AML BSA compliance : Revised CDD rule

Background

11.5 million documents, a staggering number, were leaked from Panamanian law firm ‘Mossack Fonseca’ in 2015. The contents of these documents, mostly financial information about wealthy individuals and public figures wound up revealing some fascinating facts. These facts led to investigators realizing that illegal operations were occurring at Mossack Fonseca’s shell corporations. In fact, there were so many documents that it took an entire network of investigative journalists to analyze and publish the information. After a year of analysis and investigation by the ICIJ (International Consortium of Investigative Journalists), the documents were finally released to the public on the 3rd of April, 2016. Mossack Fonseca’s shell corporations turned out to be a sham and were being used for fraud and to evade taxes and international sanctions. The magnitude of this leak and the impact it had, forced regulatory bodies to rethink their CDD compliance requirements.

FINCEN steams ahead with CDD modification

In the aftermath of the ‘Panama Papers,’ FinCEN adamantly pushed for modification of the current CDD regulations. FinCEN’s long-awaited update to CDD requirements is here at long last. Two years in the making, and many proposals later, the rule has finally been adopted and is here to stay. The purpose of these new regulations is sole to obliterate money laundering and tax evasion efforts through the use of shell corporations. Termed ‘The Beneficial Ownership Rule,’ it will require financial institutions to verify and identify beneficial owners. As mentioned our KYC/CDD blog, FinCEN’s AML compliance regulations were always based on four pillars:

• Customer Verification and Identification
• Beneficial Ownership Verification and Identification
• Customer Due Diligence and Enhanced Due Diligence
• Ongoing Surveillance

Beneficial ownership was the one pillar that wasn’t previously covered under FinCEN’s regulations and is the one piece of the AML compliance puzzle that was needed to complete the final picture.

New CDD Regulations

FinCEN’s new CDD regulations only apply to certain ‘covered entities’, and not to all financial institutions. The ‘covered entities’ are those that are subject to ‘Customer Identification Programs’ (CIPs). These are the kinds of financial institutions that will be required to comply with the beneficial ownership CDD regulations:

• Banks
• Commissions merchant
• Commodity introduction brokers
• Broker-dealers
• Financial institutions that have lenders that might require them to comply with the new regulations

The key definitions in the recent CDD regulations update are “legal entity customer,” “beneficial owner,” and “account and new account.” Let’s take a look at the finer details of what these terms mean and where they fit is in the new CDD regulations:

Legal Entity Customer:

Covered entities will be required to identify the owners of their legal entity customers. Businesses that are defined as legal entity customers are:

1. Limited liability companies
2. General partnerships
3. Any other entity created by a filing with a state office
4. Any similar entities formed under the laws of a non-US jurisdiction
5. Corporations
6. Limited partnerships
7. Business trusts

If financial institutions do not identify these entities in their reports, they will be considered as non-complying institutions and will indefinitely face legal fees and repercussions.

Beneficial Ownership

A key addition to the new CDD regulations is the verification and identification of beneficial owners. Beneficial owners are defined as:

1. The owner of 25% or more of a legal entity customer. (Ownership can be either direct or indirect but has to be reported regardless).
2. An individual that is responsible for controlling, directing or managing a legal entity customer.

Accounts and New Accounts

Post-verification and identification of legal entity customers and beneficial ownership, the ownership information for these accounts have to be recorded, and the activity needs to be monitored with great scrutiny. FinCEN differentiates between new accounts and existing ones by defining them as such:

• New Account – Any account opened at a covered financial institution by a legal entity customer on or after May 11, 2018. Hence, financial institutions will only be required to gather beneficial ownership from legal entity customers following the compliance date, May 11, 2018.
• Existing Account – Account that existed before the compliance date, May 11, 2018. No information needs to be collected from legal entity customers that own these accounts.

The Future of CDD

Following the Panama Papers incident, FinCEN was motivated to publish their final CDD compliance rule.  This rule will no doubt limit money laundering practices and halt tax evasion using shell corporations. Furthermore, the possibility of incidents like the Mossack Fonseca fiasco will be virtually impossible. However, I do not believe that this is the final step in defining CDD regulations. With newer technologies and modern loopholes, criminals are bound to find a way to continue with their illegal practices. The only way to suppress this kind of activity is to be one step ahead of them, and this can only be done with constant surveillance and technological development. I believe that financial institutions need to have some sort of fusion between their AML compliance team and their cybersecurity team to achieve this. If they work together to monitor accounts, suspicious activity and research new technologies, they can use this information for AML compliance purposes.