May 24, 2016

FinCEN Issues Long-Anticipated Requirements for AML Due Diligence on Beneficial Owners

On May 11, 2016, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) published the final version of anti-money laundering (“AML”) regulations requiring certain financial institutions to identify the “beneficial owners” of each “legal entity customer” and to verify the identities of such owners.1 The new regulations, initially proposed in 2014, will take effect on July 11, 2016.2 However, covered financial institutions have until May 11, 2018 (the “applicability date”) to implement the required procedures.

Current Law

Under existing AML regulations, covered financial institutions are required to implement a customer identification program (“CIP”), also known as “know your customer” (“KYC”) procedures, to verify the identity of each individual and entity that becomes a new customer or client. However, a financial institution has thus far not been obligated to “look through” the entity that is the customer of record to its beneficial owners.

The New Customer Due Diligence Requirements

In general, a covered financial institution will be required to implement new customer due diligence (“CDD”) procedures to obtain beneficial owner information from legal entity customers organized under a U.S. or foreign jurisdiction, including corporations, limited liability companies, partnerships, and similar entities. However, sole proprietorships, unincorporated associations, trusts (other than statutory trusts), and a series of entities enumerated in the new regulations will not be treated as legal entity customers.

“Beneficial owner” due diligence covers two types of individuals. First, a covered financial institution must identify and verify any natural person having an equity ownership interest of 25% or more in a legal entity customer. Second, a covered financial institution must also identify and verify a “control person,” meaning any individual having significant responsibility for controlling, managing, or directing the legal entity customer. Examples of a control person include a Chief Executive Officer, Managing Member, General Partner, or senior executive officer, or other individual who regularly performs such functions. If no individual satisfies the ownership prong, the covered financial institution must identify and verify the identity only of a control person of that customer.

Beginning on the applicability date, covered financial institutions will be required to establish and maintain written procedures “reasonably designed” to identify and verify the identities of beneficial owners of legal entity customers and to maintain the relevant records. Such beneficial owner due diligence must be conducted at the time a new account is opened and also when, in the course of normal customer transaction monitoring, the financial institution detects information pertinent to its assessment of the money-laundering risk posed by the customer. The required information can be obtained by using either the certification form provided by FinCEN in Appendix A of the new regulations or any other method that complies with the substantive requirements of the regulations.

The identification and verification procedures for beneficial owners are similar to those for individual customers under a financial institution’s KYC program (e.g., producing a government-issued photo ID) except that for beneficial owners, the financial institution may rely on copies of identity documents. The financial institution will be permitted to rely on the beneficial ownership information provided by the legal entity customer, as long as the financial institution has no “knowledge of facts that would reasonably call into question the reliability of the information.”

“Covered Financial Institution”

The new CDD requirements will be binding on “covered financial institutions,” a term encompassing financial entities currently subject to industry-specific AML regulations, i.e., banks and other depository institutions, brokers or dealers in securities, mutual funds, futures commission merchants, and introducing brokers in commodities.

The new requirements will not apply to registered Investment Advisers, since a registered Investment Adviser is not a “financial institution” within the meaning of the existing Treasury Department AML regulations.3 Therefore, an adviser will not be required to identify and verify the beneficial owners of a legal entity investing in a private equity or hedge fund that the adviser operates or advises. However, if such a fund opens an account with a covered financial institution, the institution will be required to identify and verify the identity of a control person of that fund, as discussed below.

Covered financial institutions will not be required to identify and verify the identity of beneficial owners of 16 types of entities that the new regulations exclude from the definition of legal entity customer. Among the excluded entities are:

  • Federally regulated financial institutions—including the covered financial institutions subject to the new requirements—and state banks regulated by state banking regulators;
  • Entities whose common stock is listed on the New York Stock Exchange, the NYSE MKT (formerly the American Stock Exchange), or the NASDAQ;
  • Investment companies registered with the Securities and Exchange Commission (the “SEC”) under the Investment Company Act of 1940;
  • Investment advisers registered with the SEC under the Investment Advisers Act of 1940;
  • Entities registered with the Commodity Futures Trading Commission, including commodity pool operators, commodity trading advisors, retail foreign exchange dealers, swap dealers, and major swap participants;
  • State-regulated insurance companies;
  • Public accounting firms registered under Section 102 of the Sarbanes Oxley Act; and
  • Pooled investment vehicles operated or advised by “a financial institution that is excluded from the definition of legal entity customer.”

