Best Practices for Complying with Beneficial Ownership Requirement of CDD Rule


If enacted into law, the Corporate Transparency Act would require each person who creates a corporation or limited liability company in the United States to report the identities of the beneficial owners of these entities.

A national corporate ownership database would clearly facilitate financial institutions’ customer due diligence efforts to confirm information currently obtained during the customer onboarding process. However, even before verification of beneficial ownership information, there are challenges faced in the collection of such information.

In this article, we recommended some best practices for financial institutions when collecting beneficial ownership information when onboarding new entities.

Determining legal entity type

Before identifying beneficial owners, the first step is to determine whether the legal entity customer is a type for which this information must be collected. There are four basic types of legal entities included under the requirement, and a much longer list of exemptions.

When a commercial customer opens a new account, the financial institution is faced with the challenge of ascertaining whether the customer’s legal entity type is included, or exempt, from beneficial ownership reporting. There are two basic approaches to this challenge.  

The financial institution may choose to make this determination itself. While the least onerous for the customer, this option is more complex from the financial institution’s perspective, requiring detailed staff procedures and review of company formation documents for confirmation. However, this approach may be feasible if the institution’s commercial customer base is predominantly LLCs, corporations and partnerships, because these are relatively simple to identify.

This approach does, however, introduce a certain level of compliance risk. There is a risk that a customer could be incorrectly excluded, and beneficial ownership information would therefore not be collected.

An emerging best practice with many financial institutions is to have the commercial customer self-identify its own legal entity type. Typically, the institution’s Beneficial Ownership form includes a complete list of every legal entity type identified in the CDD Rule, both included and exempt. The individual completing the form must indicate the customer’s legal entity type from this list.

This approach has many advantages. First, it simplifies the onboarding process, because every commercial customer receives a form — even the most obviously exempt types, such as sole proprietorships. This eliminates the added step of determining which customer should complete a form, thereby simplifying staff procedures and training and removing the risk of misidentifying a customer as exempt. This approach also provides a clear audit trail, as every commercial customer should have this form on file for every new account opened. The financial institution may also choose to use the more granular legal entity type data collected for additional due diligence, monitoring and analytics.

Identifying the customer’s beneficial owners

In practice, a financial institution may be tempted to “help” its commercial customer by proactively identifying the beneficial owners, especially when the customer is a simple LLC or partnership with which the institution is already familiar, or the customer’s formation documents clearly indicate the beneficial owners.

However, such a practice raises several significant risk considerations:

  • FinCEN’s intent is clearly that beneficial owners are to be identified and attested to by the customer.
  • Corporate ownership often changes frequently, especially with closely held businesses.
  • Because most states do not collect direct ownership data (let alone beneficial owners’ names) there are few public records to compare with formation documents.

The recommended best practice is to require the customer to self-identify and attest to its beneficial owners, without assistance from the financial institution. This does not preclude the institution from helping a customer’s representative to understand the concept of beneficial ownership using simple language, examples and illustrations. In fact, including this type of information with the beneficial ownership form may help eliminate customer confusion, thereby shortening the return window and reducing the volume of requests for assistance in completing the form.

Commercial customer identity verification: best practices and red flags

The CDD Rule does not change the existing Customer Identification Program (CIP) requirements for commercial customers. In this section, we discuss some recommended best practices in identity verification for legal entities, and some key red flags.

Effective CIP procedure for legal entities has and will continue to become more important due to increases in legal entity formations, mostly LLCs, subsequent to the dramatic reduction in the U.S. federal corporate income tax rate at the end of 2017. Businesses originally formed as partnerships or sole proprietorships are achieving significant tax savings when converting to LLCs or corporations, and new business formations are choosing the corporate entity type over others based on the lower tax rate.

It is important to emphasize that the legal entity itself is the account owner (or borrower, if a loan). The individuals who own or control the entity, either directly or indirectly, are not account owners.

CIP Rules require the financial institution to verify the identity of account owners. The CIP rules and related guidance are primarily focused on identity verification of individuals. With an individual account owner, the institution may simply examine a driver’s license or passport. However, for a legal entity account owner, the institution should examine and cross-reference several forms of documentation to support the entity’s existence as a bona fide enterprise.

