Anti-Money Laundering and Bank Secrecy Act regulations require financial institutions to gather and maintain data commonly referred to as “Know Your Customer” information. The Financial Crimes Enforcement Network amended those regulations by final rule in 2016 (“Rule”) with May 11, 2018 being the date by which covered financial institutions (“Institutions”) must have implemented compliant procedures. Institutions covered by this Rule include national banks, state banks which are members of the Federal Reserve and banks insured by the FDIC. The Rule requires Institutions to identify and verify the identity of individuals who are the actual beneficial owners of “legal entity customers” of the institution (“Customers”).
With certain exceptions (e.g., companies with common stock listed on the NYSE), the Rule requires Institutions to establish and maintain written procedures reasonably designed to identify and verify actual beneficial owners – not nominees or straw men – of Customers (corporations, LLCs, and other entities created by filing with a Secretary of State or similar office). The Rule defines “Beneficial Owner” as consisting of from 1 to 5 persons from the following two categories: (i) each individual, if any, who, directly or indirectly, owns 25% or more of the equity interests of a Customer (referred to as the “ownership prong”, with “indirectly” referring to ownership structures requiring digging through multiple corporate layers to reach individual beneficial owners); and (ii) a single individual with significant responsibility to control, manage, or direct a Customer such as the managing member of an LLC or the CEO or COO of the entity (referred to as the “control prong”).
The Rule allows Institutions to establish procedures stricter than the minimum requirements of the Rule such as requiring information as to more beneficial owners, even those who own less than 25% of the equity interests, if the Institution deems such as useful. At minimum, collected information must include (i) name; (ii) date of birth; (iii) residential or business street address (or if none, an APO or FBO box or residential or business street address of next of kin); and (iv) social security number or other taxpayer identification number. Unless an Institution’s specific procedures require otherwise, it is NOT necessary to collect the information directly from the Beneficial Owner. It can be provided by the Customer’s representative provided that the Institution has no knowledge of facts that would call into question the reliability of that information. For Customers existing prior to May 11, 2018, information previously obtained pursuant to the Institution’s Customer Identification Program may be used; provided, however, that the Customer’s representative or each Beneficial Owner verifies the information is accurate as of each date when a new account is opened (which includes, without limitation, renewals of previously existing loans).
When must an Institution collect information on Beneficial Owners? The Rule requires that information be collected for each “new account” opened on or after May 11, 2018. Just as certain legal entities are exempted from the Rule, certain accounts are also exempt. However, the Rule adopts the definition of “account” used by the Customer Identification Program rules for banks and is very broad. This article primarily relates to accounts consisting of (i) certain demand deposit accounts (“DDA”) that your commercial Customer may open; and (ii) commercial loans, including those that existed prior to May 11, 2018, but which are renewed on or after that date. Although certificates of deposit are included under the definition of “account”, the requirement to collect information regarding certain types of accounts that are automatically renewed, such as a CD, was suspended at the time this article was written.
Even for loans existing prior to May 11, 2018, the Beneficial Ownership information must be collected beginning with the first time that loan is renewed on or after May 11, 2018, and each time thereafter that the same Customer opens a new account, whether it be a new loan, renewal of an existing loan or opening of a new DDA.
The requirement of updating information on the same Customer each time it opens a new account may not be as cumbersome as it appears. If the information the Institution has on file from prior account openings by that Customer was properly collected under the Institution’s Customer Identification Program or as otherwise required by the Rule, the Institution may rely on that information provided that the Customer’s representative or each Beneficial Owner verifies or certifies, either in writing or verbally, the accuracy of that information as of the date of each renewal or new account opening. As the Rule requires the Institution to have additional risk management procedures in place, those procedures should provide a means to determine if there are other risks involved justifying further investigation into the accuracy of information.
Each Institution will have adopted a process for collecting information which may include use of a Certification Form in the format attached as Appendix A to the Rule (available at https://www.fincen.gov/resources/filing-information) or, as the form at Appendix A is optional, the Institution may use another format provided it obtains the required beneficial ownership information. The information must be retained for a period of five years after the account is closed or terminated.
The Institution’s procedures will also identify certain “trigger” events that require updating information. Loan renewals are one trigger; others include, without limitation, change of the Customer’s address, changes in beneficial ownership, or the Institution acquiring knowledge of a suspicious activity including the type requiring filing a SAR.
In an article in The ABA Banking Journal dated April 23, 2018 (a recommended read which can be found at https://bankingjournal.aba.com/2018/04/what-you-may-not-know-about-the-beneficial-ownership-rule/), the author, Chris Simpkins, pointed out the importance of careful drafting of trigger events. For example, he suggests that a trigger identified as the institution’s “knowledge of a change in ownership” is preferable to merely referring to a “change in ownership”, as the use of the term “knowledge” will result in less of a burden on the Institution to track those types of changes.
Institutions may want to consider the pros and cons of including language in a loan document that requires the Customer to notify the Institution in writing as to any change in Beneficial Ownership information. Because of record retention requirements, the Institution would likely need to retain a copy of that document with the other Beneficial Ownership information documents.
If an Institution is concerned about possible negative responses from Customers regarding the “intrusive” nature of the requested information, remind them that this is required by law and they would face the same issues at competing Institutions.
Other suggested materials useful in understanding the Rule are two Guidance documents from the U.S. Treasury Department. These are presented in an easy to follow FAQ format and can be located by entering the following into your favorite search engine: FIN-2016-G003 for the Guidance dated July 19, 2016; and FIN-2018-G001 for the Guidance dated April 3, 2018.