While Bank Secrecy Act/Anti-Money Laundering (BSA/AML) requirements are nothing new for bank and credit union leaders, financial institutions are now required to capture and report even more data to satisfy a new, fifth pillar of BSA/AML compliance that took effect in May 2018.
Federal examiners have indicated this new set of requirements, referred to as the Customer Due Diligence (CDD) pillar, will be a particular focus during the next round of exams, so it’s important that financial institutions ensure compliance to avoid violations and penalties.
What is the new CDD pillar?
Authorized by Section 352 of the USA PATRIOT Act, BSA/AML is a key part of the fight against money laundering and terrorist financing and, until recently, involved four pillars of compliance requirements:
- Development of internal policies, procedures and controls:These must be risk-based, comprehensive and subject to constant review and update.
- Designation of a BSA Compliance Officer with the appropriate level of authority and responsibility: This individual must be permitted to carry out duties with independence and autonomy.
- Ongoing employee training:General BSA/AML and Office of Foreign Assets Control training must be supplemented with training on the institution’s own policies and procedures that are specific to various functions and staff roles.
- Independent testing of the AML program:The testing must be adequate in scope and coverage and be conducted by qualified and independent auditors.
In May 2016, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) added a fifth pillar, focused on beneficial ownership and risk-based customer due diligence, that financial institutions must implement into their BSA/AML programs by May 11, 2018. This fifth CDD pillar requires financial institutions to:
- Establish risk-based procedures for conducting ongoing customer due diligence, including the development of customer risk profiles;
- Implement ongoing monitoring to identify and report suspicious activity;
- Update customer information on an event-driven, risk-based basis triggered by information detected during normal monitoring; and
- Establish and maintain written procedures designed to identify and verify the beneficial owners of legal entity customers.
What will change about my financial institution’s BSA/AML examination?
The CDD pillar requires banks and credit unions to collect more information related to customer due diligence and identification. Beyond verifying that monitoring and notification programs related to customer risk and suspicious activity, federal examiners will also require institutions for the first time to identify and verify the beneficial owners of legal entity customers.
The USA PATRIOT Act defines a legal entity customer as a corporation, limited liability company or other entity created by filling a public document with a Secretary of State or similar office; a general partnership; or any similar entity formed under the laws of a foreign jurisdiction that opens an account.
Beneficial owners fall into one of two categories, referred to as prongs by regulators:
- Ownership Prong: Includes each individual who, directly or indirectly, owns 25 percent or more of the equity interests of the legal entity customer
- Control Prong: A single individual with significant responsibility to control, manage, or direct the legal entity customer (e.g., CEO, CFO, Treasurer)
Institutions must now identify at least one beneficial owner for each legal entity customer. Excluded from the beneficial owner identification requirements are the following legal entities:
- Banking organizations
- Entities whose common stock is traded on the New York, American or NASDAQ stock exchange;
- SEC-registered investment companies and advisers
- Foreign financial institutions established in jurisdictions that have beneficial ownership reporting regimes
- Legal entities with private banking accounts subject to FinCEN rules
It remains imperative that a financial institution’s board and senior management understand BSA/AML responsibilities and set the tone for a proactive, aware and engaged culture of compliance. RKL has a team of professionals exclusively dedicated to helping banks and credit unions prepare for and maintain compliance with BSA/AML and other industry specific requirements. Contact Financial Services Industry Group leader Barry Pelagatti to start the conversation.