For many years, financial crime investigators have warned of possible links between shell companies and international money laundering activity.
In the 2013 report How Shell Companies Aid Terrorism, Crime and Corruption, the Open Society Foundations discussed how shell companies are used to launder billions (and billions) of dollars in ill-gotten gains by criminal organizations including terrorists, drug lords and human traffickers.
But arguably, it was the release of the Panama Papers in 2016, that helped shine an incredibly bright spotlight on the use of shell companies to perpetrate illicit activity.
The Papers, consisting of more than 11 million leaked documents, highlighted the scale and scope of the use of various business structures (e.g., shell companies) and legal arrangements (e.g., trusts) to hide illegally obtained wealth, avoid taxes, launder money, or commit other financial crimes.
The Inevitable Fall-Out
It was hardly a surprise that the fall-out from the papers accelerated changes to the regulatory expectations placed on financial institutions regarding the information they must collect on the natural person(s) behind legal entity (LE) customers.
FinCEN’s final CDD Rule, which will come into effect in May 2018, will impose new requirements on banks and credit unions to collect information and perform certain BSA/AML compliance functions related to Ultimate Beneficial Owners (UBOs).
Five Key Compliance Obligations
BSA/AML compliance obligations related to UBOs may require many FIs to implement new processes and procedures, and adjust the various internal systems that support them. A question on the mind of many compliance professionals is exactly how examiners (and auditors) will interpret and apply the CDD Rule’s requirements related to UBOs.
In general, it appears that FinCEN’s new CDD Rule includes five key BSA/AML compliance obligations related to UBOs:
- Identify and verify UBOs for LE customers.
Collect all required UBO information for the three roles identified in Appendix A of the CDD Rule, including:
1. Account Opener – Name and Title of the LE representative opening the account
2. Owner(s) – Name, Address and ID for up to four persons who own 25% or more of the LE
3. Control Person – Name, Title, Address and ID for one person who has significant managerial control of the LE - Update, manage, and retain UBO information
The CDD Rule requires the update of UBO information based on trigger events, such as the generation of an AML alert or on the performance of enhanced due diligence (EDD) on a high-risk LE customers. - Scan UBOs against OFAC SDN List
The CDD Rule requires that FIs scan the person(s) identified as the UBO(s) of the potential LE account against the OFAC SDN watch list for possible matches. - Obtain UBO certification from LE representative
One key piece of the new CDD Rule is the certification that FinCEN expects FIs to obtain from the person opening the LE’s account. Specifically, the currently perceived expectation is that the person opening the LE’s account is required to certify they have provided accurate and complete UBO information for the LE customer. The rule states the onus is on the LE (by way of its designated representative who is opening the account on the LE’s behalf), and not the FI, to confirm that the named person(s) are indeed the LE’s true beneficial owners, and not their nominees or strawmen.In terms of how FinCEN expects FIs to address the certification requirement, the CDD Rule states that, “The financial institution may comply either by obtaining the required information on a standard certification form (Certification Form (Appendix A)) or by any other means that comply with the substantive requirements of this obligation.”The question on the minds of many compliance professionals is, “How will examiners (and auditors) interpret and assess my institution’s compliance with this requirement?” - Aggregate certain UBO-related transactions for CTRs
Although it does not modify existing obligations regarding current transaction reporting (CTR), the CDD Rule does require that certain transactions (i.e., those that occur where “the financial institution has knowledge that these transactions are by or on behalf of any person and result in either cash in or cash out totaling more than $10,000 during any one business day”) be reported.
One aspect of these updated expectations that is fundamental is a strong communication link between the BSA Compliance department and front line staff responsible for opening accounts. Collection and ready access to all the necessary information is vital for compliance professionals to maximize their ability to meet the five key obligations outlined above.