Since the Financial Crimes Enforcement Network’s (FinCEN) final rule regarding Customer Due Diligence (CDD) was introduced last year, US regulators expect obliged entities to identify beneficial owners of their business customers, along with verifying their identity. It’s not only the initial onboarding procedures that are necessary — there needs to be a special program in place to maintain beneficial ownership records.
Banks must have procedures to maintain and update customer information, including beneficial ownership information for legal entity customers, on the basis of risk. #AML #UBO — Federal Financial Institutions Examination Council
How, then, does an organization operate such a program, but also contain costs and not burden its customers with excessive paperwork?
Changes in risk levels based on event-driven triggers
While there was no legal obligation to go back and check existing accounts for beneficial ownership information, ongoing monitoring of accounts is still a requirement. If such monitoring surfaces a change in risk levels, further due diligence is necessitated, and checks on beneficial ownership must ensue.
The changes in risk levels may include the following event-driven triggers:
- Significant and unexplained changes in account activity
- Changes in employment or business operation
- Changes in ownership of a business entity
- Red flags identified through suspicious activity monitoring
- Receipt of law enforcement inquiries and requests such as criminal subpoenas, National Security Letters (NSL), and section 314(a) requests
- Results of negative media search programs
- Length of time since customer information was gathered and the customer risk profile assessed
It’s important to note that a triggering event is a risk-based determination; does the event significantly change the risk profile of the customer? For example, if an individual, who has been determined to be a beneficial owner, makes an address change, the change in risk level may be considered insignificant. On the other hand, if the new address is in a different country, the change in risk level may be significant — particularly if the country is considered high-risk.
The determination should be clear and must depend on the specific criteria of an entity’s Anti-Money Laundering (AML) compliance program. The program must take into account the nature and purpose of the customer’s business and the risk profile it presents. It must provision appropriate responses should a material change in a customer’s information take place.
When will customer relationships be reviewed? Who will perform the review? What specific information will they be looking for? These are vital questions; a robust and thorough AML compliance program should outline these procedures and iron out their practical details to ensure that if events do occur, appropriate due diligence steps are taken. The procedures should also employ effective control, review and audit processes to deliver reliable and robust compliance measures.
Maintaining accuracy of data may be difficult, but it’s necessary
How does an obliged entity determine that the beneficial ownership information they have is accurate? It’s important to note:
“A covered financial need not independently investigate the legal entity customer’s ownership structure and may accept and reasonably rely on the information regarding the status of beneficial owners presented to the financial institution by the legal entity customer’s representative, provided that the institution has no knowledge of facts that would reasonably call into question the reliability of the information.”
Therefore, while a financial institution can accept information from the customer, they have to consider the reasonableness of the information. Identity and document verification procedures to check accuracy and validity are reasonable steps. Any hint of a potential problem should call for extra due diligence; information that doesn’t match up, phone numbers that don’t work, adverse media coverage, problems discerned through the application process, are all red flags that call for extra information and more scrutiny.
Maintaining best practices for beneficial ownership records keeping is a smart risk mitigation strategy. Proper beneficial ownership records help sustain an effective regulatory compliance program, besides helping organizations prevent fraud. Ultimately, such practices are indispensable in building trust, and growing relationships with customers.
Business Verification (KYB)Enhanced Due Diligence Procedures for High-Risk Customers
Identity VerificationProof of Address — Quickly and Accurately Verify Addresses
Business Verification (KYB)How to Verify Legitimate Businesses and Merchants