[Federal Register Volume 81, Number 91 (Wednesday, May 11, 2016)]
[Rules and Regulations]
[Pages 29398-29458]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-10567]
[[Page 29397]]
Vol. 81
Wednesday,
No. 91
May 11, 2016
Part III
Department of the Treasury
-----------------------------------------------------------------------
Financial Crimes Enforcement Network
-----------------------------------------------------------------------
31 CFR Parts 1010, 1020, 1023, et al.
Customer Due Diligence Requirements for Financial Institutions; Final
Rule
��Federal Register / Vol. 81 , No. 91 / Wednesday, May 11, 2016 / Rules
and Regulations��
[[Page 29398]]
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Financial Crimes Enforcement Network
31 CFR Parts 1010, 1020, 1023, 1024, and 1026
RIN 1506-AB25
Customer Due Diligence Requirements for Financial Institutions
AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury.
ACTION: Final rules.
-----------------------------------------------------------------------
SUMMARY: FinCEN is issuing final rules under the Bank Secrecy Act to
clarify and strengthen customer due diligence requirements for: Banks;
brokers or dealers in securities; mutual funds; and futures commission
merchants and introducing brokers in commodities. The rules contain
explicit customer due diligence requirements and include a new
requirement to identify and verify the identity of beneficial owners of
legal entity customers, subject to certain exclusions and exemptions.
DATES: The final rules are effective July 11, 2016.
Applicability Date: Covered financial institutions must comply with
these rules by May 11, 2018.
FOR FURTHER INFORMATION CONTACT: FinCEN Resource Center at 1-800-767-
2825. Email inquiries can be sent to [email protected].
SUPPLEMENTARY INFORMATION:
I. Executive Summary
A. Purpose of This Regulatory Action
Covered financial institutions are not presently required to know
the identity of the individuals who own or control their legal entity
customers (also known as beneficial owners). This enables criminals,
kleptocrats, and others looking to hide ill-gotten proceeds to access
the financial system anonymously. The beneficial ownership requirement
will address this weakness and provide information that will assist law
enforcement in financial investigations, help prevent evasion of
targeted financial sanctions, improve the ability of financial
institutions to assess risk, facilitate tax compliance, and advance
U.S. compliance with international standards and commitments.
FinCEN believes that there are four core elements of customer due
diligence (CDD), and that they should be explicit requirements in the
anti-money laundering (AML) program for all covered financial
institutions, in order to ensure clarity and consistency across
sectors: (1) Customer identification and verification, (2) beneficial
ownership identification and verification, (3) understanding the nature
and purpose of customer relationships to develop a customer risk
profile, and (4) ongoing monitoring for reporting suspicious
transactions and, on a risk-basis, maintaining and updating customer
information. The first is already an AML program requirement and the
second will be required by this final rule. The third and fourth
elements are already implicitly required for covered financial
institutions to comply with their suspicious activity reporting
requirements. The AML program rules for all covered financial
institutions are being amended by the final rule in order to include
the third and fourth elements as explicit requirements.
FinCEN has the legal authority for this action in the Bank Secrecy
Act (BSA), which authorizes FinCEN to impose AML program requirements
on all financial institutions \1\ and to require financial institutions
to maintain procedures to ensure compliance with the BSA and its
implementing regulations or to guard against money laundering.\2\
---------------------------------------------------------------------------
\1\ 31 U.S.C. 5318(h)(2).
\2\ 31 U.S.C. 5318(a)(2).
---------------------------------------------------------------------------
B. Summary of the Major Provisions of the Rulemaking
1. Beneficial Ownership
Beginning on the Applicability Date, covered financial institutions
\3\ must identify and verify the identity of the beneficial owners of
all legal entity customers (other than those that are excluded) at the
time a new account is opened (other than accounts that are exempted).
The financial institution may comply either by obtaining the required
information on a standard certification form (Certification Form
(Appendix A)) or by any other means that comply with the substantive
requirements of this obligation. The financial institution may rely on
the beneficial ownership information supplied by the customer, provided
that it has no knowledge of facts that would reasonably call into
question the reliability of the information. The identification and
verification procedures for beneficial owners are very similar to those
for individual customers under a financial institution's customer
identification program (CIP),\4\ except that for beneficial owners, the
institution may rely on copies of identity documents. Financial
institutions are required to maintain records of the beneficial
ownership information they obtain, and may rely on another financial
institution for the performance of these requirements, in each case to
the same extent as under their CIP rule.
---------------------------------------------------------------------------
\3\ The term ``covered financial institution'' refers to: (i)
Banks; (ii) brokers or dealers in securities; (iii) mutual funds;
and (iv) futures commission merchants and introducing brokers in
commodities.
\4\ 31 CFR 1020.220, 1023.220, 1024.220, 1026.220.
---------------------------------------------------------------------------
The terms used for the purposes of this final rule, including
account, beneficial ownership, legal entity customer, excluded legal
entities, new account, and covered financial institution, are set forth
in the final rule.
Financial institutions should use beneficial ownership information
as they use other information they gather regarding customers (e.g.,
through compliance with CIP requirements), including for compliance
with the Office of Foreign Assets Control (OFAC) regulations, and the
currency transaction reporting (CTR) aggregation requirements.
2. Anti-Money Laundering Program Rule Amendments
The AML program requirement for each category of covered financial
institutions is being amended to explicitly include risk-based
procedures for conducting ongoing customer due diligence, to include
understanding the nature and purpose of customer relationships for the
purpose of developing a customer risk profile.
A customer risk profile refers to the information gathered about a
customer at account opening used to develop a baseline against which
customer activity is assessed for suspicious activity reporting. This
may include self-evident information such as the type of customer or
type of account, service, or product. The profile may, but need not,
include a system of risk ratings or categories of customers.
In addition, customer due diligence also includes conducting
ongoing monitoring to identify and report suspicious transactions and,
on a risk basis, to maintain and update customer information. For these
purposes, customer information shall include information regarding the
beneficial owners of legal entity customers (as defined in Sec.
1010.230). The first clause of paragraph (ii) sets forth the
requirement that financial institutions conduct monitoring to identify
and report suspicious transactions. Because this includes transactions
that are not of the sort the customer would be normally expected to
engage, the customer risk profile information is used (among other
sources) to identify such transactions. This information may be
integrated into the financial institution's automated monitoring
system, and may be used
[[Page 29399]]
after a potentially suspicious transaction has been identified, as one
means of determining whether or not the identified activity is
suspicious.
When a financial institution detects information (including a
change in beneficial ownership information) about the customer in the
course of its normal monitoring that is relevant to assessing or
reevaluating the risk posed by the customer, it must update the
customer information, including beneficial ownership information. Such
information could include, e.g., a significant and unexplained change
in the customer's activity, such as executing cross-border wire
transfers for no apparent reason or a significant change in the volume
of activity without explanation. It could also include information
indicating a possible change in the customer's beneficial ownership,
because such information could also be relevant to assessing the risk
posed by the customer. This applies to all legal entity customers,
including those existing on the Applicability Date.
This provision does not impose a categorical requirement that
financial institutions must update customer information, including
beneficial ownership information, on a continuous or periodic basis.
Rather, the updating requirement is event-driven, and occurs as a
result of normal monitoring.
C. Costs and Benefits
This is a significant regulatory action pursuant to Executive Order
12866 (``E.O. 12866'') because it is likely to result in a final rule
that may have an annual effect on the economy of $100 million or more.
Accordingly, FinCEN published for comment on December 24, 2015 a
preliminary Regulatory Impact Assessment (RIA) for the proposed rule
(80 FR 80308), which provided a quantitative estimate of the costs to
the private sector for which adequate data are available and a
qualitative discussion of both the costs and benefits for which data
are not available. As a result of the comments submitted, FinCEN
revised the preliminary RIA to include additional cost estimates \5\
and is publishing with this final rule a final RIA. The annualized
quantified costs (under low cost scenarios) are estimated to be $153
million (at a seven percent discount rate) and $148 million (at a three
percent discount rate). The annualized quantified costs (under high
cost scenarios) are estimated to be $287 million (at a seven percent
discount rate) and $282 million (at a three percent discount rate).
Because the benefits of the rule cannot be quantified, FinCEN has
utilized a breakeven analysis to determine how large the final rule's
benefits would have to be in order to justify its estimated costs. The
RIA uses Treasury's estimate of $300 billion in illicit proceeds
generated annually in the United States due to financial crimes, to
determine the minimum level of effectiveness that the final rule would
need to achieve for the benefits to equal the costs. Based on this
analysis, using the upper bound of our cost assessment, FinCEN has
concluded that the final rule would only have to reduce illicit
activity by 0.6 percent to yield a positive net benefit. The Treasury
Department believes that the final rule will reduce illicit activity by
a greater amount than this.
---------------------------------------------------------------------------
\5\ In the final RIA, we estimate that 10-year quantifiable
costs range from $1.15 billion to $2.15 billion in present value
using a seven percent discount rate, and from $1.3 billion to $2.5
billion using a three percent discount rate.
---------------------------------------------------------------------------
II. Background
A. The Bank Secrecy Act
FinCEN exercises regulatory functions primarily under the Currency
and Foreign Transactions Reporting Act of 1970, as amended by the USA
PATRIOT Act of 2001 (PATRIOT Act) and other legislation, which
legislative framework is commonly referred to as the ``Bank Secrecy
Act'' (BSA).\6\ The BSA authorizes the Secretary of the Treasury
(Secretary) to require financial institutions to keep records and file
reports that ``have a high degree of usefulness in criminal, tax, or
regulatory investigations or proceedings, or in the conduct of
intelligence or counterintelligence activities, including analysis, to
protect against international terrorism.'' \7\
---------------------------------------------------------------------------
\6\ The BSA is codified at 12 U.S.C. 1829b, 12 U.S.C. 1951-1959,
18 U.S.C. 1956, 1957, and 1960, and 31 U.S.C. 5311-5314 and 5316-
5332 and notes thereto, with implementing regulations at 31 CFR
chapter X. See 31 CFR 1010.100(e).
\7\ 31 U.S.C. 5311.
---------------------------------------------------------------------------
The Secretary has delegated to the Director of FinCEN the authority
to implement, administer, and enforce compliance with the BSA and
associated regulations.\8\ FinCEN is authorized to impose anti-money
laundering (AML) program requirements on financial institutions,\9\ as
well as to require financial institutions to maintain procedures to
ensure compliance with the BSA and the regulations promulgated
thereunder or to guard against money laundering.\10\
---------------------------------------------------------------------------
\8\ Treasury Order 180-01 (July 1, 2014).
\9\ 31 U.S.C. 5318(h)(2).
\10\ 31 U.S.C. 5318(a)(2).
---------------------------------------------------------------------------
B. The Importance of Customer Due Diligence
FinCEN, after consultation with the staffs of the Federal
functional regulators and the Department of Justice, has determined
that more explicit rules for covered financial institutions with
respect to customer due diligence (CDD) are necessary to clarify and
strengthen CDD within the BSA regime, which in turn will enhance
financial transparency and help to safeguard the financial system
against illicit use. Requiring financial institutions to perform
effective CDD so that they understand who their customers are and what
type of transactions they conduct is a critical aspect of combating all
forms of illicit financial activity, from terrorist financing and
sanctions evasion to more traditional financial crimes, including money
laundering, fraud, and tax evasion. For FinCEN, the key elements of CDD
include: (i) Identifying and verifying the identity of customers; (ii)
identifying and verifying the identity of beneficial owners of legal
entity customers (i.e., the natural persons who own or control legal
entities); (iii) understanding the nature and purpose of customer
relationships; and (iv) conducting ongoing monitoring. Collectively,
these elements comprise the minimum standard of CDD, which FinCEN
believes is fundamental to an effective AML program.
Clarifying and strengthening CDD requirements for U.S. financial
institutions, including with respect to the identification of
beneficial owners, advance the purposes of the BSA by:
(1) Enhancing the availability to law enforcement, as well as to
the Federal functional regulators and self-regulatory organizations
(SROs), of beneficial ownership information about legal entity
customers obtained by U.S. financial institutions, which assists law
enforcement financial investigations and a variety of regulatory
examinations and investigations;
(2) Increasing the ability of financial institutions, law
enforcement, and the intelligence community to identify the assets and
accounts of terrorist organizations, corrupt actors, money launderers,
drug kingpins, proliferators of weapons of mass destruction, and other
national security threats, which strengthens compliance with sanctions
programs designed to undercut financing and support for such persons;
(3) Helping financial institutions assess and mitigate risk, and
comply with all existing legal requirements, including the BSA and
related authorities;
[[Page 29400]]
(4) Facilitating reporting and investigations in support of tax
compliance, and advancing commitments made to foreign counterparts in
connection with the provisions commonly known as the Foreign Account
Tax Compliance Act (FATCA); \11\
---------------------------------------------------------------------------
\11\ Officially the Hiring Incentives to Restore Employment Act
of 2010, Public Law 111-147, 124 Stat. 71, Section 501(a).
---------------------------------------------------------------------------
(5) Promoting consistency in implementing and enforcing CDD
regulatory expectations across and within financial sectors; and
(6) Advancing Treasury's broad strategy to enhance financial
transparency of legal entities.
1. Assisting Financial Investigations by Law Enforcement
The abuse of legal entities to disguise involvement in illicit
financial activity is a longstanding vulnerability that facilitates
crime, threatens national security, and jeopardizes the integrity of
the financial system. Criminals have exploited the anonymity that use
of legal entities can provide to engage in money laundering,
corruption, fraud, terrorist financing, and sanctions evasion, among
other financial crimes.
There are numerous examples that Treasury has tracked as a part of
its National Money Laundering Risk Assessment and Terrorist Financing
Risk Assessment.\12\ For example, in 2013, prosecutors in New York
indicted 34 alleged members of Russian-American organized crime groups,
charging that they participated in a range of racketeering activities.
One of the constituent racketeering enterprises was alleged to have
moved millions of dollars in unlawful gambling proceeds through a
network of shell companies \13\ in Cyprus and the United States.\14\ In
2011, Federal prosecutors indicted 13 individuals for their alleged
unlawful takeover and looting of a publicly-held mortgage company. Some
of these defendants allegedly used the assets of the company to acquire
shell companies, while other defendants are alleged to have further
obscured the ownership of these companies through complex legal
structures involving other shell companies.\15\ In 2006, prosecutors
indicted a number of individuals for their roles in supporting a long-
running nationwide drug trafficking organization. The proceeds
generated by this trafficking organization were laundered through
numerous shell and shelf \16\ corporations created to provide
apparently legitimate fronts for this income. These legal entities were
further used to open accounts at financial institutions and hold title
to property.\17\ Other examples cited by law enforcement officials
include major drug trafficking organizations using shell companies to
launder drug proceeds.\18\ In 2011, a World Bank report highlighted how
corrupt actors consistently abuse legal entities to conceal the
proceeds of corruption, which the report estimates to aggregate at
least $40 billion per year in illicit activity.\19\ Other criminals
also make aggressive use of front companies,\20\ which may also conduct
legitimate business activity, to disguise the deposit, withdrawal, or
transfer of illicit proceeds that are intermingled with legitimate
funds.
---------------------------------------------------------------------------
\12\ U.S. Dep't of the Treasury, National Money Laundering Risk
Assessment (2015), available at http://www.treasury.gov/resource-center/terrorist-illicit-finance/Documents/National%20Money%20Laundering%20Risk%20Assessment%20%E2%80%93%2006-12-2015.pdf; U.S. Dep't of the Treasury, National Terrorist
Financing Risk Assessment (2015), available at http://www.treasury.gov/resource-center/terrorist-illicit-finance/Documents/National%20Terrorist%20Financing%20Risk%20Assessment%20%E2%80%93%2006-12-2015.pdf.
\13\ A shell company is a legal entity that has been registered
with a state but has no physical operations or assets. Shell
companies can serve legitimate purposes, such as holding financial
assets or other property, but can also be used to conceal the
source, ownership, or control of illegal proceeds. U.S. Dep't of the
Treasury, National Money Laundering Risk Assessment at 43.
\14\ Id. at 20.
\15\ Id.
\16\ A shelf corporation is a legal entity that has been
registered with a state but not yet used for any purpose; it has
instead been kept on the ``shelf'' for a buyer who does not want to
go through the process of creating a new legal entity. Id.
\17\ Id. at 44.
\18\ Combating Transnational Organized Crime: International
Money Laundering as a Threat to Our Financial System, Before the
Subcommittee on Crime, Terrorism, and Homeland Security, H. Comm. on
the Judiciary, 112th Cong. (February 8, 2012) (statement of Jennifer
Shasky Calvery as Chief, Asset Forfeiture and Money Laundering
Section, Criminal Division of the U.S. Department of Justice).
\19\ The Puppet Masters: How the Corrupt Use Legal Structures to
Hide Stolen Assets and What to Do About It, The International Bank
for Reconstruction and Development/The World Bank (2011).
\20\ A front company is a legitimate business that combines
illicit proceeds with earnings from its legitimate operations,
thereby obscuring the source of the illegitimate funds. See U.S.
Dep't of the Treasury, National Money Laundering Risk Assessment at
43.
---------------------------------------------------------------------------
Strong CDD practices that include identifying and verifying the
identity of the natural persons who own or control a legal entity--
i.e., the beneficial owners--help defend against these abuses in a
variety of ways. The collection of beneficial ownership information by
financial institutions can provide law enforcement with key details
about suspected criminals who use legal structures to conceal their
illicit activity and assets. Moreover, requiring legal entities seeking
access to financial institutions to disclose identifying information,
such as the name, date of birth, and Social Security number of natural
persons who own or control them, will make such entities more
transparent, and thus less attractive to criminals and those who assist
them. Even if an illicit actor tries to thwart such transparency by
providing false beneficial ownership information to a financial
institution, law enforcement has advised FinCEN that such information
can still be useful in demonstrating unlawful intent and in generating
leads to identify additional evidence or co-conspirators.
2. Advancing Counterterrorism and Broader National Security Interests
As noted, criminals often abuse legal entities to evade sanctions
or other targeted financial measures designed to combat terrorism and
other national security threats. The success of such targeted financial
measures depends, in part, on the ability of financial institutions,
law enforcement, and intelligence agencies to identify a target's
assets and accounts. These measures are thwarted when legal entities
are abused to obfuscate ownership interests. Effective CDD helps
prevent such abuses by requiring the collection of critical
information, including beneficial ownership information, which may be
helpful in implementing sanctions or other similar measures.
3. Improving a Financial Institution's Ability To Assess and Mitigate
Risk
Explicit CDD requirements would also enable financial institutions
to assess and mitigate risk more effectively in connection with
existing legal requirements. It is through CDD that financial
institutions are able to understand the risks associated with their
customers, to monitor accounts more effectively, and to evaluate
activity to determine whether it is unusual or suspicious, as required
under suspicious activity reporting obligations.\21\ Further, in the
event that a financial institution files a suspicious activity report
(SAR), information gathered through CDD in many instances can enhance
SARs, which in turn can help law enforcement, intelligence, national
security, and tax authorities investigate and pursue illicit financing
activity.
---------------------------------------------------------------------------
\21\ See, e.g., 31 CFR 1020.320.
---------------------------------------------------------------------------
[[Page 29401]]
4. Facilitating Tax Compliance
Customer due diligence also facilitates tax reporting,
investigations and compliance. For example, information held by banks
and other financial institutions about the beneficial ownership of
companies can be used to assist law enforcement in identifying the true
owners of assets and their true tax liabilities. The United States has
long been a global leader in establishing and promoting the adoption of
international standards for transparency and information exchange to
combat cross-border tax evasion and other financial crimes.
Strengthening CDD is an important part of that effort, and it will
dovetail with other efforts to create greater transparency, some of
which are longstanding, such as the United States' commitments to
exchanging information with other jurisdictions under its tax treaties
and tax information exchange agreements, and others of which are new,
such as the information reporting requirements under FATCA.\22\ FATCA
requires foreign financial institutions to identify U.S. account
holders, including legal entities with substantial U.S. ownership, and
to report certain information about those accounts to the Internal
Revenue Service (IRS).\23\ The United States has negotiated with
foreign governments to enter into intergovernmental agreements that
facilitate the effective implementation of these requirements. These
agreements allow foreign financial institutions to rely on existing AML
practices in a number of circumstances, including, in the case of the
intergovernmental agreements, for purposes of determining whether
certain legal entity customers are controlled by U.S. persons. Pursuant
to many of these agreements, the United States has committed to
pursuing equivalent levels of reciprocal automatic information exchange
with respect to collecting and reporting to the authorities of the
FATCA partner jurisdiction information on the U.S. financial accounts
of residents of that jurisdiction. A general requirement for U.S.
financial institutions to obtain beneficial ownership information for
AML purposes advances this commitment, and puts the United States in a
better position to work with foreign governments to combat offshore tax
evasion and other financial crimes.
---------------------------------------------------------------------------
\22\ Hiring Incentives to Restore Employment Act of 2010, Public
Law 111-147, Section 501(a).
\23\ See generally Internal Revenue Service, ``Regulations
Relating to Information Reporting by Foreign Financial Institutions
and Withholding on Certain Payments to Foreign Financial
Institutions and Other Foreign Entities,'' RIN 1545-BK68 (January
28, 2013), available at http://www.irs.gov/PUP/businesses/corporations/TD9610.pdf. For further updates on FATCA regulations,
see http://www.irs.gov/Businesses/Corporations/Foreign-Account-Tax-Compliance-Act-(FATCA).
---------------------------------------------------------------------------
5. Promoting Clear and Consistent Expectations and Practices
Customer due diligence is universally recognized as fundamental to
mitigating illicit finance risk, even though not all financial
institutions use the specific term ``customer due diligence'' to
describe their practices. While Treasury understands from its outreach
to the private sector that financial institutions broadly accept this
principle and implement CDD practices in some form under a risk-based
approach, financial institutions have expressed disparate views about
what precise activities CDD entails. At public hearings held after the
closing of the comment period to the Advance Notice of Proposed
Rulemaking (ANPRM),\24\ discussed below, financial institutions
described widely divergent CDD practices, especially with respect to
identifying and verifying the identities of beneficial owners outside
of limited circumstances prescribed by statute.\25\ For example, during
one of these hearings, FinCEN learned that some financial institutions
already obtain beneficial ownership information in all circumstances,
while others obtain this information only for certain categories of
customers or following a triggering event. Institutions also identified
a range of practices, from varied percentage of ownership thresholds,
to the extent of information collected (e.g., only the name of the
beneficial owner(s) versus collection of additional information, such
as addresses, etc.).\26\
---------------------------------------------------------------------------
\24\ Financial Crimes Enforcement Network (FinCEN), ``Customer
Due Diligence Requirements for Financial Institutions,'' 77 FR 13046
(March 5, 2012).
\25\ See, e.g., FinCEN, Summary of Public Hearing: Advance
Notice of Proposed Rulemaking on Customer Due Diligence (October 5,
2012), available at http://www.fincen.gov/whatsnew/html/20121130NYC.html. (``Participants expressed varied views as to
whether, how and in what circumstances, financial institutions
obtain beneficial ownership information.'').
\26\ Id.
---------------------------------------------------------------------------
FinCEN believes that this disparity adversely affects efforts to
mitigate risk and can promote an uneven playing field across and within
financial sectors. Financial institutions have noted that unclear CDD
expectations can result in inconsistent regulatory examinations,
potentially causing them to devote their limited resources to managing
derivative legal risk rather than fundamental illicit finance risk.
Private sector representatives have also noted that inconsistent
expectations can effectively discourage best practices, because
financial institutions with robust compliance procedures may believe
that they risk losing customers to other institutions with more lax
procedures. Greater consistency across the financial system addresses
this competitive inequality.
Providing a consolidated and clear CDD framework will help address
these issues. As part of this framework, expressly stating CDD
requirements in these regulations with respect to (i) understanding the
nature and purpose of customer relationships and (ii) conducting
ongoing monitoring will facilitate more consistent implementation,
examination, supervision and enforcement of these expectations. With
respect to the beneficial ownership requirement, requiring all covered
financial institutions to identify and verify the identities of
beneficial owners in the same manner and pursuant to the same
definition also promotes consistency across industry. Requiring covered
financial institutions to operate under one clear CDD framework will
promote a more level playing field across and within financial sectors.
6. Advancing Treasury's Broad Strategy To Enhance Financial
Transparency of Legal Entities
Finally, clarifying and strengthening CDD is an important component
of Treasury's broader three-part strategy to enhance financial
transparency of legal entities. Other key elements of this strategy
include: (i) Increasing the transparency of U.S. legal entities through
the collection of beneficial ownership information at the time of the
legal entity's formation and (ii) facilitating global implementation of
international standards regarding CDD and beneficial ownership of legal
entities.
This final rule thus complements the Administration's ongoing work
with Congress to facilitate adoption of legislation that would require
the collection of beneficial ownership information at the time that
legal entities are formed in the United States. This final rule also
advances Treasury's ongoing work with the Group of Twenty Finance
Ministers and Central Bank Governors (G-20), the Financial Action Task
Force (FATF), the Global Forum on Transparency and Exchange of
Information for Tax Purposes, and other global partners, who have
emphasized the importance of improving CDD practices and requiring the
disclosure of beneficial ownership information at the time of company
formation or transfer. Moreover, this proposal furthers the
[[Page 29402]]
United States' Group of Eight (G-8) commitment as set forth in the
United States G-8 Action Plan for Transparency of Company Ownership and
Control, published on June 18, 2013.\27\ This Action Plan is in line
with principles agreed to by the G-8, which the Administration noted
``are crucial to preventing the misuse of companies by illicit
actors.'' \28\ It is also found in the U.S. Action Plan to Implement
the G-20 High Level Principles on Beneficial Ownership, published on
October 16, 2015.\29\ While these elements are all proceeding
independently, together they make up a comprehensive approach to
promoting financial transparency of legal entities.
---------------------------------------------------------------------------
\27\ United States G-8 Action Plan for Transparency of Company
Ownership and Control, available at http://www.whitehouse.gov/the-press-office/2013/06/18/united-states-g-8-action-plan-transparency-company-ownership-and-control.
\28\ White House Fact Sheet: U.S. National Action Plan on
Preventing the Misuse of Companies and Legal Arrangements (June 18,
2013), available at http://www.whitehouse.gov/the-press-office/2013/06/18/fact-sheet-us-national-action-plan-preventing-misuse-companies-and-legal.
\29\ U.S. Action Plan to Implement the G-20 High Level
Principles on Beneficial Ownership, available at https://www.whitehouse.gov/blog/2015/10/16/us-action-plan-implement-g-20-high-level-principles-beneficial-ownership.
---------------------------------------------------------------------------
C. The Advance Notice and Notice of Proposed Rulemaking
FinCEN initiated this rulemaking process in March 2012 by issuing
an ANPRM that described FinCEN's potential proposal for codifying
explicit CDD requirements, including customer identification and
verification, understanding the nature and purpose of accounts, ongoing
monitoring, and obtaining and verifying beneficial ownership
information.\30\ FinCEN received 90 comments, mostly from banks, credit
unions, securities and futures firms, mutual funds, casinos, and money
services businesses. In general, these commenters raised concerns about
the potential costs and practical challenges associated with a
categorical requirement to obtain beneficial ownership information.
They also expressed concerns with respect to FinCEN's articulation of
the other components of CDD (understanding the nature and purpose of
customer relationships and ongoing monitoring), asserting that,
contrary to FinCEN's stated intention, these would in part be new
requirements rather than an explicit codification of pre-existing
obligations. To better understand and address these concerns, Treasury
held five public hearings from July to December 2012 in Washington, DC,
Chicago, New York, Los Angeles and Miami.\31\ At these meetings,
participants expressed their views on the ANPRM and offered specific
recommendations about how best to balance the benefits with the
practical burdens associated with obtaining beneficial ownership
information. These discussions were critical in the development of the
Notice of Proposed Rulemaking (NPRM) issued on August 4, 2014 (79 FR
45151).
---------------------------------------------------------------------------
\30\ Two years prior to that, in March 2010, FinCEN, along with
several other agencies, published Joint Guidance on Obtaining and
Retaining Beneficial Ownership Information, FIN-2010-G001 (March 5,
2010). Industry reaction to this guidance is one reason that FinCEN
sought to further clarify CDD requirements by making them explicit
within FinCEN's regulations.
\31\ Summary of Public Hearing: Advance Notice of Proposed
Rulemaking on Customer Due Diligence (July 31, 2012), available at
http://www.regulations.gov/#!documentDetail;D=FINCEN-2012-0001-0094;
Summary of Public Hearing: Advance Notice of Proposed Rulemaking on
Customer Due Diligence (September 28, 2012), available at http://www.fincen.gov/whatsnew/html/20121130CHI.html; Summary of Public
Hearing: Advance Notice of Proposed Rulemaking on Customer Due
Diligence (October 5, 2012), available at http://www.fincen.gov/whatsnew/html/20121130NYC.html; Summary of Public Hearing: Advance
Notice of Proposed Rulemaking on Customer Due Diligence (October 29,
2012), available at http://www.fincen.gov/whatsnew/html/20121130LA.html; Summary of Public Hearing: Advance Notice of
Proposed Rulemaking on Customer Due Diligence (December 3, 2012),
available at http://www.fincen.gov/whatsnew/pdf/SummaryofHearing-MiamiDec3.pdf.
---------------------------------------------------------------------------
The NPRM proposed a new requirement for covered financial
institutions to identify the natural person or persons who are
beneficial owners of legal entity customers opening new accounts,
subject to certain exemptions, and to verify the identity of the
natural person(s) identified. As proposed, a covered financial
institution would satisfy this requirement at the time a new account is
opened by obtaining information on a standard certification form
directly from the individual opening the new account on behalf of the
legal entity customer, and by verifying the identity of the natural
person(s) identified consistent with existing customer identification
program (CIP) procedures for verifying the identity of customers who
are natural persons. The NPRM thus sought to facilitate this proposed
new requirement by leveraging the CIP procedures that have been
required of all covered financial institutions since 2003. The NPRM
also proposed that the AML program requirements for all types of
covered financial institutions be amended to include appropriate risk-
based procedures for conducting ongoing due diligence, to include: (i)
Understanding the nature and purpose of customer relationships in order
to develop a customer risk profile; and (ii) conducting ongoing
monitoring to maintain and update customer information and to identify
and report suspicious transactions. FinCEN viewed this part of the
rulemaking as not imposing new requirements, but rather making explicit
the activities that covered financial institutions are already expected
to undertake, based on guidance and supervisory expectations, in order
to satisfy their existing obligations to detect and report suspicious
activities.
D. Summary of Comments
In response to the NPRM, FinCEN received 141 comments from
financial institutions, trade associations, Federal and State agencies,
non-governmental organizations, members of Congress, and other
individuals. The great majority of the private sector commenters, which
were primarily banks, credit unions, and their trade associations,
asserted that the proposed beneficial ownership requirement would be
very burdensome to implement and require more than the proposed 12
months, would be far more expensive than estimated by FinCEN, and would
not achieve the proposal's expressed goals.
The commenters addressed many aspects of the proposed beneficial
ownership requirement, including the use of the proposed certification
form; the extent to which a covered financial institution may rely on
the information provided by the customer; the meaning of verification
and the extent to which it would be required; the application of the
requirement to existing customers; the extent to which the information
would need to be updated; and the definitions of beneficial ownership
and legal entity customer and the proposed exclusions from those
definitions.
Commenters raised a number of questions regarding the proposed
certification form, including whether beneficial owner information must
be obtained through the certification form or could be obtained by
other means; whether the certification form should be an official
government form; and who is authorized to sign the certification form
on behalf of the customer. Many urged FinCEN to treat the receipt of
the certification form as a ``safe harbor,'' similar to the treatment
of the certification used for compliance with the foreign shell bank
regulation.\32\ Commenters submitted several other comments and
suggestions regarding the information to be included in the
certification form.
---------------------------------------------------------------------------
\32\ 31 CFR 1010.630(b).
---------------------------------------------------------------------------
Many commenters sought clarification regarding the verification
requirement
[[Page 29403]]
and the extent to which a financial institution may rely on the
information submitted by its customer. Financial institutions also
pointed out that there would be difficulties with adopting
``identical'' procedures to those used for verifying the identity of
individual customers as done for CIP. Moreover, many commenters noted
the practical difficulties resulting from the fact that there is no
authoritative source for beneficial ownership information of legal
entities, as there is no requirement for U.S. States to collect this
information at the time a company is formed. Commenters also sought
guidance regarding how they should utilize the beneficial ownership
information once collected and how its availability would impact
compliance with other obligations.
While many private sector commenters noted that the proposed
definition of beneficial owner was an improvement over the definition
discussed in the ANPRM, some sought greater clarity about the meaning
of ``indirect'' ownership and guidance regarding how the percentage of
ownership held indirectly should be measured in specific situations, as
well as clarification of the meaning of ``equity interest.'' They also
suggested eliminating any reference to using a 10 percent threshold on
a risk basis, so as to reduce the likelihood of examiners requiring a
threshold lower than the 25 percent specified in the proposed rule. On
the other hand, non-governmental organizations and many individuals
asserted that the proposed 25 percent ownership threshold is too high
and that it should be lowered to 10 percent (or eliminated entirely) in
the final rule.
A number of commenters urged clarification of the proposed
definition of ``legal entity customer,'' and many urged expansion of
the proposed exclusions from the definition to include, for example,
accounts opened to participate in employee benefit plans subject to the
Employee Retirement Income Security Act of 1974 (ERISA) and accounts
for foreign publicly traded companies, regulated financial
institutions, and governmental entities. Many commenters also noted
difficulties in applying the proposed exclusion for nonprofits and
urged FinCEN to simplify it. Commenters also sought clarification
regarding whether beneficial ownership would need to be obtained each
time a legal entity customer opens a new account after the rule's
compliance deadline, and to what extent the information would need to
be updated. Some commenters also sought to exempt from the beneficial
ownership requirement certain categories of financial products that
they contended presented a low risk of money laundering.
