The new Bank Secrecy Act (BSA) rule codifies existing regulatory expectations regarding customer due diligence and imposes a new requirement on covered financial institutions. Learn about the new requirement to identify and verify the natural persons behind institutions’ legal entity customers.
Implementing the New BSA Customer Due Diligence Rule
1. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
1
JOIN. ENGAGE. LEAD.
IMPLEMENTING THE NEW BSA
CUSTOMER DUE DILIGENCE RULE
Adapted from an article in The RMA Journal
2. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
2
JOIN. ENGAGE. LEAD.
FINAL RULE FOR CUSTOMER DUE DILIGENCE
Following a two-year period allowing
institutions to prepare for Bank
Secrecy Act (BSA) compliance, the
U.S. Treasury Department’s
Financial Crimes Enforcement
Network (FinCEN) issued a final rule
for customer due diligence
on May 11, 2016.
3. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
3
JOIN. ENGAGE. LEAD.
FINAL RULE FOR CUSTOMER
DUE DILIGENCE (CONT.)
This rule codifies existing
regulatory expectations concerning
customer due diligence and
imposes a new requirement
on covered financial institutions to
identify and verify the natural
persons behind institutions’ legal
entity customers.
4. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
4
JOIN. ENGAGE. LEAD.
Covered institutions
should have been in
compliance with this
new requirement on
May 11, 2018.
May 11,
2018
COMPLIANCE DATE
5. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
5
JOIN. ENGAGE. LEAD.
WHEN DOES THE NEW RULE APPLY?
The new rule applies when an account is opened by a new or
existing “legal entity customer.”
In this context, a legal entity customer would be a:
Corporation
Limited
liability
company
Limited
partnership
General
partnership
Business
trust
Or any other
entity
created by a
filing with a
Secretary of
State or
similar office
6. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
6
JOIN. ENGAGE. LEAD.
IDENTIFY BENEFICIAL OWNERS
For each new account opened by a legal entity customer,
the covered institution must identify the beneficial owners
under either of the following criteria:
Each individual, if any, who
directly or indirectly, through any
contract, arrangement,
understanding, relationship, or
otherwise, owns 25% or more of
the equity interests of the legal
entity customer.
A single individual with significant
responsibility to control, manage,
or direct a legal entity customer,
including an executive officer, a
senior manager, or any other
individual who regularly performs
these functions.
7. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
7
JOIN. ENGAGE. LEAD.
IDENTIFY AND VERIFY
Once a covered
institution identifies the
beneficial owners of a
legal entity customer, it
must verify the ownership
information using
reasonable and
practicable risk-based
procedures.
8. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
8
JOIN. ENGAGE. LEAD.
IDENTIFY AND VERIFY (CONT.)
These procedures would
include the elements employed
by the covered institution in
verifying the identity of
individual customers under the
institution’s customer
identification program (CIP).
9. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
9
JOIN. ENGAGE. LEAD.
INFORMATION VERIFICATION
Under the new rule,
covered institutions are permitted to rely on:
Information provided by a
legal entity customer
regarding the identity of its
beneficial owners, absent
information that would
reasonably call into
question the reliability of
that information.
Another financial
institution’s identification
and verification of the legal
entity customer’s beneficial
owners.
10. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
10
JOIN. ENGAGE. LEAD.
WRITTEN PROCEDURES
Under the new rule, covered
institutions must develop written
procedures that contain the elements
required for verifying the identity of
customers that are individuals under
CIP requirements.
Written policies and procedures
should incorporate the identification
of beneficial owners of legal entity
customers into their BSA/AML
compliance program.
11. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
11
JOIN. ENGAGE. LEAD.
An institution must collect
data for individuals:
• Who own 25% or more of
the equity interest of the
legal entity.
• With significant
responsibility to control and/
or manage the legal entity
at the time a new account is
opened.
*Social security number or other government
identification number
DATA TO COLLECT
Name
Address
SSN*
Date of birth
An institution must collect:
12. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
12
JOIN. ENGAGE. LEAD.
CERTIFICATION
At the time a new account is
opened for a legal entity, a
covered institution is required to
obtain a certification from the
individual opening the account on
behalf of the legal entity,
identifying the beneficial owners of
the entity.
FinCEN has provided a sample
certification in Appendix A of the
new rule that may be used for
this purpose.
13. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
13
JOIN. ENGAGE. LEAD.
THE OBJECTIVE OF CUSTOMER DUE
DILIGENCE
The BSA/AML Examination Manual of the
Federal Financial Institutions Examination
Council (FFIEC) states that
the objective of customer due diligence is to
enable a bank to predict with relative certainty the
types of transactions in which a customer is likely
to engage, in order to assist the bank in
determining when transactions are potentially
suspicious.
14. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
14
JOIN. ENGAGE. LEAD.
01
Capture enough
customer information
and expected
transactions up front at
account opening in
order to form reasonable
expectations.
02
And then monitor the
account for transactional
patterns and amounts
that may deviate from
these expectations.
EXPECTATIONS
Banking
agency
examiners
will expect
covered
institutions
to:
15. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
15
JOIN. ENGAGE. LEAD.
FFIEC’s BSA/
AML
Examination
Manual
Available at
ffiec.gov
01
Focus
particularly
on “Appendix
K: Customer
Risk vs. Due
Diligence and
Suspicious
Activity
Monitoring.”
02 The FFIEC
website also
contains the
2010 interagency
publication
“Guidance on
Obtaining and
Retaining
Beneficial
Ownership
Information.”
03
FinCEN’s website includes some FAQs regarding the scope of the customer due
diligence requirements.
AVAILABLE RESOURCES
16. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
16
JOIN. ENGAGE. LEAD.
Updating
employee
training
programs and
job aids.
Addressing risk
in third-party
vendors and
systems.
Updating risk
assessments.
Incorporating
customer due
diligence into
the BSA audit
program.
01 02 03 04
In addition to revising and updating policies and procedures
on customer due diligence, regulatory officials have
emphasized the importance of:
OTHER REGULATOR HOT BUTTONS
17. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
17
JOIN. ENGAGE. LEAD.
FUTURE LEGISLATION
On January 9, 2018, the Senate
Committee on Banking, Housing,
and Urban Affairs held a hearing
that focused on ways to strengthen
BSA enforcement and compliance.
Committee Chairman Mike Crapo
(R-Idaho) stressed the need to
sharpen the focus of a “modernized,
more efficient U.S. counter-threat
finance architecture.”
18. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
18
JOIN. ENGAGE. LEAD.
FUTURE LEGISLATION (CONT.)
Specifically relevant to the regulatory
expectations placed on covered institutions
regarding customer due diligence, the
committee is considering beneficial
ownership legislation for companies
formed in the United States.
19. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
19
JOIN. ENGAGE. LEAD.
FinCEN’s responsibility for
receiving and maintaining
this beneficial ownership
information would ease this
regulatory burden for
insured institutions.
This information would
be received and
maintained by FinCEN
and could be accessed
by law enforcement and
financial institutions.
The Counter
Terrorism
and Illicit
Finance Act
FinCEN’s responsibility for receiving and
maintaining this beneficial ownership information
would ease this regulatory burden for insured
institutions.
FUTURE LEGISLATION (CONT.)
20. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
20
JOIN. ENGAGE. LEAD.
FUTURE LEGISLATION (CONT.)
While this legislation
appears to have
bipartisan support, its
fate is still uncertain.
21. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
21
JOIN. ENGAGE. LEAD.
LEARN MORE
The RMA Journal is the award-winning magazine published
by The Risk Management Association:
• It is the only professional journal written by risk practitioners for risk
practitioners.
• Each article is peer reviewed by our Editorial Advisory Board prior to
publication.
• Published 10 times a year, The RMA Journal offers practical advice
on managing risk across the enterprise.
Learn more at:
https://www.rmahq.org/thermajournal/
Become an RMA member and get The RMA Journal free.
22. Enterprise Risk · Credit Risk · Market Risk · Operational Risk · Regulatory Affairs · Securities Lending
22
JOIN. ENGAGE. LEAD.
SHARE THIS PRESENTATION
Visit http://www.rmahq.org for information on risk management.
RMA is a member-driven professional association whose sole
purpose is to advance sound risk principles in the financial services
industry.
RMA helps its members use sound risk principles to improve
institutional performance and financial stability, and enhance the risk
competency of individuals through information, education, peer
sharing, and networking.
Become a member today.