FINCEN Issues Proposed Revisions to its Regulations That Would Enhance Financial Institutions’ Customer Due Diligence Requirements

by Goodwin

The U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) has proposed revisions (the “Proposal”) to its rules implementing the Bank Secrecy Act (the “BSA”) that would spell out specific anti-money laundering (“AML”) program requirements for financial institutions and that would require financial institutions to verify the identity of certain beneficial owners of legal entity customers, subject to certain exceptions.  The Proposal follows an advanced notice of proposed rulemaking (the “ANPRM”) released by FinCEN in February 2012 relating to similar proposed revisions and guidance that FinCEN jointly released with the federal banking agencies, the National Credit Union Administration and the Securities and Exchange Commission (the “SEC”) in 2010 relating to obtaining beneficial ownership information concerning legal entity customers.  The Proposal would affect financial institutions that are currently subject to a customer identification program requirement under existing FinCEN rules, which consists of banks (including savings associations, credit unions and U.S. branches and agencies of foreign banks), brokers-dealers, mutual funds, futures commission merchants and introducing brokers in commodities (“Covered Financial Institutions”).   However, FinCEN suggested that it may be considering expanding customer due diligence requirements to other types of financial institutions, including money services business, casinos and insurance companies.  FinCEN indicated that it would address the status of the 2010 guidance at the time it issues a final rule.  Comments on the Proposal may be submitted for 60 days following publication of the Proposal in the Federal Register.  If adopted, the Proposal would become effective one year from the date a final rule is issued.

AML Program Requirements

The Proposal would amend FinCEN’s BSA regulations to spell out an explicit requirement that a Covered Financial Institution’s AML program should enable the financial institution to: (1) identify and verify the identity of customers; (2) identify and verify the identity of beneficial owners of legal entity customers (i.e., the natural persons who own or control legal entities); (3) understand the nature and purpose of customer relationships; and (4) conduct ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions.

Although the Proposal would add these requirements to FinCEN’s AML program rules for Covered Financial Institutions, the explanatory preamble that accompanied the Proposal (the “Preamble”) points out that, except for the requirement to verify the identity of beneficial owners of legal entity customers, all of these components of an AML program are either already required by existing FinCEN rules and related guidance or necessary to ensure compliance with such rules.  For instance, FinCEN has already prescribed customer identification program requirements for Covered Financial Institutions that require such institutions to use documentary or non-documentary methods, as appropriate, to verify the identity of their customers.  Similarly, guidance provided by FinCEN and other regulators makes it clear that Covered Financial Institutions must understand the nature and purpose of their customer relationships and monitor customer activity on a risk-based basis in order to fulfill the requirement to identify and report to law enforcement suspicious activity.   In the Preamble, FinCEN explained that the requirement to periodically update customer information does not impose a “categorical requirement” to periodically update or refresh information provided by the customer at account opening but, instead, requires the financial institution to update the customer’s relevant information if the financial institution becomes aware of information relevant to assessing the customer’s AML risk in the course of monitoring customer activity.  FinCEN also pointed out throughout the Preamble that the requirements it proposes to add to its AML program rules for Covered Financial Institutions are merely minimum requirements for an effective AML program.

Identification of Beneficial Owners

As noted, the Proposal would add for the first time an explicit requirement that Covered Financial Institutions verify the identity of certain beneficial owners of certain legal entity customers.   Covered Financial Institutions would comply with this requirement at the time a legal entity customer establishes a new account by obtaining a certification form from the customer, in the form prescribed by FinCEN, in which the customer would identify its beneficial owners.  Covered Financial Institutions would not be required to obtain a certification form from legal entity customers with respect to their existing accounts.  However, if an existing legal entity customer establishes a new account, a Covered Financial Institution would need to obtain a certification form from the customer at that time.

For purposes of the legal entity beneficial owner identification requirement, the Proposal defines a “beneficial owner” as: (1) each individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25% or more of the equity interests of a legal entity customer; and (2) a single individual with significant responsibility to control, manage, or direct a legal entity customer, including (i) an executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or (ii) any other individual who regularly performs similar functions.  The two prongs of this definition operate independently, meaning that Covered Financial Institutions could be required to verify the identity of up to four individuals, if any, each of whom directly or indirectly is the beneficial owner of 25% or more of the equity interests of a legal entity customer and, in addition, one individual (who might also be a 25% or more beneficial owner) who has significant responsibility to control, manage, or direct a legal entity customer.

