On 7/6/22, the Agencies (Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Financial Crimes Enforcement Network, the National Credit Union Administration, and the Office of the Comptroller of the Currency) issued a joint statement to remind the banks of the risk-based approach to assessing customer relationships and conducting customer due diligence (CDD). The Agencies stated that their joint statement does not alter existing Bank Secrecy Act/Anti-Money Laundering (BSA/AML) legal or regulatory requirements, nor does it establish new supervisory expectations. Nonetheless, the joint statement “addresses the agencies’ perspective on assessing customer relationships as well as customer due diligence requirements. It applies to all customer types referenced in the Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual, as well as any customer type not specifically addressed in the FFIEC BSA/AML Examination Manual”. Specifically noted in the joint statement are CDD requirements for customer types such as:
- independent automated teller machine owners or operators
- nonresident aliens and foreign individuals
- charities and nonprofit organizations
- professional service providers
- cash intensive businesses
- nonbank financial institutions
- customers the bank considers politically exposed persons.
The joint statement is a reminder that Banks must apply a risk-based approach to CDD, including when developing the risk profiles of their customers
Banks must adopt appropriate risk-based procedures for conducting ongoing CDD that enable banks to:
- understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile
- conduct ongoing monitoring to identify and report suspicious transactions and, on a risk-based approach, to maintain and update customer information
The Agencies do not direct banks to open, close, or maintain specific accounts
The joint statement reinforces how the Agencies continue to encourage banks to manage customer relationships and mitigate risks based on customer relationships, rather than decline to provide banking services to entire categories of customers. It simultaneously recognizes that banks choose whether to enter into or maintain business relationships based on their business objectives and other relevant factors, such as: products and services sought by the customer, the geographic locations where the customer will conductor transact business, and banks’ ability to manage risks effectively.
Is the Joint Statement a Friendly Reminder that Banks need to re-review the Final CDD Rule?
FinCEN issued a “Fifth Pillar” in the Final CDD Rule on May 2016. The covered financial institutions (Banks; Brokers or Dealers in securities; Mutual Funds; and Futures Commission Merchants and introducing Brokers in Commodities) had to comply with these rules by May 11, 2018. The CDD Rule is the Fifth Pillar of a Financial Institution BSA/AML Program. A Financial Institution’s BSA/AML Program must include the 5 Pillars:
- a system of internal controls
- independent testing
- designation of a compliance officer or individual responsible for day-to-day compliance
- training for appropriate personnel
- appropriate risk-based procedures for conducting ongoing CDD
The fifth pillar of the Final CDD Rule requires legal entities opening new accounts at covered financial institutions to disclose and verify identification of the entity’s beneficial owner. The definition of beneficial owner consists of both ownership and control prongs. The ownership prong is each individual who, directly or indirectly, owns 25 percent or more of the equity interests of a legal entity. The control prong is a single individual with responsibility to control, manage or direct a legal entity customer. This includes the CEO, CFO, COO, a managing member, a general partner a VP or a Treasurer or any other individual who regularly performs similar functions.
Financial Institutions must ensure that they have adequate Corporate Governance training
The CDD Rule requires Financial Institutions to establish and maintain written procedures that are designed to identify and verify the Beneficial Ownership of legal entity customers. Financial Institutions have the responsibility to not open an account, to close an account or to file a SAR if a customer is evading or attempting to evade Beneficial Ownership or other CDD requirements.
Financial Institutions continue to have risk assessment and risk re-assessment responsibilities. It is really up to the discretion and interpretation of the Financial Institution to ensure that the “wide spectrum of risks” are identifiable and recognize that due diligence measures may vary on a case-by-case basis.