Ready or Not; Here it Comes (the Fifth Pillar)
May 11, 2018 is coming fast! That is the date that your institution must comply with the BSA/AML’s fifth pillar and the Beneficial Ownership section of that rule.
First the pillar itself: This amends the AML program requirement to explicitly require
institutions to implement and maintain appropriate risk-based procedures for conducting ongoing customer due diligence including: understanding the nature and purpose of the customer relationship and conducting ongoing monitoring to identify and report suspicious transactions and; on a risk basis, to maintain and update customer information. This pillar includes all accounts at your institution, not just entities that are subject to the Beneficial Ownership certification section.
Hopefully, your institution has already started tracking its customer base to determine what is normal and what could be considered suspicious. Since this is an added pillar to the four that are in effect, the regulators expectation would be for your BSA/AML Policy to have a section covering your intention on compliance with the requirement and through your procedures; how you will accomplish that mandate.
The standards state that your institution should rely upon the CIP information that is already in place. In addition, getting a game plan now on how to monitor for the newest pillar and training on the expectations of your institution is critical.
A subsection of the fifth pillar is the Beneficial Ownership rule. This rule mirrors the definition of “customer” as set forth by the CIP regulation, encompassing all products offered at your institution be it deposits, loans or safe deposit accounts to entities. The good news is that FinCEN has provided a form that can be used in accomplishing the certification, this can be found in Appendix A to § 1010.230. This form has been updated by FinCEN as of September 28, 2017 to clarify some minor items.
Your institution may use the model form or another of your choosing, as long as all of the required information is obtained. The form has two prongs. The first prong is a listing of an entities ownership of 25% and greater. You may have from zero up to four names listed. The second prong (or control prong) is the requirement to obtain information on a person at the entity who has significant responsibility to control, manage or direct the company. This area must be completed each time an account is opened, even if the ownership prong has no applicable names.
Examples of such a person are: executive officer, senior manager, general partner, president, vice president, treasurer, CEO, CFO or COO. FinCEN’s expectation is that whoever is named would be a high-level official in the entity who is responsible for how the organization is run and who will have access to a range of information concerning the day-to-day operations of the company. I anticipate that in a lot of cases, it is the person who is coming into the institution to open the account.
Questions and Answers:
- How often does the institution have to get a form signed? Answer: Every time that the entity opens a new account, be it deposit, loan or other product. It doesn’t matter if an account was opened just one week after the previous one, the regulation requires another certification to be completed. It also doesn’t matter if you are renewing a loan; you are still required to obtain the certification.
- Can we use copies of driver’s licenses for the ownership prong? Answer: Yes you may. More than likely, if there are multiple owners, then you may not have them present when opening the account.
- If entity “A” is owned by entities “B” and “C” each at 50%, do we have to complete a form? Answer: Possibly. It would be incumbent upon your institution to “drill down” and get information on the ownership percentages of “B” and “C”. If any one person owns more than 49% of either “B” or “C” they would be considered to have at least a 25% ownership of “A”.
- Are personal accounts exempt from this certification? Answer: Yes.
- What is considered to be a “legal entity”? Answer: Corporations, limited liability companies or other entities created by the filing of a public document with a Secretary of State or similar office, general partnerships, and any similar entity formed under the laws of a non-US jurisdiction that opens an account.
- Must the institution have the second prong (control prong) completed for each time a new account is opened or renewed? Answer: Yes.
- Are there any entities that are exempt? Answer: Yes. Financial institutions, regulated by federal or state regulators, publically held companies traded on certain U.S. stock exchanges, registered investment advisors or registered investment companies and any entity registered with the Securities and Exchange Commission (SEC).
- Will the new form cause my institution to get more information than what has been done in the past? Answer: Financial institutions have always prided them themselves on getting to know their customers. In addition, the lending function and safety and soundness expectations already would have your institution know this critical information before doing business with an entity. So, no, the new form should not change anything that the institution is already ascertaining.
On July 19, 2016, FinCEN published Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions. (FIN-2016-G003) that covers the above areas, but also a number of other questions and answers.
If your institution has not done so, we encourage you now to author policy and procedures in anticipation of May 11, 2018. Also, regulators would want to see that specific training has been accomplished for all employees on the new standards prior to the implementation date.