require that your policies and procedures related to verification of beneficial ownership be included in your CDD procedures which, for many institutions, are separate from CIP. [31 CFR 1010.230(a)-(b)]
3. You have a risk-based procedure that addresses the circumstance in which you develop information that the beneficial ownership of a legal entity customer may have changed (i.e., when certification or re-certification and other action is required).
The Rules combined with FinCEN’s April 3, 2018 FAQs are clear that beneficial ownership data is CDD and thus governed by general principles of CDD. As a general rule, if you have reason to believe that any CDD is materially inaccurate, then you should take steps to verify or correct the inaccurate data. [FinCEN Guidance FIN-2016-G003, July 19, 2016; See also FinCEN’s April 3, 2018 FAQs, Questions 3, 6, and 13]
4. You have a policy that requires that you maintain (1) identifying information (name, address, DOB, etc.) for five years after the account is closed and (2) copies of verification documents or a description thereof for five years after the document was obtained or description written.
For records of any identifying information (i.e., name, address, DOB, etc.) you obtained (including the certification) you must retain these records for five years after the account is closed. [31 CFR 1010.230(i)(1)(i)-(ii) and (2)]
For records such as copies of verification documents (e.g., driver’s license) or a description of any document on which you rely, or a description of a non-documentary source (e.g., a tax return to verify SSN), you must maintain these records for five years after the document was obtained or the description was written. The record must include a description of how you resolved any substantive discrepancies on verification. [31 CFR 1010.230(i)(1)(i)-(ii) and (2)]
5. Your policies and procedures address collecting, maintaining, and updating (under a risk-based approach) beneficial ownership information.
FinCEN’s April 3, 2018 FAQs, Question 16 says, “A covered financial institution must develop written internal policies, procedures, and internal controls with respect to collecting, maintaining, and updating a legal entity’s beneficial ownership information. The Rule requires that covered financial institutions monitor and, on a risk basis, update the customer information, including the beneficial ownership information, and does not require re-certification when the information is up-to-date and accurate.”
6. Your policies and procedures address when you will rely on another financial institution to collect, verify, and/or maintain records required under the Rules.
You may rely on another financial institution (including an affiliate) to perform any of the requirements related to your beneficial ownership procedures with respect to any legal entity customer that is opening, or has opened, an account or has established a similar business relationship with the other financial institution to provide or engage in services, dealings, or other financial transactions, subject to certain requirements of 31 CFR 1010.230 (j)(1)-(3).
7. You aggregate transactions with beneficial owners for CTR and suspicious activity monitoring purposes.
FinCEN expects you to apply existing procedures that are consistent with CTR regulations (31 CFR 1010.313 and applicable guidance (FIN-2012-G001 and FinCEN ruling 2001-2)).
FinCEN’s April 3, 2018 FAQs, Question 32 clarified aggregation requirements for entities that share beneficial owners.
8. You compare beneficial owners to the OFAC list in accordance with your risk-based OFAC policies and procedures.
OFAC requires that you block accounts or other property and interests in property of any person appearing on the SDN and Blocked Persons List (SDN List). This includes any entity that is 50% or more owned, in the aggregate, by one or more blocked persons, regardless of whether the entity is formally included on the SDN List. You should use the information you obtain in connection with the Rule to help ensure that you do not open or maintain an account or engage in business with individuals or entities subject to OFAC sanctions. [31 CFR Part 500]
9. You have a policy that forbids you from reporting non-account holding beneficial owners identified in a 314(a) request to FinCEN.
This is a tricky one: This issue arises when you get a “hit” on a name in a 314(a) request based solely on the person or entity being identified as a beneficial owner of a legal entity customer. This issue was addressed in the commentary at 81 FR 29397 as follows:
“A few commenters asked FinCEN to provide guidance as to how beneficial ownership information should be incorporated into processes for information sharing pursuant to USA PATRIOT Act Section 314(a); one of these commenters asked FinCEN to declare such information per se outside of the scope of Section 314(a). FinCEN does not expect the information obtained pursuant to the beneficial ownership requirement to add additional requirements with respect to Section 314(a) for financial institutions. The rule implementing Section 314(a), set forth at 31 CFR 1010.520, does not authorize the reporting of beneficial ownership information associated with an account or transaction matching a named subject. Under that rule, financial institutions need only search their records for account or transactions matching a named subject, and report to FinCEN whether such a match exists using the identifying information that FinCEN provides.” [Emphasis added.]
We read the phrase “does not authorize” as documenting FinCEN’s position that you may not disclose the name in response to a 314(a) request without running the risk of violating privacy regulations because the disclosure would appear based on this commentary to be outside the scope of 314(a).
About the Author
Mark Stetler is CEO of RegSmart. He has a BBA in Finance from Baylor University (cum laude, 1985) and a law degree from the University of Texas (with honors, 1988). Mark has worked in the financial services industry for 30 years as an attorney and entrepreneur. Mark previously co-owned one of the nation’s largest firms specializing in forensic financial audits. He is a Certified Anti-Money Laundering Specialist and a chief architect of RegSmart’s anti-money laundering risk assessment and audit SaaS.
About RegSmart
RegSmart offers the best-in-class automated BSA/AML risk assessment. Supported by subject matter experts, RegSmart collects data with intuitive wizards and stores that data for regulatory compliance and change management. RegSmart delivers complete, plain language reports with actionable intelligence. Please visit us at www.beregsmart.com.
If you would like to see a demonstration of our best-in-class automated BSA/AML risk assessment and audit applications, please contact us at 214.919.4670, or email John Ravita at jrravita@beregsmart.com or Mark Stetler at mstetler@beregsmart.com. We look forward to visiting with you.