Chairman Pearce, Ranking Member Perlmutter, and members of the Subcommittee, thank you for inviting me to appear before the Subcommittee on Terrorism and Illicit Finance on behalf of the Financial Crimes Enforcement Network (“FinCEN”). FinCEN’s mission is to safeguard the financial system from illicit use and to promote national security through the collection, analysis, and dissemination of financial intelligence. I appreciate the opportunity to discuss how the Customer Due Diligence (“CDD”) rule and its compliance requirements for financial institutions advance our efforts to combat money laundering, terrorist financing and other serious crimes.
The reach, speed, and accessibility of the U.S. financial system make it an attractive target to money launderers, fraudsters, terrorists, rogue states, and other bad actors. To combat efforts by these individuals, groups or networks to abuse the U.S. financial system, we have developed and rigorously enforce one of the most effective anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) regimes in the world. But, as strong as our AML/CFT framework is, malicious actors will continue to attempt to exploit any vulnerability to move their illicit proceeds undetected through legitimate financial channels, in order to hide, foster, or expand the reach of their criminal or terrorist activity. We must therefore be vigilant in our mission to protect the U.S. financial system by: (1) aggressively investigating and pursuing criminal and terrorist activity; (2) ensuring that we collect the financial intelligence necessary to support these investigations; (3) understanding the evolving trends and typologies of criminal and terrorist activity; and (4) closing any regulatory gaps that expose our financial system to money laundering, other criminal activity, and terrorist financing risks that threaten our financial system and put our nation, communities, and families in harm’s way.
The misuse of legal entities to disguise illicit activity has been a key vulnerability in the U.S. financial system. Corporate structures have facilitated anonymous access to the financial system for criminal activity and terrorism. Narcotraffickers, proliferation financiers, money launderers, terrorists and other criminals have been able to establish shell companies, which then use accounts at financial institutions, directly or indirectly, without ever having to reveal who ultimately is behind the transactions being facilitated. This has made it difficult for law enforcement to pursue investigative leads, and for financial intelligence units to produce those leads in the first instance. And, just as important, this has made it difficult for financial institutions to apply effective risk-based AML programs.
An open and transparent financial system in which we can identify the trail of transactions and actual account owners is therefore essential to disrupting illicit activities and dismantling criminal and terrorist networks. For these reasons, FinCEN and the Department of the Treasury more broadly have prioritized increasing transparency in corporate formation and have strengthened regulatory requirements regarding customer due diligence for legal entity customers when they open accounts at financial institutions.
Background on CDD Rulemaking
FinCEN finalized the “Customer Due Diligence Requirements for Financial Institutions,” (or “CDD Rule”) on May 11, 2016. Before finalizing the CDD Rule, FinCEN engaged in a transparent rulemaking process, to develop the best rule possible: and one that accounted for concerns raised by the public and private sectors. To this end, FinCEN first issued an Advance Notice of Proposed Rulemaking (“ANPRM”) in 2012, to seek early feedback regarding potential CDD and beneficial ownership requirements for financial institutions.1 We received approximately 90 comments in response to the ANPRM. To better understand and address the concerns raised in those comments, FinCEN and Treasury representatives held five public hearings in Washington, D.C., and across the country.2 These engagements allowed stakeholders to express their views on the ANPRM and offer recommendations on how best to develop a workable rule that would help financial institutions better know their customers and assist law enforcement in identifying illicit actors hiding behind the veils of corporate structures. We then issued a Notice of Proposed Rulemaking (“NPRM”) on August 4, 2014, incorporating feedback received from this engagement.3 FinCEN received 141 comments in response to the NPRM from financial institutions, trade associations, Federal and State agencies, non-governmental organizations, members of Congress, and others.
The extensive and thoughtful engagement with industry and other stakeholders, through notice and comment, hearings, and other discussions over several years about the benefits of the rule and potential costs and burdens has deeply influenced the resulting regulations. We believe that the CDD Rule takes a pragmatic approach, balancing the need for information and the practicality of obtaining it in certain circumstances.