Many comments also addressed the proposed amendments to the AML
program rules, including urging FinCEN to clarify the proposed
requirement to understand the nature and purpose of the customer
relationship and the meaning of ``customer risk profile'' and of the
proposed requirement to conduct ongoing monitoring to update customer
information, separate from monitoring to detect and report suspicious
activity. Some commenters representing the securities and futures
industries asserted that, contrary to assumptions in the NPRM, these
are not in fact existing requirements in those industries, and that
such requirements would be burdensome and of little utility. Some
commenters also questioned statements in the preamble that the proposed
requirements would not reduce or limit the due diligence expectations
of the Federal functional regulators or their regulatory discretion,
asserting that such an approach would undermine the clarity and
consistency that FinCEN is seeking to provide by the proposed rules.
Finally, a great majority of the comments stated that the proposed 12-
month implementation period following issuance of a final rule would
not be adequate to implement the necessary modifications to their data
systems, customer on-boarding procedures, employee training, and other
requirements, and sought a period of at least 18-24 months.
Based on the comments addressing the potential cost of implementing
the requirement, FinCEN conducted outreach to a number of the financial
institution commenters to obtain additional information regarding the
anticipated costs of implementing the proposed requirements. As a
result of the limited information received from these discussions,
Treasury prepared a preliminary Regulatory Impact Assessment (RIA) that
was made available for comment on December 24, 2015 (80 FR 80308).
FinCEN received 38 comments on this preliminary assessment; a summary
of the comments we received and the final RIA is included in the
Regulatory Analysis section of this preamble.
All of the substantive comments received on the NPRM, FinCEN's
response, and resulting modifications to the final rule are discussed
in detail in the following Section-by-Section Analysis. However, we
first address certain general comments.
E. General Comments
Regulatory deference. Commenters raised a number of general
comments regarding this rulemaking. Several commenters took issue with
the following statement in the NPRM (which we reiterate here as
modified for this final rule).\33\
---------------------------------------------------------------------------
\33\ The original statement can be found at 79 FR 45152 (Aug. 4,
2014).
Nothing in this final rule is intended to lower, reduce, or
limit the due diligence expectations of the Federal functional
regulators or in any way limit their existing regulatory discretion.
To clarify this point, the final rule incorporates the CDD elements
on nature and purpose and ongoing monitoring into FinCEN's existing
AML program requirements, which generally provide that an AML
program is adequate if, among other things, the program complies
with the regulation of its Federal functional regulator (or, where
applicable, self-regulatory organization (SRO)) governing such
programs.\34\ In addition, the Treasury Department intends for the
requirements contained in the customer due diligence and beneficial
ownership final rules to be consistent with, and not to supersede,
any regulations, guidance or authority of any Federal banking
agency, the Securities and Exchange Commission (SEC), the Commodity
Futures Trading Commission (CFTC), or of any SRO relating to
customer identification, including with respect to the verification
of the identities of legal entity customers.
---------------------------------------------------------------------------
\34\ See, e.g., 31 CFR 1020.210, which currently provides that a
financial institution regulated by a Federal functional regulator
that is not subject to the regulations of a self-regulatory
organization shall be deemed to satisfy the requirements of 31
U.S.C. 5318(h)(1) if it implements and maintains an anti-money
laundering program that complies with the regulation of its Federal
functional regulator governing such programs. (emphasis added).
These commenters contended, among other things, that these
statements were unduly deferential to the Federal functional
regulators, and would serve to undermine rather than promote clear and
consistent CDD standards across financial sectors. They accordingly
urged FinCEN to strike this language from the final rulemaking.
FinCEN appreciates the concerns about uneven and inconsistent
application of CDD standards that underlie these comments, but
nevertheless believes that these statements are an important
articulation of FinCEN's understanding of what it is--and is not--
accomplishing by this rulemaking. At their core, these statements in
the NPRM and this final rule preamble articulate the nature of the
relationship of FinCEN's rulemaking authority with that of the Federal
functional regulators \35\--that is, as with
[[Page 29404]]
all BSA rulemakings, FinCEN determines the appropriate minimum
regulatory standards that should apply across an industry. From that
baseline, the Federal functional regulators have authority to establish
AML program requirements in addition to those established by FinCEN
that they determine are necessary and appropriate to address risk or
vulnerabilities specific to the financial institutions they regulate.
This is particularly true within the context of separate but related
concerns that exist for these institutions beyond the strict scope of
AML, such as in the area of safety and soundness. These statements
simply reflect this basic reality of the existing regulatory framework.
Furthermore, as we have maintained throughout this rulemaking process,
one of our overarching goals was to clarify and harmonize expectations
while at the same time minimizing disruption to the greatest extent
possible. Accordingly, we believe that it is critical to make clear--
especially with respect to the changes to the AML program rules--that
these standards simply articulate current practices pursuant to
existing standards and expectations, in order to facilitate
implementation and minimize the burden on financial institutions. We
believe that leveraging the experience accrued from interpretation of
and compliance with prior regulations and guidance that have already
been issued in this space will be a net benefit to financial
institutions. As FinCEN explained in the proposal, these requirements
represent a floor, not a ceiling, and, consistent with the risk-based
approach, financial institutions may do more in circumstances of
heightened risk, as well as to mitigate risks generally.
---------------------------------------------------------------------------
\35\ Where appropriate, working closely with Federal functional
regulators may involve consulting with the applicable SROs in the
securities and futures/commodities industries.
---------------------------------------------------------------------------
Compliance Deadline. Most commenters strongly opposed FinCEN's
proposal for a compliance deadline of one year from the date the final
rule is issued, identifying a wide range of changes to systems and
processes that would be required in order to implement the rule. Many
of these commenters requested that FinCEN provide financial
institutions two years to implement the final rule. Based on the well-
founded, detailed explanations put forth by these commenters of the
difficulties that would arise from a one-year implementation period,
FinCEN is extending the period for implementation to two years from the
date this final rule is issued (the Applicability Date).
III. Section-by-Section Analysis
Section 1010.230 Beneficial Ownership Requirements for Legal Entity
Customers
Section 1010.230(a) In general. As proposed, this paragraph
delineated in broad terms the scope of the beneficial ownership
obligation--i.e., that covered financial institutions are required to
establish and maintain written procedures reasonably designed to
identify and verify the identities of beneficial owners of legal entity
customers. There were no significant objections to this general
formulation, and we are adopting it as proposed, with the addition that
the procedures adopted will be included in the institution's AML
program.
Several commenters questioned the efficacy of having financial
institutions collect beneficial ownership information, contending that
State government offices responsible for the formation and registration
of legal entities and/or the IRS would be better suited to collect this
information due to their roles in the company formation process.
Although FinCEN supports the collection of beneficial ownership
information in these other circumstances as well, it does not believe
that such collection would replace the independent obligation of
financial institutions to collect this information. As described above,
we view this rulemaking as but one part of Treasury's comprehensive
strategy to enhance financial transparency in the U.S. financial system
and worldwide, and we believe the beneficial ownership requirement for
financial institutions would be necessary even if these other measures
were already in place. One of the principal rationales for this new
requirement is that financial institutions should know who their
customers are to help them more effectively mitigate risks. This
requirement is therefore separate from a policy objective of requiring
States to obtain beneficial ownership information from the legal
entities they create at the time of formation and upon specified
circumstances thereafter (although none currently have such
requirements). Presently, corporate laws and regulations differ from
State to State, and from FinCEN's regulations, but generally do not
require information regarding beneficial ownership. Thus, the
information that will be provided under FinCEN's regulations will
significantly augment information presently available to law
enforcement from State authorities, thereby improving the overall
investigative, regulatory, and prosecutorial processes.
In the NPRM, FinCEN proposed that the beneficial ownership
requirement would apply only with respect to legal entity customers
that open new accounts going forward from the date of implementation,
noting that many commenters to the ANPRM viewed a retroactive
requirement to obtain beneficial ownership information for all existing
accounts as extremely burdensome. We received comments reflecting a
wide range of views on this subject. The vast majority of commenters
who addressed this issue reiterated this objection to retroactive
application of the beneficial ownership obligation. A few commenters,
however, urged FinCEN to require covered financial institutions to
collect beneficial ownership information on existing accounts on a
categorical basis, while some others thought that financial
institutions should collect this information retroactively for all
higher risk customers.
We decline to impose a categorical, retroactive requirement. Based
on our understanding of the significant changes to processes and
systems that will be required to implement this requirement simply on a
prospective basis, we believe that retroactive application would be
unduly burdensome. As we noted in the proposal, the absence of a
categorical mandate to apply the requirement retroactively would not
preclude financial institutions from deciding that collecting
beneficial ownership information on some customers on a risk basis
during the course of monitoring may be appropriate for their
institution. In our assessment, we have concluded that financial
institutions should obtain beneficial ownership information from
customers existing on the Applicability Date when, in the course of
their normal monitoring, the financial institution detects information
relevant to assessing or reevaluating the risk of such customer (as
more fully described in the sections below addressing the amended AML
program requirements).
Section 1010.230(b) Identification and Verification. In the NPRM,
FinCEN proposed that covered financial institutions be required to
develop customer due diligence procedures that enabled institutions to
(1) identify the beneficial owner(s) of legal entity customers by
collecting a mandatory certification form provided by the individual
opening the account on behalf of the legal entity customer; and (2)
verify the identity of the identified beneficial owner(s) according to
risk-based procedures that are, at a minimum, identical to the
institutions' CIP procedures required for verifying
[[Page 29405]]
the identity of customers that are individuals.
Section 1010.230(b)(1). The NPRM proposed to require the use of a
standard certification form (Certification Form) in order to, among
other purposes, promote consistent practices and regulatory
expectations, reduce compliance burden, and provide a uniform customer
experience across much of the U.S. financial system. To facilitate
institutions' abilities to rely upon the Certification Form, the
proposed Certification Form included a section that required the
individual opening the account on behalf of a legal entity customer to
certify that the information provided on the form is true and accurate
to the best of his or her knowledge. Commenters raised a number of
issues regarding this proposed requirement. Some commenters asked
whether the Certification Form must be used to obtain the information,
whether the Certification Form should be an official government form,
and what individuals representing the customer would be authorized to
provide the Certification Form. Several commenters urged a variety of
changes to the fields on the Certification Form in order to conform it
more closely to current CIP requirements, to otherwise facilitate use
of the form, and to promote other regulatory goals. Some commenters
also urged FinCEN to provide a safe harbor to institutions that use the
model Certification Form adopted in the final rule akin to, for
example, the safe harbor provided for foreign bank certifications.\36\
---------------------------------------------------------------------------
\36\ 31 CFR 1010.630(b).
---------------------------------------------------------------------------
The comments FinCEN received related to the Certification Form
varied widely. Some commenters urged FinCEN to make the Certification
Form an official U.S. Government document, with the certification made
under the penalty of perjury (rather than only to the best of the
knowledge of the certifying party), and a few commenters thought that
the Certification Form should be notarized. However, many commenters
requested that the proposed Certification Form be permissive rather
than mandatory, and that financial institutions be permitted to obtain
the information through their standard account opening process without
utilizing the Certification Form. A few commenters thought that the
person opening the account should be required to have actual personal
knowledge of the information provided on the Certification Form, or
that the certification should take the form of a resolution ratified or
adopted by the legal entity's board or governing body. These commenters
thought that a Certification Form without attestation requirements more
substantial than those in the proposal would reduce accountability for
false representations on the Certification Form.
As noted above, a primary reason that FinCEN proposed the Form was
to balance the benefits and burdens of this new requirement to the
financial institution and its customers with the benefits to law
enforcement and regulatory authorities. We also note that in the case
of many legal entities that are small businesses, the natural person
opening the account will often be one of the beneficial owners, who
would have direct knowledge of the beneficial ownership information of
the legal entity customer. FinCEN understands that many institutions
obtain and maintain customer data electronically rather than in paper
form to the greatest extent possible, and that mandating the use and
retention of a specific form would require significant technological
and operational changes that could be costly and challenging to
implement for some financial institutions. We have therefore amended
the final rule to permit, but not require, financial institutions to
use the Certification Form to collect beneficial ownership information.
Accordingly, in the final rule, Sec. 1010.230(b)(1) is revised to
state that covered financial institutions must identify the beneficial
owner(s) of each legal entity customer at the time a new account is
opened, unless the customer is otherwise excluded or the account is
exempted. A covered financial institution may accomplish this either by
obtaining certification in the form of appendix A of the section from
the individual opening the account on behalf of the legal entity
customer, or by obtaining from the individual the information required
by the form by another means, provided the individual certifies, to the
best of the individual's knowledge, the accuracy of the
information.\37\
---------------------------------------------------------------------------
\37\ This revision will also require a corresponding change to
the Recordkeeping subsection, described in greater detail below.
---------------------------------------------------------------------------
Thus, covered financial institutions can satisfy this requirement
through (1) the use of FinCEN's Certification Form; (2) the use of the
financial institution's own forms, so long as they meet the
requirements of Sec. 1010.230(b)(1); or (3) any other means that
satisfy the substantive requirements of Sec. 1010.230(b)(1). These
records may be retained electronically and incorporated into existing
databases as a part of financial institutions' overall management of
customer files, and covered financial institutions will have
flexibility in integrating the beneficial ownership information
requirement into existing systems and processes. The certification of
accuracy by the individual submitting the information may be obtained
without use of the Certification Form in the same way the financial
institution obtains other information from its customers in connection
with its account opening procedures. FinCEN expects that such
flexibility will facilitate the implementation of the beneficial
ownership requirement--some commenters noted that giving financial
institutions flexibility in integrating this requirement would
substantially reduce resource outlays to change customer onboarding
processes and to train front-line employees. In addition, to facilitate
use of the Certification Form by those institutions that choose to
utilize it, FinCEN will also make an electronic version available,
although it will not be an official U.S. Government form.
Some commenters asked that FinCEN clarify who an appropriate
individual to certify the identity of the beneficial owners to the
financial institution would be, whether by signing the Certification
Form or otherwise providing the beneficial ownership information in
accordance with this paragraph; some commenters also questioned whether
the individual opening an account could be a low-level employee without
knowledge of the entity's owners. In this regard, FinCEN declines to
impose specific account-opening procedures on financial institutions,
and believes that financial institutions should be able to integrate
this new requirement into their institution's existing procedures with
little disruption. FinCEN understands that financial institutions
generally have long-standing policies and procedures, based on sound
business practices and prudential considerations, governing the
documentation required to open an account for a legal entity; these
typically include resolutions authorizing the entity to open an account
at the institution and identifying the authorized signatories. Such
resolutions are typically certified by an appropriate individual, e.g.,
the secretary or other officer of a corporation, a member or manager of
an LLC, or partner of a partnership. It would be appropriate for the
same individual to certify the identity of the beneficial owners. Such
an individual would typically have at least some familiarity with the
entity's owners and with individuals with responsibility to control or
manage the
[[Page 29406]]
entity, but may not have personal knowledge of individuals having an
indirect ownership interest through, for example, intermediate legal
entities or contractual arrangements with nominal owners, and would
have to rely on others for any such information. Therefore, while
FinCEN anticipates that the certifying individual would generally be
able to provide accurate beneficial ownership information, it is
appropriate that it be provided to the best of such person's knowledge,
rather than without qualification. Accordingly, FinCEN declines to
require a heightened knowledge threshold, or notarization, or board
approval requirement for the certification requirement, as some
commenters suggested, as any such requirement would increase the amount
of time to open an account, without commensurate benefit, and would be
inconsistent with FinCEN's goal of integrating this requirement into
existing financial institution onboarding procedures to the greatest
extent possible.\38\ FinCEN thus believes that the certification
requirement as described in the final rule provides the appropriate
level of accountability given the circumstances.\39\
---------------------------------------------------------------------------
\38\ FinCEN notes that in cases where the individual signing the
documentation to open the account (and identifying the legal
entity's beneficial owners) does not deliver such documentation to
the financial institution, it may be appropriate that the
individual's signature be notarized.
\39\ FinCEN also understands that in cases where a newly formed
legal entity opens a financial institution account in order to
commence business, the beneficial owner(s) would typically open the
account in person and be the signatories on the account, and could
readily certify their status as beneficial owners at that time.
---------------------------------------------------------------------------
Some commenters urged FinCEN to permit financial institutions to
rely upon alternative sources, such as previously collected customer
information in their databases, or the IRS Form W-8BEN, to satisfy the
certification requirement. FinCEN recognizes that this could facilitate
financial institutions' ability to obtain this information. However, to
be of greatest use, FinCEN believes that beneficial ownership
information must be, at the time of account opening, both (1) current,
and (2) certified by an individual authorized by the customer to open
accounts at financial institutions to be accurate to the best of his or
her knowledge. Furthermore, because FinCEN's definition of beneficial
ownership does not align precisely with, for example, the IRS's
definition in its Form W-8BEN, permitting reliance in some
circumstances upon other agencies' forms would be at odds with FinCEN's
goal of consistent beneficial ownership standards within and across
industries for purposes of CDD. Thus, FinCEN declines to permit
reliance solely upon previously gathered alternate sources of
beneficial ownership information.
