FinCEN’s Final Rule on Beneficial Ownership and the Administration’s New Initiatives on Financial Transparency: What You Need to Know
On May 6, 2016, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) released a final rule (the “Final Rule”) requiring banks, brokers or dealers in securities, mutual funds, futures commission merchants, and introducing brokers in commodities (collectively, “covered financial institutions”) to obtain and record beneficial ownership information as part of their anti-money laundering (AML) obligations under the Bank Secrecy Act (BSA). The Final Rule will become effective 60 days after its publication today (May 11) in the Federal Register; however, covered financial institutions will have a two year implementation period to comply with the new requirements. In conjunction with the release of the Final Rule, the White House announced a series of related legislative and regulatory initiatives aimed at increasing financial transparency and combatting corruption in the wake of the Panama Papers.
The Final Rule completes a multi-year effort by FinCEN to establish beneficial ownership requirements for covered financial institutions. Although the USA PATRIOT Act amendments to the BSA in 2001 always contemplated that beneficial ownership information may be required as part of the Customer Due Diligence (CDD) performed by regulated financial institutions, a variety of issues complicated implementation of a broad beneficial ownership reporting requirement. Over the years, the U.S. has faced mounting pressure from its international peers to bring its AML regulations into compliance with international norms established by the Financial Action Task Force (FATF), of which the U.S. is a member, especially with respect to requiring beneficial ownership information. The U.S. is currently undergoing its fourth “mutual evaluation” by FATF, which increased the urgency for U.S. action at this time. The release of a trove of documents on the use of offshore shell companies known as the Panama Papers has provided further fuel for this effort.
Among other things, the requirement to collect beneficial ownership information is intended to allow law enforcement to better track illicit use of financial services, in addition to aiding covered financial institutions in complying with sanctions programs administered by the Office of Foreign Assets Control (OFAC). The Final Rule creates a new section in the BSA regulations at 31 C.F.R. § 1010.230 setting forth the beneficial ownership identification requirements for covered financial institutions, as well as a number of exclusions for specific types of customers and accounts. It also amends the respective AML program requirements for these institutions to formally identify customer due diligence as a fifth essential “pillar” of an AML program (beside the historic four required pillars: (1) internal controls; (2) independent testing; (3) designation of an individual responsible for day-to-day compliance; and (4) training). The amendments further specify that CDD includes, in addition to obtaining beneficial ownership information: (1) understanding the nature and purpose of customer relationships for the purpose of developing a customer profile, and (2) ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to update customer information—including beneficial ownership.
Beneficial Ownership Requirement
The Final Rule creates a new § 1010.230 in Title 31 C.F.R requiring covered financial institutions prospectively to identify and verify the identity of beneficial owner(s) of each legal entity customer when a new account is opened. Beneficial owners are persons meeting either the “ownership prong” or the “control prong” of the definition of “beneficial owner.” Responding to industry concerns about the burden of applying the new requirement to existing customers, the rule does not apply retrospectively. However, FinCEN confirmed that the requirements must be met for each new account opened after the rule goes into effect, which means covered financial institutions must obtain beneficial ownership information from pre-existing customers that open new accounts after promulgation of the rule.
Some of the key elements of the new § 1010.230, as well as FinCEN’s comments on these, are set out below:
- Legal entity customer: The Final Rule only applies in relation to beneficial ownership information for “legal entity customers,” which are defined to include any corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account. FinCEN clarified that this definition does not include sole proprietorships or unincorporated associations because neither is an entity with legal existence separate from the associated individual or individuals. The definition also does not include natural persons opening an account on their own behalf. Nor does it include trusts (other than statutory trusts created by a filing with a Secretary of State or similar office). With regard to so-called “intermediated account relationships,” (such as, for example, when a broker-dealer opens an account with a mutual fund to engage in transactions on behalf of its customers) FinCEN explained that in cases where existing guidance provides that a financial institution shall treat an intermediary (and not the intermediary’s customers) as its customer for purposes of the Customer Identification Program (CIP) rules, the financial institution should likewise treat only the intermediary as its customer for purposes of the new beneficial ownership requirement.
