Even after the U.S. Treasury made permanent exceptive relief after months of temporary, stop-gap extensions for a troublesome piece of a new rule created to get banks to capture key ownership details for corporate customers, there are still a bevy of compliance tangles remaining that could trip up unwary institutions and bring unwanted regulatory attention.
The Financial Crimes Enforcement Network (FinCEN) and the top federal banking agencies, including the Office of the Comptroller of the Currency (OCC), Federal Reserve, and groups like the Federal Financial Institutions Examination Council (FFIEC), have had a challenging few months in trying implement and issue guidance on new customer due diligence rules (CDD) rules, colloquially referred to as the beneficial ownership rule.
The original final rule, released in May of 2016, requires financial institutions to capture beneficial ownership details on certain legal entity customers down to the 25 percent level, or more on a “risk-based basis,” and list a top-level person who exercises managerial control.
Institutions can chiefly rely on what companies provide about their flesh-and-blood owners on a self-certification form.
While that may seem relatively straightforward, the transition to the new obligations – with an implementation date of May 11, 2018 – has been anything but smooth.
In the time period of a few weeks before the final rule until late last month, regulators have issued Questions and Answers (Q&As) that caused industry consternation and brought Congressional quibbling, released two rounds of 90-day and 30-day periods of exceptive relief for unworkable parts of the rule, eventually making them permanent, and issued guidance on how the industry should handle guidance.
The top complaint related to the CDD rule Q&As revolved around annual rollover products that, under current banking laws, mean they become a new account each year, requiring the bank to reach out to accountholders to ensure that no beneficial ownership data has changed.
That resulted in a potential scenario that, if the bank couldn’t get a formal customer response by mail, emails or phone calls that no ownership details for the account or company have changed – and keep getting a response annually – theoretically, the bank could have been in violation of the new ownership obligations for all days after the May 2018 implementation deadline.
All of this has left financial institutions and other groups subject to anti-money laundering (AML) rules still wrestling with the new CDD rules a bit confused about the best way to implement the rules.
That’s because even though FinCEN and banking regulators addressed one glaring piece of harmonic dissonance between the FAQs, updated interagency manual guidelines and actual regulations, there are still a host of pitfalls institutions must navigate for themselves.
Here is a quick update on what has, and hasn’t been addressed, related to FinCEN’s new beneficial ownership rule and what has happened in recent weeks to help bring some clarity to a particularly persnickety piece of newly minted AML duties:
What is the FinCEN CDD beneficial ownership rule
The original final rule, released in May of 2016, requires financial institutions to capture beneficial ownership details on certain legal entity customers down to the 25 percent level, or more on a “risk-based basis,” and list a top-level person who exercises managerial control. Institutions can chiefly rely on what companies provide about their flesh-and-blood owners on a self-certification form.
Though the rule is mainly geared to address an outstanding vulnerability in U.S. financial crime defenses, it also enshrined two compliance best practices: customer risk ranking and transaction monitoring.
These are two bedrock AML processes historically given significant ink in the interagency exam manual – unlike the beneficial ownership rule, which saw the exam manual changed on the date of the rule’s compliance deadline.
What happened to cause industry implementation challenges?
At issue was that just weeks before the May 11, 2018 deadline, FinCEN released dozens of questions and answers (Q&As), which in some ways contrasted with perceived expectations and current regulations – forcing the financial sector to choose between which one to follow.
Through nearly 40 questions across 24 pages, FinCEN tackled a bevy of issues related to the rule, including everything from intermediated securities relationships to reliance on international, public beneficial ownership lists, from what renewal products trip new customer thresholds, to potential pitfalls when nominating notorious nominees.
What was the big deal related to the Q&As?
The April 3 Q&As, while meant to ease fears, promote compliance and address niggling details, also ended up introducing a host of unexpected snags, including new uncertainty about how federal regulators could deem compliance practices “reasonable” and if they should even be able to make those judgements in the first place.
Further making a confusing situation even worse was that on the day the beneficial ownership rules were to take effect, May 11, the regulatory groups behind the AML interagency exam manual – the bible for all groups subject to financial crime obligations – pulled some of the language related to account responsibilities straight from the FinCEN Q&A guidance, further cementing that several nigh impossible scenarios must somehow be followed.
