Summary of Public Comments, Major Provisions of the CDD Rule, and Response
to the Public Comments
Summary of Specific Comments
In response to the Notice of Proposed Public Rulemaking (“NPRM”) FinCEN issued on August 4, 2014, FinCEN received 141 comments from financial institutions, trade associations, Federal and State agencies, non-governmental organizations, members of Congress, and other individuals. The great majority of the private sector commenters, which were primarily banks, credit unions, and their trade associations, asserted that the proposed beneficial ownership requirement would be very burdensome to implement and require more than the proposed 12 months, would be far more expensive than estimated by FinCEN, and would not achieve the proposal’s expressed goals.
The commenters addressed many aspects of the proposed beneficial ownership
requirement, including the use of the proposed certification form; the extent to which a
covered financial institution may rely on the information provided by the customer; the
meaning of verification and the extent to which it would be required; the application of
the requirement to existing customers; the extent to which the information would need to
be updated; and the definitions of beneficial ownership and legal entity customer and the
proposed exclusions from those definitions.
Commenters raised a number of questions regarding the proposed certification
form, including whether beneficial owner information must be obtained through the
certification form or could be obtained by other means; whether the certification form
should be an official government form; and who is authorized to sign the certification
form on behalf of the customer. Many urged FinCEN to treat the receipt of the
certification form as a “safe harbor,” similar to the treatment of the certification used for
compliance with the foreign shell bank regulation.1 Commenters submitted several other
comments and suggestions regarding the information to be included in the certification
form.
Many commenters sought clarification regarding the verification requirement and
the extent to which a financial institution may rely on the information submitted by its
customer. Financial institutions also pointed out that there would be difficulties with
adopting “identical” procedures to those used for verifying the identity of individual
customers as done for CIP. Moreover, many commenters noted the practical difficulties
resulting from the fact that there is no authoritative source for beneficial ownership
information of legal entities, as there is no requirement for U.S. States to collect this
information at the time a company is formed. Commenters also sought guidance
regarding how they should utilize the beneficial ownership information once collected
and how its availability would impact compliance with other obligations.
While many private sector commenters noted that the proposed definition of
beneficial owner was an improvement over the definition discussed in the ANPRM, some
sought greater clarity about the meaning of “indirect” ownership and guidance regarding
how the percentage of ownership held indirectly should be measured in specific
situations, as well as clarification of the meaning of “equity interest.” They also
suggested eliminating any reference to using a 10 percent threshold on a risk basis, so as
to reduce the likelihood of examiners requiring a threshold lower than the 25 percent
specified in the proposed rule. On the other hand, non-governmental organizations and
many individuals asserted that the proposed 25 percent ownership threshold is too high
and that it should be lowered to 10 percent (or eliminated entirely) in the final rule.
A number of commenters urged clarification of the proposed definition of “legal
entity customer,” and many urged expansion of the proposed exclusions from the
definition to include, for example, accounts opened to participate in employee benefit
plans subject to the Employee Retirement Income Security Act of 1974 (ERISA) and
accounts for foreign publicly traded companies, regulated financial institutions, and
governmental entities. Many commenters also noted difficulties in applying the proposed
exclusion for nonprofits and urged FinCEN to simplify it. Commenters also sought
clarification regarding whether beneficial ownership would need to be obtained each time
a legal entity customer opens a new account after the rule’s compliance deadline, and to
what extent the information would need to be updated. Some commenters also sought to
exempt from the beneficial ownership requirement certain categories of financial products that they contended presented a low risk of money laundering.
Many comments also addressed the proposed amendments to the AML program
rules, including urging FinCEN to clarify the proposed requirement to understand the
nature and purpose of the customer relationship and the meaning of “customer risk
profile” and of the proposed requirement to conduct ongoing monitoring to update
customer information, separate from monitoring to detect and report suspicious activity.
Some commenters representing the securities and futures industries asserted that,
contrary to assumptions in the NPRM, these are not in fact existing requirements in those
industries, and that such requirements would be burdensome and of little utility. Some
commenters also questioned statements in the preamble that the proposed requirements
would not reduce or limit the due diligence expectations of the Federal functional
regulators or their regulatory discretion, asserting that such an approach would undermine
the clarity and consistency that FinCEN is seeking to provide by the proposed rules.