  • Company formation documents describe and record the formation and existence of the entity:
    • LLC: Articles of Organization and an Operating Agreement
    • Corporation or cooperative: Articles of Incorporation
    • Partnership: Partnership Agreement
    • Trust: Certificate of Trust; Articles of Trust
  • Secretary of State registration/Certificate of Good Standing is another form of evidence. However, it is important to recognize that “good standing” is typically only an indicator that annual registration fees have been paid and reports filed. “Good standing” does not reflect whether the business is legitimately operating. It’s also important to note that some states do not require certain types of legal entities, such as general partnerships, to register with their Secretary of State.
  • Reviewing corporate bylaws and minutes of meetings of directors/members/shareholders may also provide additional corroborating evidence that the business is operating as a bona fide enterprise.
  • Federal tax returns provide income and expense data, which the institution may examine for reasonableness in comparison with other data supplied.
  • Employer Identification Number (EIN) registration, along with a completed and signed IRS Form W-9 provide a form of exclusionary identity evidence. A legal entity without its own tax identification number should disclose the reason why to the financial institution.

When examining a legal entity customer’s identity documentation as described above, the institution should be alert for the following red flags:

  • The entity is unable to supply written formation documents. While very small, closely held entities with inexperienced owners may have chosen to forgo this step in establishing the business, it is still a suspicious indicator. Many institutions will not open an account for a legal entity that cannot supply this documentation.
  • Formation documents supplied are unsigned or out-of-date. An unsigned formation document has no validity and should be handled in the same manner as if no document was supplied at all. A formation document is considered out-of-date if information contained within it is contradictory to other information supplied. It’s common for small family businesses to change ownership fairly regularly, as owners retire from the business, pass their share on to a child upon their death, or voluntarily choose to leave the business. Failing to update the formation documents when these changes take place is a common oversight, or may even have been a conscious decision by the owners to avoid legal fees. Financial institutions should establish risk-based policies surrounding out-of-date documents received.
  • “Canned” or template formation documents with no real substance may be a red flag when considered along with other documentation — or the lack thereof. LLC formation documents in particular are notorious for their generic content, often describing the entity’s business as “for any lawful purpose.” Templates for such formation documents are widely available at little to no cost and are executed without the assistance of legal counsel. When presented with such documents, the financial institution should consider other known factors regarding the nature of the business and its owners before opening the account.
  • Ownership information in a formation document that does not match beneficial ownership details supplied may also be a red flag. However, formation documents typically only supply direct ownership information. If, for example, one or more of an entity’s direct owners are also legal entities, the beneficial owners (the ultimate natural persons who indirectly own or control it) will not be disclosed.

Reasonable belief in identity verification

The CIP and CDD Rules both specifically require the financial institution to establish a “reasonable belief” that it knows the “true identity” of both the legal entity customer and its beneficial owners.

Every financial institution should establish a clear and specific definition of “reasonable belief” and incorporate this into written policies and procedures. This may include

  • What are acceptable forms of identity documentation for both a legal entity and an individual
  • When (or if) the customer may begin using a new account while identity verification remains pending
  • What are unacceptable forms of identification, resulting in refusal to open the account
  • When to file a Suspicious Activity Report based on CIP or CDD Rule issues

To read more on this subject download our white paper called “Challenges and Recommendations: Implementing the Beneficial Ownership Requirement of the CDD Rule.”

Laurie Kelly, CAMS, has a 35-year career spanning the fields of accounting, finance, risk management and regulatory compliance. From 2006 to 2018, she served as the Director of Compliance for CoBank ACB.

Anu Sood, CAMS, is the Director of Marketing at CaseWare RCM and is responsible for the company’s global marketing strategy.

CaseWare RCM, makers of Alessa, provides all the anti-money laundering (AML) capabilities that banks, money services businesses (MSBs)FinTechscasinos and other regulated industries need – all within one platform. To learn more, visit