Summary Response to Public Comments 2016 CDD Rule

2016 CDD Summary of comments and response to public comments-FR clean .docx

Customer Due Diligence Requirements for Financial Institutions

Summary Response to Public Comments 2016 CDD Rule

OMB: 1506-0070

Document [docx]
Download: docx | pdf

Summary of Public Comments, Major Provisions of the CDD Rule, and Response

to the Public Comments




Summary of Specific Comments


In response to the Notice of Proposed Public Rulemaking (“NPRM”) FinCEN issued on August 4, 2014, FinCEN received 141 comments from financial institutions, trade associations, Federal and State agencies, non-governmental organizations, members of Congress, and other individuals. The great majority of the private sector commenters, which were primarily banks, credit unions, and their trade associations, asserted that the proposed beneficial ownership requirement would be very burdensome to implement and require more than the proposed 12 months, would be far more expensive than estimated by FinCEN, and would not achieve the proposal’s expressed goals.


The commenters addressed many aspects of the proposed beneficial ownership

requirement, including the use of the proposed certification form; the extent to which a

covered financial institution may rely on the information provided by the customer; the

meaning of verification and the extent to which it would be required; the application of

the requirement to existing customers; the extent to which the information would need to

be updated; and the definitions of beneficial ownership and legal entity customer and the

proposed exclusions from those definitions.


Commenters raised a number of questions regarding the proposed certification

form, including whether beneficial owner information must be obtained through the

certification form or could be obtained by other means; whether the certification form

should be an official government form; and who is authorized to sign the certification

form on behalf of the customer. Many urged FinCEN to treat the receipt of the

certification form as a “safe harbor,” similar to the treatment of the certification used for

compliance with the foreign shell bank regulation.1 Commenters submitted several other

comments and suggestions regarding the information to be included in the certification

form.


Many commenters sought clarification regarding the verification requirement and

the extent to which a financial institution may rely on the information submitted by its

customer. Financial institutions also pointed out that there would be difficulties with

adopting “identical” procedures to those used for verifying the identity of individual

customers as done for CIP. Moreover, many commenters noted the practical difficulties

resulting from the fact that there is no authoritative source for beneficial ownership

information of legal entities, as there is no requirement for U.S. States to collect this

information at the time a company is formed. Commenters also sought guidance

regarding how they should utilize the beneficial ownership information once collected

and how its availability would impact compliance with other obligations.


While many private sector commenters noted that the proposed definition of

beneficial owner was an improvement over the definition discussed in the ANPRM, some

sought greater clarity about the meaning of “indirect” ownership and guidance regarding

how the percentage of ownership held indirectly should be measured in specific

situations, as well as clarification of the meaning of “equity interest.” They also

suggested eliminating any reference to using a 10 percent threshold on a risk basis, so as

to reduce the likelihood of examiners requiring a threshold lower than the 25 percent

specified in the proposed rule. On the other hand, non-governmental organizations and

many individuals asserted that the proposed 25 percent ownership threshold is too high

and that it should be lowered to 10 percent (or eliminated entirely) in the final rule.


A number of commenters urged clarification of the proposed definition of “legal

entity customer,” and many urged expansion of the proposed exclusions from the

definition to include, for example, accounts opened to participate in employee benefit

plans subject to the Employee Retirement Income Security Act of 1974 (ERISA) and

accounts for foreign publicly traded companies, regulated financial institutions, and

governmental entities. Many commenters also noted difficulties in applying the proposed

exclusion for nonprofits and urged FinCEN to simplify it. Commenters also sought

clarification regarding whether beneficial ownership would need to be obtained each time

a legal entity customer opens a new account after the rule’s compliance deadline, and to

what extent the information would need to be updated. Some commenters also sought to

exempt from the beneficial ownership requirement certain categories of financial products that they contended presented a low risk of money laundering.


Many comments also addressed the proposed amendments to the AML program

rules, including urging FinCEN to clarify the proposed requirement to understand the

nature and purpose of the customer relationship and the meaning of “customer risk

profile” and of the proposed requirement to conduct ongoing monitoring to update

customer information, separate from monitoring to detect and report suspicious activity.


Some commenters representing the securities and futures industries asserted that,

contrary to assumptions in the NPRM, these are not in fact existing requirements in those

industries, and that such requirements would be burdensome and of little utility. Some

commenters also questioned statements in the preamble that the proposed requirements

would not reduce or limit the due diligence expectations of the Federal functional

regulators or their regulatory discretion, asserting that such an approach would undermine

the clarity and consistency that FinCEN is seeking to provide by the proposed rules.

