I. INTRODUCTION
FinCEN has issued a Final Rule relating to customer due diligence for financial institution customers who are legal entities, such as corporations, limited liability companies, trusts or partnerships. The rule includes definitions and exclusions regarding customers that qualify as a legal entity customer and the account types that require collection of beneficial owner information.
Until now, it has been sufficient for a financial institution to verify the identity of the legal entity who is a customer. Under the Final Rule, the financial institution must also determine the identity of the “beneficial owner(s)” of the entity and verify their identity information. The new rules also amend the Anti-Money Laundering (AML) program requirements for financial institutions to include ongoing customer due diligence for legal entity customers. The Final Rule became effective on May 11, 2018.
II. BENEFICIAL OWNERS REQUIREMENTS
A. Identification and Verification Requirements
The Final Rule mandates that bank have written procedures that reasonably identify and verify beneficial owners at new account opening. These procedures must be part of the bank’s AML program. The requirements are for each new account opened for legal entities (see “Definitions” below) like LLCs, LLPs, etc. Instead of having the option to collect information on individuals related to the business, banks will be required to collect information on up to five individual beneficial owners. As the new requirements relate to legal entity customers, the rule doesn’t affect natural person accounts, sole proprietorships or unincorporated associations.
There are two separate tests for determining the beneficial ownership of a legal entity. The first is the ownership test. Under the ownership test each person that owns or controls, directly or indirectly, 25% or more of the entity is a beneficial owner. Accordingly, under the beneficial ownership test, there could be no beneficial owner or as many as four. If there is a trust that owns 25 percent or more, the trustee will be treated as a beneficial owner for identification purposes.
The second test is the control test. Under the control test, the beneficial owner is a single individual with significant responsibility to control, manage, or direct the entity. For a corporation, normally, this would be the President or Chief Executive Officer even though the person may have no ownership in the entity.
The Final Rule defines beneficial owner as each of the following:
Under this definition, a legal entity will have a total of between one and five beneficial owners (i.e., one person under the control prong and zero to four persons under the ownership prong).
The identity of the beneficial owners must be certified to by either the legal entity or the person opening the account for the legal entity. After identifying the beneficial owner or owners, the person’s identity must be verified in the same manner that you would verify the identity of any person that is a customer. You obtain documentation verifying the person’s date of birth, address and so forth. Then, in the same manner as for other customers, you must make a record of the identity and the identifying documents and retain it for five years.
There are numerous exceptions to the rule of which entities’ beneficial owner(s) must be identified. All regulated financial institutions, companies listed with the Securities and Exchange Commission and many other categories of regulated or quasi-regulated entities are exempt.
FinCEN noted in the rule release that to require covered financial institutions to identify beneficial owners of pooled investment vehicles and nonprofit entities by ownership percentage would likely create unreasonable operational challenges. The rules apply only to the control test to determine beneficial ownership for these entities:
The Rule defines a “legal entity customer” as an entity that files a public document with a Secretary of State, or similar state official or office, including any similar entity formed under the laws of a foreign jurisdiction. Financial institutions are not required to collect beneficial owner information for a number of “legal entity customers,” including banks, bank holding companies, certain pooled investment vehicles, state-regulated insurance companies, financial market utilities (as designated by the Financial Stability Oversight Council), and foreign financial institutions (to the extent a foreign regulator collect beneficial owner information relating to the ownership of the foreign financial institution.
B. Reliance on Other Financial Institutions and Intermediated Account Relationships
Importantly, a covered financial institution may rely on another financial institution to perform its AML due diligence in relation to identification and verification of legal entity beneficial owners. Reliance on an AML service provider is subject to the following prerequisites:
C. Ongoing Customer Due Diligence Obligation
The Customer Due Diligence (CDD) Rules formalized the requirement that covered financial institutions incorporate ongoing CDD obligations into their AML compliance programs. At present, AML compliance programs are required to address four facets; (1) a system of internal controls to ensure ongoing compliance; (2) independent testing for compliance; (3) an individual designated as responsible for coordinating and monitoring day-to-day compliance; and training for appropriate personnel.
The new Customer Due Diligence Rules have created a fifth facet which will now be officially required. Covered financial institutions will be required to include “appropriate risk-based procedures for conducting ongoing customer due diligence” in their AML compliance programs. Specifically, these procedures must include, but are not limited to:
The rules leave it up to covered financial institutions to create their own framework and method of developing customer risk profiles. Risk profiles, however, should include information that allows an institution to create a baseline of account activity. Institutions should consider customer asset amounts and types along with personal information in developing customer risk profile. Armed with this information, an institution should be equipped to identify suspicious transactions, including those that may not be the sort the customer would normally be expected to engage in.