Several commenters raised specific questions regarding the
information in the proposed Certification Form. FinCEN agrees with the
suggestions made by several commenters that the title of the person
with significant management responsibility, as well as of the person
submitting the Certification Form or supplying the information, should
be included and has made these changes to the Form. We have also added
fields on the Certification Form in which to identify the type of legal
entity, and to note its address. Other commenters noted that the
address fields as laid out in the proposed Certification Form, along
with the description of the address requirement in the general
instructions section, were not congruent with CIP's address
requirements, and accordingly asked FinCEN to confirm that the CIP
rules' address requirements remained applicable. As described in
greater detail below, covered financial institutions' procedures for
identifying and verifying beneficial owners must contain all the
elements of the applicable CIP rule, including the address, date of
birth, and Taxpayer Identification Number requirements as set forth
therein. Accordingly, FinCEN has revised the Certification Form to
clarify this point, and notes that this information will be required
whether or not the Certification Form is used. We have also amended
item ``a'' of the Certification Form to clarify that the name of the
certifying party should be that of a natural person authorized to open
the account (and not of the legal entity itself). FinCEN also agrees
with the suggestion made by a number of commenters that the
Certification Form state that the information in the Certification Form
is required by Federal regulation in order to explain to customers why
this new requirement has been put in place; the Form has been edited
appropriately.
Several commenters sought clarification as to whether a financial
institution must identify and verify a legal entity customer's
beneficial owners each time it opens a new account at the institution
after the rule's compliance deadline, or whether the requirement
applies only the first time it opens a new account at such institution.
FinCEN has concluded that, while it is not requiring periodic updating
of the beneficial ownership information of all legal entity customers
at specified intervals, the opening of a new account is a relatively
convenient and otherwise appropriate occasion to obtain current
information regarding a customer's beneficial owners. Accordingly,
FinCEN has added to the final rule as Sec. 1010.230(g) a definition
for ``new account''.
One commenter urged FinCEN to mandate the use of the Legal Entity
Identifier (LEI), a global standardized unique identifier for legal
entities engaged in financial transactions, on the proposed
Certification Form. This commenter noted that including such a
requirement would further the goals of transparency and financial
stability. FinCEN understands that the LEI was developed principally to
aggregate data from across markets, products, and regions, giving
global regulators a means to quickly identify parties to financial
transactions, in order to enhance regulators' ability to understand
systemic risks to the financial system and act accordingly. Although
this is an important and laudable purpose, FinCEN does not believe that
mandating the LEI's inclusion on the beneficial ownership Certification
Form would further this goal substantially. We believe that the
overwhelming majority of legal entities subject to this requirement
will be smaller or non-financial entities that would not be typical
applicants for LEIs in the first instance, and that the costs of
mandating its use solely for the purposes of the Certification Form
would not be outweighed by the benefit. FinCEN also understands that
the authorized bodies that assign LEIs do not require the beneficial
owner to be a natural person, use a 50 (rather than 25) percent
threshold, and do not verify the identities of beneficial owners of
legal entities, thereby rendering the LEI's utility as a possible proxy
or alternative source of verification minimal. For these reasons,
FinCEN declines to mandate the use of the LEI. We do, however,
recognize that covered financial institutions may find such information
useful for enterprise-wide risk management or other purposes, and have
accordingly included an optional LEI field on the Certification Form.
Several commenters urged FinCEN to adopt an express safe harbor in
the final rule deeming those financial institutions that use the
Certification Form compliant with the beneficial ownership requirement.
A few commenters recommended that FinCEN model such an express safe
harbor on the safe harbor for foreign bank certifications found in
Sec. 1010.630. Other commenters opposed the notion of a safe harbor,
contending that the Certification Form should serve as the
[[Page 29407]]
starting point for financial institutions' risk-based due diligence
into a legal entity's beneficial ownership. As discussed in greater
detail below, we have included in Sec. 1010.230(b)(2) of the final
rule a description of the extent to which financial institutions can
rely upon the beneficial ownership information provided by the person
opening the account. We decline, however, to include in the final rule
a blanket safe harbor triggered by the use and collection of the
standard Certification Form.
FinCEN believes that there are a number of factors present in the
context of foreign bank certifications (but absent here) that make a
blanket safe harbor appropriate in that context. The foreign bank
certification was used to satisfy several obligations arising under
Sections 313 and 319(b) of the USA PATRIOT Act, including not only for
the foreign bank to certify facts such as its status and in certain
cases its owners, but also to set forth its agreement not to provide
banking services to foreign shell banks and to appoint a U.S. process
agent. Moreover the foreign bank official was required to certify that
the information in the document was true and correct, whereas the
beneficial ownership information is to be provided to the best of the
knowledge of the customer's agent. In addition, the population of legal
entities subject to the final rule is exponentially larger than that of
foreign banks with U.S. correspondent accounts, and the proposed
certification in the proposed rule does not include affirmative
obligations. We believe that the provision inserted into Sec.
1010.230(b)(2) of the final rule describing the extent to which the
financial institution may rely on the information provided by the
customer strikes the right balance between the need to minimize burden
upon covered financial institutions and the risk of abuse of legal
entities for illicit purposes.
A few commenters raised concerns that the collection of sensitive
personal information of beneficial owners would impinge upon their
privacy and increase their vulnerability to identity theft. FinCEN
recognizes the critical importance of protecting individuals' privacy
interests, as well as the serious threat posed by cyberattacks and
identity theft, particularly with respect to the personal information
held at financial institutions. These concerns, while valid and
significant, are insufficient to justify elimination of the
requirement. From both the privacy and identity-theft perspectives, the
incremental impact upon the vast majority of beneficial owners will be
slight, because, pursuant to CIP requirements, they already have to
provide the same sensitive personal information to financial
institutions to open individual accounts and access the U.S. financial
system. We note that financial institutions are expected to protect
this information just as they do CIP information, as well as comply
with all applicable Federal and State privacy laws, including, but not
limited to, the Right to Financial Privacy Act \40\ and the Gramm-
Leach-Bliley Act.\41\
---------------------------------------------------------------------------
\40\ 12 U.S.C. 3401 et seq.
\41\ 15 U.S.C. 6801 et seq.
---------------------------------------------------------------------------
Section 1010.230(b)(2). With respect to verification of identity,
we proposed that verification meant that financial institutions were
required to verify the identity of the individual identified as a
beneficial owner (i.e., to verify the individual's existence), and not
his or her status as a beneficial owner. We proposed that this
verification be done via risk-based procedures that are identical to
the institutions' CIP procedures required for verifying the identity of
customers that are individuals, to facilitate financial institutions'
implementation of the requirement through leveraging existing
procedures and systems.
Many commenters sought clarification of the meaning of the
verification requirement in proposed Sec. 1010.230(b)(2) and the means
by which it may be accomplished. Some pointed out the potential
confusion between two statements in the NPRM discussing the distinction
between verifying the identity of the beneficial owner and verifying
the status.\42\ In order to resolve any potential confusion regarding
the beneficial ownership identification and verification obligation of
financial institutions, FinCEN is revising Sec. 1010.230(b)(2) in the
final rule to clarify that a covered financial institution may rely on
the information supplied by the legal entity customer regarding the
identity of its beneficial owner or owners, provided that it has no
knowledge of facts that would reasonably call into question the
reliability of such information. FinCEN anticipates that, in the
overwhelming majority of cases, a covered financial institution should
be able to rely on the accuracy of the beneficial owner or owners
identified by the legal entity customer, absent the institution's
knowledge to the contrary. FinCEN recognizes the necessity for
permitting reliance on the identification supplied by the legal entity
customer, considering the fact the customer is generally the best
source of this information, and that there is generally no other source
of beneficial ownership information available to covered financial
institutions, aside from the legal entity itself.
---------------------------------------------------------------------------
\42\ FinCEN stated that ``[i] n light of these considerations,
FinCEN is not proposing that financial institutions verify the
status of a beneficial owner. Financial institutions may rely on the
beneficial ownership information provided by the customer on the
standard certification form.'' On the other hand, the proposal also
states that its procedures for verifying beneficial ownership
``should enable the financial institution to form a reasonable
belief that it knows the true identity of the beneficial owner of
each legal entity customer.'' (79 FR 45162)
---------------------------------------------------------------------------
Several commenters sought clarification of the requirement as
described in the NPRM in proposed Sec. 1010.230(b)(2) that beneficial
ownership information procedures be, at a minimum, ``identical'' to the
existing CIP procedures for verifying the identity of individual
customers. Some commenters noted that it would be infeasible to simply
replicate, without modification, existing CIP procedures for individual
customers to implement the beneficial ownership verification
requirement. They noted, for example, that because the beneficial
owners will in many cases not be physically present at the financial
institution at account opening, an institution using documentary
verification may not have access to the documents listed in the
relevant paragraph of the CIP rule, and therefore may need to rely on a
photocopy or other reproduction of such document. Commenters also noted
that some current procedures for non-documentary verification of
individual customers could not be applied to non-consenting beneficial
owners, because of limitations on the use of credit reports imposed by
the Fair Credit Reporting Act.\43\
---------------------------------------------------------------------------
\43\ 15 U.S.C. 1681 et seq.
---------------------------------------------------------------------------
FinCEN agrees that it would be impracticable for covered financial
institutions to implement the beneficial ownership verification
requirement with procedures that are identical to the institution's
existing CIP rule procedures for individual customers. Accordingly,
Sec. 1010.230(b)(2) has been amended to require that at a minimum,
these procedures must contain the elements \44\ required for verifying
the identity of customers that are individuals under paragraph (a)(2)
of
[[Page 29408]]
the applicable CIP rule,\45\ but are not required to be identical. In
addition, the final rule clarifies that in the case of documentary
verification, the financial institution may use photocopies or other
reproductions of the documents listed in paragraph (a)(2)(ii)(A)(1)
\46\ of the applicable CIP rule.
---------------------------------------------------------------------------
\44\ The clause ``in the covered financial institution's
Customer Identification Program procedures'' in the proposed rule
text have been deleted, because, for the reasons described above,
the verification procedures for beneficial owners of legal entity
customers may be different from the procedures in the covered
financial institution's CIP that apply to individual customers.
\45\ Paragraph (a)(2) of each of the CIP rules requires that the
relevant financial institution's CIP includes risk-based procedures
to verify the identity of each customer, to the extent reasonable
and practicable. The elements of such program must include
identifying the customer, verifying the customer's identity (through
documents or non-documentary methods), and procedures for
circumstances where the institution cannot form a reasonable belief
that it knows the true identity of the individual.
\46\ Relevant documentation may include unexpired government-
issued identification evidencing nationality or residence and
bearing a photograph or similar safeguard, such as a driver's
license or passport. See, e.g., 31 CFR 1020.220(a)(2)(ii)(A)(1).
---------------------------------------------------------------------------
Because the risk-based verification procedures must contain the
same elements as required by the applicable CIP rule to verify the
identity of individual customers, verification must be completed within
a reasonable time after the account is opened. In addition, the
beneficial ownership identification procedures must address situations
in which the financial institution cannot form a reasonable belief that
it knows the true identity of the beneficial owner of a legal entity
customer after following the required procedures.\47\ It remains the
case that covered financial institutions may generally rely on
government-issued identification as verification of an individual's
identity, absent obvious indications of fraud.\48\ FinCEN notes that
such reliance is also generally appropriate in the case of photocopies
or other reproductions obtained pursuant to Sec. 1010.230(b)(2).
However, given the vulnerabilities inherent in the reproduction
process, covered financial institutions should conduct their own risk-
based analyses of the types of photocopies or reproductions that they
will accept in accordance with this section, so that such reliance is
reasonable. For example, a covered financial institution could
determine that it will not accept reproductions below a certain optical
resolution, or that it will not accept reproductions transmitted via
facsimile, or that it will only accept digital reproductions
transmitted in certain file formats. As with CIP, covered financial
institutions are not required to maintain these copies or
reproductions, but only a description of any document upon which the
financial institution relied to verify the identity of the beneficial
owner. We note, however, that although covered financial institutions
are not required to maintain these reproductions, they are not
prohibited from keeping them in a manner consistent with all other
applicable laws or regulations.
---------------------------------------------------------------------------
\47\ Under the CIP rules, a financial institution's CIP must
include procedures for responding to circumstances in which the
financial institution cannot form a reasonable belief that it knows
the true identity of a customer. These procedures should describe:
(A) When the institution should not open an account; (B) The terms
under which a customer may use an account while the institution
attempts to verify the customer's identity; (C) When it should close
an account, after attempts to verify a customer's identity have
failed; and (D) When it should file a Suspicious Activity Report in
accordance with applicable law and regulation. See, e.g., 31 CFR
1020.220(a)(2)(iii).
\48\ See, e.g., Customer Identification Programs for Banks,
Savings Associations, Credit Unions and Certain Non-Federally
Regulated Banks, 68 FR 25090, 25099 (May 9, 2003).
---------------------------------------------------------------------------
Some commenters urged FinCEN to permit covered financial
institutions to take a risk-based, rather than categorical, approach to
the identification and verification requirements. Among the objections
lodged against a categorical requirement were that: Conducting CIP
procedures on non-present beneficial owners would be too difficult; the
benefit of a categorical requirement was outweighed by the costs; and
expanding the number of natural persons subject to CIP procedures would
increase costs, particularly for institutions that rely upon vendors
that charge on a per capita basis for CIP. FinCEN believes that
categorical application of this requirement across covered financial
institutions will reduce illicit actors' opportunities to slip into the
financial system by masking their legal entities with markers
indicative of a low risk profile. As to concerns about costs and
difficulties, we believe that the above-described changes and
clarifications made to this paragraph have given financial institutions
greater flexibility in determining how to implement the identification
and verification requirements, thereby reducing their impact. As
described above, because financial institutions will in most instances
be able to rely upon the information provided by the customer, FinCEN
believes that financial institutions generally will not expend
substantially greater resources by collecting and verifying the
information in all cases (subject to permitted exemptions) than by
engaging in a risk analysis to determine whether the beneficial
ownership information should be collected and verified. We recognize
that financial institutions that pay for systems and technology costs
associated with CIP procedures on a per capita basis will face
increased costs from identifying and verifying the identities of
additional natural persons. However, we believe that the benefits of
collecting this information, as described at greater length above and
below, outweigh these additional costs. FinCEN accordingly declines to
alter the categorical nature of the requirement for the final rule.
Several commenters questioned the utility of collecting this
information in the absence of an authoritative centralized resource
against which to verify beneficial ownership status. They contended
that the limited benefit of this information would not outweigh the
costs imposed by the requirement. Law enforcement commenters, however,
identified significant benefits to the collection of beneficial
ownership information, regardless of financial institutions' ability to
verify ownership status. They noted that the identities of verified
natural persons linked to legal entities of interest had significant
value in law enforcement investigations, whether or not those natural
persons are the actual beneficial owners, since at a minimum they may
have information that can aid law enforcement in identifying the true
beneficial owner(s). Furthermore, false beneficial ownership
information is of significant use to prosecutors in demonstrating
consciousness of guilt, as well as for impeachment purposes at trial.
And law enforcement also noted the likely deterrent effect that a
categorical collection and verification requirement would have on
illicit actors, by making it more difficult for them to maintain
anonymity while opening accounts. For these reasons, FinCEN rejects the
notion that this requirement is of limited value.
A few commenters requested that FinCEN eliminate the verification
requirement entirely, contending that verification of the identities of
non-present beneficial owners would be too difficult and burdensome,
especially for smaller institutions. As described above, we are aware
of the challenges associated with verifying the identities of non-
present individuals and have accordingly made changes to simplify the
process for financial institutions, which we expect will reduce the
burden. Importantly, collecting beneficial ownership information
without verifying the existence of the named person would substantially
diminish the value of the information, and we therefore decline to
eliminate the verification requirement.
Some commenters asked FinCEN to clarify what we expect financial
institutions to do with the beneficial ownership information that they
collect and verify. FinCEN generally expects
[[Page 29409]]
beneficial ownership information to be treated like CIP and related
information, and accordingly used to ensure that covered financial
institutions comply with other requirements. For example, the Office of
Foreign Assets Control (OFAC) requires covered financial institutions
to block accounts (or other property and interests in property) of,
among others, persons appearing on the Specially Designated Nationals
and Blocked Persons List (SDN List), which includes any entity that is
50 percent or more owned, in the aggregate, by one or more blocked
persons, regardless of whether the entity is formally listed on the SDN
List.\49\ Therefore, institutions should use beneficial ownership
information to help ensure that they do not open or maintain an
account, or otherwise engage in prohibited transactions or dealings
involving individuals or entities subject to OFAC-administered
sanctions. Covered financial institutions should also develop risk-
based procedures to determine whether and/or when additional screening
of these names through, for example, negative media search programs,
would be appropriate.
---------------------------------------------------------------------------
\49\ See generally 31 CFR part 500; see also, e.g., 31 CFR
590.406 (Ukraine-related sanctions regulations); Office of Foreign
Assets Control, Frequently Asked Questions, available at http://www.treasury.gov/resource-center/faqs/Sanctions/Pages/faq_general.aspx#50_percent.