Finally, a great majority of the comments stated that the proposed 12-month
implementation period following issuance of a final rule would not be adequate to
implement the necessary modifications to their data systems, customer on-boarding
procedures, employee training, and other requirements, and sought a period of at least 18-
24 months.
Based on the comments addressing the potential cost of implementing the
requirement, FinCEN conducted outreach to a number of the financial institution
commenters to obtain additional information regarding the anticipated costs of
implementing the proposed requirements. As a result of the limited information received
from these discussions, Treasury prepared a preliminary Regulatory Impact Assessment
(RIA) that was made available for comment on December 24, 2015 (80 FR 80308).
FinCEN received 38 comments on this preliminary assessment; a summary of the
comments we received and the final RIA is included in the Regulatory Analysis section
of the preamble.
All of the substantive comments received on the NPRM, FinCEN’s response, and
resulting modifications to the final rule are discussed in detail in the Section- by-Section Analysis.
General Comments and FinCEN’s Response
Regulatory deference. Commenters raised a number of general comments regarding this rulemaking. Several commenters took issue with the following statement in the NPRM (which we reiterate here as modified for this final rule).2
Nothing in this final rule is intended to lower, reduce, or limit the due diligence
expectations of the Federal functional regulators or in any way limit their existing
regulatory discretion. To clarify this point, the final rule incorporates the CDD
elements on nature and purpose and ongoing monitoring into FinCEN’s existing
AML program requirements, which generally provide that an AML program is
adequate if, among other things, the program complies with the regulation of its
Federal functional regulator (or, where applicable, self-regulatory organization
(SRO)) governing such programs.3 In addition, the Treasury Department intends
for the requirements contained in the customer due diligence and beneficial
ownership final rules to be consistent with, and not to supersede, any regulations,
guidance or authority of any Federal banking agency, the Securities and Exchange
Commission (SEC), the Commodity Futures Trading Commission (CFTC), or of
any SRO relating to customer identification, including with respect to the
verification of the identities of legal entity customers.
These commenters contended, among other things, that these statements were
unduly deferential to the Federal functional regulators, and would serve to undermine
rather than promote clear and consistent CDD standards across financial sectors. They
accordingly urged FinCEN to strike this language from the final rulemaking.
FinCEN appreciates the concerns about uneven and inconsistent application of
CDD standards that underlie these comments, but nevertheless believes that these
statements are an important articulation of FinCEN’s understanding of what it is—and is
not—accomplishing by this rulemaking. At their core, these statements in the NPRM and
this final rule preamble articulate the nature of the relationship of FinCEN’s rulemaking
authority with that of the Federal functional regulators4—that is, as with all BSA
rulemakings, FinCEN determines the appropriate minimum regulatory standards that
should apply across an industry. From that baseline, the Federal functional regulators
have authority to establish AML program requirements in addition to those established by
FinCEN that they determine are necessary and appropriate to address risk or vulnerabilities specific to the financial institutions they regulate. This is particularly true
within the context of separate but related concerns that exist for these institutions beyond
the strict scope of AML, such as in the area of safety and soundness. These statements
simply reflect this basic reality of the existing regulatory framework. Furthermore, as we
have maintained throughout this rulemaking process, one of our overarching goals was to
clarify and harmonize expectations while at the same time minimizing disruption to the
greatest extent possible. Accordingly, we believe that it is critical to make clear—
especially with respect to the changes to the AML program rules—that these standards
simply articulate current practices pursuant to existing standards and expectations, in
order to facilitate implementation and minimize the burden on financial institutions. We
believe that leveraging the experience accrued from interpretation of and compliance
with prior regulations and guidance that have already been issued in this space will be a
net benefit to financial institutions. As FinCEN explained in the proposal, these
requirements represent a floor, not a ceiling, and, consistent with the risk-based approach,
financial institutions may do more in circumstances of heightened risk, as well as to
mitigate risks generally.
Compliance Deadline. Most commenters strongly opposed FinCEN’s proposal for a compliance deadline of one year from the date the final rule is issued, identifying a wide range of changes to systems and processes that would be required in order to implement the rule. Many of these commenters requested that FinCEN provide financial institutions two years to implement the final rule. Based on the well-founded, detailed explanations put forth by these commenters of the difficulties that would arise from a one-year implementation period, FinCEN is extending the period for implementation to two years from the date this final rule is issued (the Applicability Date).