- Definition of “beneficial owner”: The Final Rule defines beneficial owners as those individuals meeting either of two prongs:
- Ownership prong: Beneficial owners identified under this prong are defined as “[e]ach individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25 percent or more of the equity interests of a legal entity customer.” FinCEN stated that it intended the term “equity interest” to be “broadly applicable” and declined to further clarify the definition beyond describing it as “an ownership interest in a business entity” and referring to examples provided in its earlier notice of proposed rulemaking (NPRM). FinCEN confirmed that the phrase “directly or indirectly” meant that the covered financial institution’s customer must identify its ultimate beneficial owner[s] and not their nominees or “straw men.”
- No expectation to “affirmatively investigate” equity holding structures, but some circumstances may require filing a Suspicious Activity Report (SAR). FinCEN reiterated that it does not expect covered financial institutions or customers to undertake analyses to determine whether an individual is a beneficial owner under the definition, and “emphasize[d] that FinCEN expects that covered financial institutions will generally be able to rely on the representations of the customer when it identifies its beneficial owners.” Along the same lines, FinCEN does not expect covered financial institutions to “affirmatively investigate” whether equity holders are attempting to structure their holdings to evade the 25 percent threshold for reporting. However, FinCEN expects that if a covered financial institution knows, suspects, or has reason to suspect that such behavior is occurring, it may, depending on the circumstances, be required to file a SAR.
- Covered financial institutions may establish a threshold below 25 percent based on their own assessment of risk. Although FinCEN recognizes that some covered financial institutions already collect beneficial ownership information at a threshold lower than 25 percent in some cases, it declined to impose a lower ownership threshold. However, FinCEN noted that covered financial institutions may establish a lower percentage threshold for beneficial ownership (i.e., one that regards owners of less than 25 percent equity interests as beneficial owners) based on their own assessment of risk in appropriate circumstances.
- Special circumstances involving trusts and entities excluded from the definition of “legal entity customer”. The Final Rule specifies that if a trust owns directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, the beneficial owner for purposes of the ownership prong shall mean the trustee. The Final Rule also specifies that where one of the entities holding 25 percent or more of the equity interests of a legal entity customer is itself excluded from the definition of a “legal entity customer,” no individual need be identified under the control prong.
- Control Prong: Beneficial owners identified under this prong are defined as “[a] single individual with significant responsibility to control, manage, or direct a legal entity customer,” including:
- An executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or any other individual who regularly performs similar functions.
- FinCEN declined to provide additional information about the types of persons who would satisfy the control prong and stated that “the control prong provides for a straightforward test: the legal entity customer must provide identifying information for one person with significant managerial control[,]” and that the Final Rule provides common examples to illustrate.
- Variations on the number of beneficial owners identified under the ownership and control prongs. FinCEN recognized that, under the ownership prong, depending on the factual circumstances, as few as zero and as many as four individuals may need to be identified. All entities, however, would be required to identify one beneficial owner under the control prong. It is possible that in some circumstances the same person or persons might be identified under both the ownership and the control prongs. FinCEN further noted that covered financial institutions had the discretion to identify additional beneficial owners as appropriate based on risk.
- Monitoring of beneficial ownership under the ownership and control prongs. FinCEN noted that it would be impracticable for covered financial institutions to monitor the equity interests and management team of legal entity customers on an ongoing basis and continually update this information. It “emphasize[d] that the obligation for identification and verification should be considered a snapshot at the time that a new account is opened, not a continuous obligation.” However, FinCEN does expect covered financial institutions to update this information episodically based on risk, generally triggered by a covered financial institution learning through its normal monitoring of facts indicative of a change in beneficial ownership relevant to assessing the risk posed by the customer. This presents a second way that a pre-existing customer of a covered financial institution might have to provide beneficial ownership information, in this case even if no new account has been opened. This obligation to update arises from the general CDD obligation FinCEN codifies in the new rule that covered financial institutions must update all customer information on a risk basis, i.e. when customer information changes in a way that may affect its risk profile.
