CDD Rule: Beware of Events that May Trigger Beneficial Ownership Reviews; CFPB Releases Beta HMDA Platform
I have exciting news to share; on Friday I became a Certified Anti-Money Laundering Specialist through ACAMS. This is a great milestone for me and nothing could commemorate this accomplishment better than a BSA blog. Enjoy!
As the Customer Due Diligence (CDD) rule's implementation date gets closer, we have seen an increase in questions regarding the types of events that may lead a credit union to review the beneficial ownership information of an existing account. So we thought it would be helpful to go over the rule's requirements and give examples of potential triggering events. Before we dig in, remember that the definition of a beneficial owner includes two prongs—ownership and control—so when talking about updating information on beneficial owners, we are referring to both prongs.
The 5th pillar of BSA compliance established by the final rule requires that credit unions include in their anti-money laundering (AML) programs, CDD procedures for the purpose of developing a member risk profile and conducting ongoing monitoring of these relationships. See, 81 Fed. Reg. 29449. Before you sound the alarm at your credit union, it is important to know that the final CDD rule does not impose a categorical requirement to regularly update the beneficial ownership information on an existing account. See, 81 Fed. Reg. 29421. However, as part of the on-going monitoring, credit unions may encounter some events that could lead the credit union to believe that there has been a fundamental change to the ownership of the account and hence trigger a review of beneficial owners. See, 81 Fed. Reg. 29399.
What Triggers A Review?
The rule states that beneficial ownership information should be updated when, in the normal course of business, the credit union detects a relevant change to the account that may alert the credit union to a change in the beneficial ownership structure. Here is an excerpt to the preamble of the CDD rule in which FinCEN explains this concept:
"…our requirement is consistent with current practice, and we expect monitoring-triggered updating of beneficial ownership information (as with other customer information) only to occur on a risk basis when material information about a change in beneficial ownership is uncovered during the course of a bank's normal monitoring (whether of the customer relationship or of transactions)... However, there is no expectation that a financial institution obtain updated beneficial ownership information from its customers on a regular basis, whether by using the Certification Form in Appendix A or by any other means." 81 Fed. Reg. 29421.
Unfortunately, the CDD rule does not have a prescriptive list of events that will trigger the review of beneficial ownership information for existing business accounts. Rather the rule follows the same risk-based review format of other Bank Secrecy Act (BSA) requirements. These risk-based provisions allow credit unions the flexibility to determine its own triggering events and implement appropriate review procedures. The rule does provide a few examples of events that could lead to a review of an account's beneficial ownership structure such as:
- "a situation where an unexpected transfer of all of the funds in a legal entity's account to a previously unknown individual would trigger an investigation in which the bank learns that the funds transfer was directly related to a change in the beneficial ownership of the legal entity…;
- when a financial institution detects information (including a change in beneficial ownership information) about the customer in the course of its normal monitoring….; [and/or]
- a significant and unexplained change in the customer's activity, such as executing cross-border wire transfers for no apparent reason or a significant change in the volume of activity without explanation." 81 Fed. Reg. 29421, 29399.
So if the credit union uncovers a potential change to the beneficial ownership information during a high risk review of an account, during the investigation of an AML alert or a SAR filing, the rule would require the credit union to seek updated information for the account at that time. Other triggering events that may require updated beneficial ownership information, depending on specific facts and circumstances, include:
- A notable increase in CTR filings for the legal entity or any of the beneficial owners
- The filing of a SAR (depending on the nature and type of suspicious activity)
- Changes regarding the authorized users or signatories for the account
- Changes regarding the beneficial owners, ownership structure, nature of the business or customer base
- Opening a new subaccount for the business
- A request to close an active subaccount without providing a legitimate reason
- A 314(a) match
- Information obtained/provided from or to other FIs through 314(b) information sharing
- Results from a high-risk review of the account
- Law enforcement subpoenas or search warrants
- Transaction monitoring alerts for unexpected activity
Before the rule becomes final, credit unions may want to review their current due diligence process and create additional risk-based procedures that specify which triggering events should lead to a more thorough review of legal entity accounts—including obtaining updated beneficial ownership information.
CFPB Releases Beta Version of HMDA Platform. Credit unions will finally be able to test their HMDA data collected in 2017 for reporting to the CFPB in 2018 through the long awaited beta version of the HMDA portal. The portal allows credit unions to establish test log-in credentials, upload sample files, validate the data, receive edit reports, confirm test data submissions and complete test filing processes.