The Financial Crimes Enforcement Network (“FinCEN”) is issuing these FAQs to assist covered financial institutions in understanding the scope of the Customer Due Diligence Requirements for Financial Institutions,” published on May 11, 2016 (the “CDD Rule”), available at https://www.gpo.gov/fdsys/pkg/FR-2016-05-11/pdf/2016-10567.pdf . These FAQs provide interpretive guidance with respect to the CDD rule. FinCEN intends to issue additional FAQs or guidance as appropriate.
Frequently Asked Questions (FAQs)
Question 1: Purpose of CDD Rule
Q: Why is FinCEN issuing the CDD Rule?
- FinCEN is issuing the CDD Rule to amend existing BSA regulations in order to clarify and strengthen customer due diligence requirements for certain financial institutions. The CDD Rule outlines explicit customer due diligence requirements and imposes a new requirement for these financial institutions to identify and verify the identity of beneficial owners of legal entity customers, subject to certain exclusions and exemptions. Within this construct, as stated in the preamble to the Rule, FinCEN intends that the legal entity customer identify its ultimate beneficial owner or owners and not “nominees” or “straw men.”
Question 2: Rule application
Q: Does the CDD Rule apply to all financial institutions?
A: No. The CDD Rule applies to covered financial institutions.
Question 3: Covered financial institutions
Q: Which financial institutions are covered under the CDD Rule?
A: For purposes of the CDD Rule, covered financial institutions are federally regulated banks and federally insured credit unions, mutual funds, brokers or dealers in securities, futures commission merchants, and introducing brokers in commodities. 1
Question 4: CDD requirements for covered financial institutions with respect to beneficial ownership
Q: What are the requirements for covered financial institutions to collect beneficial ownership information?
A: The CDD Rule requires covered financial institutions to establish and maintain written procedures that are reasonably designed to identify and verify the beneficial owners of legal entity customers. These procedures must enable the institution to identify the beneficial owners of each customer at the time a new account is opened, unless the customer is otherwise excluded or the account is exempted. Also, the procedures must establish risk-based practices for verifying the identity of each beneficial owner identified to the covered financial institution, to the extent reasonable and practicable. The procedures must contain the elements required for verifying the identity of customers that are individuals under applicable customer identification program (“CIP”) requirements. 2
In short, covered financial institutions are now required to obtain, verify, and record the identities of the beneficial owners of legal entity customers.
Question 5: Amendments to the anti-money laundering (“AML”) program requirements
Q: Are there any changes to the AML program requirements for covered financial institutions in the Rule?
A: Yes. The CDD Rule amends the AML program requirements for each covered financial institution to explicitly require covered institutions to implement and maintain appropriate risk-based procedures for conducting ongoing customer due diligence, to include:
- understanding the nature and purpose of the customer relationships; and
- conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.
A covered financial institution’s AML program must include, at a minimum: (1) a system of internal controls; (2) independent testing; (3) designation of a compliance officer or individual(s) responsible for day-to-day compliance; (4) training for appropriate personnel; and (5) appropriate risk-based procedures for conducting ongoing CDD to understand the nature and purpose of customer relationships and to conduct ongoing monitoring to identify and report suspicious transactions, and, on a risk basis, to maintain and update customer information.
Question 6: Procedures for identification and verification of identity of beneficial owners
Q: Must a covered financial institution’s procedures for identifying and verifying the identity of beneficial owners of legal entity customers be identical to its customer identification program?
A: No. However, the CDD Rule requires that the procedures, at a minimum, contain the same elements as required for verifying the identity of customers that are individuals under the applicable CIP rule. However, financial institutions may use photocopies or other reproductions of identification documents in the case of documentary verification.
Question 7: Anti-money laundering procedures
Q: Are covered financial institutions required to include the procedures for identifying and verifying the identity of the beneficial owners of legal entity customers in the institution’s AML compliance program?
A: Yes. The CDD procedures must be included in the covered financial institution’s AML compliance program.
Question 8: Collection of beneficial ownership information
Q: Are covered financial institutions required to collect any information about beneficial ownership from the legal entity customer?
A: Yes. Covered financial institutions must collect information on individuals who are beneficial owners of a legal entity customer in addition to the information they are required to collect on the customer under the CIP requirement.
Question 9: Definition of beneficial owner
Q: Who is a beneficial owner?
A: The Rule defines beneficial owner as each of the following:
- each individual, if any, who, directly or indirectly, owns 25% or more of the equity interests of a legal entity customer ( i.e ., the ownership prong); and
- a single individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager ( e.g ., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or any other individual who regularly performs similar functions ( i.e ., the control prong). This list of positions is illustrative, not exclusive, as there is significant diversity in how legal entities are structured.
Under this definition, a legal entity will have a total of between one and five beneficial owners ( i.e ., one person under the control prong and zero to four persons under the ownership prong).
Question 10: Collection of information for beneficial owners
Q: Are covered financial institutions required to obtain information directly from the beneficial owners of legal entity customers?
A: No. The Rule requires financial institutions to obtain information about the beneficial owners of a legal entity from the individual seeking to open a new account at the covered financial institution on behalf of the legal entity customer. This individual could, but would not necessarily, be a beneficial owner.
Question 11: Beneficial ownership information that must be collected for legal entity customers
Q: What types of information are covered institutions required to collect on the beneficial owners of legal entity customers?
A: As with CIP for individual customers, covered financial institutions must collect from the legal entity customer the name, date of birth, address, and social security number or other government identification number (passport number or other similar information in the case of foreign persons) for individuals who own 25% or more of the equity interest of the legal entity (if any), and an individual with significant responsibility to control/manage the legal entity at the time a new account is opened.
Question 12: Nominee owners
Q: May a legal entity provide the identification of a nominee owner in response to a financial institution’s request for the identification of a beneficial owner?
A: No. As stated in the preamble to the Rule, FinCEN intends that the legal entity customer identify its ultimate beneficial owner or owners and not “nominees” or “straw men.” FinCEN reiterates that it is the responsibility of the legal entity customer to identify its ultimate beneficial owners and that the financial institution may rely upon the information provided, unless the institution has reason to question its accuracy.
Question 13: The control prong of the beneficial ownership requirement
Q: What types of individuals satisfy the definition of a person with “significant responsibility to control, manage, or direct a legal entity customer?”
A: Under the Rule, a legal entity must provide information on a control person with “significant responsibility to control, manage, or direct the company.” The rule also provides examples of the types of positions that could qualify, including “[a]n executive officer or senior manager ( e.g ., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer).” FinCEN’s expectation is that the control person identified must be a high-level official in the legal entity, who is responsible for how the organization is run, and who will have access to a range of information concerning the day-to-day operations of the company. The list of positions is illustrative, not exclusive.
Question 14: Definition of account
Q: How is “account” defined in the CDD Rule?
A: In order to maintain consistency with CIP, FinCEN added to the CDD Rule the same definition of the terra “account” that is in the CIP rules for banks, brokers or dealers in securities, mutual funds, and futures commission merchants and introducing brokers in commodities.
Question 15: Definition of new account
Q: What is a new account?
A: The Rule defines a new account as each account opened at a covered financial institution by a legal entity customer on or after the May 11, 2018 applicability date.
Question 16: Application to Existing Accounts
Q: Does a covered financial institution have to obtain beneficial information on existing accounts?
A: No. The rule does not cover existing accounts that were opened before the applicability date.
Question 17: Exemptions and limitations on exemptions
Q: Are there any other type of accounts that are not covered by the CDD Rule?
A: Yes. Subject to certain limitations, covered financial institutions are also not required to identify and verify the identity of the beneficial owner(s) of a legal entity customer when the customer opens any of the following four categories of accounts:
- accounts established at the point-of-sale to provide credit products, solely for the purchase of retail goods and/or services at these retailers, up to a limit of $50,000;
- accounts established to finance the purchase of postage and for which payments are remitted directly by the financial institution to the provider of the postage products;
- accounts established to finance insurance premiums and for which payments are remitted directly by the financial institution to the insurance provider or broker; and
- accounts established to finance the purchase or lease of equipment and for which payments are remitted directly by the financial institution to the vendor or lessor of this equipment.
These exemptions will not apply under either of the following two circumstances:
- if the accounts are transaction accounts through which a legal entity customer can make payments to, or receive payments from, third parties.
- if there is the possibility of a cash refund for accounts opened to finance purchase of postage, insurance premium, or equipment leasing. If there’s the possibility of a cash refund, the financial institution must identify and verify the identity of the beneficial owner(s) either at the initial remittance, or at the time such refund occurs.
Question 18: Collection of beneficial ownership information
Q: Must covered financial institutions collect beneficial ownership information on all of the beneficial owners of a legal entity customer?
A: Covered financial institutions must collect and verify the beneficial ownership information of each person who meets the definition under the ownership prong, and of one person under the control prong. Under the ownership prong, covered financial institutions are required to collect the beneficial ownership information only for each individual who owns directly or indirectly 25% or more of the equity interest of a legal entity and under the control prong, for one individual with significant responsibility to control, manage, or direct the entity. However, the rule recognizes that there may be instances when no one individual owns 25% or more of the equity interest of the legal entity; in such instances, the financial institution is still required to collect the required information for one individual who controls, manages, or directs the legal entity customer.
Question 19: Certification Form
Q: Are covered financial institutions required to use the Certification Form that is in Appendix A of the final CDD Rule?
A: No. The Certification Form is provided as an optional form that financial institutions may use to obtain the required beneficial ownership information. Financial institutions may choose to comply by using the sample Certification Form, using the institution’s own forms, or any other means that complies with the substantive requirements of this obligation.
Question 20: Definition of legal entity customer
Q: Who is a legal entity customer?
A: The Rule defines a legal entity customer as a corporation, limited liability company, other entity created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account. The definition also includes limited partnerships, business trusts that are created by a filing with a state office, and any other entity created in this manner.
A legal entity customer does not include sole proprietorships, unincorporated associations, or natural persons opening accounts on their own behalf.
Question 21: Exclusions from the definition of legal entity customer
Q: Are there any entities that are excluded from the definition of the legal entity customer and for which a covered financial institutions is not required to obtain beneficial ownership information?