Customer risk profiles are not required to be monitored and updated on a continuous or periodic basis, but updates should, instead, be event-driven. A covered financial institution must update a customer’s risk profile if it detects information about the customer that is relevant to assessing the customer’s transactions for AML purposes. Examples of information that would lead to reevaluation of the customer’s risk status include: (1) significant and unexplained change in the customer’s activity; (2) international wire transfers for no apparent reason; (3) dramatic increase in volume of activity; and (4) information related to a possible change in beneficial ownership.
III. FINCEN BENEFICIAL OWNERSHIP REPORTING RULE
A. Introduction
The U.S Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued a final rule implementing the beneficial ownership information (BOI) reporting provisions established by the Corporate Transparency Act. The Act and its Implementing regulation are designed to inhibit the ability of illicit actors to use shell companies to launder their money or hide assets.
The rule establishes: a) who must file a BOI report; b) what information must be reported; and c) when a report is due. The final rule also requires reporting companies to file reports with FinCEN that identify two categories of individuals: (1) the beneficial owners of the entity; (2) the company applicants of the entity.
Two additional rules, covering access to the database and an update to the existing Consumer Due Diligence rule will be issued by FinCEN in the future. The additional rules will (1) establish rules for who may access BOI, for what purposes, and what safeguards will be required to ensure that the information is secured and protected; and (2) revise FinCEN customer due diligence rule following the promulgation of the BOI reporting final rule.
B. Reporting Companies
The Federal rule creates two types of reporting companies: domestic and foreign.
C. Beneficial Owner
A beneficial owner is defined as an individual who, directly or indirectly, either (1) exercises substantial control over a reporting company, or (2) owns or controls at least 25 percent of the ownership interests of a reporting company.
Reporting companies formed or registered after the effective date of the rule do not need to update company applicant information.
The final rule requires a reporting company to identify itself and report four pieces of information about each of its beneficial owners:
Reporting companies will be required to report as follows:
FinCEN Identifier: If an individual provides their four pieces of information to FinCEN directly, the individual may obtain a “FinCEN identifier,” which can then be provided to FinCEN on a BOI report in lieu of the required information about the individual.
F. Effective Date
V. MODEL CERTIFICATION FORM
The bank may (but isn’t required to) rely on the model certification form to meet the requirements of the Final Rule. The model certification form is found in Appendix A (“Certification Regarding Beneficial Owners of Legal Entity Customers.”) The Certification will need to be filled out by the natural person who has authority to open the account (the “account opener”). The model form requests that all the beneficial owners provide their name, address, date of birth and social security number (or passport number if there is no social security number). The instructions are helpful to the customer (and the bank) as they give a simplified explanation of who is covered a beneficial owner. The account opener will list their name and title and the name and address of the legal entity who is the account holder. The account opener must certify that all the information provided on the form is accurate to the best of their knowledge, as required by the rule. The certification is needed even if account opener is not considered a “beneficial owner” for this requirement.
VI. CUSTOMER DUE DILIGENCE REQUIREMENTS
FinCEN has recently issued Frequently Asked Questions (FAQs) to assist covered financial institutions in understanding the scope of the “Customer Due Diligence Requirements for Financial Institutions.” The majority of the FAQs provide additional guidance regarding a financial institution’s obligations to collect, identify and verify information regarding the beneficial ownership of a legal entity customer. The full-text of the FAQs may be accessed by going to the FinCEN website at www.fincen.gov and searching for 2016-G003; FIN-2018-G001; FIN- FIN-2020-G002
VI. EXCEPTIVE RELIEF
A. Products and Services with Automatic Rollovers or Renewals
1. Introduction
The Financial Crimes Enforcement Network (FinCEN) has issued a ruling to provide permanent exceptive relief to covered financial institutions from the obligations of the Beneficial Ownership Requirements for Legal Entity Customers (Beneficial Ownership Rule) with respect to certain financial products and services that automatically rollover or renew and were established before the Beneficial Ownership Rule’s Applicability Date, May 11, 2018. The exception is retroactive to May 11, 2018.
The exceptive relief applies to certificate of deposit rollovers and loans that renew automatically; commercial lines of credit or credit card accounts where the renewal, modification or extension does not require underwriting review and approval; and safe deposit box renewals.
