CDD Day Is Here!
Written by Reginald Watson, Regulatory Compliance Counsel, NAFCU
Greetings Compliance friends, today is the day!
As many of you know, today is the mandatory compliance deadline for FinCEN's Customer Due Diligence (CDD) requirements. FinCEN originally published the final rule on May 11, 2016, and has since issued guidance in the form of "frequently asked questions" not once, but twice. We at NAFCU have discussed some of these implications in recent blogs, as well as this handy webinar. As a result of the new rule, credit unions will be required to identify and verify the identity of beneficial owners of new legal entity members, form customer risk profiles, and more closely monitor these accounts for suspicious activity. Here are a few reminders on things we've touched on before, as well as a recurring compliance question we received on how to address members who do not respond to renewal or rollover requests.
First, what about current business accounts? When it comes to business accounts established prior to the May 11, 2018 deadline, it does not appear that credit unions are required to go back and retroactively collect information on these beneficial owners. Here is a discussion from the preamble as well as a past NAFCU Compliance Blog which both explain that other than some kind of triggering event, the rule does not apply retroactively.
Don't forget that when it comes to things like loan renewals and share certificate rollovers, FinCEN determines that these events create another formal banking relationship if opened after the mandatory compliance date. As these are considered to be "new accounts" for CDD purposes, the interpretive guidance does require that credit unions obtain the beneficial ownership information of legal entity members during the first renewal or rollover for accounts that were created prior to the mandatory compliance deadline. See, FIN-2018-G001, Q. 12. While this sounds like a pain, FinCEN does seem to grant some relief for subsequent loan renewals or certificate rollovers after the credit union has obtained or updated the beneficial ownership information. FinCEN seems to understand that many of these products are set up to periodically auto-renew and carry a low risk of money laundering, and accordingly does not require credit unions to reconfirm the beneficial owners so long as the member agrees to notify the credit union of any changes. FinCEN has indicated that such an agreement from the member will satisfy the certification requirement for subsequent renewals after the credit union has properly documented the beneficial owners according to the new rule. See, FIN-2018-G001, Q. 12.
What happens when existing business members are unavailable or otherwise become unresponsive to requests for a beneficial ownership certification upon renewal? FinCEN included language in a footnote in the preamble to the rule indicating that CIP procedures should address situations including but not limited to when to close an account "after attempts to verify a member's identity have failed…" FinCEN also noted in the introduction to the second set of FAQ guidance that collection of this information is a requirement for new formal banking relationships established after May 11, 2018, and if unsuccessful in collecting the certification, the credit union can make the business decision to not open the account, close the certificate, or file a suspicious activity report:
"A covered financial institution with notice of or a reasonable suspicion that a customer is evading or attempting to evade beneficial ownership or other customer due diligence requirements should consider whether it should not open an account, close an account, or file a suspicious activity report, regardless of any interpretations [in the FAQs]."
Federal credit unions are permitted to limit the services of members provided that the policy has been previously disclosed and the credit union has a rational basis. NAFCU members can find an article on suspending services and expulsion here. It is also important to keep in mind that the ongoing monitoring portion of the CDD rule requires that if the credit union becomes aware of information about existing business members that is relevant to assessing or reassessing the risk posed by the member, and such information indicates a possible change of beneficial owners, it could trigger a new obligation to obtain or update the beneficial ownership information. See, FIN-2018-G001, Q. 12-13.
Feel free to reach out to our Compliance Team for any CDD compliance challenges. It may also be helpful to read the first and second set of FinCEN's frequently asked questions, as well as our previous blogs and articles:
- BSA Blast: NAFCU's Frequently Asked Questions on FinCEN's CDD Rule, April, 2018
- Second Interpretative Guidance for FinCEN's CDD Rule: New Accounts and Collecting the Certification Form
- FinCEN's CDD Rule: Are Subaccounts Considered New Accounts?
- BSA Blast: Another Layer Added to Customer Due Diligence, July 2016
- FinCEN Finalizes Technical Amendments to CDD Rule
- CDD Rule: Beware of Events that May Trigger Beneficial Ownership Reviews