Compliance officers at financial institutions have made great strides in improving Know Your Customer (KYC) programs to focus on knowing their customers as a critical function in combating money laundering. As regulators expand this rule to include beneficial ownership, banks must now go to greater lengths to answer the question of who their actual customers are. Although you may know your customers, that’s no longer enough. Get ready to learn a lot more.

The Financial Crimes Enforcement Network’s final rule on Customer Due Diligence for Financial Institutions has a new rule that became effective on July 11, 2016 and has a compliance deadline of May 11, 2018 for banks to be able to identify the beneficial owner or owners of a legal entity. As FinCEN points out, the new rule could meaningfully reduce money laundering.

Presently, financial institutions are not required to know the identity of beneficial owners, or rather, individuals who own or control their legal entity customers. As a result, criminals and others who want to hide monies can access the financial system anonymously through a shell legal entity. This new rule addresses weaknesses and provides information that will assist in investigations and “help prevent evasion of targeted financial sanctions, improve the ability of financial institutions to assess risk, facilitate tax compliance, and advance U.S. compliance with international standards and commitments.” (https://www.federalregister.gov/documents/2016/05/11/2016-10567/customer-due-diligence-requirements-for-financial-institutions )

Criminals commonly use shell companies as fronts to launder proceeds from drug trafficking, fraud and other activities. Increased transparency in beneficial ownership could aid in the identification and apprehension of bad actors and deter them from using the financial system for illicit activities.

The Basics:

FinCEN is issuing final rules under the Bank Secrecy Act to clarify and strengthen customer due diligence requirements for: Banks; brokers or dealers in securities; mutual funds; and futures commission merchants and introducing brokers in commodities. The rules contain explicit customer due diligence requirements and include a new requirement to identify and verify the identity of beneficial owners of legal entity

customers, subject to certain exclusions and exemptions.

(https://www.federalregister.gov/documents/2016/05/11/2016-10567/customer-due-diligence-requirements-for-financial-institutions )

A beneficial owner is a person who enjoys the benefits of ownership even though title to some form of property is in another name. Beneficial ownership is defined as either a 25% or greater equity interest or a significant ability to control the customer entity (https://www.fincen.gov/statutes_regs/frn/pdf/2015-32378.pdf )

The CDD rule requires banks to verify the beneficial ownership of legal entity customers when accounts are opened, and in doing this, FinCEN tell us banks will be:

• Assisting financial investigations by law enforcement;

• Advancing counterterrorism and broader national security interests;

• Improving a financial institution’s ability to assess and mitigate risk;

• Facilitating tax compliance;

• Promoting clear and consistent expectations and practices; and

• Advancing the Treasury’s strategy to enhance financial transparency of legal entities.

In order to verify the ownership, a standard Certification Form would be used to identify the beneficial owner, and this would promote consistency and regulatory expectations, as well as reduce compliance burden and provide a uniform customer experience. Additionally, banks would have to verify the identity of the beneficial owner according to procedures that are at least identical to the institution’s Customer Identification Program (CIP) procedures for identifying individual customers.

Unintended Consequences of De-risking:

For a growing number of institutions, compliance with FinCEN’s rule further complicates the process of de-risking and raises some difficult questions. For example:

o How do an institution’s risk rankings change once beneficial ownership is collected?

o What effect will changes in risk rankings have on an institution’s product and service offerings?

o How will an institution ensure that it updates its records when beneficial ownership of a customer changes?

Answering any one of these questions requires analysis and processes to support the ultimate decision. There are no simple answers.

To illustrate with just a single market example, consider an institution that is de-risking from the “Stans,” i.e. Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan, due to difficulty in AML and CDD and past compliance issues. The institution must make a series of decisions that could have a broader impact on its ongoing business, such as whether to de-risk individual customers only, or all transactions to and from the country. What if a client is 74% U.S.-owned and beneficially owned 26% by others in Kazakhstan, for example; where does the bank draw a line, or does that become an exception the bank must manage? Another question a bank may need to ask is how information is collected in the de-risking process so that the institution can comply with FinCEN’s rule on CDD. Answering any one of these questions requires analysis and processes to support the ultimate decision, and there are no simple answers to these questions.