---------------------------------------------------------------------------
With respect to aggregation of transactions for Currency
Transaction Reporting (CTR) purposes, FinCEN expects covered financial
institutions to apply existing procedures consistent with CTR
regulations and applicable FinCEN guidance from 2001 and 2012.\50\
Thus, while financial institutions should generally recognize the
distinctness of the corporate form and not categorically impute the
activities or transactions of a legal entity customer to a beneficial
owner, they must aggregate multiple currency transactions if the
financial institution has knowledge that these transactions are by or
on behalf of any person and result in either cash in or cash out
totaling more than $10,000 during any one business day.\51\ While the
requirement to identify the beneficial owners of legal entity customers
does not modify this existing CTR aggregation requirement, the
beneficial ownership identification may provide financial institutions
with information they did not previously have, in order to determine
when transactions are ``by or on behalf of'' the same person. Thus, if
a financial institution determines that a legal entity customer or
customers are not being operated independently from each other or from
their primary owner--e.g., the institution determines that legal
entities under common ownership have common employees and are
repeatedly used to pay each other's expenses or the personal expenses
of their primary owner--then the financial institution may determine
that aggregating the transactions of a legal entity or entities and
their primary owner would be appropriate.\52\ Under such circumstances,
if a financial institution were aware that a beneficial owner made a
$5,000 cash deposit into his personal account, and later the same
business day, he made a $6,000 cash deposit into the account of a legal
entity not being operated as an independent entity, the institution
would be required to aggregate those transactions and file a CTR.\53\
And to the extent that the financial institution determined that such
transactions had no other apparent purpose than to avoid triggering a
CTR filing, the financial institution would need to consider whether
filing a SAR about the transactions would be appropriate.
---------------------------------------------------------------------------
\50\ See 31 CFR 1010.313; FinCEN, Currency Transaction Report
Aggregation for Businesses with Common Ownership FIN-2012-G001,
(Mar. 16, 2012) (FIN-2012-G001); FinCEN, Currency Transaction
Reporting: Aggregation, FinCEN Ruling 2001-2, (Aug. 23, 2001).
\51\ 31 CFR 1010.313.
\52\ In general, such aggregation would only be appropriate in
cases where an individual owns all or substantially all of the legal
entity's equity interests. It is only in such cases that a
transaction by a legal entity could be considered ``by or on behalf
of'' the owner of the entity (or vice versa).
\53\ See FIN-2012-G001 at 2.
---------------------------------------------------------------------------
A few commenters asked FinCEN to provide guidance as to how
beneficial ownership information should be incorporated into processes
for information sharing pursuant to USA PATRIOT Act Section 314(a); one
of these commenters asked FinCEN to declare such information per se
outside of the scope of Section 314(a). FinCEN does not expect the
information obtained pursuant to the beneficial ownership requirement
to add additional requirements with respect to Section 314(a) for
financial institutions. The rule implementing Section 314(a), set forth
at 31 CFR 1010.520, does not authorize the reporting of beneficial
ownership information associated with an account or transaction
matching a named subject. Under that rule, financial institutions need
only search their records for account or transactions matching a named
subject, and report to FinCEN whether such a match exists using the
identifying information that FinCEN provides.
Section 1010.230(c) Account. See discussion below under ``Legal
entity customer.''
Section 1010.230(d) Beneficial Owner. In the NPRM, we proposed two
prongs for the definition of beneficial owner: Each individual, if any,
who directly or indirectly owned 25 percent of the equity interests of
a legal entity customer (the ownership prong); and a single individual
with significant responsibility to control, manage, or direct a legal
entity customer, including an executive officer or senior manager or
any other individual who regularly performs similar functions (the
control prong). We noted that the number of beneficial owners
identified would vary from legal entity customer to legal entity
customer due to the ownership prong--there could be as few as zero and
as many as four individuals who satisfy this prong. All legal entities,
however, would be required to identify one beneficial owner under the
control prong. We further noted that financial institutions had the
discretion to identify additional beneficial owners as appropriate
based on risk.
Thus, in practice, the number of beneficial owners identified will
vary based on the circumstances. For example:
Mr. and Mrs. Smith each hold a 50 percent equity interest
in ``Mom & Pop, LLC.'' Mrs. Smith is President of Mom & Pop, LLC and
Mr. Smith is its Vice President. Mom & Pop, LLC is required to provide
the personal information of both Mr. & Mrs. Smith under the ownership
prong. Under the control prong, Mom & Pop, LLC is also required to
provide the personal information of one individual with significant
responsibility to control Mom & Pop, LLC; this individual could be
either Mr. or Mrs. Smith, or a third person who otherwise satisfies the
definition. Thus, in this scenario, Mom & Pop, LLC would be required to
identify at least two, but up to three distinct individuals--both Mr. &
Mrs. Smith under the ownership prong, and either Mr. or Mrs. Smith
under the control prong, or both Mr. & Mrs. Smith under the ownership
prong, and a third person with significant responsibility under the
control prong.
Acme, Inc. is a closely-held private corporation. John Roe
holds a 35 percent equity stake; no other person holds a 25 percent or
higher equity stake. Jane Doe is the President and Chief Executive
Officer. Acme, Inc. would be required to provide John Roe's beneficial
ownership information under the ownership prong, as well as Jane Doe's
(or that of another control person) under the control prong.
Quentin, Inc. is owned by the five Quentin siblings, each
of whom holds a 20 percent equity stake. Its President is Benton
Quentin, the eldest sibling, who
[[Page 29410]]
is the only individual at Quentin, Inc. with significant management
responsibility. Quentin, Inc. would be required to provide Benton
Quentin's beneficial ownership information under the control prong, but
no other beneficial ownership information under the ownership prong,
because no sibling has a 25 percent stake or greater.
One commenter raised a concern that this obligation would
effectively require financial institutions to monitor the equity
interests and management team of legal entity customers on an ongoing
basis and continually update this information. FinCEN notes that it
would be impracticable for financial institutions to conduct this type
of inquiry, and emphasizes that this obligation should be considered a
snapshot, not a continuous obligation. As discussed more fully in the
Section-by-Section Analysis addressing the amendments to the AML
program rules, FinCEN does expect financial institutions to update this
information based on risk, generally triggered by a financial
institution learning through its normal monitoring of facts relevant to
assessing the risk posed by the customer.
The Ownership Prong. Commenters raised a number of points regarding
the ownership prong. Several commenters speculated on FinCEN's
intention with respect to this requirement. FinCEN confirms here that
by the phrase ``directly or indirectly,'' it intends that the financial
institution's customer identify its ultimate beneficial owner or owners
as defined in the rule and not their nominees or ``straw men.'' In
addition, as described in Sec. 1010.230(b)(2), financial institutions
may rely on information provided by the customer to identify and verify
the beneficial owner.
Many commenters supported FinCEN's decision in the proposal to set
the minimum threshold for equity holdings constituting ownership at 25
percent. Some of these commenters requested that FinCEN affirm this
threshold as the regulatory expectation, notwithstanding our remarks in
the proposal that financial institutions, after their own assessment of
risk, could determine that a lower threshold percentage might be
warranted. A few commenters, however, urged FinCEN to lower this
threshold to 10 percent, contending that the higher threshold would be
too easy to evade and is inconsistent with international AML norms and
requirements of FATCA, and that the burden of a lower threshold would
be minimal because some financial institutions as a matter of practice
already collect beneficial ownership information at thresholds lower
than 25 percent.
FinCEN has considered all of the arguments in favor of lowering the
ownership threshold to 10 percent, and we decline to make this change
in the final rule. Although it is true that some financial institutions
already collect beneficial ownership information at a threshold lower
than 25 percent in some cases, we do not believe that this practice is
widely established enough to justify its categorical imposition for all
legal entity customers across all covered financial institutions. As
some proponents of the 10 percent threshold noted, this lower threshold
would make it more difficult for illicit actors to structure ownership
interests to evade the reporting threshold. However, it would also
require financial institutions to identify and verify as many as eleven
beneficial owners (including the control prong). In FinCEN's
assessment, the incremental benefit of this approach does not outweigh
the burdens associated with having to collect and verify the identities
of more than twice as many beneficial owners in some circumstances.
Furthermore, the proposed 25 percent threshold is consistent with that
of many foreign jurisdictions (including EU member states) and with the
FATF standard, which in turn is used to define the controlling persons
of an entity in the intergovernmental agreements that the United States
has entered into with more than 110 other jurisdictions in order to
enforce the requirements of FATCA. FinCEN continues to believe that a
25 percent threshold strikes the appropriate balance between the
benefit of identifying key natural persons who have substantial
ownership interests in the legal entity and the costs associated with
implementing this information-collection requirement.
We reiterate that the 25 percent threshold is the baseline
regulatory benchmark, but that covered financial institutions may
establish a lower percentage threshold for beneficial ownership (i.e.,
one that regards owners of less than 25 percent of equity interests as
beneficial owners) based on their own assessment of risk in appropriate
circumstances. As a general matter, FinCEN does not expect covered
financial institutions' compliance with this regulatory requirement to
be assessed against a lower threshold. Nevertheless, consistent with
the risk-based approach, FinCEN anticipates that some financial
institutions may determine that they should identify and verify
beneficial owners at a lower threshold in some circumstances; we
believe that making this clear in the note accompanying the regulatory
text will aid them in doing so with respect to their customers.
Some commenters urged FinCEN to include in the ownership prong a
``fallback provision'' to require the collection of beneficial
ownership information for at least one individual with a significant
equity stake in the legal entity, even if no beneficial owner meets the
minimum ownership threshold. Such a provision was initially discussed
in the ANPRM for this rulemaking but not included in the NPRM in
response to concerns expressed by numerous commenters that the approach
was impracticable. As we noted in the NPRM, commenters questioned the
feasibility of engaging in a comparative analysis of every owner to
determine the individual who ``has at least as great an equity interest
in the entity as any other individual.'' Agreeing with that assessment,
we removed this provision, and we do not believe that any benefit from
its reintroduction would outweigh the difficulties that customers and
front-line employees would face in implementing it. Although we have
declined to include this provision in the final rule, financial
institutions may determine, pursuant to a risk-based approach for their
institutions, that certain higher risk circumstances may warrant the
collection of beneficial ownership information for at least one natural
person under the ownership prong even if no beneficial owner meets the
25 percent threshold.
One commenter requested that FinCEN clarify whether covered
financial institutions had an obligation to determine whether equity
holders of a legal entity managed or structured their holdings to evade
the 25 percent threshold for reporting. FinCEN notes that in most cases
it would be impracticable for front-line employees to conduct this type
of inquiry. Thus, FinCEN expects that financial institutions will
generally be able to rely upon information about equity ownership
provided by the person opening the account, and not to affirmatively
investigate whether equity holders are attempting to avoid the
reporting threshold. However, financial institution staff who know,
suspect, or have reason to suspect that such behavior is occurring may,
depending on the circumstances, be required to file a SAR.
A few commenters sought clarification of the definition of ``equity
interests'' provided in the proposal--to wit, an ownership interest in
a business entity--contending that although the proposed definition
provided a great
[[Page 29411]]
deal of latitude and flexibility, it might also cause confusion due to
its broad sweep. Thus, commenters requested greater clarification and
guidance in the form of examples or additional commentary, to assist
customers in understanding and complying with the requirements of the
regulation as well as employees in their determinations as to which
types of ownership interests are subject to this prong. FinCEN
appreciates that some financial institutions may find it challenging in
some circumstances to determine whether a particular ownership interest
qualifies as an ``equity interest.'' However, as we noted in the
proposal, we deliberately avoided the use of more technical terms of
art associated with the exercise of control through ownership; we did
so in part based on the preferences expressed by many members of
industry. The above-mentioned commenters urged FinCEN to avoid creating
a definition using technical and complex legal terms that would also be
difficult for customers and front-line employees to understand and
apply. Beyond the general examples provided in the proposal, however,
we are reluctant to provide additional narrower examples that could be
construed to limit a definition that we intend to be broadly
applicable, particularly in light of the diversity of types of legal
entities formed within the United States and abroad. By the same token,
we also decline to provide a formal guidance document listing the types
of documents that front-line employees should rely upon to demonstrate
the existence of an equity interest over the triggering threshold. We
reiterate that it is generally the responsibility of the legal entity
customer (and its personnel) to make this determination and to identify
the beneficial owners, and not front-line employees at the financial
institution, unless the employees have reason to question the accuracy
of the information presented.
Some commenters noted that while they approved of FinCEN's general
approach to determining indirect ownership of legal entity customers--
i.e., that FinCEN does not expect financial institutions or customers
to undertake analyses to determine whether an individual is a
beneficial owner under the definition--they nevertheless thought that
FinCEN should provide additional guidance and examples of how legal
entity customers should calculate ownership interests when natural
persons have indirect equity interests. As an initial matter, as
described above, we emphasize that FinCEN expects that financial
institutions will generally be able to rely on the representations of
the customer when it identifies its beneficial owners. We also note
that it would not be unreasonable to expect that a legal entity that
has a complex structure would have personnel who necessarily have a
general understanding of the ownership interests of the natural persons
behind it for operational, management, accounting, and other purposes.
Commenters also sought clarification regarding various scenarios
where 25 percent or greater equity interests of a legal entity customer
are held in such a manner that the interest is not ultimately owned,
directly or indirectly, by any individual. This could occur, for
example, where a 25 percent or greater ownership interest is held by an
entity excluded from the legal entity customer definition under
paragraph (e)(2) or by a trust. FinCEN notes that the exclusions in the
proposed rule include any entity organized under the laws of the United
States or of any State at least 51 percent of whose common stock or
analogous equity interests are held by an entity listed on a U.S stock
exchange. FinCEN believes that this should address the overwhelming
majority of situations where an excluded entity is a 25 percent or more
shareholder. In addition, in the relatively unusual situations where an
excluded entity holds a 25 percent or greater equity interest that is
not covered by the above-mentioned exclusion, FinCEN notes that covered
financial institutions are not required under the ownership prong to
identify and verify the identities of a natural person behind these
entities; this is because the definition of ``beneficial owner'' under
the ownership prong refers to ``[e]ach individual, if any, . . .'', and
in such a case there would not be any individual who is the ultimate
owner of such interest. On the other hand, where 25 percent or more of
the equity interests of a legal entity customer are owned by a trust
(other than a statutory trust), covered financial institutions would
satisfy the ownership prong of the beneficial ownership requirement by
collecting and verifying the identity of the trustee, and FinCEN has
amended the definition consistent with this. For clarity, FinCEN notes
that in any such case the legal entity customer would nonetheless be
required to identify an individual under the control prong.
The Control Prong. Commenters also raised a variety of points
regarding this element.
A few commenters requested that we narrow or eliminate the control
prong, contending that it would be difficult to identify a control
person under such a wide-ranging definition. We disagree. FinCEN
proposed a broad definition to give legal entities a wide range of
options from which to choose. Accordingly, the breadth of the
definition will facilitate, rather than hinder, financial institutions'
ability to collect this information--because legal entity customers are
required to provide information on only one control person who
satisfies the definition, legal entities should be able to readily
identify at least one natural person within their management structure
who has significant management responsibility, consistent with the
multiple examples of positions provided. Furthermore, there may be
legal entities for which there are no natural persons who satisfy the
ownership prong; without the control prong, this would create a
loophole for legal entities seeking to obscure their beneficial
ownership information. Requiring the identification and verification
of, at a minimum, one control person ensures that financial
institutions will have a record of at least one natural person
associated with the legal entity, which will benefit law enforcement
and regulatory investigations for reasons described previously.
A few commenters requested that FinCEN provide additional
information about the types of persons who would satisfy the control
prong, contending that a level of detail similar to the explanations
provided for the ownership prong would be helpful for implementation.
We believe that such additional explanation is unnecessary. In contrast
with the variety of possible complicated scenarios that a financial
institution might encounter when trying to determine beneficial
ownership under the ownership prong, the control prong provides for a
straightforward test: The legal entity customer must provide
identifying information for one person with significant managerial
control. It further provides as examples a number of common, well-
understood senior job titles, such as President, Chief Executive
Officer, and others. Taken together, FinCEN believes that these clauses
provide ample information for legal entity customers to easily identify
a natural person that satisfies the definition of control person.
A few commenters requested that FinCEN expand the reach of the
control prong by, among other things, including within it the concept
of ``effective control,'' and proposing a variety of changes to mandate
the identification of additional natural persons under this
[[Page 29412]]
prong, from all persons who exercise executive management and
leadership, to all senior officials and all those who exercise
effective control over a legal entity. FinCEN declines to make any of
these changes to the control prong. While we recognize that our
definition does not encapsulate all possible concepts of control,
including effective control, we believe that our definition strikes the
appropriate balance between including sufficiently senior leadership
positions and practicability. As one of the proponents of including
effective control conceded, effective control can be ``difficult to
determine.'' We sought in our proposal to provide an easily
administrable definition to facilitate collection of this information
for both legal entities and financial institutions. As to the
identification of additional natural persons, we believe that the
challenges associated with identifying and verifying additional natural
persons outweigh any incremental benefit of the information.
Section 1010.230(e) Legal Entity Customer. As proposed, this
paragraph defined the term ``legal entity customer'' and delineated a
series of exclusions from this definition.