The definition of “beneficial owner” in the Proposal is somewhat narrower than the definition FinCEN initially described in the ANPRM, which would have required a Covered Financial Institution to verify the identity of  “the individual with greater responsibility than any other individual for managing or directing the regular affairs of the entity.”  Also, in the ANPRM, FinCEN suggested the possibility that the definition of beneficial owner could be relevant with respect to certain types of intermediated accounts, such as omnibus accounts.  However, the Proposal would not impose any additional obligation on a financial institution to verify the identity persons or entities having an interest in an account held by a financial institution’s customer acting as an intermediary for third parties.   Nevertheless, FinCEN noted in the Preamble that a financial institution’s AML program should include risk-based policies, procedures and controls for assessing the AML risk posed by underlying clients of a financial intermediary.

A Covered Financial Institution would not be responsible for verifying the status of an individual as a 25% or more beneficial owner or as a person who has control of a legal entity customer and may rely on the certification form provided by its legal entity customer for purposes of identifying the universe of relevant individuals.  However, the Covered Financial Institution would be required to form a reasonable belief that it knows the true identity of the beneficial owners by employing risk-based procedures to the extent reasonable and practicable that, at a minimum, are the same as the Covered Financial Institution’s Customer Identification Program procedures for verifying individual customers.  The Proposal would permit a Covered Financial Institution to rely upon another financial for purposes of verifying the identity of the beneficial owners of a legal entity customer consistent with existing rules and guidance relating to reliance for purposes of customer identification program requirements generally.

Definition of Legal Entity Customer

The Proposal defines a “legal entity customer” as a domestic or foreign corporation, limited liability company, partnership or other similar business entity that opens a new account at a covered financial institution.  Under the proposed definition of legal entity customer, trusts other than statutory trusts would generally not be treated as legal entity customers.  The definition of legal entity customer would expressly exclude certain entities, including the types of entities that are not treated as customers for purposes of the current customer identification program requirement.  Specifically, the Proposal would exclude the following types of entities:

  • A financial institution regulated by a federal functional regulator (e.g., another Covered Financial Institution) or a bank regulated by a state bank regulator;
  • A department or agency of the U.S. government or a state and any political subdivision of a state;
  • Certain entities established under federal or state law that exercise governmental authority;
  • Certain entities listed on the New York Stock Exchange or the NASDAQ Stock Market and majority owned subsidiaries of such entities;
  • An issuer of a class of securities registered under section 12 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”) or that is required to file reports under section 15(d) of the Exchange Act;
  • An investment company, as defined in section 3 of the Investment Company Act of 1940, as amended (the “Investment Company Act”), that is registered with the SEC under the Investment Company Act;
  • An investment adviser, as defined in section 202(a)(11) of the Investment Advisers Act of 1940, as amended (the “Advisers Act”) that is registered with the SEC under the Advisers Act;
  • An exchange or clearing agency, as defined in section 3 of the Exchange Act, that is registered under section 6 or 17A of the Exchange Act;
  • Any other entity registered with the SEC under the Exchange Act;
  • A registered entity, commodity pool operator, commodity trading advisor, retail foreign exchange dealer, swap dealer, or major swap participant, each as defined in section 1a of the Commodity Exchange Act, that is registered with the Commodity Futures Trading Commission;
  • A public accounting firm registered under section 102 of the Sarbanes–Oxley Act; and
  • A charity or nonprofit entity that is described in sections 501(c), 527, or 4947(a)(1) of the Internal Revenue Code of 1986, has not been denied tax exempt status, and is required to and has filed the most recently due annual information return with the Internal Revenue Service.

Aside from mutual funds, the Proposal does not carve out from the definition of “legal entity customer” pooled investment vehicles such as hedge funds.  However, FinCEN noted in the Preamble that it is considering whether nonexempt pooled investment vehicles, including those operated by financial institutions that are excepted from the definition of legal entity customer, should be subject to modified requirements.

Written by:


Goodwin on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.