The biggest change in the Bank Secrecy Act / Anti-Money Laundering (BSA/AML) rules in over a decade, the Customer Due Diligence (CDD) requirements together with the upcoming Beneficial Owner (BO) rule have been added as the newest pillar of an effective BSA/AML Program. With a mandatory compliance date of May 11, 2018, examiners and auditors alike are already questioning institutions about their implementation process.
Before we discuss BOs, we must first define and recognize legal entities. “Legal entity” is generally defined as a corporation, LLC, or other entity created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account. It’s important to note this does not include sole proprietors, unincorporated associations, or SEC registrants. Additionally, there are several specific exclusions, such as (but not limited to): banks, government entities, publicly traded companies listed on a major exchange and subsidiaries of those companies, insurance companies, and other charitable legal entities (e.g. churches).
“Beneficial Owner is generally defined as any natural person owning 25% or more of the legal entity. Drill down through entities owned by entities until you reach a natural person.”
The rule requires you to identify (CIP) the person(s) behind the legal entities opening accounts each time an account is opened, as entities themselves are unable to participate in illicit behavior without guidance of its BOs. Knowing their identity can be a difference maker in mitigating BSA/AML risks. Drill down through entities owned by entities until you reach a natural person. Note, since BOs are not your “customers,” you may not have permissible purpose to pull credit or ChexSystems reports to verify information.
Beneficial Owner is generally defined as any natural person owning 25% or more of the legal entity. So, at most, you will identify up to four BOs. You should also be prepared to identify one person with significant responsibility for managing the legal entity such as the CEO, CFO, COO, President, etc. For additional information, reference the Joint Release: Interagency Guidance on Identifying Beneficial Owners (FIN-2010-G001).
Certification Regarding Beneficial Owners of Legal Entity Customers (Appendix A to the final rule)
The appendix contains a model form for collecting beneficial owner information. To enhance the recordkeeping process, management should consider adding “account #” and “% of ownership” to the model form. Documentation relied upon for identifying BOs must generally be maintained for a period of five years after the account is closed.
To proactively manage the risks associated with the upcoming changes, consider:
- Revisiting the BSA/AML Risk Assessment
- Updating BSA policies & procedures (OFAC, CTRs, suspicious activity monitoring, new accounts, etc.)
- Revising CIP to meet BO requirements
- Modifying new account opening forms
- Training impacted personnel (front and back office)
- Ensuring OFAC scans are performed on all BOs
- Obtaining Board approval of policy edits
- Incorporating BO changes in “high risk” customer reviews
- Employing the new Certification Form (May 2018)
- Performing independent BSA/AML compliance testing