By Mary Crotty, freelance writer for banks and third-party service providers
Banks have just under 90 days to finalize their plans to comply with the Financial Crimes Enforcement Network’s (FinCEN) Customer Due Diligence Rule (CDD). At this stage of the project plan, communication is critical because on May 11, 2018 this rule is fully applicable to all covered financial institutions.
First, bank employees will need to be trained on the written procedures you’ve developed for complying with the CDD Final Rule. Of course that includes being fully versed on the technical details of the rule, but they will also need guidance on dealing with customers not used to having to provide such information to open an account, which leads us to the second piece of communication–the external portion. Consider an advanced messaging campaign that explains the CDD rule to business customers to help avoid potential customer backlash after May 11.
A Brief Tutorial on FinCEN’s CDD Final Rule
- May 11, 2016: FinCEN publishes Customer Due Diligence Requirements for Financial Institutions in the Federal Register.
- May 18, 2018: CDD Final Rule applies to all covered financial institutions.
Purpose of the CDD Final Rule
According to FinCEN’s FAQ regarding the CDD Final Rule, it is amending “existing BSA regulations in order to clarify and strengthen customer due diligence requirements for certain financial institutions.”
First Major Element of the CDD Final Rule
The rule incorporates a “fifth pillar” into BSA/AML compliance programs by explicitly requiring banks “to implement and maintain appropriate risk-based procedures for conducting ongoing customer due diligence.” This includes three key responsibilities:
- Understanding the nature and purpose of the customer relationship
- Ongoing monitoring to identify and report suspicious activity
- Maintaining up-to-date information on customers
Second Major Element of the CDD Final Rule
In addition, the rule “requires covered financial institutions to establish and maintain written procedures that are reasonably designed to identify and verify the beneficial owners of legal entity customers.” Legal entity customers are corporations, limited liability corporations, and other types of business entities that have registered with the Secretary of State or a comparable agency.
The rule creates two aspects of beneficial ownership.
- Ownership Prong: As of May 11, 2018, banks must collect and verify the name, date of birth, address, and social security number of anyone who owns 25 percent or more of a legal entity that is opening a new account.
- Control Prong: As of May 11, 2018, banks must collect and verify the same information for one individual with significant responsibility of a legal entity that is opening a new account.
Warning: Although banks do not have to go back and collect beneficial ownership information on already existing accounts as of May 11, 2018, the ongoing monitoring described in the first major element above does require banks to regularly maintain and update customer information.
For a Smoother Transition
If you need help crafting the messaging that explains this rule to your employees who will be responsible for complying with it or to your business customers who will be impacted and likely surprised by it, let bank risk and compliance writer Mary Crotty partner with your compliance office for a smoother transition.