Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 22, the Financial Industry Regulatory Authority (FINRA) issued new guidance on areas member firms should consider when seeking to improve their compliance, supervisory, and risk management programs. The 2019 FINRA Risk Monitoring and Examination Priorities Letter (2019 Priorities Letter) examines both new priorities as well as areas of ongoing concern, including the adequacy of firms’ cybersecurity programs. FINRA notes, however, that the 2019 Priorities Letter does not repeat topics previously addressed in prior letters, and advises member firms that it will continue to review ongoing obligations for compliance. Topics FINRA plans to focus on in the coming year include:
- Firms’ use of regulatory technology to help compliance efforts become “more efficient, effective, and risk-based.” FINRA will work with firms to understand risks and concerns related to supervision and governance systems, third party vendor management, and safeguarding customer data;
- Supervision of digital assets, including coordinating with the SEC to review how firms determine whether a given digital asset is a security and whether firms are implementing adequate controls and supervisions related to digital assets, such as complying with anti-money laundering and Bank Secrecy Act rules and regulations;
- Assessment of firms’ compliance with FinCEN’s Customer Due Diligence rule, which requires firms to identify beneficial owners of legal entity customers (as previously covered by InfoBytes here); and
- Financial risks, including credit risks, funding and liquidity planning.
FinCEN issues Spanish language version of its advisory on politically exposed persons and their financial facilitators
On September 11, the Financial Crimes Enforcement Network (FinCEN) released a Spanish version of its advisory for U.S. financial institutions to increase awareness of the connection between high-level political corruption and human rights abuses. As previously covered in InfoBytes, FinCEN issued regulatory guidance in June to remind financial institutions of their risk-based, due diligence obligations, which include (i) identifying legal entities owned or controlled by “politically exposed persons” (as required by FinCEN’s Customer Due Diligence Rule); (ii) complying with anti-money laundering program obligations; and (iii) filing Suspicious Activity Reports related to illegal activity undertaken by senior foreign political figures.
FinCEN grants permanent relief from Beneficial Ownership Rule for CDs and certain automatic renewal products
On September 7, the Financial Crimes Enforcement Network (FinCEN) issued a notice granting permanent relief for financial institutions from the Beneficial Ownership Rule’s requirements to obtain and verify the identity of beneficial owners of legal entity customers, with respect to certificate of deposit rollovers (CDs) and loans that renew automatically. The exception applies only to the rollover, renewal, modification, or extension of the following types of accounts occurring on or after May 11, 2018: CDs; existing loans, commercial lines of credit, and credit card accounts that do not require underwriting reviews; and safe deposit box rental renewals. The exception does not apply to the initial opening of these types of new accounts. FinCEN noted that it will not provide any other exception from a financial institution's anti-money laundering compliance obligations under the Bank Secrecy Act.
Visit here for continuing InfoBytes coverage on beneficial ownership and customer due diligence requirements here.
FinCEN issues extension to continue suspension of beneficial ownership requirements for automatic renewal products
On August 8, the Financial Crimes Enforcement Network (FinCEN) issued a notice to provide an additional 30 days of limited exceptive relief for covered financial institutions that are required to obtain and verify the identity of beneficial owners of legal entity customers with respect to certificate of deposit rollovers and loans that renew automatically. As previously covered in InfoBytes, the extension—which was set to expire August 9 and applies to qualified products and services that were established before the Beneficial Ownership Rule’s May 11 compliance date—will now continue until September 8. FinCEN noted it will continue to evaluate the requirement to determine whether additional relief is needed.
Find continuing InfoBytes coverage on beneficial ownership and customer due diligence requirements here.
On May 11, the Federal Financial Institutions Examination Council released updated examination procedures for the Financial Crimes Enforcement Network's (FinCEN) final rule, “Customer Due Diligence Requirements for Financial Institutions” (CDD rule). Compliance with the CDD rule became mandatory on May 11. The updated customer due diligence exam procedures were developed in close collaboration with FinCEN and replace those in the current Bank Secrecy Act/Anti-Money Laundering Examination Manual. Additionally, a new set of exam procedures address the CDD rule’s beneficial ownership requirements.
According to an OCC bulletin released the same day, the examination procedures reflect federal and state banking agencies’ “ongoing commitment to examine financial institutions for compliance with the Bank Secrecy Act . . . in accordance with uniform standards and principles.”
See here for continuing InfoBytes coverage of the CDD rule.
On May 3, FINRA issued a Regulatory Notice 18-19 amending Rule 3310—Anti-Money Laundering (AML) Compliance Program rule—to reflect the Financial Crimes Enforcement Network’s final rule concerning customer due diligence requirements for covered financial institutions (CDD rule), which becomes applicable on May 11. According to Regulatory Notice 18-19, member firms should ensure that their AML programs are updated to include, among other things, appropriate risk-based procedures for conducting ongoing customer due diligence including (i) “understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile,” and (ii) “conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.” The announcement also makes reference to FINRA’s Regulatory Notice 17-40, issued last November, which provides additional guidance for member firms complying with the CDD rule. (See previous InfoBytes coverage here.). The notice further states that the “provisions are not new and merely codify existing expectations for firms.”
