OFAC and the CDD Rule Working Together
Written by Stephanie Lyon, Senior Regulatory Compliance Counsel, NAFCU
NCUA came out with its Customer Due Diligence (CDD) and Beneficial Ownership Examination procedures not long ago; we blogged on this back in September. While reviewing the procedures, NAFCU identified an item of interest to credit unions:
“Do the policies and procedures define how member information, including beneficial ownership information for legal entity customers/members, is used to meet other regulatory requirements, including but not limited to, identifying suspicious activity and determining OFAC sanctioned parties?” (Emphasis added.)
It is interesting NCUA decided to include a reference to a completely different regulatory requirement in its BSA examination guidance, especially as NCUA came out with Letter to Credit Unions 05-CU-09 that notes the differences between OFAC and BSA requirements. See, Question #1. Nonetheless, the question of whether and how credit unions plan to use beneficial ownership information is valid for the purposes of determining OFAC compliance. NCUA has been delegated the authority to examine both BSA and OFAC compliance so knowing what the agency expects with relation to both sets of requirements is important for federally-insured credit unions. NAFCU has blogged at length on the CDD rule. However, in light of NCUA’s reference to OFAC, it now seems like a good time to brush up on OFAC requirements.
OFAC’s 50 Percent Rule
OFAC regulations generally require credit unions to block or reject certain property and transactions made by prohibited parties. Property subject to blocking includes that in which a prohibited party has a direct or indirect interest. Back in 2014, OFAC released guidance on how to treat prohibited parties who have ownership interests in entities. The guidance set forth the requirement to block property and interests in property of entities owned directly or indirectly by one or more blocked persons regardless of whether such entities appear on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List) or the annex to an Executive Order. The guidance also established a 50 percent minimum ownership threshold that a person would have to meet to be considered to have an interest in the entity. For example, if Blocked Person A owns 50 percent of Entity Z, Entity Z is considered to be blocked as Entity Z is owned 50 percent or more by at least one blocked person.
The 50 Percent Rule and guidance was a bit premature as credit unions had no federal regulatory requirement to identify a legal entity’s beneficial owners. Jump forward 2 years later, FinCEN’s CDD rule was finalized and credit unions were expected to identify and verify the identity of beneficial owners of legal entities for covered accounts starting May 11, 2018. As the mandatory compliance deadline has now passed, credit unions have access to ownership information for some legal entity members. With this new data available to credit unions, it is important to consider whether this information should be incorporated into a credit union’s OFAC software/process for the purposes of identifying prohibited parties and any interest they may have on an entity. It may also be time to update procedures for the staff tasked with determining whether an entity hit should be escalated because of direct or indirect ownership by a prohibited party.
The main point to remember for OFAC regulations is that compliance is risk-based. This means credit unions themselves are required to identify their OFAC risk and implement appropriate procedures to mitigate this risk. If a credit union facilitates a prohibited transaction, it may have an OFAC violation which can be rather costly. So how credit unions decide to use beneficial ownership information is up to the level of OFAC risk of each institution and its written compliance program. As NCUA shifts from a good faith examination of the CDD rule to a more technical approach next year, credit unions may want to review their OFAC/BSA risk assessments, determine if adjustments need to be made to their anti-money laundering and OFAC compliance program and review OFAC’s old but now relevant guidance.
In case the credit union serves many legal entities, OFAC has several FAQs dedicated to the 50 Percent Rule that answer more complicated questions such as what to do when one or more blocked persons own at least 50 percent of an entity in the aggregate.
In addition, it may be helpful to review NCUA’s AIRES Exam Questionnaires, OFAC tab, as NCUA may use this information when examining a credit union to determine OFAC compliance. The questionnaire has several hidden comments that provide more insight into NCUA’s supervisory expectations. A credit union can view the questionnaire and comments in NCUA Letter to Credit Unions 01-CU-25.
Additional OFAC guidance can be found in NCUA’s Anti-Money Laundering Compliance FAQs. This document sets forth additional supervisory expectations such as that credit unions maintain a “written policy defining responsibilities and processes for compliance… for… OFAC”.