- Identification and Verification of Beneficial Ownership Information:
- Methods of obtaining information: Under the Final Rule, covered financial institutions have the option of (1) using a standard certification form or (2) obtaining the information required by the form by another means (such as the covered financial institutions’ own form). However, identification procedures used by covered financial institutions must, like the certification, contain the same elements of the applicable CIP rule, including names, addresses, dates of birth and relevant Taxpayer Identification Numbers. This information will be required whether or not the certification form is used.
- Certification by a natural person authorized by the customer to open accounts: Regardless of whether the standard certification form is used or not, beneficial ownership information must be, at the time of account opening, both (1) current, and (2) certified by a natural person authorized by the customer to open accounts at financial institutions to be accurate “to the best the individual’s knowledge.” FinCEN elaborated on the certification requirement as follows:
- The certification of accuracy may be obtained without use of the certification form “in the same way the financial institution obtains other information from its customers in connection with its account opening procedures.”
- FinCEN declined to impose specific account opening procedures on covered financial institutions, such as further specifying who an appropriate individual would be to certify the identity of the beneficial owner.
- FinCEN declined to require a heightened knowledge threshold, or notarization, or board approval requirement for the certification requirement because the time needed to obtain these would delay account opening without commensurate benefit. Instead, the “best of the individual’s knowledge” standard anticipates that while the individual making the certification appropriately will be an officer with substantial knowledge of the company, such as a corporate secretary, such a person still may not have personal knowledge of individuals having an “indirect ownership interest through, for example, intermediate legal entities or contractual arrangements with nominal owners” that he would need to certify at a higher standard.
- Verification of identity of, not status as, beneficial owner is required: FinCEN confirmed its earlier proposal that verification meant that covered financial institutions were required only to verify the identity of the individual identified as a beneficial owner (i.e., to verify the individual’s existence), and not his or her status as a beneficial owner.
- Methods for obtaining verification: The procedures for verifying beneficial owner identity must, at a minimum, contain the same elements required under the institution’s CIPs for verifying the identity of customers who are individuals, though they need not be identical, recognizing that some methods of verification may simply not be practicable for beneficial owners. In particular, in cases where documentary verification is used, covered financial institutions may rely on photocopies of identifying documents rather than originals.
- Financial institution reliance on certification by the legal entity customer: FinCEN declined to include in the Final Rule a blanket safe harbor triggered by the use and collection of the standard certification form. Instead, it added language to the Final Rule explaining that financial institutions could rely on the beneficial ownership information given by the person opening the account provided that the financial institution “has no knowledge of facts that would reasonably call into question the reliability of such information.” Although FinCEN made clear that “in the overwhelming majority of cases” reliance on such certifications will be appropriate, FinCEN’s retention of this language instead of a categorical safe harbor serves as a caution against willful blindness in cases where covered financial institutions have facts available to them suggesting that the information may be faulty, and indicates that they might be held liable for relying on false or incorrect certifications in such cases. In keeping with this, FinCEN also noted that beneficial ownership identification procedures, similar to required CIPs, must address situations in which the covered financial institution cannot form a reasonable belief that it knows the true identity of the beneficial owner of a legal entity customer after following the required procedures.
- Reliance on Determinations of Beneficial Ownership by other Covered Financial Institutions: Similarly to CIPs, covered financial institutions, may rely on the performance by another financial institution (including an affiliate) of the requirements of the beneficial ownership obligation with respect to any legal entity customer of the financial institutions that is opening, or has opened, an account or has established a similar business relationship with the other financial institution to provide or engage in services, dealings, or other financial transactions, provided that:
- Such reliance is reasonable under the circumstances.
- The other financial institution is subject to a rule implementing 31 U.S.C. 5318(h) and is regulated by a Federal functional regulator.