A pooled investment vehicle (i.e., a private equity or hedge fund) operated or advised by a registered Investment Adviser would be considered a “legal entity customer” since an adviser is not a “financial institution” under AML regulations. Therefore, a covered financial institution would have to identify and verify beneficial owners of such funds. However, in its commentary on the new regulations, FinCEN acknowledges the difficulty of tracking the specific equity ownership interests in pooled investment vehicles. As a result, the final rule provides that a covered financial institution need only identify and verify the control person of such pooled investment vehicle customer, and not its equity owners.

Obligations on Customers

Although the new CDD procedures will be binding on covered financial institutions, there is no legal requirement that a customer comply with an institution’s information requests. However, a covered financial institution is not required to do business with a customer that refuses to provide the requested beneficial owner information. Therefore, it is unlikely that a legal entity customer would be able to establish a new financial relationship with a covered financial institution after the applicability date without providing beneficial owner information, unless an exclusion applies.

Trusts as Beneficial Owners

If 25% or more of the equity interests of a legal entity customer are owned by a trust (other than a statutory trust), covered financial institutions would satisfy the ownership prong of the beneficial ownership requirement by obtaining and verifying the identity of the trustee. For clarity, FinCEN notes in its commentary on the regulations that a covered financial institution would also be required to identify an individual associated with the trust under the control prong. However, one individual could satisfy both prongs, according to FinCEN.

Other Provisions

Separately, the new regulations will make explicit several components of a covered financial institution’s AML policy that had previously only been implied in agency guidance. FinCEN originally required an AML policy to have, at minimum, four basic elements, which came to be known informally as “the four pillars.” The new regulations will add a fifth pillar consisting of three procedures that had been suggested or implied in guidance but not expressly required by the regulations.4 Specifically, covered financial institutions will be required to (i) develop an understanding of the nature and purpose of each of its customer relationships, as part of its efforts to develop customer risk profiles, (ii) conduct ongoing monitoring of customer accounts in order to report suspicious transactions and (iii) maintain and update the customer information in their records.5

Click here to download this article.

The final rule was published at 81 Fed. Reg. 29398-29458 (May 11, 2016) and adds a new section to the AML regulations at 31 C.F.R. § 1010.230. The Federal Register notice is available here.

For a description of the regulations as originally proposed, please see Willkie Farr & Gallagher LLP, “Treasury Department’s Proposed Anti-Money Laundering Regulations Would Require ‘Know Your Customer’ Due Diligence to Look Through to ‘Beneficial Owners’” (Aug. 5, 2014), available here.

On September 1, 2015, FinCEN published proposed regulations that would define registered Investment Advisers as “financial institutions” and require them to implement AML programs meeting certain minimum standards. The proposed regulations are still pending but will likely be finalized in 2016. As proposed, these regulations do not require Investment Advisers to implement CDD with respect to beneficial owners of their customers (i.e., investors), but this could change when the final regulations are issued. For more information about the proposed AML regulations for Investment Advisers, please see Willkie Farr & Gallagher LLP, “Treasury Department Proposes Anti-Money Laundering Regulations for Investment Advisers” (Aug. 28, 2015), available here.

4  The original four pillars include: establishment of internal controls reasonably designed to prevent or detect money laundering; designation of an individual responsible for AML compliance; training for the appropriate personnel; and periodic independent testing of the AML program’s effectiveness.

5  The additional provisions may be found in the following new sections of Chapter X of 31 C.F.R.: Section 1020.210 (banks); Section 1023.210 (broker dealers); Section 1024.210 (mutual funds); and Section 1026.210 (futures commission merchants and introducing brokers in commodities).