FINRA recently published an updated version of its Small Firm Template: Anti-Money Laundering (AML) Program to address amended broker-dealer requirements under FINRA Rule 3310 and the Bank Secrecy Act (“BSA”). The amended Rule reflects the Treasury Department’s Financial Crimes Enforcement Network’s (“FinCEN”) adoption of the final rule, referred to as the Customer Due Diligence (“CDD”) Rule, which becomes effective May 11, 2018.
FinCEN’s CDD Rule identifies four components of customer due diligence:
- Customer identification and verification;
- Beneficial ownership identification and verification;
- Understanding the nature and purpose of customer relationships in order to develop customer risk profiles; and
- Conducting ongoing monitoring in order to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.
The amended CDD Rule focuses primarily on the second component, adding a new requirement that covered financial institutions must establish and maintain in their written AML Program document additional policies and procedures that identify and verify the beneficial owners of legal entity customers, subject to certain exclusions and exemptions.
The CDD Rule requires firms to obtain, from the natural person opening an account for an entity customer, information regarding the beneficial owner(s) of the entity. The required information includes the name, date of birth, address and Social Security Number (or other government identification number) of the beneficial owner(s).
To assist firms in obtaining beneficial ownership information, FinCEN has also published a standard certification form, Certification of Beneficial Owner(s). Firms may elect to create their own form, provided that the form satisfies the identification requirements of the rule. The rule does not require firms to retroactively acquire this information from existing entity customers, unless those customers open new accounts. Additionally, firms are not required to periodically update the beneficial owner(s) information, but must do so if, in the course of routine account monitoring, the firm obtains information that requires it to reevaluate the risk of the entity customer.
Firms are also required to verify the identity of the beneficial owner(s), but under the rule are not required to verify their status as the beneficial owner(s) of the particular legal entity. In other words, firms are required, through their existing Customer Identification Program (“CIP”), to verify the identity of the beneficial owner(s) but they do not have to verify the beneficial owner(s)’ status within the entity customer.