What did FinCEN and banking regulators do to ameliorate the problem?
In the wake of the industry outcry, FinCEN released two stays of the thorny parts of the regulation related to rollover products, one 90 days and one 30 days, before finally issuing permanent exceptive in early September. To view the release, click here.
As well, late last month, the top banking agencies of the United States, in conjunction with the U.S. Treasury, attempted to delineate more clearly what banks should do in crafting financial crime compliance programs related to following laws, regulations or guidance – a likely response to the widespread criticism in the recent implementation of the CDD rules.
The same regulators who worked on the CDD rules, released the Q&As and related pieces of exceptive relief issued guidance on what entities should do when being presented with supervisory guidance – a post that also was a tacit response to issues beyond beneficial ownership when examiners can fault bank AML programs solely on their subjective interpretation of already murky guidance.
In the guidance on guidance response, the agencies made a rare formal statement on a persisting amorphous dynamic: “Unlike a law or regulation, supervisory guidance does not have the force and effect of law, and the agencies do not take enforcement actions based on supervisory guidance.”
Rather, supervisory guidance “outlines the agencies’ supervisory expectations or priorities and articulates the agencies’ general views regarding appropriate practices for a given subject area,” according to regulators.
What pieces of the new CDD rules or related FAQS have been addressed and what others are still remaining to be smoothed out?
Here are some examples of where the latest FAQs have caused consternation in the ranks of many banks, which could have led to the latest guidance on guidance:
- Ownership: Is the 25 percent ownership level a “floor or ceiling?” That could change depending on the risk of the firm, transparency of its ownership structures and believability of its self-certification responses or pickiness of the examiner
- Conclusion: Still unclear
- Lawsuit: If the bank follows what appears to be required by the FAQs, the bank could get sued by individuals and regulators because the questions were released without industry feedback.
- Conclusion: This has only partially been dealt with by the finalized exceptive relief as banks won’t have to fret over the issues around rollover products.
- Lawsuit II: If the bank follows what is in the FAQs, and waits until a customer responds to new ownership questions, that could cause a delay in a business being able to pay their suppliers or settle invoices. The business then could possibly sue the bank for breaching a contract because the bank held up a payment or transaction. This should be handled with the permanent relief.
- Conclusion: Settled by the permanent relief. Banks don’t have to worry about this.
- Deadline: Institutions still don’t know what examiners will be looking for because agencies haven’t yet released an updated interagency exam manual.
- Conclusion: This issue has been settled as the FFIEC released updated manual pages on the implementation deadline day.
- Control: It’s still unclear when, how or what news could constitute a reason for a bank to doubt the sworn statements of someone who may exert “managerial control.”
- Conclusion: Still unclear, so not settled.
- Control II: How does a bank detail control for incorporated clubs, like the Boy Scouts or Lions Clubs? Does a bank name the President of the overall club or a local leader?
- Conclusion: Still unclear, so not settled.
- Renewables: When a certificate of deposit (CD) comes up for a re-up, it constitutes a new “account.” But if the bank attempts to contact the customer to ensure no ownership details changed, and the person rebuffs, it could leave the bank vulnerable.
- Conclusion: Dealt with and settled under the permanent exceptive relief.
Industry guidance and Q&As are meant to be helpful. Were there any issues settled that could help banks?
In a bit of good news buried in the FAQs: FinCEN did address a major industry fear that will help quell some fretting compliance staffers had related to aggregating duties for customer transaction report (CTR) purposes.
At issue: Some banks stated that it would be too expensive and burdensome to catalogue the beneficial owners of certain businesses – for instance, when one owner has two separate, independent businesses doing completely different things – and be required now to cross-check and aggregate every transaction for both businesses as if they are linked.
“Thus, absent indications that the businesses are not operating independently (e.g., the businesses are staffed by the same employees and are located at the same address, the accounts of one business are repeatedly used to pay the expenses of another business or of the common owner), financial institutions should not aggregate transactions involving those businesses with those of each other or with those of the common owner for CTR filing,” according to FinCEN.
Moreover, banks broadly don’t have to include beneficial ownership details when filing CTRs unless they know for sure that a series of transactions breaches the $10,000 threshold is tied to a specific beneficial owner, and not just the person’s businesses.