Banking in the Ninth

Customer Due Diligence Requirements

Safety & Soundness Update - December 2016

Shelley Vangen | BSA/AML Risk Coordinator

Published December 14, 2016  | December 2016 issue

On May 11, 2016, the Financial Crimes Enforcement Network (FinCEN) issued “Customer Due Diligence Requirements for Financial Institutions” (the CDD Rule).1 The rule strengthens existing customer due diligence (CDD) requirements and requires banks to identify and verify the beneficial owners of legal entity customers. Essentially, CDD has become the fifth required element of an effective Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program. “BSA/AML programs must now include, at a minimum: (1) a system of internal controls; (2) independent testing; (3) designation of a compliance officer or individual(s) responsible for day-to-day compliance; (4) training for appropriate personnel; and (5) appropriate risk-based procedures for conducting ongoing CDD to understand the nature and purpose of customer relationships, ongoing monitoring to identify and report suspicious transactions, and, on a risk basis, to maintain and update customer information.”2 While CDD requirements are not new, banks are now required to collect and verify identification documentation for beneficial owners of legal entity customers. In this article, we summarize key aspects of the CDD Rule to assist banks in their efforts to comply with the rule’s requirements.

Prior to the CDD Rule, banks were not required to know the identity of the beneficial owners that own or control their legal entity customers. This enabled criminals and others looking to hide ill-gotten proceeds to access the financial system anonymously. The beneficial ownership requirement is intended to address this weakness and provide information that will assist law enforcement in financial investigations, help prevent evasion of targeted financial sanctions, improve the ability of banks to assess risk, facilitate tax compliance and advance U.S. compliance with international standards and commitments.

Since CDD remains an area where examination deficiencies are commonly identified, the issuance of the CDD Rule provides banks with an opportunity to review their current CDD programs and make any needed enhancements. The most significant change required by the CDD Rule is that banks must establish and maintain written procedures that are reasonably designed to identify and verify the beneficial owners of legal entity customers who open new accounts on or after May 11, 2018. The rule defines a legal entity customer as a corporation, limited liability company, other entity created by the filing of a public document with a secretary of state or similar office, a general partnership and any similar entity formed under the laws of a foreign jurisdiction that opens an account. The definition also includes limited partnerships, business trusts that are created by a filing with a state office and any other entity created in this manner. The definition does not include sole proprietorships, unincorporated associations or natural persons opening accounts on their own behalf.

FinCEN intends that the legal entity customer identify its ultimate beneficial owner(s) and not “nominees” or “straw men.” Bank management has questioned the level of reliance the bank can place upon the beneficial ownership information provided by the legal entity customer. FinCEN is specific that it is the responsibility of the legal entity customer to identify its ultimate beneficial owners, and the bank may rely upon the information provided unless the bank has reason to question its accuracy. This information should be collected from the individual seeking to open a new account on behalf of the legal entity customer. This individual could, but would not necessarily, be a beneficial owner.

Bank management has asked if the bank needs to collect beneficial ownership information on all beneficial owners of a legal entity customer. Banks must collect and verify the beneficial ownership information of each person who meets the definition under the ownership prong and of one person under the control prong. The rule utilizes a two-pronged approach to defining a beneficial owner—an ownership prong and a control prong. Under the ownership prong, a beneficial owner is defined as each individual, if any, who, directly or indirectly, owns 25 percent or more of the equity interests of a legal entity customer. However, the rule recognizes that there may be instances when no single individual owns 25 percent or more of the equity interest of the legal entity; in such instances, the bank is still required to collect the required information for one individual who controls, manages or directs the legal entity customer. Under the control prong, a beneficial owner is defined as a single individual with significant responsibility to control, manage or direct a legal entity customer, including an executive officer or senior manager (e.g., a chief executive officer, chief financial officer, chief operating officer, managing member, general partner, president, vice president or treasurer) or any other individual who regularly performs similar functions. Under this definition, a legal entity will have a total of one to five beneficial owners (one person under the control prong and zero to four persons under the ownership prong).

Banks must develop procedures that contain the elements required for verifying the identity of customers that are individuals under applicable customer identification program (CIP) requirements,3 including Office of Foreign Assets Control (OFAC) sanction requirements. As with CIP for individual customers, banks must collect the name, date of birth, address and Social Security number or other government identification number (passport number or other similar information in the case of foreign persons) for any individuals who own 25 percent or more of the equity interest of the legal entity (the ownership prong), and they must collect the same information for an individual with significant responsibility to control and/or manage the legal entity at the time a new account is opened (the control prong). Unlike CIP requirements, for the CDD Rule, the banks may use photocopies or other reproductions of the required documents.

FinCEN provides a Certification Form4 as an optional document that banks may use to document the required beneficial ownership information. Bank management has asked if the bank must use the Certification Form to document beneficial ownership information. Banks may choose to comply by using this sample Certification Form, or they may use a form created by the bank, or any other means that complies with the substantive requirements of this obligation.

For additional assistance, banks should refer to FinCEN’s frequently asked questions (FAQs) regarding the scope of the CDD requirements for financial institutions.5 While FinCEN provided banks with an additional year to comply with the requirements of the CDD Rule, we encourage bank management to begin implementing necessary changes to meet the requirements of the CDD Rule in order to be in full compliance by the May 11, 2018, applicability date.


1 31 C.F.R. Parts 1010, 1020, 1023, et seq. Customer Due Diligence Requirements for Financial Institutions; Final Rule.

2 31 C.F.R. Part 1020.210(b)(1-5).

3 See 31 C.F.R. 1020.220(a)(2), 31 C.F.R. 1023.220(a)(2), 31 C.F.R. 1024.220, and 31 C.F.R. 1026.220(a)(2) for applicable CIP requirements.

4 31 C.F.R. Parts 1010, 1020, 1023, et seq. Appendix A.