- The other financial institution enters into a contract requiring it to certify annually to the covered financial institution that it has implemented its anti-money laundering program, and that it will perform (or its agent will perform) the specified requirements of the covered financial institution’s procedures to comply with the requirements of this section.
- Exclusions, exemptions, and other special circumstances
- Exclusions from the definition of legal entity customer: The Final Rule adopted 16 exclusions to the definition of legal entity customer, including several not in the NPRM. FinCEN noted that “[a]ll of the exclusions are a result of an assessment of the risks and determination that beneficial ownership of information need not be obtained at account opening, because the information is generally available from other credible sources.” Examples of excluded entities include public accounting firms registered under section 102 of the Sarbanes-Oxley Act; any financial institution regulated by a Federal functional regulator or a bank regulated by a State bank regulatror; any entity (other than a bank) whose common stock or analogous equity interests are listed on the NYSE, NYSE MKT, or NASDAQ exchanges; and investment companies and advisers registered with the SEC. Among the new additions to the exclusion list from the NPRM are bank holding companies; pooled investment vehicles that are operated or advised by a financial institution that is itself excluded from the definition of legal entity customer; non-U.S. governmental departments and agencies that engage only in governmental rather than commercial activities; and state-regulated insurance companies.
- Legal entity customers that are subject only to the control prong requirements: The Final Rule identifies two types of legal entity customers that are not excluded from the definition of “legal entity customer” which are subject only to the control prong of the beneficial ownership requirement, including:
- A pooled investment vehicle that is operated or advised by a financial institution that is not excluded from the definition of legal entity customer.
- Any legal entity that is established as a nonprofit corporation or similar entity and has filed its organizational documents with the appropriate State authority as necessary.
- Exemptions from beneficial ownership requirements for legal entity customers that open certain types of accounts. FinCEN also established specific exemptions, new to the Final Rule, from the requirement to identify and verify the identity of the beneficial owner(s) for certain enumerated types of accounts for legal entity customers. These include: (1) accounts to finance the purchase of postage for which payments are remitted directly from the financial institution to the postage provider; (2) accounts to finance insurance premiums for which payments are remitted directly from the financial institution to the insurance provider or broker; and (3) accounts to finance the purchase or leasing of equipment for which payments are remitted directly from the financial institution to the vendor or lessor of the equipment. These account-type exemptions are all premised on factual scenarios where FinCEN agreed with commenters that the risk of money laundering is exceptionally low because the ability of customers to direct the making or receipt of payments is greatly constrained. However, FinCEN created a limitation on the exemption for accounts through which a legal entity customer can make payments to, or receive payments from, third parties or if there is a possibility of a cash refund on the account, both of which might increase the risk for money laundering. In addition to these three account-types, FinCEN also exempted accounts to provide credit products (up to a $50,000 limit) at the point-of-sale, including commercial private label credit cards, solely for the purchase of retail goods or services at the retailer offering the product. Here too, FinCEN judged the money laundering risk posed by this account-type to be low.
- Recordkeeping: Covered financial institutions must establish procedures for making and maintaining a record of all information obtained under the procedures implementing the identification and verification requirements of the rule.
- At a minimum the record must include the following:
- For identification, any identifying information obtained by the covered financial institution, including without limitation the certification (if obtained).
- For verification, a description of any document relied on (noting the type, any identification number, place of issuance and, if any, date of issuance and expiration), of any non- documentary methods and the results of any measures undertaken, and of the resolution of each substantive discrepancy.
- Retention of records requirements: A covered financial institution must retain the records made for five years after the date the account is closed (identification records) and after the record is made (verification records). These records may be retained electronically and incorporated into existing databases as part of a covered financial institution’s overall management of customer files.
AML Program Amendments
The Final Rule amends the AML program requirements for covered financial institutions to incorporate the minimum statutory elements of an AML program required by 31 U.S.C. § 5318(h)(1), as well other elements that were not previously made explicit in the BSA regulations, such as the requirement for ongoing monitoring and updating of customer information.
