Financial regulators in the U.S. have a reputation for strict enforcement of their rules, especially since the end of the global financial crisis with U.S. banks being hit with a whopping $204 billion in fines. However, recent events have raised questions about the potential weaknesses in the country’s regulatory framework.

The leak of the now infamous Panama Papers in April 2016 has drawn global attention to the use of off-shore shell companies by high-profile individuals to avoid paying income taxes in their home countries. As the names of many high-profile politicians from around the world were found to have ties to the law firm in Panama that set up the companies, the U.S. Department of Justice has already been actively investigating over 200 U.S. citizens named in the Panama Papers.

In addition, other media reports have revealed that the U.S. itself was found to be a country of choice for setting up shell companies. For example, the state of Nevada is home to 1,260 of the companies named in the Panama Papers.

Regulators Get Tough on Foreign Ownership

The response from U.S. regulators has been swift and decisive. The U.S. Department of the Treasury published a blog post in April soon after the release of the Panama Papers, hinting that it would quickly address the serious concerns raised as a result of the leak. Within a few weeks, they announced proposed regulations for foreign-owned limited liability corporations (LLCs) in the U.S. that would require them to register with the Internal Revenue Service (IRS) and provide significant information to the IRS about ownership.

Following the proposed regulations, the Financial Crimes Enforcement Network (FinCEN), a bureau within the Treasury department, released its final rules surrounding customer due diligence (CDD) for financial institutions. The updated rules will require financial institutions to both identify and verify the beneficial owners behind shell companies and other types of businesses including LLCs. There will also be a new requirement added to the existing anti-money laundering (AML) obligations – financial institutions must start using customer risk profiles, monitor for suspicious activity on an ongoing basis, and keep customer information updated based on level of risk.

Preparing for New Measures

Financial institutions are already preparing for these new CDD rules that will go into effect in May 2018. In addition, there are other U.S. regulators, such as the Office of Foreign Assets Control (OFAC), that also have strict CDD requirements that must also be met.

Here are some best practices that financial institutions can put in place now:

Know Your Customer
Having a know your customer (KYC) program in place is vital in order to comply with OFAC sanctions, export controls, and laws related to business conduct like the Foreign Corrupt Practices Act (FCPA). Identity verification plays a key role in this process and should be given serious consideration, if it is not already being used.

Ask the Right Questions
Ensure that appropriate questions are being asked of customers in order to gain an understanding of who you’re dealing with. Failing to do this during the onboarding process could be seen as willful negligence by regulators and law enforcement.

Determine Risk
Since CDD is risk-based, financial institutions must build their due diligence requirement based on the assessed level of risk of their customers. This is usually determined by the type of business and the associated risks related to the industry.

Stay Current
In the inevitable likelihood of future regulatory updates, financial institutions need to stay abreast of developments and changes to regulations. It is expected that some entities currently exempt from certain Bank Secrecy Act (BSA) AML requirements may become required to report information to FinCEN under Geographic Targeting Orders (GTOs), such as real estate transactions.

“The financial services industry is setting new standards for trust and transparency,” said Jon Jones, President at Trulioo. “By being proactive through implementing strong AML/KYC programs, financial institutions can reduce their exposure to risk and financial crime and keep out bad actors.”