On April 27, the House Financial Services Committee’s Subcommittee on Financial Institutions and Consumer Credit held a hearing entitled “Implementation of FinCEN's Customer Due Diligence Rule—Financial Institution Perspective” to discuss challenges facing financial institutions when complying with FinCEN’s Customer Due Diligence Rule (CDD Rule). As previously covered in InfoBytes, the CDD Rule takes effect May 11, and imposes standardized customer due diligence (CDD) requirements under the Bank Secrecy Act (BSA) for covered financial institutions, including the identification and verification of the beneficial owners of legal entity customers. The hearing’s four witnesses expressed certain concerns regarding the effects of implementation on financial institutions, as well as the timing of additional guidance released April 3 in the form of frequently asked questions.
In prepared remarks, Executive Director of The Financial Accounting and Corporate Transparency (FACT) Coalition, Gary Kalman, commented that the CDD Rule, which calls for additional AML requirements, is a “positive step forward but falls short of what is needed to protect the integrity of [the] financial system”—particularly in terms of what defines a “beneficial owner.” Greg Baer, President of The Clearing House Association, expressed concerns that the CDD Rule (i) requires financial institutions to verify beneficial owners for each account that is opened, instead of verifying on a per-customer basis; and (ii) does not explicitly state in its preamble that FinCEN possesses sole authority to set CDD standards, which may present opportunities for examiners to make ad hoc interpretations.
Additionally, Executive Vice President of the International Bank of Commerce Dalia Martinez, observed, among other things, that compliance with the CDD Rule is costly and burdensome, and that banks have not been provided with the tools or guidance to determine whether the information provided by legal entity customers is accurate when verifying beneficial owners. The “gray areas” within the CDD Rule, Martinez noted, present challenges for compliance. A fourth witness, Carlton Green, a partner at Crowell & Morning, expressed concerns with the relationship between FinCEN and the federal functional regulators, stating that because FinCEN has delegated examination authority to these regulators, there is a chance regulators will “create and enforce their own interpretations of or additions to BSA rules” that may “diverge from FinCEN’s priorities.”
On April 4, the Financial Industry Regulatory Authority (FINRA) released a revised template to assist FINRA-registered small firms in developing and implementing risk-based anti-money laundering (AML) programs as required by the Bank Secrecy Act and FINRA Rule 3310. Changes to the template reflect FinCEN’s final rule concerning customer due diligence requirements for covered financial institutions (CDD rule), which goes into effect May 11. (See previous InfoBytes coverage on the CDD rule here.) The CDD rule requires covered financial institutions, including FINRA-registered firms, to identify the beneficial owners of legal entity customers who open new accounts.
Buckley Sandler Insights: FinCEN updates FAQs regarding customer due diligence requirements for financial institutions
On April 3, the Financial Crimes Enforcement Network released an update to its FAQs in advance of the upcoming Customer Due Diligence Requirements for Financial Institutions final rule (issued in 2016 and amended last September for various technical corrections) that goes into effect May 11. As previously covered in InfoBytes, the final rule imposes standardized customer due diligence (CDD) requirements under the Bank Secrecy Act for covered financial institutions and requires financial institutions to identify and verify beneficial owners of legal entity customers, subject to certain exclusions and exemptions. The supplemental FAQs (see InfoBytes coverage on an earlier set of FAQs issued in 2016) assist covered financial institutions in understanding the scope of their CDD requirements, as well as the CDD rule’s impact on broader anti-money laundering (AML) program obligations, and cover a broad range of interpretations including the following:
- Question 1 specifies covered financial institutions will satisfy the requirements to identify and verify beneficial owners of legal entity customers by collecting and verifying the identity of individuals who directly or indirectly own 25 percent or more of the equity interests in a legal entity customer, as well as “one individual who has managerial control of a legal entity customer.” However, they may choose to implement stricter written internal policies and procedures and expand their information collection to include more than one individual with managerial control or persons owning a lower percentage of equity interests.
- Question 3 clarifies that covered financial institutions may reasonably rely on a legal entity customer to provide the identities of individuals who satisfy the definition of beneficial ownership, whether indirectly or directly, and “need not independently investigate the legal entity customer’s ownership structure.”
- Question 7 states that for existing customers, a covered financial institution may rely on information in its possession subject to its Customer Identification Program (CIP) to fulfill the beneficial ownership identification and verification requirements, “provided the existing information is up-to-date, accurate, and the legal entity customer’s representative certifies or confirms (verbally or in writing) the accuracy of the pre-existing CIP information.”