FinCEN has made clear that the decision to de-risk resides with each financial institution, but the fact is, regulatory requirements are forcing many banks’ decisions about de-risking and de-banking from certain markets. Institutions may have very strong reasons for opting to withdraw from certain customers, business lines and geographies. There are jurisdictions where the political, regulatory and economic environment makes doing business exceptionally difficult, and de-risking from that geography is a logical choice. But institutions still need to be thoughtful about their decision to de-risk, as this may have strategic consequences or require future modifications.

The new rule on beneficial ownership necessitates that institutions sort out their de-risking decisions first, because compliance with the rule is impossible unless they put the right controls in place. What’s more, de-banking carries potential downsides such as long-term impacts on businesses and individuals in the de-banked market. An exit by a large financial institution may simply result in the shift of problematic businesses or money-laundering to smaller and midsize institutions, which may lack the resources to conduct robust due diligence. And in addition, de-banking can have a socioeconomic impact as individuals and businesses lose access to financial services.

These issues are not going unnoticed by governments and financial regulators. For example:

• Surveys by the World Bank Group on de-risking found that 75% of large international banks have reduced their correspondent banking relationships and ties to money-services businesses. (http://www.worldbank.org/en/news/press-release/2015/11/20/world-bank-surveys-confirm-concerns-over-reduced-access-to-banking-services )

• The result of such de-risking has led to restrictions in services including check clearing and settlement, cash management services, international wire services and trade finance. (http://www.worldbank.org/en/topic/financialmarketintegrity/publication/world-bank-group-surveys-probe-derisking-practices )

And, when an institution chooses to de-bank and financial services access is reduced as a result, that institution may invite potential litigation and its market reputation may be blemished. As a specific example, in the 2013 case of Dahabshiil v Barclays Bank PLC, a remittance company operating in Somalia as one of the few financial channels in the war-torn country, won a temporary injunction after the U.K.-based bank decided to sever its ties with all remittance companies, not just those in Somalia. (https://www.dahabshiil.com/2013/11/dahabshiil-wins-injunction-against-barclays.html )

Exiting markets entirely is a complicated, time- and effort-intensive process, and it is not something an institution should undertake lightly.

The Critical Nature of Ongoing Risk Management:

Regulators including the Office of Comptroller of the Currency (OCC) and the U.K. Financial Conduct Authority agree that robust KYC programs are the first line of defense in combating money laundering and other financial crimes, and banks must have the ongoing ability to monitor and manage risks, especially when considering beneficial ownership and changes in ownership or control.

Ranking clients’ risks and monitoring their transactions are critically important, as the level of risk a customer presents influences the level of resources an institution must allocate to that customer, whether a private individual, politically exposed person, foreign embassy or global multinational corporation. Ongoing monitoring of customer risk is vital since conditions change after an institution gains a customer. A fundamental element of any bank’s KYC program is the ability to recognize what is normal activity and what falls outside the expected parameters of the customer’s risk profile.

Banks face significant logistical challenges in monitoring and managing risks. Banks should be able to fully off-board customers in de-risking initiatives, and ensure these same customers do not return to other lines of business. Whether for de-risking or beneficial ownership identification purposes, some accounts may require more thorough investigation.

Beneficial Ownership and High Stakes for Failure

The leaked release and ongoing journalistic investigation of data on more than 200,000 offshore entities incorporated by Panamanian law firm Mossack Fonseca, which became known as the “Panama Papers,” brought global attention to the issue of banking secrecy and money laundering (https://panamapapers.icij.org/graphs/). The stories that began emerging from the investigation in 2016 paint a disturbing picture of how bad actors are using the international finance industry to hide wealth from drug trafficking, corruption, human trafficking and other crimes. How banks can respond to issues such as those in the Panama Papers are included in the Panama Papers article in this issue of ABA Bank Compliance.

The complexity of regulatory compliance and the higher stakes for failure, whether in the form of institutional penalties or personal liability, make the compliance officer’s job even more daunting. FinCEN has asserted its intentions regarding beneficial ownership compliance. De-risking decisions will need to be made, protocols for ranking customer risks will need to be developed and ongoing monitoring will need to be conducted. Fortunately, institutions have more than a year to make these decisions and implement the necessary processes. If they haven’t already done so, institutions should start that journey now.

This article was originally featured in the ABA Bank Compliance November/December 2016 issue.