As we blogged about in May, the Bank Secrecy Act (“BSA”), which requires financial institutions in the United States to assist U.S. government agencies to detect and prevent money laundering, applies to entities that we may not traditionally think of as “financial institutions,” including securities broker or dealers. Compliance with the BSA is no easy task. And if a recent notice of new proposed rule by the U.S. Treasury’s Financial Crimes Enforcement Network (also known as FinCEN) becomes law, it’s not about to get any easier.
FinCEN’s stated intent with the proposed rule is to clarify and strengthen customer due diligence requirements for banks, brokers or dealers in securities, mutual funds and futures commission merchants and introducing brokers in commodities. Under current regulations, each of these institutions must establish, document and maintain a Customer Identification Program (or “CIP”) appropriate for its size and business that meets certain minimum requirements, including, among others, the adoption of certain identity verification procedures, and the collection of certain customer information and the maintenance of certain records. The proposed rule adds two (2) new elements to the CIP requirements.
First, the proposed rule mandates that financial institutions identify and verify the natural person, beneficial owners of legal entity customers. A few highlights of this “Beneficial Ownership Requirement” follow:
- A financial institution must satisfy the Beneficial Ownership Requirement by obtaining, at the time a new account is opened, a standard certification form directly from the individual opening the new account on behalf of a legal entity customer.
- A financial institution must verify the identity of beneficial owners (i.e., the existence of the identified beneficial owner) consistent with their existing CIP practices by collecting, for example, a driver’s license or similar identification document. However, a financial institution need not verify the status of the natural persons identified on the form as the beneficial owners (i.e., that the individual identified is, in fact, a beneficial owner).
- A “beneficial owner” includes each individual who owns 25 percent or more of the equity interests of the legal entity customer and at least one individual with significant responsibility to control, manage or direct a legal entity customer (such as an executive officer or senior manager).
- Entities that are exempt from the customer identification requirements under the current CIP rules, such as financial institutions and publically held companies traded on certain U.S. stock exchanges, as well as certain other entities whose beneficial ownership is generally available from other credible sources, such as entities registered with the Securities Exchange Commission, are exempt from the Beneficial Ownership Requirement.
The second element that the proposed rule adds is an explicit requirement with respect to understanding the nature and purpose of customer relationships and conducting ongoing monitoring as components of an institution’s core BSA compliance program.
I believe the proposed rule will have a large impact on financial institutions, and particularly, on broker-dealers. While FinCEN has proposed that the Beneficial Ownership Requirement will apply only with respect to legal entity customers that open new accounts from the date of implementation going forward, given the new ongoing monitoring requirements, financial institutions may nonetheless need to identify beneficial owners of existing customers when updating customer information on a risk basis, so the increased burden might still be large. Also, understanding the purpose and nature of customer relationships present unique difficulties for securities firms, which generally maintain accounts in which expected activity can vary significantly over time based on numerous factors. From this perspective, asking customers to describe future activities accurately and completely is not realistic.
The proposed rule is also noteworthy in that, in adopting the second element discussed above, FinCEN notes that financial institutions should already be complying with these principles as part of their obligation to report suspicious activity, “consistent with existing guidance and regulatory expectations.” This adoption of “guidance and expectations” without following the strict notice and comment requirements, sets bad precedent, and implies that industry expectations have fundamentally become law. With compliance costs for financial institutions already on the rise, I sure hope this is not a sign of things to come.