Author: Jill Emerson, Integrity One Consulting
Considered the fifth pillar of an AML compliance program, customer due diligence is more than collecting and verifying the identities of your customers. The Beneficial Ownership Rule, which went into effect in May 2018, is the newest piece to your customer due diligence program. Concerning an institution’s AML compliance training program, the biggest challenge perhaps is navigating the first regulatory examination that encompasses this new requirement. The Beneficial Ownership Rule is not merely an exercise in collecting documentation; it’s also about creating customer profiles based upon an assessment of risk and then using the information in these profiles to understand customer relationships and to monitor for suspicious activity.
Located at §1010.230(a), a financial institution is “required to establish and maintain written procedures that are reasonably designed to identify and verify beneficial owners of legal entity customers and to include such procedures in their anti-money laundering compliance program.” And a financial institution “must establish procedures for making and maintaining a record of all information obtained under the procedures.”
By now, written procedures should address the Beneficial Ownership Rule with the inclusion of two key definitions: beneficial owner and covered legal entity. Regarding the beneficial owner definition, it should be defined in two distinct parts as outlined in §1010.230(d)(1-2). First, does each individual own 25 percent or more of the equity interests of a legal entity customer? Second, does a single individual with significant responsibility control, manage, or direct a legal entity?
According to §1010.230(e)(1) a covered legal entity is defined as a “corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account.” Make sure that written procedures specify that sole proprietors, unincorporated entities, and trusts do not meet the definition. As spelled out in §1010.230(e)(2), certain entities are always exempt from this rule, which should be detailed in documented procedures as well. Plus, the Beneficial Ownership Rule applies to new or existing legal entities every time they open a new account on or after May 11, 2018, according to sections 1010.230(b)(1) and 1010.230(g).
An institution should have documentation of its training of staff so that they know how to identify, certify, and verify those individuals, as noted in §1010.230(b). To meet the identification and certification requirements, it is recommended to use the model form in the regulation or adopt something similar. A potential gap to consider is not using CIP procedures to verify the identity of signers on a legal entity account. The key to the Beneficial Ownership Rule is to identify the person behind the entity. As a side note, has the board of directors received training? How can they approve an updated BSA policy that includes the Beneficial Ownership Rule when they have no knowledge of it? They are ultimately responsible for the BSA, and they need to be equipped with adequate knowledge to approve a revised BSA policy.
Connected to creating a customer profile is the assessment of risk the customer may bring to a financial institution. Similar to conducting and documenting the BSA/AML risk assessment for a compliance program, assessing customer risk involves understanding the nature and purpose of a customer relationship. Has your institution created a risk rating system for customer profiles? It should in order to sail smoothly through an examination by a federal regulator. Through the process of risk rating customers, it will become evident which customers are high risk and require a higher level of monitoring. As customer information changes, an institution will need to keep its documentation fluid and adjust monitoring accordingly. Compliance periodic reviews and internal audits are important pieces that should already be implemented as well. Tools are very critical with the ever-increasing obligations to maintain compliance. Whether manual or automated, systems should be in place to assist your institution in monitoring customer relationships.
As a recap, make sure your institution has:
- Updated written procedures
- Documented training with staff
- Developed a system of assessing customer risks
- Instituted a monitoring system
- A process in place for periodic reviews and internal audits
Lastly, A good rule of thumb is to evaluate your program against your federal regulator’s examination procedures, which can be found online.
Jill Emerson, owner of Integrity One Consulting, maintains over 30 years’ experience in the financial services industry, both as a practitioner and as a federal regulator. She enjoys sharing her experiences and expertise through writing.
Jill can be reached at firstname.lastname@example.org.