Finally, a great majority of the comments stated that the proposed 12-month

implementation period following issuance of a final rule would not be adequate to

implement the necessary modifications to their data systems, customer on-boarding

procedures, employee training, and other requirements, and sought a period of at least 18-

24 months.


Based on the comments addressing the potential cost of implementing the

requirement, FinCEN conducted outreach to a number of the financial institution

commenters to obtain additional information regarding the anticipated costs of

implementing the proposed requirements. As a result of the limited information received

from these discussions, Treasury prepared a preliminary Regulatory Impact Assessment

(RIA) that was made available for comment on December 24, 2015 (80 FR 80308).

FinCEN received 38 comments on this preliminary assessment; a summary of the

comments we received and the final RIA is included in the Regulatory Analysis section

of the preamble.


All of the substantive comments received on the NPRM, FinCEN’s response, and

resulting modifications to the final rule are discussed in detail in the Section- by-Section Analysis.


General Comments and FinCEN’s Response


Regulatory deference. Commenters raised a number of general comments regarding this rulemaking. Several commenters took issue with the following statement in the NPRM (which we reiterate here as modified for this final rule).2


Nothing in this final rule is intended to lower, reduce, or limit the due diligence

expectations of the Federal functional regulators or in any way limit their existing

regulatory discretion. To clarify this point, the final rule incorporates the CDD

elements on nature and purpose and ongoing monitoring into FinCEN’s existing

AML program requirements, which generally provide that an AML program is

adequate if, among other things, the program complies with the regulation of its

Federal functional regulator (or, where applicable, self-regulatory organization

(SRO)) governing such programs.3 In addition, the Treasury Department intends

for the requirements contained in the customer due diligence and beneficial

ownership final rules to be consistent with, and not to supersede, any regulations,

guidance or authority of any Federal banking agency, the Securities and Exchange

Commission (SEC), the Commodity Futures Trading Commission (CFTC), or of

any SRO relating to customer identification, including with respect to the

verification of the identities of legal entity customers.


These commenters contended, among other things, that these statements were

unduly deferential to the Federal functional regulators, and would serve to undermine

rather than promote clear and consistent CDD standards across financial sectors. They

accordingly urged FinCEN to strike this language from the final rulemaking.

FinCEN appreciates the concerns about uneven and inconsistent application of

CDD standards that underlie these comments, but nevertheless believes that these

statements are an important articulation of FinCEN’s understanding of what it is—and is

not—accomplishing by this rulemaking. At their core, these statements in the NPRM and

this final rule preamble articulate the nature of the relationship of FinCEN’s rulemaking

authority with that of the Federal functional regulators4—that is, as with all BSA

rulemakings, FinCEN determines the appropriate minimum regulatory standards that

should apply across an industry. From that baseline, the Federal functional regulators

have authority to establish AML program requirements in addition to those established by

FinCEN that they determine are necessary and appropriate to address risk or vulnerabilities specific to the financial institutions they regulate. This is particularly true

within the context of separate but related concerns that exist for these institutions beyond

the strict scope of AML, such as in the area of safety and soundness. These statements

simply reflect this basic reality of the existing regulatory framework. Furthermore, as we

have maintained throughout this rulemaking process, one of our overarching goals was to

clarify and harmonize expectations while at the same time minimizing disruption to the

greatest extent possible. Accordingly, we believe that it is critical to make clear—

especially with respect to the changes to the AML program rules—that these standards

simply articulate current practices pursuant to existing standards and expectations, in

order to facilitate implementation and minimize the burden on financial institutions. We

believe that leveraging the experience accrued from interpretation of and compliance

with prior regulations and guidance that have already been issued in this space will be a

net benefit to financial institutions. As FinCEN explained in the proposal, these

requirements represent a floor, not a ceiling, and, consistent with the risk-based approach,

financial institutions may do more in circumstances of heightened risk, as well as to

mitigate risks generally.


Compliance Deadline. Most commenters strongly opposed FinCEN’s proposal for a compliance deadline of one year from the date the final rule is issued, identifying a wide range of changes to systems and processes that would be required in order to implement the rule. Many of these commenters requested that FinCEN provide financial institutions two years to implement the final rule. Based on the well-founded, detailed explanations put forth by these commenters of the difficulties that would arise from a one-year implementation period, FinCEN is extending the period for implementation to two years from the date this final rule is issued (the Applicability Date).




