For financial institutions finding the beneficial owners of the companies they do business with isn’t like looking for a needle in a haystack.
It’s even worse. “It is more like looking for a needle in a stack of needles,” says Debra Geister, manager of Navigator Consulting Group, a St. Cloud, Minnesota-based regulatory compliance and operations consultancy.
That’s apparently what FinCEN, the enforcement arm of the US Department of the Treasury, thinks US financial institutions can accomplish. Financial institutions insist that the requirement will lead to nothing short of an operational nightmare, according to Geister, as well as other panelists and attendees at a conference hosted by the Association of Certified Financial Crime Specialists (ACFCS) in New York on Monday.
The source of the problem: you can’t simply take the client’s word about its ownership structure. Although most are honest, there are still a handful that might be deceptive, a possibility financial institutions have to worry about. Finding out the diverse percentage holdings, especially if the client has reason to hide it, can be a time-consuming and costly task because there is no single well-vetted location which holds all the necessary data. As a result, business lines units, anti-money laundering, and compliance departments must often resort to old-fashioned investigative legwork.
FinCEN, short for Financial Crimes Enforcement Network, understandably wants financial institutions to know just who they are doing business with, so financial firms can avoid violating anti-money laundering regulations, sanctions and other regulations. It is just how much is enough background checking that is at issue. Deep-dive investigations are typically triggered whenever an owner of a customer holds more than 25 percent of the company or has a “controlling say” as part of an overall customer risk assessment.
Catching Up with the EU
According to FinCEN’s proposed new standards for due diligence, financial firms must prove they have collected the information and it is being used in their AML program. A similar requirement is already in effect in European Union markets and with far more stringent guidelines. European regulators are now considering requiring that each EU country create a data repository of corporate ownership as part of the pending fourth incarnation of the European directive on anti-money laundering.
Therefore, for all its public gestures of wanting to catch the bad guys, the US is dismally behind its European peers. “What are American firms complaining about? We’ve had it far worse for a long time,” the compliance director of a French bank tells FinOps Report.
FinCEN has watered down its rules from when they were first unveiled. It now says that financial firms don’t have to swear to the honesty of their customers; they just have to “reasonably verify” their ownership structure. But no one is taking anything for granted. Financial firms don’t want to be faced with a regulatory penalty or headline risk for doing business with unscrupulous parties.
In this age of information overload, finding the facts of beneficial ownership might sound easy to accomplish. Just tap into a public or private database, right? Nothing could be further from the truth. Of course, there are dozens of databases, but they are only as good as the information input. Public companies are required to disclose their ownership structures to a regulatory agency and in the US that’s the Securities and Exchange Commission. Not so with private entities.
Legally Incognito
“It is far easier to verify the identity of a single individual than the ownership of a corporate entity,” explains James Friedman, a partner with the law firm of Quarles & Brady in Milwaukee, Wisconsin. “Corporate filings may list officers and directors, but they may not always be the controlling owners.”
Publicly available information on limited liability companies and partnership structures may not provide any information on ownership or may simply list additional entities as managers or partners. The uptick in the number of holding companies and shell companies only adds to the lack of transparency.
Disclosure policies of private companies differ among countries and even individual US states with Delaware often cited as requiring the most limited information for a company to be incorporated. It then becomes a matter of pot luck in how much information you can find.
“In some countries, such as Norway, all data is disclosed more or less,” says Anders Rodenberg, director of sales at Bureau van Dijk, a global publisher of company information and business intelligence in New York. “In other countries, such as Sweden, there is plenty of information about the financials of a privately held company, but only limited about its ownership structure.” To add to the challenge, there are even countries where ownership linkages need to be filed, but not the exact percentages.
So firms such as Bureau van Dijk, no matter how sophisticated their technology may be in consolidating global ownership data, have limits in what they can deliver. “We cannot provide all beneficial ownership as long as politicians do not force companies to file their ownership,” explains Rodenberg, who moderated a panel on how to hunt for beneficial owners.
