What is the CDD Final Rule?

On 11 May 2018, the Financial Crimes Enforcement Network (FinCEN) implemented its Final Rule, setting out a range of new customer due diligence (CDD) requirements for financial institutions in the United States. In more detail, the CDD Final Rule involves the specific obligation for banks, brokers and other obligated institutions to establish beneficial ownership of legal entity customers when opening new accounts and throughout the business relationship. In practice, that means that financial institutions must find out who controls the companies that they are doing business with and verify that those individuals are not engaged in criminal activities such as money laundering or the financing of terrorism. 

Since the Final Rule is an important AML/CFT consideration, firms should ensure they understand their obligations when implementing their own compliance programs.

What is the CDD Final Rule?

The CDD Final Rule is an amendment to the Bank Secrecy Act, the United States’ main article of AML/CFT legislation. While the Bank Secrecy Act already includes provisions for imposing CDD obligations on individual customers, the Final Rule extends those provisions with the intention of preventing criminals and terrorists from using companies to disguise the source of their illegal funds. The introduction of the Final Rule was prompted by the release of the Panama Papers (and subsequent Paradise Papers), which exposed numerous money laundering methodologies involving offshore accounts, shell companies and other obfuscation strategies. 

The CDD Final Rule applies to “covered financial institutions,” defined as banks, brokers or securities dealers, mutual funds, futures commission merchants and introducing brokers in commodities. Under the Final Rule, those institutions must meet the following core requirements:

• Establish and verify the identities of their customers.
• Establish and verify the beneficial ownership of companies.
• Understand the nature and purpose of customer relationships and conduct risk assessments to build customer risk profiles.
• Conduct ongoing monitoring in order to detect and report suspicious activity and ensure customer risk profiles remain accurate.

While financial institutions were already subject to most of those obligations prior to its implementation, the Final Rule added the requirement to establish ultimate beneficial ownership to the CDD process.

Establishing beneficial ownership

In order to establish beneficial ownership, firms must understand what the term means. With that in mind, FinCEN defines a beneficial owner as:

• Every individual who owns at least 25% equity in a legal entity customer of the financial institution. 
• An individual with a significant responsibility to control, manage or direct a legal entity customer of the financial institution. This might include an executive officer or senior manager, or any individual that performs similar functions. 
• A trust that owns at least 25% equity in a legal entity customer of the financial institution. 

The criteria above establish two types, or “prongs,” of beneficial ownership consideration: ownership, which involves an examination of equity, and control, which involves an examination of the authority, influence and function of individuals within a legal entity. 

Customer identification: Firms can use information supplied by their customers in order to establish beneficial ownership as long as they have no knowledge that contradicts or calls into question the reliability of that information. The information and documentation that an institution may use to verify beneficial ownership for a legal entity customer includes:

• Company formation documents
• Secretary of State registration/Certificate of Good Standing
• Reviews of corporate bylaws and corporate meeting minutes
• Federal tax returns
• Employer Identification Number (EIN) registration 

Transaction monitoring: The CDD Final Rule is not applicable retroactively so firms do not have to acquire beneficial ownership information for existing clients unless their risk profiles change significantly. Accordingly, firms should use AML transaction monitoring software to detect suspicious activity, including unusual transaction amounts or patterns or transactions with high-risk countries.  

Screening: Establishing and verifying beneficial ownership should include screening customers against appropriate sanctions lists and watchlists. Like individual sanctions screening, beneficial ownership screening should involve the OFAC sanctions list and any other relevant sanctions lists, such as the United Nations Security Council list.

Beneficial ownership: CDD Final Rule red flags

When firms apply the CDD Final Rule to establish beneficial ownership, certain red-flag indicators of money laundering should be a priority. Those red flags include:

• An inability to supply written company formation documents. While some smaller companies may forgo the completion of formation documents when setting up, a lack of documentation should always raise an AML red flag. 
• Unsigned or expired company formation documents. Some businesses may not update official documents when ownership changes, but a failure to update may indicate an attempt to thwart the CDD process. 
• Generic documentation with low-quality identifying information. Money launderers may attempt to provide “canned” or template documents with highly generic or vague information. The company’s business may, for example, be described as “for any lawful purpose.” 
• Contradictory or incorrect information. Money launderers may be deceptive when providing identification documents. Firms should seek to investigate further when potentially deceptive documentation is submitted. 

The CDD Final Rule requires firms to verify beneficial ownership with a “reasonable belief” that the information they have received reflects the true identity of the owners of the legal entity customer. With that in mind, firms should establish a clear internal definition of that reasonable belief, including what documents and information are acceptable or unacceptable, and set out the process in writing within their AML program.