Summary of the Response and Major Provisions of the CDD Final Rule


1. Beneficial Ownership


Beginning on the Applicability Date, covered financial institutions5 must identify

and verify the identity of the beneficial owners of all legal entity customers (other than

those that are excluded) at the time a new account is opened (other than accounts that are

exempted). The financial institution may comply either by obtaining the required

information on a standard certification form (Certification Form (Appendix A)) or by any

other means that comply with the substantive requirements of this obligation. The

financial institution may rely on the beneficial ownership information supplied by the

customer, provided that it has no knowledge of facts that would reasonably call into

question the reliability of the information. The identification and verification procedures

for beneficial owners are very similar to those for individual customers under a financial

institution’s customer identification program (CIP),6 except that for beneficial owners,

the institution may rely on copies of identity documents. Financial institutions are

required to maintain records of the beneficial ownership information they obtain, and

may rely on another financial institution for the performance of these requirements, in

each case to the same extent as under their CIP rule.


The terms used for the purposes of this final rule, including account, beneficial

ownership, legal entity customer, excluded legal entities, new account, and covered

financial institution, are set forth in the final rule.


Financial institutions should use beneficial ownership information as they use

other information they gather regarding customers (e.g., through compliance with CIP

requirements), including for compliance with the Office of Foreign Assets Control

(OFAC) regulations, and the currency transaction reporting (CTR) aggregation

requirements.


2. Anti-Money Laundering Program Rule Amendments.


The AML program requirement for each category of covered financial institutions

is being amended to explicitly include risk-based procedures for conducting ongoing

customer due diligence, to include understanding the nature and purpose of customer

relationships for the purpose of developing a customer risk profile.


A customer risk profile refers to the information gathered about a customer at account opening used to develop a baseline against which customer activity is assessed for suspicious activity reporting. This may include self-evident information such as the type of customer or type of account, service, or product. The profile may, but need not,

include a system of risk ratings or categories of customers.


In addition, customer due diligence also includes conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update

customer information. For these purposes, customer information shall include

information regarding the beneficial owners of legal entity customers (as defined in §

1010.230). The first clause of paragraph (ii) sets forth the requirement that financial

institutions conduct monitoring to identify and report suspicious transactions. Because

this includes transactions that are not of the sort the customer would be normally

expected to engage, the customer risk profile information is used (among other sources)

to identify such transactions. This information may be integrated into the financial

institution’s automated monitoring system, and may be used after a potentially suspicious

transaction has been identified, as one means of determining whether or not the identified

activity is suspicious.


When a financial institution detects information (including a change in beneficial

ownership information) about the customer in the course of its normal monitoring that is

relevant to assessing or reevaluating the risk posed by the customer, it must update the

customer information, including beneficial ownership information. Such information

could include, e.g., a significant and unexplained change in the customer’s activity, such

as executing cross-border wire transfers for no apparent reason or a significant change in

the volume of activity without explanation. It could also include information indicating a

possible change in the customer’s beneficial ownership, because such information could

also be relevant to assessing the risk posed by the customer. This applies to all legal

entity customers, including those existing on the Applicability Date.


This provision does not impose a categorical requirement that financial institutions must update customer information, including beneficial ownership

information, on a continuous or periodic basis. Rather, the updating requirement is

event-driven, and occurs as a result of normal monitoring.




1 31 CFR 1010.630(b).

2 The original statement can be found at 79 FR 45152 (Aug. 4, 2014).

3 See, e.g., 31 CFR 1020.210, which currently provides that a financial institution regulated by a Federal

functional regulator that is not subject to the regulations of a self-regulatory organization shall be deemed

to satisfy the requirements of 31 U.S.C. 5318(h)(1) if it implements and maintains an anti-money

laundering program that complies with the regulation of its Federal functional regulator governing such

programs. (emphasis added).


4 Where appropriate, working closely with Federal functional regulators may involve consulting with the

applicable SROs in the securities and futures/commodities industries.


5 The term “covered financial institution” refers to: (i) banks; (ii) brokers or dealers in securities; (iii)

mutual funds; and (iv) futures commission merchants and introducing brokers in commodities.

6 31 CFR 1020.220, 1023.220, 1024.220, 1026.220.


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
AuthorStephenson, Russell
File Modified0000-00-00
File Created2021-01-23

© 2024 OMB.report | Privacy Policy