Where else to look? Law enforcement agencies could be another source, but there are obstacles. “Law enforcement agencies have far more clout in what they can find out through subpoenas and other legal actions but they can’t simply share all that information with others for legal reasons,” says Garry Clement, president and chief executive officer of Clement Advisory Group, a financial crime investigations firm in Colborne, Canada.
Client’s Cost of Entry
Given these limitations, what’s a financial firm to do? The obvious answer is to put the onus on the client for providing the accurate and complete information at the time of customer onboarding, rather than after the fact. Given that not all customers will be forthcoming, erring on the side of safety is critical. “It would be a good idea to ask for the documentation of incorporation and all of the other paperwork,” says Geister.
Reportedly, about twenty percent of clients will balk at this idea. Ron King, chief AML officer for Scotiabank in Toronto, suggests another line of inquiry — reaching out to peer institutions to seek out more information, even though the response may be tepid at best.
Another tactic is to proactively classify the client as a high-risk client, based solely on the nature of the client’s business. That categorization is the trigger to start and continue looking for evidence of illegal activity in as many databases as possible, as well as staying in touch with tax authorities and regulatory agencies.
However, since the category of high-risk might only encompass a small percentage of the total number of customers, it might be wise to cast a wider net, especially monitoring and verifying ownership over time. Given that beneficial ownership can change at any time, a financial firm can’t rely on its onboarding documentation forever.
With no set industry procedures on just how often to update ownership documentation, too often a re-check occurs in reaction to some external event, such as a call from another financial organization, an inquiry from a law enforcement agency or an alert from a business line that there is something amiss with the customer’s activities. By that time, the damage has likely already been done.
“Financial firms attempt to verify through third party databases and make changes when an event occurs, but it would be better to automate periodic reviews on the beneficial ownership of their customers,” recommends Edward Sander, general manager at Nice Actimize, a New York based KYC and AML technology provider.
Formalize the Water Cooler Chats
Just as important as digging into external source is making sure all the in-house knowledge is tapped. “Annual reviews are great, but it would also be a good idea to share information between business units along the line, once compliance, legal and privacy issues are resolved,” says Allen Love, executive vice president and deputy global AML officer for TD Bank in Philadelphia.
Of course, consolidating that information would be a lot easier if all business units adopted the same requirements for onboarding in the first place. “Whether it is setting up policies or controls, financial firms need to work off of the same sheet and be consistent,” recommends Sander.
Compliance units should also have enough autonomy to challenge what business lines tell them. “Compliance departments need to work closely with business lines where the buck stops,” says King. Some financial institutions have left oversight of business compliance with FinCen’s potential beneficial ownership rule in the hands of their compliance units, which are also responsible for KYC and anti-money laundering initiatives. Yet others have left the responsibility squarely in the hands of the AML director, whose personal liability is even higher, AML executives attending the ACFCS tell FinOps.
Why not just dump clients or not take on the business of those whose ownership is not clearcut and whose conduct might be less than stellar down the road? Financial institutions don’t have to accept accounts, but they also have to think twice about turning away potentially profitable business. As Love notes, it often becomes a matter of just how much risk a financial firm is willing to take, compared to the cost of doing the extra due diligence.
Practically speaking de-risking might succeed in the short-term but maybe not the long-term. “Beyond the fact that business lines are often hesitant to lose badly needed revenues, financial firms that de-risk by avoiding whole segments of higher risk customer profiles don’t eliminate that risk,” explains Kelvin Dickenson, vice president of compliance solutions at Alacra, a business information and compliance software provider in New York.”They simply transfer it to another often smaller financial institution with arguably fewer compliance resources which increases systemic risk.”
With so much at stake — including a precedent of big and well-publicized fines in FinCEN enforcements — , financial firms should take note and get prepared for the new due diligence rules, even though FinCen hasn’t come up with a timeframe for implementing the final draft. Its proposal has been such anathema to financial institutions that they have lobbied FinCen for over a year to make its requirements less cumbersome.
As a last ditch effort, those still unhappy with the proposal can make their voice heard. “There is a disconnect between regulatory requirements and practicality, so documentation of procedures is critical,” says Clement. “In the meantime, we have to tell it like it is. If we don’t we deserve what we get.”
Leave a Comment
You must be logged in to post a comment.