Section 1010.230(e)(1). In the proposed rule, we to defined ``legal
entity customer'' to mean a corporation, limited liability company,
partnership or other similar business entity (whether formed under the
laws of a state or of the United States or a foreign jurisdiction) that
opens a new account. Many commenters raised questions about what
entities and other businesses would be covered and requested that the
proposed definition be clarified, particularly the meaning of ``other
similar business entity.'' Some commenters urged us to include other
business forms, such as unincorporated associations and sole
proprietorships, within the definition of legal entity customer.
We agree that covered institutions would benefit from a revised
definition that further clarifies the entities that fall within the
definition of ``legal entity customer.'' Thus, for the purposes of the
final rule, we state that a legal entity customer means a corporation,
limited liability company, or other entity that is created by the
filing of a public document with a Secretary of State or similar
office, a general partnership, and any similar entity formed under the
laws of a foreign jurisdiction, that opens an account. This means that
``legal entity customer'' would include, in addition to corporations
and limited liability companies, limited partnerships, business trusts
that are created by a filing with a state office, any other entity
created in this manner, and general partnerships. (It would also
include similar entities formed under the laws of other countries.) It
would not include, for example, sole proprietorships or unincorporated
associations even though such businesses may file with the Secretary of
State in order to, for example, register a trade name or establish a
tax account. This is because neither a sole proprietorship nor an
unincorporated association is an entity with legal existence separate
from the associated individual or individuals that in effect creates a
shield permitting an individual to obscure his or her identity.\54\ The
definition of ``legal entity customer'' also does not include natural
persons opening accounts on their own behalf. In the final rule, we
remove the reference to a ``new'' account to eliminate redundancies
with other paragraphs of this provision, and because this account
status is not a relevant characteristic for defining a legal entity
customer.
---------------------------------------------------------------------------
\54\ FinCEN notes that this is consistent with the CIP rules,
which include as a customer ``an individual who opens a new account
for . . . (B) an entity that is not a legal person, such as a civic
club.'' In such a case, the individual opening the account, rather
than the civic club, is the customer. See, e.g., 31 CFR
1020.100(c)(1)(ii)(B).
---------------------------------------------------------------------------
Trusts
The definition would also not include trusts (other than statutory
trusts created by a filing with a Secretary of State or similar
office). This is because, unlike the legal entities that are subject to
the final rule, a trust is a contractual arrangement between the person
who provides the funds or other assets and specifies the terms (i.e.,
the grantor or settlor) and the person with control over the assets
(i.e., the trustee), for the benefit of those named in the trust deed
(i.e., the beneficiaries). Formation of a trust does not generally
require any action by the state. As FinCEN noted in the NPRM,
identifying a ``beneficial owner'' from among these parties, based on
the definition in the proposed or final rule, would not be possible.
FinCEN emphasizes that this does not and should not supersede
existing obligations and practices regarding trusts generally. The
preamble to each of the CIP rules notes that, while financial
institutions are not required to look through a trust to its
beneficiaries, they ``may need to take additional steps to verify the
identity of a customer that is not an individual, such as obtaining
information about persons with control over the account.'' \55\
Moreover, as FinCEN noted in the proposal, it is our understanding that
where trusts are direct customers of financial institutions, financial
institutions generally also identify and verify the identity of
trustees, because trustees will necessarily be signatories on trust
accounts (which in turn provides a ready source of information for law
enforcement in the event of an investigation). Furthermore, under
supervisory guidance for banks, ``in certain circumstances involving
revocable trusts, the bank may need to gather information about the
settlor, grantor, trustee, or other persons with the authority to
direct the trustee, and who thus have authority or control over the
account, in order to establish the true identity of the customer.''
\56\ We reiterate our understanding that, consistent with existing
obligations, financial institutions are already taking a risk-based
approach to collecting information with respect to various persons
associated with trusts in order to know their customer,\57\ and that we
expect financial institutions to continue these practices as part of
their overall efforts to safeguard against money laundering and
terrorist financing.\58\
---------------------------------------------------------------------------
\55\ See, e.g., ``Customer Identification Programs for Broker-
Dealers,'' 68 FR at 25116 n.32. (May 9, 2003).
\56\ Federal Financial Institutions Examination Council, Bank
Secrecy Act/Anti-Money Laundering Examination Manual 281 (2014)
(FFIEC Manual).
\57\ FinCEN also understands that in order to engage in the
business of acting as a trustee, it is necessary for a trust company
to be Federally- or State-chartered. Such entities are subject to
BSA obligations, which reduces the AML risk of such trusts.
\58\ Also not covered by the final rule are accounts in the name
of a deceased individual opened by a court-appointed representative
of the deceased's estate.
---------------------------------------------------------------------------
``Account'' Definition
FinCEN also notes that a legal entity customer is defined as one
that opens an account, but that the NPRM did not define the term
``account.'' Several commenters requested that FinCEN provide a
definition for this term and suggested using the definition from the
CIP rules. In order to maintain consistency with the CIP rules, FinCEN
is adding to the final rule the definition of the term ``account'' that
is found in the CIP rules,\59\ which by its terms excludes an account
opened for the purpose of participating in an employee benefit plan
established under the Employee Retirement Income Security Act of 1974.
This added provision is not only consistent with CIP but also
appropriate for the final rule, inasmuch as accounts established to
enable
[[Page 29413]]
employees to participate in retirement plans established under ERISA
are of extremely low money laundering risk.
---------------------------------------------------------------------------
\59\ See, e.g., 31 CFR 1020.100(a)(2) (for banks);
1023.100(a)(2) (for brokers or dealers in securities);
1024.100(a)(2) (for mutual funds); and 1026.100(a)(2) (for futures
commission merchants or introducing brokers in commodities).
---------------------------------------------------------------------------
In this regard, commenters requested that FinCEN broaden the
exemption for ERISA plans to include other non-ERISA retirement plans,
based on their low risk of money laundering, FinCEN notes that in the
case of such non-ERISA plans, the customer would generally either be
the trust established to maintain the assets, or the employer that
contracts with the financial institution to establish the account, and
not the underlying participants in or beneficiaries of the account.\60\
Accordingly, in the case where the customer would be the employer and
such employer is a legal entity, the financial institution would be
required to obtain the beneficial owners of the legal entity employer
(unless such employer is otherwise excluded from the definition of
legal entity customer). We address other requests for exemptions from
the beneficial ownership requirement in the discussion of Sec.
1010.230(h) below.
---------------------------------------------------------------------------
\60\ See FinCEN et al., Interagency Interpretive Guidance on
Customer Identification Program Requirements under Section 326 of
the USA PATRIOT Act, FAQs: Final CIP Rule 6 April 28, 2005, page 6,
available at http://www.fincen.gov/statutes_regs/guidance/pdf/faqsfinalciprule.pdf.
---------------------------------------------------------------------------
Paragraph (c) of Sec. 1010.230 of the final rule will accordingly
read as set out in the regulatory text at the end of this document.
Section 1010.230(e)(2). The NPRM proposed ten exclusions from the
legal entity customer definition. The first two categories are also for
the most part excluded from the requirements of the CIP rules. The
final rule adopts all of those proposed exclusions, except as discussed
below under the heading, Charities and Nonprofit Entities. The final
rule also adds a number of other exclusions in response to comments.
All of the exclusions are a result of an assessment of the risks and
determination that beneficial ownership information need not be
obtained at account opening, because the information is generally
available from other credible sources:
A financial institution regulated by a Federal functional regulator or
a bank regulated by a State bank regulator--1010.230(e)(2)(i)
These entities are excluded because they are subject to Federal or
State regulation and information regarding their beneficial ownership
and management is available from the relevant Federal or State
agencies.
A person described in Sec. 1020.315(b)(2) through (5) of this
chapter-- Sec. 1010.230(e)(2)(ii)
This includes the following:
A department or agency of the United States, of any State,
or of any political subdivision of a State. FinCEN has determined that
this category is appropriate for exclusion because such entities have
no equity owners and information regarding their management is readily
available from public sources.
Any entity established under the laws of the United
States, of any State, or of any political subdivision of any State, or
under an interstate compact between two or more States, that exercises
governmental authority on behalf of the United States or of any such
State or political subdivision. This category is also appropriate for
exclusion due to the amount of ownership and management information
that is publicly available about such entities.
Any entity (other than a bank) whose common stock or
analogous equity interests are listed on the New York, American,\61\ or
NASDAQ stock exchange. This exclusion is appropriate because such
entities are required to publicly disclose the beneficial owners of
five percent or more of each class of the issuer's voting securities in
periodic filings with the SEC, to the extent the information is known
to the issuer or can be ascertained from public filings.\62\ In
addition, beneficial owners of these issuers' securities may be subject
to additional reporting requirements.\63\
---------------------------------------------------------------------------
\61\ Currently called NYSE MKT.
\62\ See, e.g., Item 12 of Form 10-K and Item 403 of Regulation
S-K.
\63\ See Securities Exchange Act section 13(d) and Rules 13d-1
to 13d-102; Securities Exchange Act Sec. 16(a) and Rules 16a-1
through 16a-13.
---------------------------------------------------------------------------
Any entity organized under the laws of the United States
or of any State at least 51 percent of whose common stock or analogous
equity interests are held by a listed entity. Because such subsidiaries
of listed entities are controlled by their parent listed entity,
information regarding control and management is publicly available.
An issuer of a class of securities registered under section 12 of the
Securities Exchange Act of 1934 or that is required to file reports
under section 15(d) of that Act \64\--Sec. 1010.230(e)(2)(iii)
\64\ See Securities Exchange Act section 16(a) and Rules 16a-1
through 16a-13 and Item 403 of Regulation S-K.
---------------------------------------------------------------------------
These issuers are excluded because they are required to publicly
disclose the beneficial owners of five percent or more of each class of
the issuer's voting securities in periodic filings with the SEC, to the
extent the information is known to the issuer or can be ascertained
from public filings.\65\ In addition, beneficial owners of the issuer's
securities may be subject to additional reporting requirements.\66\
---------------------------------------------------------------------------
\65\ See, e.g., Item 12 of Form 10-K and Item 403 of Regulation
S-K.
\66\ See Securities Exchange Act section 13(d) and Rules 13d-1
to 13d-102; Securities Exchange Act Sec. 16(a) and Rules 16a-1
through 16a-13.
An investment company, as defined in Section 3 of the Investment
Company Act of 1940, that is registered with the SEC under that Act--
Sec. 1010.230(e)(2)(iv)
An investment adviser, as defined in section 202(a)(11) of the
Investment Advisers Act of 1940, that is registered with the SEC under
that Act--Sec. 1010.230(e)(2)(v)
These entities are excluded because registered investment companies
and registered investment advisers already publicly report beneficial
ownership in their filings with the SEC.\67\
---------------------------------------------------------------------------
\67\ See, e.g., Item 17 of Form N-1A and Schedule A to Part 1A
of Form ADV.
An exchange or clearing agency, as defined in section 3 of the
Securities Exchange Act of 1934, that is registered under section 6 or
17A of that Act--Sec. 1010.230(e)(2)(vi)
Any other entity registered with the SEC under the Securities and
Exchange Act of 1934--Sec. 1010.230(e)(2)(vii)
These entities are excluded because the SEC registration process
requires disclosure and regular updating of information about
beneficial owners of those entities, as well as senior management and
other control persons.
A registered entity, commodity pool operator, commodity trading
advisor, retail foreign exchange dealer, swap dealer, or major swap
participant, each as defined in section 1a of the Commodity Exchange
Act, that is registered with the CFTC--Sec. 1010.230(e)(2)(viii)
These entities are excluded because the CFTC registration process
requires disclosure and regular updating of information about
beneficial owners of those entities, as well as senior management and
other control persons.
A public accounting firm registered under section 102 of the Sarbanes-
Oxley Act--Sec. 1010.230(e)(2)(ix)
Such firms are those that audit publicly traded companies and SEC-
registered broker-dealers. These firms are required to register with
the Public Company Accounting Oversight Board
[[Page 29414]]
(PCAOB), a nonprofit corporation established by Congress to oversee the
audits of publicly traded companies, and are required to file annual
and special reports with the PCAOB. In addition, States require public
accounting firms to register and to file annual reports identifying
their members (e.g., partners, members, or shareholders).\68\ Such
information is often available online.
---------------------------------------------------------------------------
\68\ See, e.g., New York State Education Law, Article 149,
Section 7408.3.
---------------------------------------------------------------------------
Many commenters also urged that the proposed exclusions from the
legal entity customer definition be expanded or clarified in certain
respects. These include, among others, exclusions for accounts for
employee benefit plans (addressed above), additional entities regulated
by the United States or States of the United States, foreign
governments and agencies, foreign financial institutions, and
nonprofits. Commenters also sought clarity on how certain types of
entities and relationships should be treated.
Additional Regulated Entities
A bank holding company, as defined in section 2 of the Bank Holding
Company Act of 1956 (12 U.S.C. 1841), or savings and loan holding
company, as defined in section 10(n) of the Home Owners' Loan Act (12
U.S.C. 1467a(n))--Sec. 1010.230(e)(2)(x)
At the suggestion of several commenters, bank holding companies,
which include financial holding companies, have been excluded from the
beneficial ownership requirement in the final rule because the Federal
Reserve Board maintains beneficial ownership information on all of
these companies. Savings and loan holding companies are excluded for
the same reason.
A pooled investment vehicle that is operated or advised by a financial
institution excluded under this paragraph--Sec. 1010.230(e)(2)(xi)
In response to several commenters who noted that beneficial
ownership information would be available regarding the operator or
adviser of such pooled vehicles, FinCEN has determined that the pooled
vehicle should also be excluded from this requirement.
An insurance company that is regulated by a State--Sec.
1010.230(e)(2)(xii)
A few commenters sought exclusion of insurance companies from the
definition of legal entity customer, with the requested exclusions
ranging in scope from all insurance companies subject to an AML program
requirement and all insurance companies regulated by a State of the
United States, to those insurance companies that own or control an SEC
registered broker-dealer or SEC registered investment adviser. We
address these proposals in turn.
The commenters who proposed to exclude all insurance companies
subject to an AML program requirement and all State-regulated insurance
companies did not directly proffer a rationale for their request. We
presume that the commenters believe that insurance companies subject to
an AML program requirement and to State regulation present a lower risk
profile, and should therefore be excluded. As to insurance companies
subject to an AML program requirement, such status alone does not
require insurance companies to disclose beneficial ownership
information to their supervisors. Accordingly, an exclusion on that
basis would not be warranted. With respect to insurance companies
regulated by a State of the United States, these companies must
disclose and regularly update their beneficial owners, as well the
identities of senior management and other control persons. For
insurance firms that are a part of a publicly traded group, such
disclosures would also be found in annual SEC filings. All State-
regulated insurance companies are required to file an Annual Statement
with their State regulators, identifying senior management, directors,
and trustees. Schedule Y of this Statement shows the firm's corporate
structure, including direct and indirect parents and subsidiaries of
the insurer. Form B, an annual registration statement filed with state
regulators, shows the executive officers, directors, and controlling
shareholders of insurance companies. In the case of mutual insurance
companies, which do not issue equity and are instead owned as a whole
by their policyholders, Form B nevertheless shows their executive
officers and directors. For these reasons, we believe an exclusion for
State-regulated insurance companies is appropriate, and we have
accordingly added to the final rule an exclusion for an insurance
company that is regulated by a State as paragraph (e)(2)(xii).\69\
---------------------------------------------------------------------------
\69\ Because ``State'' is defined in 31 CFR 1010.100(vv), we
have not included ``of the United States'' in the rule text.
---------------------------------------------------------------------------
Some commenters also sought an exclusion for insurance companies
that own or control an SEC registered broker-dealer or SEC registered
investment adviser, noting that their registration with the SEC results
in the disclosure of all individuals and entities in the indirect chain
of ownership of the broker-dealer or adviser with an ownership interest
of 25 percent or more. FinCEN understands that in the vast majority of
cases, an insurance company that owns or controls a registered broker-
dealer or investment advisor would also be regulated by a State.
Accordingly, FinCEN believes that this additional exclusion would be
redundant.
A financial market utility designated by the Financial Stability
Oversight Council under Title VIII of the Dodd-Frank Wall Street Reform
and Consumer Protection Act of 2010--Sec. 1010.230(e)(2)(xiii)
One commenter requested that FinCEN exclude designated financial
market utilities from the definition of legal entity customer, noting
that such entities are already subject to extensive regulation. FinCEN
understands that entities designated as financial market utilities by
the Financial Stability Oversight Council pursuant to Title VIII of the
Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 are
subject to extensive supervision and oversight by their Federal
functional regulators, including the disclosure of beneficial ownership
information. Accordingly, FinCEN believes that it is appropriate to
exclude them from the definition.
Excluded Foreign Entities
A foreign financial institution established in a jurisdiction where the
regulator of such institution maintains beneficial ownership
information regarding such institution--Sec. 1010.230(e)(2)(xiv)
Numerous commenters urged FinCEN to broaden the proposed exemptions
for regulated financial institutions and publicly traded companies in
the United States to include their counterparts outside of the United
States. With regard to regulated foreign financial institutions, some
commenters noted that in the rules implementing section 312 of the USA
PATRIOT Act, even in the case of foreign banks subject to enhanced due
diligence, a U.S. bank need obtain ownership information only if such
foreign banks are not publicly traded,\70\ and that it would be
inconsistent to impose a more burdensome requirement in the case of
correspondent accounts for foreign banks (and arguably other foreign
financial institutions) that are not subject to enhanced due diligence.