- Question 10 states that if a legal entity customer opens multiple accounts, the covered financial institution may rely on information obtained from a previously issued certification form (or equivalent), provided the legal entity customer certifies or confirms—verbally or in writing—that such information is up-to-date and accurate at the time each subsequent account is opened. Records of such certification or confirmation must also be maintained.
- Question 12 confirms that covered financial institutions seeking to renew a loan or roll over a certificate of deposit must treat these as new accounts and require their legal entities customers to certify or confirm beneficial owners, “even if the legal entity is an existing customer.”
- Question 18 stipulates that covered financial institutions are not required to identify and verify the identity of beneficial owners that own 25 percent or more of the equity interests of a pooled investment vehicle, whether or not such vehicle is managed by a “financial institution,” due to the typical fluctuation of ownership. However, Question 18 notes that covered financial entities must collect beneficial ownership information for an individual who has significant control or management over the vehicle as required under the control prong to comply with the CDD rule.
- Question 19 concerns trusts overseen by multiple trustees and states that in circumstances where a trust owns 25 percent or more of the equity interests of a legal entity customer, covered financial institutions are required, at a minimum, to collect beneficial ownership information on a single trustee but may choose to identify additional co-trustees based on risk assessment or a risk profile.
- Question 21 specifies that a covered financial institution may rely on information provided by a legal entity customer to determine eligibility for exclusion from the definition of a legal entity customer, provided the financial institution has no knowledge of facts that would reasonably call into question the reliability of such information. Covered financial institutions should also ensure that their risk-based written policies and procedures address and specify the type of information to be used when reasonably determining exclusion eligibility.
- Question 28 stipulates which non-U.S. governmental entities qualify for exclusion from the definition of a legal entity customer. It specifies that state-owned enterprises that engage in profit-seeking activities, such as sovereign wealth funds, airlines, and oil companies, are not excluded from the definition of a legal entity.
- Questions 29-31 provide guidance on account level beneficial owner exceptions related to (i) point of sale products for certain low-risk retail credit accounts; and (ii) certain equipment finance and lease accounts with low money laundering risks. Question 31 also stipulates that an equipment lease and purchase exemption would apply in circumstances where a customer leases necessary equipment directly from a covered financial institution.
- Questions 32-33 provide guidance on circumstances where beneficial ownership information should be aggregated for purposes of complying with Currency Transaction Report (CTR) requirements, and state that “absent indications that the businesses are not operating independently . . . , financial institutions should not aggregate transactions involving those businesses with those of each other or with those of the common owner for CTR filing.” Furthermore, covered financial institutions are generally not required to list beneficial owners on a CTR.
- Question 35 specifies what information covered financial institutions should collect and consider as part of on-going CDD when developing customer risk profiles. Specifically, covered financial institutions should develop an understanding of the “nature and purpose of a customer relationship,” and review information obtained at the opening of an account such as type of customer, account, service, or product.
On December 4, the Financial Crimes Enforcement Network (FinCEN) announced the release of the “FinCEN Exchange” program, which establishes regular briefings between FinCEN, law enforcement, and financial institutions to share high-priority information regarding potential national security threats and illicit financial transactions. Although private sector participation in the program is voluntary, FinCEN encourages involvement because the briefings may help financial institutions better identify risks and incorporate appropriate information into Suspicious Activity Reports (SARs). In addition, FinCen’s receipt of information will support its efforts to combat financial crimes, including money laundering.
The CDD Rule became effective on July 11, 2016, and member firms must comply by May 11, 2018. FINRA advises members firms to consult the CDD Rule, along with FinCEN's related FAQs, to ensure AML program compliance.
- Buckley Webcast: Maintaining privilege in cross-border internal investigations
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Daniel P. Stipano to discuss "The state of the BSA 2019: What’s working, what’s not, and how to improve it" at the West Coast Anti Money-Laundering Forum
- Buckley Webcast: The future of the Community Reinvestment Act
- Hank Asbill to discuss "Creative character evidence in criminal and civil trials" at the Litigation Counsel of America Spring Conference & Celebration of Fellows
- Buckley Webcast: Amendments to the CFPB's proposed debt collection
- Brandy A. Hood to discuss "Flood NFIP in the age of extreme weather events" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "UDAAP compliance" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Major state law developments" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "State examination/enforcement trends" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Benjamin K. Olson to discuss "LO compensation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- APPROVED Webcast: State and SAFE Act licensing requirements for banks
- John C. Redding to discuss "TCPA compliance in the era of mobile" at the Auto Finance Risk Summit
- Buckley Webcast: The next consumer litigation frontier? Assessing the consumer privacy litigation and enforcement landscape in 2019 and beyond
- Buckley Webcast: Data breach litigation and biometric legislation
- Buckley Webcast: Trends in e-discovery technology and case law
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program