In the last 11 weeks before the US Financial Crimes Enforcement Network’s new rules on tracking beneficial ownership of customers take effect, financial firms need to decide how deeply they intend to dig into their customer’s shareholder base. And how they intend to do it, as the rules are not always explicit.
As of May 11, financial firms will be expected to ask about and verify the identities of individuals or firms that directly or indirectly own 25 percent of more of the legal entity customer. FinCEN has exempted regulated financial entities, sole proprietorships and unincorporated associations from having to disclose their beneficial ownership structure.
Financial firms will also be expected to know the identity of any firm of individual or firm with significant responsibility to “manage, control or direct” the legal entity client. FinCEN includes C-level executives in that category. The definition of “financial firms” includes fund managers, broker-dealers and banks.
How to comply with these new rules may not be as straightforward as it first appears. Say corporation A tries to open an account with a US bank. When it is time to sign the paperwork, the corporation discloses that it is 25 percent owned by corporation B. Is the US bank obligated to verify the ownership of corporation B, as well? “The answer isn’t clearcut. It depends on the financial firm’s interpretation of the regulation and its risk appetite,” says Charles Horn, a partner with the law firm of Morgan Lewis in Washington, D.C.
A 2016 question-and-answer document about its new customer due-diligence rules published by FinCEN, a unit of the US Treasury, suggests that financial firms have to know about both direct or indirect owners of client. The document never specifies what it means by the term “indirect owner.” It also says that that financial firms can sometimes rely on the information received from the customer without investigating further.
AML compliance managers tell FinOps Report they are worried about whether their firms will be fined for doing the best they can to follow the letter of the law, but still failing to catch potential criminals. No financial firm wants to risk onboarding clients associated with government sanctions lists. Nor do they want to discover that a customer has been using the firm to finance money-laundering or terrorist activities.
However, when it comes t0 creating new compliance policy, the financial firm ultimately has to balance the cost of complying with the Treasury’s rule, including the potential loss of a lucrative client, with the cost of making a mistake.
Financial firms are already required to identify their customers, develop customer risk profiles and monitor ongoing business activity, such as fund transfers. However, until now they have never been asked to know the identity of the true or beneficial owners behind legal entity accounts. The Panama Papers scandal showed just how easy it is to hide assets behind the anonymity of offshore shell companies.
AML compliance managers at US banks appear to differ when it comes to how far they will go to investigate the ownership structure of their clients. Only five of ten AML compliance managers contacted by FinOps say that they will dig behind the first layer of ownership structure.
Others are prepared to look into the second layer. “If the client has shareholder A which owns 25 percent of the firm and that shareholder is in turn 25 percent owned by another company B, we will ask the client to produce the paperwork about shareholder A and all the shareholders of company B,” says one AML compliance manager.
What about verifying what the client says about its ownership structure? FinCEN says that the client can fill out its own form or one created by the financial firm. Articles of incorporation and photocopies of passports and other government issued forms of identification are acceptable.
FinCEN recommends that the financial firm should do more research on its own if it suspects its client isn’t telling the truth about its ownership structure. Yet there is no explicit explanation of how the bank would know if the client is lying. Presumably one branch office or business unit of a financial firm could have information about a client who has done business with another branch office or business unit. However, the customer onboarding manager opening the customer’s account might not have have access to that information, if it is stored in a different customer database in a different business unit. Not all financial firms rely on centralized customer databases.
Gut feelings don’t count, or do they? Seven of the ten AML compliance managers who spoke with FinOps say that their banks are training their front-office know-your-customer staff to be on the lookout for “evasive behavior” on the part of the client. “Potential red flags include anything from repeated delays to provide evidence of beneficial ownership to avoiding eye contact with the customer onboarding manager,” says one AML compliance manager at a US bank.
Those red flags would require the customer onboarding manager to contact the AML compliance manager for further instructions on how to proceed. The client might be automatically rejected, or given a deadline for presenting the paperwork. Alternatively, the customer onboarding official could do a bit more legwork on his own to track down the customer’s ownership structure.
Yet another compliance manager says that his bank is taking a more calculated approach when it comes to verifying the client’s own account of beneficial ownership. “If the client is from a high-risk country known for money laundering and other financial crimes, we will definitely rank the customer as high-risk and start our own research,” he says.
Financial firms often rely on multiple third-party databases to find information on a firm’s ownership structure. However, there is no single authoritative database. Each might differ about the amount of information stored about privately-held firms or how often the data is updated.
Even clients who appear to be perfectly safe when onboarded might not turn out to be. FinCEN does not require that beneficial ownership be updated periodically, leaving financial firms with some discretion on how often to do the extra work.
“Financial firms should update the beneficial ownership of their clients according to their KYC procedures,” recommends Timothy Dunfey, president of Alhambra Compliance Consultants, an AML compliance firm in Coral Gables, Florida. “For low-risk customers, the update could be event-driven as in the case of a proven suspicious transaction or it could be periodic.”
What to Do
Given that no one seems to know how much leeway FinCEN will give financial firms for making a mistake at the time of customer onboarding, firms need to be extra cautious. “Financial firms will need to review their customer onboarding procedures to determine whether they are already adopting FinCEN’s beneficial ownership rules,” recommends Debra Geister, director of AML advisory services for Matrix-IFS, a New York-based financial crime consultancy.
“While they might have already required documentation of beneficial ownership,” she adds, “they will have to determine whether it was at the 25 percent level and whether it included individuals with a controlling interest.”
Does that mean that financial firms can avoid documentation when the beneficial ownership of any client doesn’t meet the 25 percent level? Not exactly. “Higher-risk clients should require a lower threshold for collection of data on beneficial ownership,” cautions Geister. The new threshold could be as low as 10 percent.
Likewise, financial firms need to establish exceptions-based policies for clients with complex corporate structures. Those policies, needed for only a small percentage of clients, should involve an explanation of the criteria financial firms will use to determine when to dig further into the identities of corporate investors in client firms, says Geister. Criteria can include whether the corporate investor is an offshore firm in a high-risk country or a resident of a high-risk country. High-risk countries are those with a track record for financial crimes, such as money laundering.
Regardless of how far a financial firm decides to dig into the beneficial ownership structure of its client, consistency will be critical, say AML compliance consultants. “Customer onboarding specialists and AML compliance managers will be on the front-lines of implementing FinCEN’s rules so the firm needs to create uniform enterprise-wide policies on when its customer interfacing representatives will accept the client’s documentation, when to seek further verification, when to contact the AML compliance department and when to update beneficial ownership information,” says Dunfey.
Among the questions financial firms must ultimately address, he says, is whether they will rely strictly on the 25 percent beneficial ownership rule to ask for documentation or whether they will use a lower threshold. And when they will do so. Will firms dig deeper if the client has a complex ownership structure?. Will they ask for an update on beneficial ownership only if a suspicious transaction report or whether a transaction is investigated?
Documenting what to do under which circumstances, says Geister, will go a long way to proving a firm has done its best to comply with FinCEN’s rules. That could mean the difference between a slap on the wrist or a mega fine in the event of a mistake.