The CDD Rule clarifies and strengthens CDD requirements for covered financial institutions, which include banks, securities broker-dealers, mutual funds, and futures commission merchants and introducing brokers in commodities. The rule streamlines and standardizes existing regulatory requirements to promote consistency in both implementing and enforcing these requirements across and within financial sectors; it adds a new requirement for these financial institutions to know the real people who own, control, and profit from companies (also known as “beneficial owners”)—and verify their identities.
The CDD Rule advances the purpose of the Bank Secrecy Act by making available valuable information needed to disrupt illicit finance networks and other criminal or terrorist activities. This in turn increases financial transparency and augments the ability of financial institutions and law enforcement to identify the assets and accounts of criminals and national security threats. It also facilitates compliance with sanctions programs and other measures that cut off financial flows to these actors, just as it facilitates reporting and investigations in support of tax compliance.
In addition, by promoting consistency in implementing and enforcing CDD regulatory expectations, the rule also helps financial institutions assess and mitigate risk and comply with all existing legal requirements.
Final Beneficial Ownership and Customer Due Diligence (CDD) Rule for Legal Entity Customers
In brief, the CDD Rule includes four core requirements. Covered financial institutions must:
1) Identify and verify the identity of customers (this was an existing requirement prior to the CDD Rule);
2) Identify and verify the identity of the beneficial owners of companies opening accounts (this is a new requirement);
3) Understand the nature and purpose of customer relationships; and
4) Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. (These last two elements are AML program requirements in the CDD Rule that codify regulatory expectations of what financial institutions should have been doing prior to the CDD Rule to comply with their suspicious activity reporting requirements effectively.)
The definition of beneficial owner contains two prongs— the ownership or equity prong and the control prong. Financial institutions must collect information under each prong at account opening to comply with the rule. Under the ownership or equity prong, a covered financial institution must obtain information from a legal entity customer on any natural person who owns, directly or indirectly, 25 percent or more of the legal entity customer. This could include up to four individuals, or, no individuals (if no one owned 25 percent or more). When no individual meets the threshold for ownership interest under the rule, the control prong becomes all the more important. Under the control prong, the covered financial institution must collect information on at least one natural person with significant responsibility to control, manage, or direct the legal entity customer. This could include, for example, a company’s president, chief executive officer, or another individual having significant control over and decision-making authority within the company.
Significantly, in obtaining this information, covered financial institutions can rely on the information provided and certified by the legal entity customer opening the account. The covered financial institution generally does not have to go beyond what is provided, unless it has reason to believe that the information provided is unreliable.
Implementation of the Customer Due Diligence Rule
FinCEN is committed to ensuring effective implementation of the CDD Rule. As noted earlier, prior to issuance of the NPRM for the CDD Rule, FinCEN actively solicited feedback from industry and engaged in robust engagement with stakeholders. After considering comments on our proposed rule, we extended the proposed one-year compliance period in the NPRM to two years, in order to provide financial institutions additional time to address operational needs, including developing related policies and procedures, providing training to employees, and preparing customer communication.
During the past two years, FinCEN also has taken additional steps to ensure that covered financial institutions and other stakeholders understand the rule’s requirements. For example, in July 2016, shortly after FinCEN issued the final rule, FinCEN published an initial set of Frequently Asked Questions (“FAQs”), which provided guidance to financial institutions on the key components of the rule, such as:
• A summary of the rule’s requirements;
• An explanation of which financial institutions are covered by the rule;
• A description of the identification information to be obtained from legal entity customers at account opening;
• The mechanism for collecting and verifying the identity of beneficial owners;
• The required policies and procedures financial institutions must implement to obtain information on beneficial owners and to conduct ongoing customer due diligence; and
• Information regarding how financial institutions must use the collected information.
