The Final Rule brings with it a raft of regulatory compliance challenges for financial institutions. While its intention is to promote “uniformity and consistency” to “strengthen the system as a whole by further limiting opportunities for inconsistent application of unclear or unexpressed expectations”, the Client Due Diligence (CDD) Final Rule still contains a lot of vagueness, which leaves the compliance gates wide open to interpretation.
Despite this, FinCEN insists that covered financial institutions should leverage existing technologies, processes and procedures to provide some relief from the regulatory work involved in complying.
Based on our analysis of the Rule, there are four key examples of ambiguity around the regulatory expectations for CDD and beneficial ownership data management that covered financial institutions (FIs) should be aware of, and some examples of how they can navigate and alleviate some of these challenges:
Connecting the data: An enterprise-wide single client view
On the one hand, the Final Rule (CDD) states that covered financial institutions must verify the existence of an identified beneficial owner but do not need to verify the accuracy of the information obtained. This means that covered institutions can rely on the information provided by the customer on the proviso that the institution is not aware of any information that would call the reliability of the information into question.
The challenge here is that covered FIs may now be held responsible for knowledge that exists in one part of the bank, even if it’s separate from the compliance / CDD function responsible for obtaining beneficial ownership on new accounts.
To counter this, covered financial institutions will need to ensure appropriate collection and seamless sharing of beneficial ownership information right across their organisation. Once this information has been captured by the institution, the ultimate responsibility lies with the covered FI to connect the data internally and apply it across every part of the organisation – both domestically and globally (data protection laws permitting) to meet the wider AML requirements around transaction monitoring, OFAC screening etc.
Ongoing monitoring: Integration and remediation
FinCEN advocates for the collection of beneficial ownership for new accounts opened or after the applicability date, and mandates for ongoing monitoring to be conducted continuously or periodically on an event-driven basis. However, there is a certain level of ambiguity as to what is exactly expected by regulators regarding the extent and frequency of updating such information.
To perform ongoing monitoring and to capture event-driven material changes in a customer’s risk profile in line with FinCEN’s Final Rule (CDD), covered FIs will need to firstly build an accurate ‘baseline’ customer risk profile. To reach this baseline level, covered FIs may need to undertake data remediation projects of existing accounts (pre-applicability date) to enhance or complete the information required to capture materially significant event-driven changes.
To ensure that event-driven changes are captured appropriately, the customer risk profile should be incorporated into transaction monitoring and, vice versa, information captured through the course of transaction monitoring reviews that may impact a customer’s risk profile should be updated in the customer profile too. This information needs to be captured regardless of when the account was opened.
If a covered FI detects “information relevant to assessing or re-evaluating” the customer’s risk, they must update customer information, including collecting or updating beneficial ownership information.
To achieve this, covered FIs will need to ensure that their systems are integrated and can be updated automatically, prompting a compliance review when required (when materially significant changes are detected). FIs not equipped to do this will find that they will be forced to conduct full CDD reviews for each and every legal entity client, which is a laborious, time-consuming and expensive exercise.
Offboarding after five years
The BSA CIP requires covered FIs to retain compliance records for five years after the account is closed. There was an initial reference to maintaining beneficial ownership for five years from the date the record was created, however, the FinCEN Final Rule (CDD) includes a revised proposal relating to beneficial owner records and notes that “at a minimum, the record must include, for identification, any identifying information obtained by the covered financial institution”.
To manage what can become quite a voluminous record keeping process, covered FIs may wish to deploy an offboarding process for dormant or non-used accounts after the five-year mark has passed. This will save them the cost and resources associated with performing ongoing due diligence on non-used accounts that have surpassed the obligated timeframe under FinCEN.
The challenge of repapering
Covered financial institutions may also need to amend documentation and contracts pertaining to applications, onboarding and loans to incorporate updated nomenclature and covenants outlining the legal entity customer’s obligation to co-operate fully with a bank’s CDD rules pursuant to the FinCEN Final Rule (CDD). This will require an educational outreach program to communicate the changes required to comply with the FinCEN Rule.
With just six months to go before the Rule kicks in, there is a still a lot of work to be done by covered FIs to achieve even a baseline approach to compliance. FinCEN represents yet another layer of regulatory and operational complexity on top of existing regulatory and operational challenges.
Automation will be critical to achieving data compliance in an efficient and effective way. By automating the compliance process, covered FIs will have the ability to deliver a consistent and demonstrable compliance process that can be future-proofed to help them ensure ongoing compliance in the face of circumstantial change.