A: Yes. The CDD Rule excludes from the definition of legal entity customer certain entities that are subject to Federal or State regulation and for which information about their beneficial ownership and management is available from the Federal or State agencies, such as:
- Financial institutions regulated by a Federal functional regulator or a bank regulated by a State bank regulator;
- Certain exempt persons for purposes of the currency transactions reporting obligations:
- A department or agency of the United States, of any State, or of any political subdivision of a State;
- Any entity established under the laws of the United States, or any State, or of any political subdivision of any State, or under an interstate compact;
- Any entity (other than a bank) whose common stock or analogous equity interests are listed on the New York, American, or NASDAQ stock exchange;
- Any entity organized under the laws of the United States or of any State at least 51% of whose common stock or analogous equity interests are held by a listed entity;
- Issuers of securities registered under section 12 of the Securities Exchange Act of 1934 (SEA) or that is required to file reports under 15(d) of that Act;
- An investment company, as defined in section 3 of the Investment Company Act of 1940, registered with the U.S. Securities and Exchange Commission (SEC);
- An SEC-registered investment adviser, as defined in section 202(a)(11) of the Investment Advisers Act of 1940;
- An exchange or clearing agency, as defined in section 3 of the SEA, registered under section 6 or 17A of that Act;
- Any other entity registered with the SEC under the SEA;
- A registered entity, commodity pool operator, commodity trading advisor, retail foreign exchange dealer, swap dealer, or major swap participant, defined in section 1a of the Commodity Exchange Act, registered with the Commodity Futures Trading Commission;
- A public accounting firm registered under section 102 of the Sarbanes-Oxley Act.
Additional regulated entities:
- A bank holding company, as defined in section 2 of the Bank Holding Company Act of 1956 (12 USC 1841) or savings and loan holding company, as defined in section 10(n) of the Home Owners’ Loan Act (12 USC 1467a(n));
- A pooled investment vehicle operated or advised by a financial institution excluded from the definition of legal entity customer under the final CDD rule;
- An insurance company regulated by a State;
- A financial market utility designated by the Financial Stability Oversight Council under Title VIII of the Dodd-Frank Wall Street Reform and Customer Protection Act of 2010;
Excluded Foreign Entities:
- A foreign financial institution established in a jurisdiction where the regulator of such institution maintains beneficial ownership information regarding such institution;
- A non-U.S. governmental department, agency or political subdivision that engages only in governmental rather than commercial activities; and
- Any legal entity only to the extent that it opens a private banking account subject to 31 CFR 1010.620.
Question 22: Trusts
Q: Are trusts included in the definition of legal entity customer?
A: No. The definition of legal entity customers only includes statutory trusts created by a filing with the Secretary of State or similar office. Otherwise, it does not include trusts. This is because a trust is a contractual arrangement between the person who provides the funds or other assets and specifies the terms ( i.e ., the grantor/settlor) and the person with control over the assets ( i.e ., the trustee), for the benefit of those named in the trust deed ( i.e ., the beneficiaries). Formation of a trust does not generally require any action by the state.
The CDD Rule does not supersede existing obligations and practices regarding trusts generally. The preamble to each of the CIP rules notes that, while financial institutions are not required to look through a trust to its beneficiaries, they “may need to take additional steps to verify the identity of a customer that is not an individual, such as obtaining information about persons with control over the account.” 3 We understand that where trusts are direct customers of financial institutions, financial institutions generally also identify and verify the identity of trustees, because trustees will necessarily be signatories on trust accounts. Furthermore, under supervisory guidance for banks, “in certain circumstances involving revocable trusts, the bank may need to gather information about the settlor, grantor, trustee, or other persons with the authority to direct the trustee, and who thus have authority or control over the account, in order to establish the true identity of the customer.” 4
Question 23: Office of Foreign Assets Control (OFAC) Regulations
Q: Are covered financial institutions required to comply with the OFAC regulations with respect to beneficial ownership information?
A: Covered financial institutions should use beneficial ownership information as they use other information they gather regarding customers (e.g., through compliance with the CIP requirements), including for compliance with OFAC-administered sanctions.
Question 24: Section 314(a) Requirements
Q: Do covered financial institutions now have additional obligations under Section 314(a) for beneficial ownership information?
A: FinCEN does not expect the information obtained under the CDD Rule to add additional 314(a) requirements for financial institutions. The regulation implementing section 314(a) does not require the reporting of beneficial ownership information associated with an account or transaction matching a named subject in a 314(a) request. Covered financial institutions are required to search their records for accounts or transactions matching a named subject and report whether a match exists using the identifying information provided in the request.
Question 25: Effective Date of the final CDD Rule
Q: What is the effective date of the CDD Rule?
A: July 11, 2016, which is 60 days from the publication of the CDD Rule in the Federal Register.
Question 26: Applicability Date of the final CDD Rule
Q: When must covered financial institutions implement the final rule?
A: Covered financial institutions will have until May 11, 2018, two years from the date the final CDD Rule was published in the Federal Register, to implement and comply with the CDD Rule.