As set forth in the preamble to the Final Rule, FinCEN considers that there are four core elements of CDD: (1) customer identification and verification, (2) beneficial ownership identification and verification, (3) understanding the nature and purpose of customer relationships to develop a customer risk profile, and (4) ongoing monitoring for reporting suspicious transactions, and, on a risk-basis, maintaining and updating customer information.
The first (customer identification and verification) is already required at account opening, and the second is established by the Final Rule. Although FinCEN reasons that the third and fourth elements have always been implicit in the requirement that regulated financial institutions file Suspicious Activity Reports (SARs), the Final Rule now makes them explicit for banks, broker-dealers, mutual funds, and futures commission merchants and introducing brokers in commodities by amending their respective AML program requirements.
A “customer risk profile” refers to the corpus information gathered about a customer at account opening, which is to be used by the covered financial institution to develop a baseline against which customer activity is assessed for suspicious activity reporting. The Final Rule’s preamble specifies that a covered financial institution may, but need not, include a system of risk ratings or categories of customers in its customer risk profiles. When a covered financial institution detects activity or information in course of its normal monitoring of a customer that is relevant to assessing or reevaluting the risk posed by the customer, it must update the customer’s information, including, where implicated, its beneficial ownership information. FinCEN has explained that such triggers could include a significant and unexplained change in the customer’s types of activities or volume of activity, as well as a possible change in the customer’s beneficial ownership information.
The Final Rule does not impose a categorical requirement that financial institutions update their customer information on a continuing or periodic basis, but rather views the update requirement as event-driven and occurring as the result of normal monitoring in the context of an AML program. Accordingly, FinCEN’s position is that the requirement merely reflects existing practices that covered financial institutions impliedly must already have in place to identify suspicious activities that depart from a customer’s known business profile and thereby to satisfy their SAR reporting obligations.
Related Beneficial Ownership Initiatives Aimed At Increasing Financial Transparency and Combatting Money Laundering, Terrorist Finance, and Corruption
In conjunction with the release of the Final Rule, the White House also announced a series of other related initiatives, most of which would require legislative action by Congress. The Treasury Department said that the Final Rule and other initiatives together target the key points of access to the international financial system—when companies open accounts at financial institutions, when companies are formed or when company ownership is transferred, and when foreign-owned U.S. companies seek to evade their taxes.
First, the White House reported that it has sent a legislative proposal to Congress that would require all corporations formed in the U.S. to report their beneficial ownership information at the time of formation. Such a national requirement relating to corporate formation has long been resisted by states that are popular places of incorporation, such as Delaware. The legislation also reportedly would “clarify” the scope of FinCEN’s authority to gather information using geographic targeting orders, in particular with respect to the collection of wire transfer information.
Second, the Internal Revenue Service (IRS) issued a proposed rule to require foreign-owned single member limited liability companies and other so-called “disregarded entities” to obtain a tax identification number from the IRS, thereby requiring these entities to report ownership and transaction information.
Third, the administration proposed legislation that would enhance the Department of Justice’s authority in money laundering and anti-corruption cases. The administration’s proposal would, among other things, expand foreign money laundering predicates to include violations of foreign law that would be money laundering predicates if committed in the U.S. It would also authorize the use of administrative subpoenas for money laundering investigations and enhance prosecutors’ ability to access foreign bank or business records by service branches located in the U.S.
Finally, the administration urged Congress to amend financial reporting requirements to establish full reciprocity with U.S. Foreign Account Tax Compliance Act (FATCA) partners and to approve eight tax treaties that are currently pending with the Senate.
While at this time it appears unlikely that the legislative initiatives proposed by the administration will move through Congress before the November election, they appear to be aimed at framing the substantive debate on anti-corruption and financial transparency for the Congress as well as the next administration. The legislative proposal with respect to beneficial ownership in particular may also help to satisfy FATF as it conducts its review of U.S. AML practices in ways that the new Final Rule does not, because it speaks specifically to FATF’s longstanding concern that beneficial ownership information be obtained at the time of company formation.
For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.