The exceptive relief does not apply to the initial opening of any of the types of accounts listed above, nor does it apply to relieve any covered financial institution of its customer due diligence requirements under AML program rules. Notwithstanding the permanent accepted relief, covered financial institutions must comply with all other applicable AML requirements under the BSA, such as maintaining an AML program and reporting suspicious activity.
2. Covered Products Descriptions and Characteristics
For purposes of the exceptive relief, the “accounts” listed above, are defined as follows:
Certificates of Deposit
For purposes of the Ruling, a certificate of deposit (CD) is a deposit account that has a specified maturity date, but cannot be withdrawn before that date without incurring a penalty. During the term of the CD, a customer cannot add additional funds to the CD. The term of a CD may vary from a week to several years. At the end of the term, when the CD matures, the customer is entitled to the amount deposited and any interest that has accrued; the customer may also have the ability to elect to either renew or close the account. Typically, the account will automatically renew absent affirmative action by the customer to close the account.
Loan Renewals, Modifications, and Extensions
Generally, a loan account is an account created to track transactions related to a loan that has terms and conditions tailored to the needs and circumstances of the customer, such that the issuance of a new loan would result in a new account relationship. However, once a loan application process is finalized and a loan approved, a financial institution may renew, extend, or otherwise modify the loan without substantively changing the terms or requiring additional underwriting. Industry has also represented that, as with CDs, some loans are subject to automatic renewal, modification, or extension within a specified time and require no action from the customer for that renewal, modification, or extension to take effect.
Commercial Lines of Credit and Credit Cards
A commercial line of credit account is a type of revolving loan account that allows a commercial enterprise to draw upon a predetermined amount of funds and generally use those funds only for specified business purposes. Small businesses rely on this mode of financing to cover short-term needs such as paying suppliers and addressing payroll needs. A business customer can repay the line at any time by making payment to the financial institution through the account, at which point those funds become available for borrowing again. Credit card accounts are revolving accounts, similar to commercial line of credit accounts, that grant the customer a maximum credit limit, which can generally be used repeatedly so long as the limit is not exceeded. The financial institution may change certain terms of a commercial line of credit or of a credit card, such as the credit limit, without requiring the affirmative assent of the customer.
Safe Deposit Boxes
Financial institutions maintain safe deposit boxes within their institutions that they rent to individuals and legal entities to store valuables such as collectibles, documents, and jewelry. While financial institutions do not have access to the contents of a safe deposit box rented to a customer, under the terms of the rental agreement, customers are not permitted to store money or dangerous substances in them. In exchange for the use of the safe deposit box, the customer generally pays a rental fee that is electronically deducted from an account provided to the financial institution. During the rental period, the financial institution has minimal or no communication with the customer, so long as the rental payment is made.
B. Premium Finance Cash Refunds
The Financial Crimes Enforcement Network (FinCEN) has issued a ruling to provide exceptive relief to covered financial institutions with respect to the application of the Beneficial Ownership Requirements for Legal Entity Customers (Beneficial Ownership Rule) to premium finance lending products that allow for cash refunds. Premium finance lenders provide loans to businesses to cover insurance premiums. In the normal course of business, premium finance lenders process a significant number of cash refunds each year. The Beneficial Ownership Rule currently exempts covered financial institutions from the requirements to identify and verify the identity of the beneficial owner of legal entity customers at account opening to the extent that the legal entity customer opens the account for the purpose of financing insurance premiums and for which payments are remitted directly by the financial institution to the insurance provider or broker unless there is a possibility of cash refunds. This ruling provides exceptive relief to covered financial institutions from the requirements to collect and verify the beneficial owner of a legal entity customer opening such premium financing account when there is a possibility of a cash refund.
VII. FINCEN BENEFICIAL OWNERSHIP GUIDANCE
The Financial Crimes Enforcement Network (FinCEN) has published its first set of guidance materials regarding the upcoming beneficial ownership information (BOI) reporting requirements taking effect on January 1, 2024. The new regulations require many corporations, limited liability companies, and other entities created in or registered to do business in the United States to report information about their beneficial owners—the persons who ultimately own or control the company—to FinCEN.
The following materials are now available on FinCEN’s beneficial ownership information reporting webpage, www.fincen.gov/boi:
FinCEN will not be accepting any beneficial ownership information before January 1, 2024. Information on how to submit beneficial ownership information to FinCEN will be forthcoming.
Businesses with questions about the upcoming reporting requirements may contact FinCEN at https://www.fincen.gov/contact.