Recently, the Financial Crimes Enforcement Network (“FinCEN”) adopted a final rule on Customer Due Diligence (“CDD”) Requirements for Financial Institutions. As a result, firms will be required to address the new requirements within their AML program. Firms must be in compliance with its provisions by May 11, 2018.
Initially, firms’ AML programs were required to meet, at a minimum, the statutorily enumerated “four pillars” that were established by the Bank Secrecy Act (BSA). The four pillars included the following:
- the establishment and implementation of policies, procedures and internal controls reasonably designed to achieve compliance with the applicable provisions of the BSA and implementing regulations;
- independent testing for compliance by broker-dealer personnel or a qualified outside party;
- designation of an individual or individuals responsible for implementing and monitoring the operations and internal controls of the AML program; and
- ongoing training for appropriate persons.
Beginning May 11, 2018, firms will be required to implement a fifth pillar within their AML program. The Financial Crimes Enforcement Network’s CDD rule requires broker-dealers to establish and implement policies and procedures that can be reasonably expected to detect and cause the reporting of suspicious transactions. There are four components within the CDD Rule: 1) customer identification and verification; (2) beneficial ownership identification and verification; (3) understanding the nature and purpose of customer relationships; and (4) ongoing monitoring for reporting suspicious transactions and, on a risk basis, maintaining and updating customer information.
Understanding the Nature and Purpose of Customer Relationships
Firms should understand the nature and purpose of customer relationships in order to determine whether a transaction is potentially suspicious and whether a SARs filling should be made. In order to understand the relationship, personal information should be collected from the customer in order to build the customer’s investment profile which will allow the firm to have a baseline against which customer activity is assessed for suspicious activity. The information collected may include the customer’s income, net worth, or occupation.
Conduct Ongoing Monitoring
As already implicitly implied within existing supervisory and regulatory expectations, firms are required to conduct ongoing monitoring to identify and report suspicious transactions. While monitoring for suspicious activity, if a firm comes across information that is important in assessing the customer’s risk profile, the firm must update the customer account. This includes any information relating to beneficial owners and control persons.
Identifying and Verifying the Identity of Beneficial Owners of Legal Entity Customers
The fifth pillar also requires firms to implement procedures which are adequately designed for the firm to identify and verify the identity of beneficial owners and control persons. A beneficial owner is defined as any natural person that has a 25% or more of the equity interest in the company. This includes direct and indirect owners. A control person is defined as any person that has significant responsibility to control, manage, or direct the entity. Therefore, firms will be required to identify and verify the identity of persons who operate as executive officers and senior managers.