By Monica C. MeinertWith the arrival of the new year, bank compliance officers find themselves less than five short months away from the implementation date of the Financial Crimes Enforcement Network’s final beneficial ownership rule, which has a mandatory compliance date of May 11, 2018. Issued in 2016, the rule creates a new “fifth pillar” of Bank Secrecy Act/anti-money laundering compliance, requiring banks to have a risk-based customer due diligence procedure, in addition to being able to identify and verify the identity of beneficial owners of their legal entity customers.
Breaking down ‘beneficial ownership’
The final rule breaks down beneficial ownership into two “prongs”: an ownership prong and a control prong. Those who satisfy the “ownership” prong are individuals who own 25 percent or more of the equity interests in the legal entity customer. The “control” prong refers to a single individual that has authority to exercise control of the legal entity—typically a CEO, executive officer or treasurer.
“In every case where you have a legal entity customer where no exclusion applies, you will have a minimum of one beneficial owner—because you’re always going to have a control person—and a maximum of five, if you use 25 percent as a benchmark” as the rule requires, explains Daniel Stipano, a partner with law firm Buckley Sandler and a panelist at the recent ABA/ABA Financial Crimes Enforcement Conference. “For any of those people, what you’re going to be doing is collecting the pieces of information you would collect for CIP [Customer Identification Program] purposes and then you’re going to verify that information, either through documentary means or non-documentary means.”
Stipano notes that “the procedure you will ultimately use will be similar to your CIP procedures, but they may need to be tweaked, because a beneficial owner is not necessarily a customer. And that’s perhaps going to limit the information you’re entitled to see.” For example, while many banks pull a customer’s credit report for CIP verification, they would be unable to do so to verify the identity of a beneficial owner that is not a bank customer, as it would violate the Fair Credit Reporting Act.
Identifying beneficial owners
Under the final rule, bankers are not required to determine the identities of a legal entity’s beneficial owners—rather, they may use information provided by the person opening the account.
“I think when this rule was being drafted, there was a very serious effort made to balance the benefits with the burdens,” Stipano explains. “FinCEN was very much aware of the burden and the cost that was being created for financial institutions, and they were trying to find a way to thread the needle. By allowing institutions . . . to rely on the customer’s representations, it takes a lot of the cost out of this, because in most cases, you aren’t going to have to hunt down to the end of the earth information about these beneficial owners.”
But bankers should still keep an eye out for anything that might appear suspicious.
“I think you have to assess in your own mind how comfortable you are relying on [the customer’s] representations,” he adds. “Probably in the majority of the situations, you’d be comfortable. But there are some situations where I don’t think you can be, and you’re going to have to peel back the layers of the onion. You can rely on customers, but you can’t have blinders on.”
Christopher Simpkins—BSA and OFAC officer at Bentonville, Ark.-based Arvest Bank, which has already begun complying with the rule—recalls one instance that stood out for him when, upon learning of the 25 percent reporting requirement, the legal entity customer engaged in an organizational reshuffle. It had four owners at the time the bank requested the beneficial ownership information, Simpkins explains. “They said, ‘Let me get back to you,’ and by the end of the day, they had five. They each had 20 percent. So you have to think about situations like that: does that cause you concern? It caused us concern.”
Another place things can get tricky is when there are multiple layers of ownership—say, a corporation that is owned by an LLC that is controlled by another LLC. In these instances, bankers may need to go back through those multiple layers to flesh out all beneficial owners that directly or indirectly own a 25 percent equity stake in the legal entity. But that kind of structure in and of itself should raise a red flag, Simpkins points out. “The question becomes, why would anybody set up a web like that for a legitimate purpose?”
At the end of the day, “there’s technical compliance with this rule, and you want to make sure you get that right,” Stipano says. “But you don’t want to lose track of the bigger picture, which is to make sure that you know who you’re doing business with ultimately.”
The 25 percent threshold—is it enough?
One of the key questions bank compliance officers are asking is whether the rule’s 25 percent benchmark is appropriate.
At Arvest Bank, Simpkins and his team decided that for high-risk customers, they would verify the identities of beneficial owners that owned a 10 percent or greater equity stake in the legal entity customer. But he notes that doing so presents another set of challenges, starting with the simple fact that applying a lower threshold significantly increases the number of potential beneficial owners. At a 25 percent threshold, for example, a legal entity customer would have a maximum of five beneficial owners (four beneficial owners with a 25 percent equity stake, plus one control person). Using 10 percent, there could be as many as 11.
“There are some vendors out there that don’t allow for the possibility of entering more than five names” into the compliance system, Simpkins points out. Bankers would then, in turn, need to determine how they would collect and store the information for the additional beneficial owners. “You really shouldn’t base your procedures on your system limitations,” he says. “But you do need to consider [them].”
Simpkins encourages bankers working to determine whether to go beyond the 25 percent threshold to “try to clarify your high-risk classification policies as much as possible. You want to have very exact guidelines before you make that decision” to upgrade a customer to high-risk.
Adds Stipano: “Whatever it is that you decide, be sure that you memorialize it in your policies and procedures. If it’s not memorialized, I think that’s a red flag for examiners.”
It’s also important to recognize that it’s not just a question of tracking the individual benefit owners. There are also questions about integrating that data into other BSA/AML systems.
Readying the front lines
As with any new rule, bankers must ensure that compliance and frontline teams are familiar with the requirements and compliance obligations of the beneficial ownership rule. Simpkins notes that Arvest bank—which usually does most of its training online via the bank’s intranet—opted to train employees in person for the beneficial ownership rule.
“We’re doing it [this way] because there are so many things that we’re probably not thinking of, and we realize that. We want to create an environment where we can get that feedback in person and deliver our responses,” he says. ABA members can also access the brand-new beneficial ownership course in ABA’s free Frontline Compliance Training, which covers the application of the rule, how to identify legal entity owners, the prongs used to determine beneficial ownership and the expanded coverage of the customer due diligence rule.
As the compliance date draws nearer, FinCEN has announced publicly its plans to release a second set of frequently asked questions (the first set was published in July 2016) that will address additional issues that have cropped up in recent months. And, the federal banking agencies also plan to issue the examination procedures that will help banks know what the examiners will be auditing.
When it comes to enforcement of the rule, “make sure you talk to your regulators about what they’re expecting,” advises Anna Rentschler, VP and BSA Officer at Jefferson City, Mo.-based Central Bancompany. “I think it’s important to talk to them and say, what are you really looking for, what are you looking at?” If policies and procedures are well documented and banks can justify their reasoning clearly, “I think [regulators] are going to come back and say ‘okay.’”