The Financial Crimes Enforcement Network (FinCEN), along with the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, and the Securities and Exchange Commission, are issuing this guidance, in consultation with staff of the Commodity Futures Trading Commission, to clarify and consolidate existing regulatory expectations for obtaining beneficial ownership information for certain accounts and customer relationships. Information on beneficial ownership in account relationships provides another tool for financial institutions to better understand and address money laundering and terrorist financing risks, protect themselves from criminal activity, and assist law enforcement with investigations and prosecutions.
The cornerstone of a strong Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program is the adoption and implementation of internal controls, which include comprehensive customer due diligence (CDD) policies, procedures, and processes for all customers, particularly those that present a high risk for money laundering or terrorist financing.1 The requirement that a financial institution know its customers, and the risks presented by its customers, is basic and fundamental to the development and implementation of an effective BSA/AML compliance program. Specifically, conducting appropriate CDD assists an institution in identifying, detecting, and evaluating unusual or suspicious activity.
In general, a financial institution's CDD processes should be commensurate with its BSA/AML risk, with particular focus on high risk customers. CDD processes should be developed to identify customers who pose heightened money laundering or terrorist financing risks, and should be enhanced in accordance with the institution's assessment of those risks.
Heightened risks can arise with respect to beneficial owners of accounts because nominal account holders can enable individuals and business entities to conceal the identity of the true owner of assets or property derived from or associated with criminal activity. Moreover, criminals, money launderers, tax evaders, and terrorists may exploit the privacy and confidentiality surrounding some business entities, including shell companies and other vehicles designed to conceal the nature and purpose of illicit transactions and the identities of the persons associated with them. Consequently, identifying the beneficial owner(s) of some legal entities may be challenging, as the characteristics of these entities often effectively shield the legal identity of the owner. However, such identification may be important in detecting suspicious activity and in providing useful information to law enforcement.
A financial institution may consider implementing these policies and procedures on an enterprise-wide basis. This may include sharing or obtaining beneficial ownership information across business lines, separate legal entities within an enterprise, and affiliated support units. To encourage cost effectiveness, enhance efficiency, and increase availability of potentially relevant information, AML staff may find it useful to cross-check for beneficial ownership information in data systems maintained within the financial institution for other purposes, such as credit underwriting, marketing, or fraud detection.
Customer Due Diligence
As part of an institution's BSA/AML compliance program, a financial institution should establish and maintain CDD procedures that are reasonably designed to identify and verify the identity of beneficial owners2 of an account, as appropriate, based on the institution's evaluation of risk pertaining to an account.3
For example, CDD procedures may include the following:
Determining whether the customer is acting as an agent for or on behalf of another, and if so, obtaining information regarding the capacity in which and on whose behalf the customer is acting.
Where the customer is a legal entity that is not publicly traded in the United States, such as an unincorporated association, a private investment company (PIC), trust or foundation, obtaining information about the structure or ownership of the entity so as to allow the institution to determine whether the account poses heightened risk.
Where the customer is a trustee, obtaining information about the trust structure to allow the institution to establish a reasonable understanding of the trust structure and to determine the provider of funds and any persons or entities that have control over the funds or have the power to remove the trustees.
With respect to accounts that have been identified by an institution's CDD procedures as posing a heightened risk, these accounts should be subjected to enhanced due diligence (EDD) that is reasonably designed to enable compliance with the requirements of the BSA. This may include steps, in accordance with the level of risk presented, to identify and verify beneficial owners, to reasonably understand the sources and uses of funds in the account, and to reasonably understand the relationship between the customer and the beneficial owner.
Certain trusts, corporate entities, shell entities,4 and PICs are examples of customers that may pose heightened risk. In addition, FinCEN rules establish particular due diligence requirements concerning beneficial owners in the areas of private banking and foreign correspondent accounts.
In addition, CDD and EDD information should be used for monitoring purposes and to determine whether there are discrepancies between information obtained regarding the account's intended purpose and expected account activity and the actual sources of funds and uses of the account.