FinCEN agrees with this analysis and has broadened the exclusions to
the
[[Page 29415]]
definition of legal entity customer in the final rule to include
foreign financial institutions established in jurisdictions where the
regulator of such institution maintains beneficial ownership
information regarding such institution. As with other exclusions
described above, FinCEN has determined that it is appropriate to
exclude these entities, because information regarding their beneficial
ownership and management is available from the relevant foreign
regulator.
---------------------------------------------------------------------------
\70\ 31 CFR 1010.610(b)(3).
A non-U.S. governmental department, agency or political subdivision
that engages only in governmental rather than commercial activities--
---------------------------------------------------------------------------
Sec. 1010.230(e)(2)(xv)
Commenters also requested that certain departments, agencies, and
political subdivisions of non-U.S. governments, as well as State-owned
enterprises and supranational organizations, should also be exempt from
the beneficial ownership requirement. The commenters pointed out that
no such customers would have beneficial owners under the ownership
prong, and any individual identified under the control prong would in
most cases not be in the United States, which would make verification
of identity more difficult. We agree that certain departments,
agencies, and political subdivisions of non-U.S. governments--
specifically, those that engage only in governmental (and not
commercial) activities--should not fall within the definition of legal
entity customer, and should therefore be excluded from the requirement.
Although this delineation between governmental and commercial
activities arises out of well-recognized principles of sovereign
immunity, FinCEN does not expect front-line employees of covered
financial institutions to engage in any type of legal analysis to
determine the applicability of this exclusion. Rather, FinCEN expects
covered financial institutions to rely upon the representations of such
customers, absent knowledge to the contrary.
Some commenters also requested an exclusion for supranational
organizations. FinCEN is not aware of a well-established, widely
accepted definition of this term that could serve to clearly notify
such entities of their eligibility to be excluded from this
requirement. Because of the administrative challenges associated with
determining such eligibility in the absence of a clear line, FinCEN
declines to include such an exclusion in the final rule. We recognize
that many such organizations would generally lack equity interests (and
accordingly, equity stakes); thus, as in the case of other legal
entities lacking such interests, financial institutions would be
expected to collect beneficial ownership information under the control
prong only.
Any legal entity only to the extent that it opens a private banking
account subject to 31 CFR 1010.620--Sec. 1010.230(e)(2)(xvi)
A number of commenters requested that FinCEN clarify the treatment
of beneficial owners of private banking accounts for non-U.S. persons
that are subject to FinCEN's private banking account rule,\71\ which
requires financial institutions maintaining such accounts to ascertain
the identity of all beneficial owners of such accounts, but utilizes a
different definition.\72\ Because covered financial institutions have
established a process for complying with the private banking account
regulation, FinCEN has determined that it is appropriate to exclude
such legal entity customers from the beneficial ownership requirement
only when they establish such accounts.
---------------------------------------------------------------------------
\71\ 31 CFR 1010.620.
\72\ 31 CFR 1010.605(a).
---------------------------------------------------------------------------
Nonexcluded Pooled Investment Vehicles
In the proposal, FinCEN sought comment on the approach that it
should take towards pooled investment vehicles that are operated or
advised by financial institutions that are not proposed to be excluded
from the definition of legal entity customer, i.e., whether they should
also be excluded from this requirement, or, if such vehicles are not
excluded, whether covered financial institutions should be required to
identify beneficial owners of such vehicles only under the control
prong of the beneficial ownership definition. We noted that such
entities often have ownership interests that fluctuate, and that
identifying beneficial owners of these entities based on a percentage
ownership threshold accordingly might create unreasonable operational
challenges to collect information that would only be accurate for a
limited period of time.
Some commenters requested that FinCEN exclude such pooled
investment vehicles from the beneficial ownership requirement for
several reasons, including the logistical difficulties of maintaining
the information and possible limited duration of the accuracy of the
information noted above. The commenters requested that, if such
vehicles are not excluded, then FinCEN should require those financial
institutions to collect beneficial ownership information of such
entities under the control prong only. FinCEN agrees that, because of
the limited utility and difficulty of collecting beneficial ownership
information under the ownership prong, in the case of pooled investment
vehicles whose operators or advisers are not excluded from this
definition, such as non-U.S. managed mutual funds, hedge funds, and
private equity funds, financial institutions would be required to
collect beneficial ownership information under the control prong only
(e.g., an individual with significant responsibility to control,
manage, or direct the operator, adviser, or general partner of the
vehicle). This treatment of nonexcluded pooled investment vehicles is
reflected in the final rule in Sec. 1010.230(e)(3)(i).
Intermediated Account Relationships
In the NPRM, we proposed that if an intermediary is the customer,
and the financial institution has no CIP obligation with respect to the
intermediary's underlying clients pursuant to existing guidance, a
financial institution should treat the intermediary, and not the
intermediary's underlying clients, as its legal entity customer. Thus,
existing guidance issued jointly by Treasury or FinCEN and any of the
Federal functional regulators for broker-dealers, mutual funds, and the
futures industry related to intermediated relationships would
apply.\73\ Commenters from the securities, mutual fund, and futures
industries strongly supported this approach. FinCEN confirms that this
principle will apply in interpreting the final rule, as follows: To the
extent that
[[Page 29416]]
existing guidance provides that, for purposes of the CIP rules, a
financial institution shall treat an intermediary (and not the
intermediary's customers) as its customer, the financial institution
should treat the intermediary as its customer for purposes of this
final rule. FinCEN also confirms that other guidance issued jointly by
FinCEN and one or more Federal functional regulators relating to the
application of the CIP rule will apply to this final rule, to the
extent relevant.\74\
---------------------------------------------------------------------------
\73\ See, e.g., Guidance from the Staffs of the Department of
the Treasury and the U.S. Securities and Exchange Commission,
Questions and Answers Regarding the Mutual Fund Customer
Identification Rule, August 11, 2003, available at https://www.sec.gov/divisions/investment/guidance/qamutualfund.htm.;
Guidance from the Staffs of the Department of the Treasury and the
U.S. Securities and Exchange Commission, Question and Answer
Regarding the Broker-Dealer Customer Identification Program Rule (31
CFR 103.122) (October 1, 2003), available at http://www.fincen.gov/statutes_regs/guidance/html/20031001.html; Guidance from the Staffs
of the Department of the Treasury and the U.S. Commodity Futures
Trading Commission, Frequently Asked Question regarding Customer
Identification Programs for Futures Commission Merchants and
Introducing Brokers (31 CFR 103.123), available at http://www.fincen.gov/statutes_regs/guidance/html/futures_omnibus_account_qa_final.html; FinCEN, Application of the
Regulations Requiring Special Due Diligence Programs for Certain
Foreign Accounts to the Securities and Futures Industries, FIN-2006-
G009 (May 10, 2006), available at http://www.fincen.gov/statutes_regs/guidance/html/312securities_futures_guidance.html.
\74\ See, e.g., FinCEN, Application of the Customer
Identification Program Rule to Future Commission Merchants Operating
as Executing and Clearing Brokers in Give-Up Arrangements, FIN-2007-
G001 (April 20, 2007), available at http://www.fincen.gov/statutes_regs/guidance/html/cftc_fincen_guidance.html; ``FAQs: Final
CIP Rule''.
---------------------------------------------------------------------------
One commenter representing the legal profession requested that
escrow accounts established by lawyers to keep their clients' funds in
trust be given the same treatment, due to lawyers' professional
obligations to maintain client confidentiality under State law and
codes of professional conduct. This commenter proposed that in the case
of such accounts, only the lawyers and law firms establishing these
accounts would be deemed legal entity customers from which beneficial
ownership information would be collected. FinCEN understands that many
attorneys maintain client trust or escrow accounts containing funds
from multiple clients and other third parties in a single account.
Funds flow in and out of these accounts during the normal course of
business, and while these movements may not be as frequent as those
found in, for example, pooled accounts in the securities and futures
industries, they nevertheless create significant operational challenges
to collecting this information with reference to the relevant clients
and third parties. As in the case of nonexcluded pooled investment
vehicles, FinCEN believes that it would be unreasonable to impose such
collection obligations for information that would likely be accurate
only for a limited period of time. FinCEN also understands that State
bar associations impose extensive recordkeeping requirements upon
attorneys with respect to such accounts, generally including, among
other things, records tracking each deposit and withdrawal, including
the source of funds, recipient of funds, and purpose of payment; copies
of statements to clients or other persons showing disbursements to them
or on their behalf; and bank statements and deposit receipts.\75\ For
these reasons, FinCEN believes that attorney escrow and client trust
accounts should be treated like other intermediated accounts described
above, and we accordingly deem such escrow accounts intermediated
accounts for purposes of the beneficial ownership requirement.
---------------------------------------------------------------------------
\75\ See, e.g., 22 N.Y.C.R.R. Part 1200, Rule 1.15; California
State Bar Rule of Professional Conduct 4-100.
---------------------------------------------------------------------------
Charities and Nonprofit Entities
In the NPRM, we proposed an exclusion from the definition of
``legal entity customer'' for charities and nonprofit entities that are
described in sections 501(c), 527, or 4947(a)(1) of the Internal
Revenue Code of 1986, which have not been denied tax exempt status, and
which are required to and have filed the most recently due annual
information return with the Internal Revenue Service.
Commenters raised a number of issues with this proposed exemption.
These include the fact that, in order to qualify for the exemption, the
financial institution would effectively need to verify each of the
following:
1. That the customer qualifies for an exemption under one of the
three listed sections of the Internal Revenue Code, which would likely
require that the financial institution review the entity's IRS
documentation;
2. That the exemption has not been revoked;
3. That the entity is required to file an annual information
return; and
4. That the entity has in fact filed such return.
Commenters expressed concerns that these steps to verify a
charitable organization's eligibility for the exemption would be unduly
burdensome and difficult for frontline staff to administer. Several
commenters asked whether the financial institution could utilize the
IRS's search tool that enables taxpayers to confirm the tax exempt
status of organizations, ``EO Select Check,'' in order to verify the
necessary information; others noted that, while this Web site confirms
the tax exempt status of organizations, it does not confirm that the
organization has filed its most recently due return. Moreover, up-to-
date information, particularly regarding a recently formed
organization, may not be available. Commenters noted further that,
unless these issues can be addressed in a way that would facilitate the
use of the exclusion, it would in many cases be simpler to ignore the
exclusion and obtain the beneficial ownership information.
FinCEN has considered the comments addressing this proposed
exclusion and agrees that as proposed the exclusion would in many cases
be difficult to administer. Rather than limiting its treatment of this
category to entities that are exempt from Federal tax and requiring
proof of such exemption, FinCEN has determined that it would be
simpler, as well as more efficient and more logical, to exclude all
nonprofit entities (whether or not tax-exempt) from the ownership prong
of the requirement, particularly considering the fact that nonprofit
entities do not have ownership interests, and require only that they
identify an individual with significant responsibility to control,
manage, or direct the customer. Accordingly, the final rule eliminates
this proposed exclusion and instead includes as a type of legal entity
customer, subject only to the control prong of the beneficial owner
definition, any legal entity that is established as a nonprofit
corporation or similar entity and has filed its organizational
documents with the appropriate State authority as necessary.
For purposes of this provision, a nonprofit corporation or similar
entity would include, among others, charitable, nonprofit, not-for-
profit, nonstock, public benefit or similar corporations. Such an
organization could establish that it is a qualifying entity by
providing a certified copy of its certificate of incorporation or a
certificate of good standing from the appropriate State authority,
which may already be required for a legal entity to open an account
with a financial institution under its CIP.\76\ FinCEN also believes
that identifying and verifying an individual under the control prong is
not an onerous requirement, and understands from its outreach that in
the cases of many nonprofits such an individual is already identified
to the financial institution as a signatory. FinCEN also notes that as
a general matter, small local community organizations, such as Scout
Troops and youth sports leagues, are unincorporated associations rather
than legal entities and therefore not subject to the beneficial
ownership requirement.
---------------------------------------------------------------------------
\76\ See, e.g., 31 CFR 1020.220(a)(2)(ii)(A)(2).
---------------------------------------------------------------------------
Other Proposed Exclusions
A few commenters requested that we expand the list of exclusions to
include all types of entities currently exempt from CTR reporting
requirements. Although some of the exclusions to the definition of
legal entity customer correspond to entities exempt from CTR
[[Page 29417]]
reporting requirements,\77\ we decline to extend these exclusions to
include all of the CTR exemptions. The CTR and beneficial ownership
requirements serve different purposes, and the principal underlying
justification for many of the CTR exemptions--that the requirement is
not feasible or appropriate for cash-intensive low-risk businesses--
does not apply here. FinCEN has considered all the CTR exemptions and
has included those that are logical in the context of the beneficial
ownership requirement, for the reasons articulated above.
---------------------------------------------------------------------------
\77\ See 31 CFR 1010.230(e)(2)(i), which includes certain
persons exempt from CTR reporting.
---------------------------------------------------------------------------
Some commenters also requested that FinCEN exclude other ``low-
risk'' entities from the definition of legal entity customer. We have
considered all commenters' requests for exclusions to the definition
and have incorporated only those that we have determined are
appropriate in this context.
Section 1010.230(f) Covered Financial Institution. As proposed,
this paragraph defined covered financial institution through
incorporation by reference of the definition set forth in Sec.
1010.605(e)(1), thereby subjecting to this requirement those financial
institutions already covered by CIP requirements. FinCEN noted in the
proposal that it viewed the exercise of its discretion to limit the
initial application of this requirement to these institutions as
appropriate, because it is logical to minimize disruption and burden to
the extent possible by commencing implementation with institutions
already equipped to leverage CIP procedures.
There were no significant objections to limiting the scope of this
requirement in this manner, and we are accordingly adopting this
definition as proposed. We note generally that FinCEN received comments
from institutions not subject to CIP (nor therefore to the proposal),
urging us to engage in dialogue before determining whether to expand
the beneficial ownership and CDD requirements to their industries.
FinCEN agrees that thoughtful engagement with all stakeholders is an
essential component of the rulemaking process, and will continue to
engage in outreach to inform our policy decisions and any future
rulemakings. As we noted in the proposal, comments and discussions with
these institutions during the course of this rulemaking have led us to
believe that extending CDD requirements in the future to these, and
potentially other types of financial institutions, may ultimately
promote a more consistent, reliable, and effective AML regulatory
structure across the financial system.
A few commenters requested that FinCEN exclude smaller financial
institutions from the scope of coverage, contending principally that
such institutions generally presented a lower risk profile and that
implementation of the beneficial ownership requirement would be unduly
burdensome. We decline to categorically exclude smaller institutions
from the definition of covered financial institution. As we have noted,
both in the proposal and above, one of the animating purposes of this
rulemaking is to promote clear and consistent expectations across and
within financial sectors, in order to promote a more level playing
field when it comes to AML/CFT compliance. Uniform application of the
beneficial ownership requirement would prevent the ``competitive
disadvantage'' (cited by one commenter seeking this exclusion) that
would result if prospective customers were not required ``to complete
the same form at . . . competitor financial institutions.'' And even
though some smaller institutions might be lower risk, size alone should
not be a determinative factor for a risk assessment, making it an
inappropriate basis for a categorical exclusion. Indeed, a blanket
size-based exclusion would provide a clear roadmap for illicit actors
seeking an easy entry point into the financial system. Finally, FinCEN
appreciates the concerns raised about the burden of implementation
expressed by commenters and, as described at length above, has made
numerous changes to the proposal to reduce the burden upon financial
institutions. We reiterate that, as with CIP, financial institutions
are expected to implement procedures for collecting beneficial
ownership information ``appropriate for [their] size and type of
business.'' \78\
---------------------------------------------------------------------------
\78\ 31 CFR 1020.220(a)(1); 31 CFR 1023.220(a)(1); 31 CFR
1024.220(a)(1); 31 CFR 1026.220(a)(1).
---------------------------------------------------------------------------
Section 1010.230(g) New account. See discussion above under
``Identification and Verification.''
Section 1010.230(h) Exemptions. In the final rule, this paragraph
exempts covered financial institutions from the beneficial ownership
requirement with respect to opening accounts for legal entity customers
for certain specific activities and within certain limitations for the
reasons described below.
Private Label Retail Credit Accounts Established at the Point-of-Sale
One commenter requested that FinCEN exempt point-of-sale retail
credit accounts provided to small to mid-size business customers,
including commercial private label and co-branded credit cards and
installment loans, from the scope of coverage of the beneficial
ownership requirement. This commenter noted that such accounts
presented a lower risk of money laundering due in large part to
limitations on the use of those cards inherent in these customer
relationships. For example, because private label credit cards can be
used only to purchase goods or services at the specified retailer at
which they are issued, they would not be an attractive vehicle to
launder illicit proceeds. That these accounts can only be used for
domestic transactions, and generally have lower credit limits, are
additional factors that mitigate the risk of these accounts. FinCEN has
learned that legal entities without an established and verifiable
credit history that seek such accounts are generally required to
provide a personal guarantee by a natural person whose identity and
credit history are verified. We agree that these characteristics and
limitations associated with private label credit card accounts that are
used exclusively within issuing retailers' networks, significantly
decrease these accounts' susceptibility to abuse by money launderers
and terrorist financers. Thus, covered financial institutions are
exempt from the beneficial ownership requirement with respect to
private label credit card accounts to the limited extent that they are
established at the point-of-sale to obtain credit products, including
commercial private label credit cards, solely for the purchase of
retail goods and/or services at the issuing retailer and have a credit
limit of no more than $50,000.