FinCEN and other Treasury representatives have also engaged with various stakeholders, including financial institutions, trade associations, regulators, and examiners, at conferences, workshops and in other fora, to explain and clarify various aspects of the rule and hear about emerging questions. FinCEN also has provided ongoing feedback to financial institutions by responding to questions about the rule submitted to the FinCEN Resource Center.
Based on continued feedback from industry, more recently, on April 3, 2018, FinCEN published a second set of 37 FAQs that provides detailed responses to a wide array of questions stakeholders have raised since the rule was published. Many of the FAQs incorporate topics and address scenarios that had been discussed with stakeholders before the FAQs were published.
As reflected in the recent FAQs, FinCEN takes a practical approach to how the rule should be implemented—an approach that continues to balance the need for transparency in corporate ownership and control with the compliance burden and costs to industry.
Lastly, FinCEN has participated in webinars sponsored by industry and regulators to discuss the rule’s requirements and any additional questions stakeholders, including financial institutions and examiners, may raise.
Compliance and Enforcement of the Customer Due Diligence Rule
As you may be aware, FinCEN has delegated its examination authority to the Federal functional regulators responsible for supervising and examining covered financial institutions, including the Federal Banking Agencies (i.e., Federal Reserve, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the National Credit Union Administration), the U.S. Securities and Exchange Commission, and the Commodity Futures Trading Commission, as
well as with the self-regulatory organizations (i.e., the Financial Industry Regulatory Authority for broker-dealers and the National Futures Association for futures firms).
FinCEN has worked collaboratively and has maintained regular and ongoing discussions with its regulatory counterparts to ensure a common understanding and consistent compliance and enforcement standards within and across regulated industry sectors. FinCEN will continue to work with these agencies regarding their examination approach to ensure that we help covered financial institutions achieve compliance.
Although we expect covered institutions to be ready on May 11, 2018, to begin timely and effective implementation of the policies, procedures, and controls required under the CDD Rule—and we are pleased to have heard from many in industry that they were ready—we also understand that institutions, regulators and other stakeholders may need a little extra time to smooth out any wrinkles. This is the case whenever we issue a new rule, the purpose of which is always to enhance our AML regime and not to serve as a vehicle for punishing financial institutions. There is always an understandable expectation that industry’s fine-tuning of its implementation, and the government’s fine-tuning of the examination process itself, takes time and that new questions often emerge after implementation begins. We have spoken with our counterparts, including the Federal Banking Agencies, the U.S. Securities and Exchange Commission, and the Commodity Futures Trading Commission, to discuss these issues. We are all committed to ensuring that covered financial institutions are able to implement the rule effectively, and in a way that makes practical sense.
Our goal in this rule is to gain the transparency needed to protect the U.S. financial system and to prevent, deter, detect and disrupt money laundering, terrorist financing, and other serious crimes. It is important for us to continue to work with our regulatory partners, their examiners and financial institutions to achieve these objectives through compliance with the rule. It is equally important, however, to understand that seamless implementation does not happen overnight and, for some areas, we all will need time to benefit from cumulative practical experiences with the new rule as part of the process. In the meantime, we would encourage financial institutions to alert their examiners to any issues early on, and to share such concerns with FinCEN. We will continue to work with industry and regulators to understand and help address any concerns.
FinCEN will continue to engage industry groups and other stakeholders to understand any specific unintended challenges that the rule may present and, if necessary, FinCEN will provide further guidance. Likewise, we will work with regulatory and law enforcement partners to understand and address any compliance issues appropriately.
I would like to thank the Committee for its efforts on this important matter and look forward to working with this Committee and other members of Congress to continue combatting money laundering and illicit finance threats to secure our financial system, keep our nation safe and prosperous, and protect our communities and families from harm.
1 77 FR 13046 (Mar. 5, 2012).
2 81 FR. 29,398, 29,402 n. 31 (May 11, 2016).
3 79 FR 45,151 (Aug. 4, 2014).