Summary of the Response and Major Provisions of the CDD Final Rule
1. Beneficial Ownership
Beginning on the Applicability Date, covered financial institutions5 must identify
and verify the identity of the beneficial owners of all legal entity customers (other than
those that are excluded) at the time a new account is opened (other than accounts that are
exempted). The financial institution may comply either by obtaining the required
information on a standard certification form (Certification Form (Appendix A)) or by any
other means that comply with the substantive requirements of this obligation. The
financial institution may rely on the beneficial ownership information supplied by the
customer, provided that it has no knowledge of facts that would reasonably call into
question the reliability of the information. The identification and verification procedures
for beneficial owners are very similar to those for individual customers under a financial
institution’s customer identification program (CIP),6 except that for beneficial owners,
the institution may rely on copies of identity documents. Financial institutions are
required to maintain records of the beneficial ownership information they obtain, and
may rely on another financial institution for the performance of these requirements, in
each case to the same extent as under their CIP rule.
The terms used for the purposes of this final rule, including account, beneficial
ownership, legal entity customer, excluded legal entities, new account, and covered
financial institution, are set forth in the final rule.
Financial institutions should use beneficial ownership information as they use
other information they gather regarding customers (e.g., through compliance with CIP
requirements), including for compliance with the Office of Foreign Assets Control
(OFAC) regulations, and the currency transaction reporting (CTR) aggregation
requirements.
2. Anti-Money Laundering Program Rule Amendments.
The AML program requirement for each category of covered financial institutions
is being amended to explicitly include risk-based procedures for conducting ongoing
customer due diligence, to include understanding the nature and purpose of customer
relationships for the purpose of developing a customer risk profile.
A customer risk profile refers to the information gathered about a customer at account opening used to develop a baseline against which customer activity is assessed for suspicious activity reporting. This may include self-evident information such as the type of customer or type of account, service, or product. The profile may, but need not,
include a system of risk ratings or categories of customers.
In addition, customer due diligence also includes conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update
customer information. For these purposes, customer information shall include
information regarding the beneficial owners of legal entity customers (as defined in §
1010.230). The first clause of paragraph (ii) sets forth the requirement that financial
institutions conduct monitoring to identify and report suspicious transactions. Because
this includes transactions that are not of the sort the customer would be normally
expected to engage, the customer risk profile information is used (among other sources)
to identify such transactions. This information may be integrated into the financial
institution’s automated monitoring system, and may be used after a potentially suspicious
transaction has been identified, as one means of determining whether or not the identified
activity is suspicious.
When a financial institution detects information (including a change in beneficial
ownership information) about the customer in the course of its normal monitoring that is
relevant to assessing or reevaluating the risk posed by the customer, it must update the
customer information, including beneficial ownership information. Such information
could include, e.g., a significant and unexplained change in the customer’s activity, such
as executing cross-border wire transfers for no apparent reason or a significant change in
the volume of activity without explanation. It could also include information indicating a
possible change in the customer’s beneficial ownership, because such information could
also be relevant to assessing the risk posed by the customer. This applies to all legal
entity customers, including those existing on the Applicability Date.
This provision does not impose a categorical requirement that financial institutions must update customer information, including beneficial ownership
information, on a continuous or periodic basis. Rather, the updating requirement is
event-driven, and occurs as a result of normal monitoring.
1 31 CFR 1010.630(b).
2 The original statement can be found at 79 FR 45152 (Aug. 4, 2014).
3 See, e.g., 31 CFR 1020.210, which currently provides that a financial institution regulated by a Federal
functional regulator that is not subject to the regulations of a self-regulatory organization shall be deemed
to satisfy the requirements of 31 U.S.C. 5318(h)(1) if it implements and maintains an anti-money
laundering program that complies with the regulation of its Federal functional regulator governing such
programs. (emphasis added).
4 Where appropriate, working closely with Federal functional regulators may involve consulting with the
applicable SROs in the securities and futures/commodities industries.
5 The term “covered financial institution” refers to: (i) banks; (ii) brokers or dealers in securities; (iii)
mutual funds; and (iv) futures commission merchants and introducing brokers in commodities.
6 31 CFR 1020.220, 1023.220, 1024.220, 1026.220.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | Stephenson, Russell |
| File Modified | 0000-00-00 |
| File Created | 2021-01-23 |