Under FinCEN's regulations, a "covered financial institution"6 must establish and maintain a due diligence program that includes policies, procedures, and controls reasonably designed to detect and report known or suspected money laundering or suspicious activity conducted through or involving private banking accounts. This requirement applies to private banking accounts established, maintained, administered, or managed in the United States.7 The regulation currently covers private banking accounts at depository institutions, securities broker-dealers, futures commission merchants and introducing brokers in commodities, and mutual funds.
Among other actions, as part of their due diligence program, institutions that offer private banking services must take reasonable steps to ascertain the source(s) of the customer's wealth and the anticipated activity of the account, as well as potentially take into account the geographic location, the customer's corporate structure, and public information.8 Moreover, reasonable steps must be taken to identify nominal and beneficial owners of private banking accounts.9 Obtaining beneficial ownership information concerning the types of accounts listed above may require the application of EDD procedures.
Special rules apply for senior foreign political figures.10 A review of private banking account relationships is required in part to determine whether the nominal or beneficial owners are senior foreign political figures. Covered financial institutions should establish policies, procedures, and controls that include reasonable steps to ascertain the status of a nominal or beneficial owner as a senior foreign political figure. This may include obtaining information on employment status and sources of income, as well as consulting news sources and checking references where appropriate.11 Accounts for senior foreign political figures require, in all instances, EDD that is reasonably designed to detect and report transactions that may involve the proceeds of foreign corruption.12
With regard to private banking accounts, a covered financial institution's failure to take reasonable steps to identify the nominal and beneficial owners of an account generally would be viewed as a violation of the requirements of 31 CFR 103.178.
Foreign Correspondent Accounts
FinCEN's regulations also require covered financial institutions13 to establish a due diligence program that includes appropriate, specific, risk-based, and, where necessary, enhanced policies, procedures and controls that are reasonably designed to detect and report, on an ongoing basis, any known or suspected money laundering activity conducted through or involving any correspondent account14 established, maintained, administered, or managed in the United States for a foreign financial institution.15 Under these regulations, enhanced due diligence is required for correspondent accounts16 established, maintained, administered, or managed in the United States, for foreign banks that operate under: (1) an offshore banking license; (2) a banking license issued by a country that has been designated as non-cooperative with international anti-money laundering principles or procedures; or (3) a banking license issued by a country designated by the Secretary of the Treasury (under delegation to the Director of FinCEN, and in consultation with the Federal banking agencies, the Securities and Exchange Commission, and the Commodity Futures Trading Commission) as warranting special measures due to money laundering concerns.17 Enhanced due diligence is designed to be risk-based, with flexibility in its implementation to allow covered financial institutions to obtain and retain this information based on risk.
With respect to correspondent accounts for such foreign banks, a covered financial institution's risk-based EDD should obtain information, as appropriate, from the foreign bank about the identity of any person with authority to direct transactions through any correspondent account that is a payable-through account, as well as the source and beneficial owner of funds or other assets in a payable-through account. A payable-through account is a correspondent account maintained by a covered financial institution for a foreign bank by means of which the foreign bank permits its customers to engage, either directly or through a subaccount, in banking activities usual in connection with the business of banking in the United States.18 Covered financial institutions may elect to use a questionnaire or conduct a review of the transaction history for the respondent bank in collecting the information required.19
Additionally, covered financial institutions20 are prohibited from opening and maintaining correspondent accounts21 for foreign shell banks.22 Covered financial institutions that offer foreign correspondent accounts must take reasonable steps to ensure the account is not being used to indirectly provide banking services to foreign shell banks.23 The covered financial institution must identify the owners24 of foreign banks whose shares are not publicly traded and record the name and address of a person in the United States that is authorized to be an agent to accept service of legal process.25
With regard to foreign correspondent accounts, a covered financial institution's failure to maintain records identifying the owners of non-publicly traded foreign banks could be viewed as a violation of the requirements of 31 CFR 103.177.
For questions about this guidance, please contact FinCEN's Regulatory Helpline at (800) 949-2732 or your appropriate regulatory agency.