Article 6 min

FinCEN CDD Rule: New Customer Due Diligence Requirements

FinCEN CDD Final Rule

FinCEN CDD Final Rule
The Final Rule refers to new FinCEN rules with the applicability date of May 11, 2018 regarding customer due diligence (CDD) requirements. Under the FinCEN CDD Rule, collecting, maintaining and reporting of beneficial ownership information is now a requirement for financial institutions.

That is to say, as stated in the Federal Register, banks and brokers/dealers “must identify and verify the identity of the beneficial owners of all legal entity customers (other than those that are excluded) at the time a new account is opened (other than accounts that are exempted).”

These procedures are similar in nature to Customer Identification Program (CIP) requirements for individuals, but extended to the actual beneficial owner of the entity. As stated by the Government Publishing Office, the “CIP must include risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable.”

As opposed to being prescriptive and stating exact requirements, these requirements call for best practices; understanding the intent of the rules, what procedures are working and effective, and how to apply those systems to your particular business.

Intent of the Final Rule

The big picture is that the US government wants to prevent money laundering and terrorist financing and has been modifying its laws over the years to close various loopholes. The Bank Secrecy Act (BSA), amended by the Patriots Act, provides authority to The Treasury to require financial institutions to record and file reports, and these powers are delegated to FinCEN.

As witnessed by the Panama Papers and the recent Paradise Papers, using offshore accounts, nominees, trusts, shell companies, and various other legal obfuscation methods provides a method to hide funds, evade taxes, launder money and otherwise distort the transparency and regulation of financial flows. Thus, the need to determine beneficial ownership was enacted by FinCEN on July 11, 2016.

Customer Due Diligence Best Practices

There are four elements the FinCEN considers crucial when performing due diligence:

(1) Customer identification and verification,
(2) beneficial ownership identification and verification,
(3) understanding the nature and purpose of customer relationships to develop a customer risk profile,
(4) ongoing monitoring for reporting suspicious transactions and, on a risk-basis, maintaining and updating customer information.

As numbers one, three, and four, were previously in place from prior legislation, let’s examine beneficial ownership identification and verification.

When identifying and verifying beneficial ownership, you can use information supplied by the customer, as long as you have “no knowledge of facts that would reasonably call into question the reliability of the information.” Thus, collecting beneficial ownership for any account opening is probably a good standard procedure. Also, it is worth noting that it is acceptable to use copies of original documents.

The new rules are not retroactive. In other words, there’s no need to acquire beneficial ownership information on every existing client. FinCEN felt that requirement would be too burdensome on the institutions.

However, it’s not just account opening where this beneficial ownership information is required. If, in the course of monitoring the account, the risk profile significantly changes, then the customer information — including beneficial ownership — must be updated. As accounts change, for example new transaction types or amounts, or new ownership, they then fall under coverage of the new final rule.

Beneficial Owner

According to FinCEN, the definition of beneficial owner is:

(1) Each individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25 percent or more of the equity interests of a legal entity customer;

(2) A single individual with significant responsibility to control, manage, or direct a legal entity customer, including:
(i) An executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or
(ii) Any other individual who regularly performs similar functions.

(3) If a trust owns directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, the beneficial owner shall mean the trustee.

Note, there are two prongs of beneficial ownership, the Ownership Prong and the Control Prong. There needs to be at least one person under the Control Prong (definition #2). There’s not necessarily an Ownership Prong, as there might not be one person with an ownership level of 25 percent or more.

There’s no obligation for the institution to run calculations on ownership level, as that is provided by the customer. Nor is there an obligation to determine if layering of ownership is occurring to stay below the 25 percent threshold.

While there are not specific obligations to examine ownership claims, there’s the obligation to report any suspicious activity; there’s also the risk-based criteria to take reasonable and practicable procedures to ensure that proper identity verification procedures — including beneficial ownership — are taken.

According to Money Laundering Watch, a blog by the White Collar Defense/Internal Investigations Group at Ballard Spahr LLP, “Many financial institutions already identify persons who own at least 10% of a legal entity customer.” The old adage, better safe than sorry, might come into play here; why take the risk of letting illicit funds into your system? If a significant number of accounts are entering your system that are layering or otherwise providing inaccurate or misleading beneficial ownership information are your systems reasonable?

Also note the third due diligence requirement, obtaining enough information to develop a risk profile. It might be argued that not gathering enough beneficial ownership information hinders the ability to accurately gauge the risk profile.


Collecting beneficial ownership information is not enough. At the minimum, you are required to run those names through an OFAC screening. Just as you are required to screen an individual customer to ensure that they are not on various money laundering or terrorist financing watch lists, you need to screen any and all beneficial owners.

Remember, all these new steps need to be in place before May 11, 2018. Your AML strategies, policies, procedures, onboarding steps, monitoring and training will need appropriate adjustments before then. If you’d like to learn more, download our Whitepaper: