FinCEN Finally Weighs In On CDD/KYC Regulations
May 19th, 2016
May 11th 2016 was the long-anticipated day when FinCEN released its most comprehensive regulations for anti-money laundering since the USA Patriot Act was issued in 2001. After years of debate, discussion and general delay, FinCEN has finally published a regulation covering the basics of a CDD/KYC program based on the FATF 2012 recommendations, while providing a basis for a global standard. The fact that the US has apparently taken the longest amount of time to implement this type of regulation may always be debated – China, Australia, Russia and the EU already have regulations in place – but the importance that FinCEN is placing on CDD/KYC programs going forward will further enforce how the world’s financial organizations address customer on boarding and due diligence going forward.
FinCEN’s new regulations place CDD/KYC programs as the “fifth pillar” of an AML program. Under the original four pillars resulting from the USA Patriot Act, and with the addition of this fifth pillar, covered financial institutions can no longer hope that customer due diligence will lie in a grey area of risk-based procedures. CDD will now be front and centre with the regulators with respect to how financial institutions on board, risk assess and monitor their customer base going forward – alongside the stalwarts of employee training, having nominated compliance officers, and other familiar rules.
Secondly, FinCEN is officially enacting the de facto global standard around identification of beneficial owners of entities through the requirement of identifying both beneficial owners for controlling officers alongside financial ownership stakes. Thus for every corporate customer, a covered financial institutions shall identify at least one controlling officer and upwards of four financial controlling officers at a 25% ownership level. This 25% ownership level has been widely debated and FinCEN has taken the stance that this is the minimum level covered financial institutions shall assess risk at.
In fact, NICE Actimize market research to be released in the coming weeks with US based financial institutions, identify that more than 50% of financial institutions already identify beneficial owners below the 25% level. However, based on risk policies, covered financial institutions may choose to identify an ownership levels at a lower percentage rate as they deem fit.
Further, after the identification of the controlling and financial stakes, covered financial institutions will have to have documented programs and processes around on going monitoring of these entities. To date, this has not been an area in which financial institutions have chosen to act –instead relying on time-based periodic reviews of their customer base determined by risk level. While covered financial institutions can choose to continue to go the route of time-based checks based on their risk policies, it is likely that not being more proactive in identifying changing ownership and controlling interests could leave them open to scrutiny from regulators. Therefore, covered financial institutions will have to begin evaluating how they handle this on-going monitoring to best fit their risk profiles while pleasing FinCEN.
Finally, and the most interesting aspect of these new regulations, is how states like Delaware, will play in this new regime. As has been talked about extensively, Delaware is often accused of being the epicentre of money laundering due to the ability to incorporate anonymous holding companies there. With these new federal regulations requiring the identification of individuals, it will likely mean the end of this practice as organizations will no longer be able to hide their organizational structures in anonymous holding companies. But time will tell.
Overall, this is a massive step forward for the US in meeting the standards set by FATF nearly four years ago and enacted by many jurisdictions globally. The next two years will be incredibly interesting to see how financial institutions build out their existing programs to ultimately enact measures to meet this new guidance.