In contrast, credit cards that are co-branded with major credit
card associations do not possess the same limitations and
characteristics that would protect them from abuse. For example, co-
branded credit cards can be used at any outlet or ATM that accepts
those associations' cards. FinCEN therefore believes that covered
financial institutions should obtain and verify beneficial ownership
information with respect to opening accounts for legal entities
involving such co-branded cards.
Additional Exemptions
During the comment period to the RIA, several commenters sought to
exempt certain limited purpose activities from the scope of the
beneficial ownership requirement, principally on the grounds that such
accounts had an extremely low risk profile for money laundering because
of
[[Page 29418]]
inherent structural limitations to the accounts and the purposes for
which such accounts are established.
Accounts Established for the Purchase and Financing of Postage
One such commenter was a limited purpose banking entity whose
primary business is to facilitate the purchase and financing of
postage. This commenter noted that all the accounts at its institution
exist solely for small businesses, governments, and nonprofit
organizations to prepay postage and earn interest (in the form of
additional postage), or to finance postage through an unsecured
revolving line of credit. Clients of this institution cannot use these
accounts to purchase merchandise, deposit or withdraw cash, write
checks, or transfer funds. FinCEN agrees that these types of accounts
present a low risk of money laundering, both because of the purpose for
which such accounts are established, as well as the characteristics of
these accounts described above. Accordingly, covered financial
institutions are exempt from the beneficial ownership requirement with
respect to accounts solely used to finance the purchase of postage and
for which payments are remitted directly by the financial institution
to the provider of the postage products.
Commercial Accounts To Finance Insurance Premiums
Several commenters representing the commercial insurance premium
finance industry submitted a joint letter outlining the expected impact
of the beneficial ownership requirement on their industry, and the
structural characteristics of these financial products that make them a
low risk of money laundering. They noted that borrowers seeking funds
to finance premiums for property and casualty insurance do not receive
these proceeds directly; instead, the funds are remitted directly to an
insurance company, either directly or through an insurance agent or
broker. As with the limited purpose postage accounts described above,
customers of premium finance companies cannot use these accounts to
purchase merchandise, deposit or withdraw cash, write checks, or
transfer funds. FinCEN agrees that these types of accounts present a
low risk of money laundering, both because of the purpose for which
such accounts are established, as well as the characteristics of these
accounts that make them a poor vehicle for money laundering. For these
reasons, covered financial institutions are exempt from the beneficial
ownership requirement with respect to accounts solely used to finance
insurance premiums and for which payments are remitted directly by the
financial institution to the insurance provider or broker.
Accounts To Finance the Purchase or Lease of Equipment
One commenter representing a bank that primarily provides financial
products for small business equipment leasing sought to exclude this
activity from the beneficial ownership requirement with the same basic
rationale put forth by the commenters representing the commercial
insurance premium finance industry. Because FinCEN understands that
these financial products have similar structural characteristics that
limit their utility as vehicles for money laundering, covered financial
institutions are exempt from the beneficial ownership requirement with
respect to accounts solely used to finance the purchase or leasing of
equipment and for which payments are remitted directly by the financial
institution to the vendor or lessor of this equipment.
Section 1010.230(h)(2) Limitations on Exemptions. These three
exemptions are subject to further limitations to mitigate the remaining
limited money laundering risks associated with them, as follows:
The exemptions identified in paragraphs (h)(1)(ii) through
(iv) do not apply to transaction accounts through which a legal entity
customer can make payments to, or receive payments from, third parties.
If there is the possibility of a cash refund on the
account activity identified in paragraphs (h)(1)(ii) through (iv), then
beneficial ownership of the legal entity customer must be identified
and verified by the financial institution as required by this section,
either at the time of initial remittance, or at the time such refund
occurs.
The first limitation reflects the additional structural limitation
described in our discussion of these account types that makes them a
low risk of money laundering, and therefore a necessary characteristic
to qualify for these exclusions. The second limitation serves to
mitigate the principal money laundering vulnerability in some of these
accounts--to wit, the possibility of a cash refund--by requiring the
identification and verification of beneficial ownership information
when the initial remittance is made or when a refund actually occurs.
Based upon the submissions from commenters, as well as subsequent
inquiry into these financial products, FinCEN understands that most of
these exempted accounts would not be affected by such limitation.
Furthermore, this requirement has been drafted to give covered
financial institutions flexibility in implementing this provision.
Although this limitation applies broadly to accounts where there is the
possibility of a refund, as a practical matter, beneficial ownership
information must only be collected when such a refund actually occurs.
Thus, covered financial institutions that offer such products do not
have to change their onboarding systems, and FinCEN believes that in
most cases, they will not have to collect this information.
Section 1010.230(i) Recordkeeping. In the NPRM, we proposed a
recordkeeping requirement identical to the requirement for CIP, in
order to leverage existing standards and processes to facilitate
financial institutions' implementation of this requirement. Thus, under
the proposal, a financial institution must have procedures for
maintaining a record of all information obtained in connection with
identifying and verifying beneficial owners, including retention of the
Certification Form and a record of any other related identifying
information reviewed or collected, for a period of five years after the
date the account is closed. Furthermore, we proposed that a financial
institution must also retain records for a period of five years after
such record is made, including a description of every document relied
on for verification, any non-documentary methods and results of
measures undertaken for verification, as well as the resolution of any
substantive discrepancies discovered in verifying the identification
information.
Because collection of the Certification Form is no longer a
requirement, we are making a corresponding change to the recordkeeping
requirement for the final rule. Section 1010.230(i)(1)(i) now states
that at a minimum, the record must include, for identification, any
identifying information obtained by the covered financial institution
pursuant to paragraph (b), including without limitation the
certification (if obtained).
Most commenters who addressed this issue agreed with FinCEN's
decision to have recordkeeping requirements identical to CIP. However,
two commenters who submitted largely identical letters objected to this
approach, asserting that the CIP recordkeeping requirements did not
make sense in the context of beneficial ownership information because
such information would likely change regularly for some legal entity
customers, resulting in the accumulation of multiple iterations of the
Certification Form, all of which would have to be retained. Despite
this
[[Page 29419]]
concern, we decline to alter the recordkeeping requirement. First,
because the Certification Form is no longer mandatory, financial
institutions not using it will not have to retain multiple
Certification Forms, but will instead have flexibility to record any
changes of beneficial ownership information in a manner that works best
for their institution. And we believe the benefit from leveraging
existing procedures far outweighs any benefit that might arise from a
shorter recordkeeping standard, because creating a separate standard
for beneficial ownership information would likely require new processes
and necessitate training for employees, as well as require line
employees to consistently apply different standards for beneficial
ownership and CIP information.
Section 1010.230(j) Reliance on Another Financial Institution. In
the NPRM, we proposed that financial institutions could rely on the
performance by another financial institution of the requirements of
this section under the same conditions as set forth in the applicable
CIP rules.
Commenters raised a few points regarding the reliance provision as
proposed. A few requested that we lower the standard for reliance below
that articulated in the applicable CIP rules, by permitting reliance
without a contract and annual certification, and extending the reliance
provisions to regulated money services businesses and foreign
affiliates of covered financial institutions subject to a global
standard at least as rigorous as U.S. CIP and CDD standards. We decline
to make any of these proposed changes to the reliance provision at this
time. FinCEN believes that there is significant value to financial
institutions in terms of account management in having uniform standards
to the greatest extent possible, and that having different reliance
standards for CIP and for beneficial ownership information might cause
confusion and negatively impact compliance. Thus, to the extent that we
would make any of the proposed changes to the reliance provision, we
believe it would be important to make the same changes concurrently to
the applicable CIP provisions, which would require joint rulemaking.
One commenter requested that FinCEN clarify reliance
responsibilities in the drafting of selling, clearing, or counterparty
agreements, without further elaboration upon the type of clarification
sought or the need for such clarification. We have considered this
request, and in the absence of any specific and persuasive arguments
supporting the need for such clarification, we have found no reason to
provide any clarification addressing this issue.
Another commenter requested that FinCEN amend the reliance
provision to enable covered financial institutions to employ the
services of non-financial institution third parties as beneficial
ownership pre-check service providers, to conduct beneficial ownership
due diligence. This commenter contended that amending the proposal in
this way might facilitate compliance by permitting third parties
specializing in beneficial ownership due diligence to fulfill the
requirements of this section at scale, expediting legal entities'
ability to open accounts. Thus, the commenter proposed adding clauses
to the reliance provision permitting such reliance on these third
parties if the reliance is reasonable; the third party is voluntarily
subject to a rule implementing 31 U.S.C. 5318(h) and certified by
Treasury or FinCEN; and the third party certifies to the financial
institution that it has implemented an AML program and that it will
perform the requirements of section 1010.230. FinCEN declines to make
these changes. Currently, FinCEN does not have an appropriate mechanism
to permit a third party to voluntarily subject itself to an AML program
requirement, nor to assess and certify that party's compliance. We thus
believe that it would make more sense to postpone any consideration of
this approach until after FinCEN and the covered financial institutions
have gained experience and understanding from implementing section
1010.230.
Section 1020.210 Anti-money laundering program requirements for
financial institutions regulated only by a Federal functional
regulator, including banks, savings associations, and credit unions. In
the NPRM, we proposed to amend FinCEN's existing AML program rules to
expressly incorporate both the minimum statutory elements of an AML
program prescribed by 31 U.S.C. 5318(h)(1), as well as the elements of
the minimum standard of CDD that are not otherwise already accounted
for in either the existing AML regulatory scheme (i.e., CIP) or in the
proposed beneficial ownership requirement.\79\ Paragraphs (b)(1)
through (4) correspond to the minimum statutory elements of section
5318(h)(1), while proposed paragraph (b)(5) set forth the remaining
elements of CDD by requiring appropriate risk-based procedures for
conducting ongoing customer due diligence including, but not limited
to, (i) understanding the nature and purpose of customer relationships
for the purpose of developing a customer risk profile, and (ii)
conducting ongoing monitoring to maintain and update customer
information and to identify and report suspicious transactions. We
described our understanding that these third and fourth elements of CDD
were necessary and critical steps required to comply with the existing
requirement under the BSA to identify and report suspicious
transactions. Thus, expressly incorporating the third and fourth
elements of CDD into the AML program rules would serve to harmonize
these elements with existing AML obligations. Because the proposal
sought only to clarify and explicitly state existing expectations and
requirements, we emphasized that the proposal was not intended to
lower, reduce, or limit the due diligence expectations of the Federal
functional regulators or limit their existing regulatory discretion,
nor to create any new obligations.
---------------------------------------------------------------------------
\79\ In the proposal, we described these elements, which we
believe to be fundamental to an effective AML program, as follows:
(i) Identifying and verifying the identity of customers; (ii)
identifying and verifying the identity of beneficial owners of legal
entity customers (i.e., the natural persons who own or control legal
entities); (iii) understanding the nature and purpose of customer
relationships; and (iv) conducting ongoing monitoring to maintain
and update customer information and to identify and report
suspicious transactions. See 79 FR at 45152.
---------------------------------------------------------------------------
With respect to the third element, understanding the nature and
purpose of customer relationships for the purpose of developing a
customer risk profile, we elaborated upon our understanding of the
manner in which current expectations satisfied this proposed
requirement. We observed that under the existing requirement for
financial institutions to report suspicious activity, they must file
SARs on a transaction that, among other things, has ``no business or
apparent lawful purpose or is not the sort in which the particular
customer would normally be expected to engage.'' \80\ Banks
specifically are expected to ``obtain information at account opening
sufficient to develop an understanding of normal and expected activity
for the customer's occupation or business operations.'' \81\ In short,
to understand the types of transactions in which a particular customer
would normally be expected to engage necessarily requires an
understanding of the nature and purpose of the customer relationship,
which informs the baseline against which aberrant, suspicious
transactions are identified. It was this fundamental
[[Page 29420]]
expectation that FinCEN sought to encapsulate in its articulation of
the third element. Moreover, as FinCEN stated in the proposal, in some
circumstances an understanding of the nature and purpose of a customer
relationship can also be developed by inherent or self-evident
information about the product or customer type, such as the type of
customer, the type of account opened, or the service or product
offered, or other basic information about the customer, and such
information may be sufficient to understand the nature and purpose of
the relationship. We further noted that, depending on the facts and
circumstances, other relevant facts could include basic information
about the customer, such as annual income, net worth, domicile, or
principal occupation or business, as well as, in the case of
longstanding customers, the customer's history of activity.
---------------------------------------------------------------------------
\80\ 31 CFR 1020.320(a)(2)(iii); see also 31 CFR
1023.320(a)(2)(iii), 1024.320(a)(2)(iii), and 1026.320(a)(2)(iii).
\81\ FFIEC Manual at 57.
---------------------------------------------------------------------------
Regarding the fourth element, conducting ongoing monitoring to
maintain and update customer information and to identify and report
suspicious transactions, we noted our understanding that, as with the
third element, current industry practice to comply with existing
expectations for SAR reporting should already satisfy this proposed
requirement. Banks are expected to have in place internal controls to
``provide sufficient controls and monitoring systems for timely
detection and reporting of suspicious activity.'' \82\ In short, the
proposal served to codify existing supervisory and regulatory
expectations for banks as explicit requirements within FinCEN's AML
program requirement in order to make clear that the minimum standards
of CDD, as articulated, include ongoing monitoring of all transactions
by, at, or through the financial institution. As proposed, the
obligation to update customer information as a result of monitoring
would generally only be triggered when the financial institution
becomes aware of information about the customer in the course of normal
monitoring relevant to assessing the risk posed by a customer; it was
not intended to impose a categorical requirement to update customer
information on a continuous or ongoing basis using the Certification
Form in Appendix A or by another means.
---------------------------------------------------------------------------
\82\ Id. at 29-30.
---------------------------------------------------------------------------
Commenters raised a number of points about FinCEN's proposal to
expressly incorporate the third and fourth elements of CDD as a ``fifth
pillar'' into the AML program rules. Some questioned whether FinCEN had
the statutory authority to adopt these amendments to the program rules.
A few commenters expressed general approval of this approach but sought
clarification of its application, while other commenters opposed the
codification of existing regulatory expectations, questioning the need
to do so in light of current regulatory expectations. Some commenters
raised concerns about FinCEN's articulation of the ongoing monitoring
requirement, contending that the element as proposed imposed an
obligation to continuously update customer information. We address
these comments and provide additional clarification for banks below.
A few commenters challenged FinCEN's statutory authority to amend
the AML program rules in this fashion. They argued principally that
FinCEN's actions exceeded the scope of its statutory authority because
it proposed to incorporate into the regulations implementing the AML
program, elements not found in the authorizing statute, 31 U.S.C.
5318(h). This argument is not supported by a plain reading of the
statutory text. Section 5318(h)(1) provides in relevant part that
``each financial institution shall establish anti-money laundering
programs, including, at a minimum--[the four statutory pillars]. . .
.'' (emphasis added). And section 5318(h)(2) further provides that
``[t]he Secretary of the Treasury, after consultation with the
appropriate Federal functional regulator . . . may prescribe minimum
standards for programs established under paragraph (1). . . .'' The
first clause by its terms does not limit an AML program exclusively to
the four enumerated statutory elements, and the statutory scheme
clearly vests the Secretary \83\ with discretion to adapt the AML
program to changing circumstances as warranted after consultation with
the Federal functional regulators. FinCEN's actions today fall squarely
within the scope of its statutory delegation of authority from the
Secretary and the plain language of Section 5318(h)(1).
---------------------------------------------------------------------------
\83\ As noted above, the Secretary has delegated to the Director
of FinCEN the authority to implement the BSA and associated
regulations.
---------------------------------------------------------------------------
One commenter asserted that the creation of this new ``fifth
pillar'' separate from the other elements of CDD that are already
incorporated into the ``internal controls'' pillar, could complicate
how existing internal controls are identified and managed, possibly
requiring the revision of existing systems and programs, including
training and audit functions, thereby needlessly consuming banks' AML
resources. As described at greater length above and below, FinCEN views
the fifth pillar as nothing more than an explicit codification of
existing expectations; as these expectations should already be taken
into account in a bank's internal controls, FinCEN would expect the
confusion caused by this codification, if any, to be minimal.
Furthermore, FinCEN believes that, in order to bring uniformity and
consistency across sectors, it is important that these due diligence
elements be made explicit, and that they be part of the AML program of
depository institutions (as well as of the other covered financial
institutions). We believe that harmonizing these requirements across
financial sectors will strengthen the system as a whole, by further
limiting opportunities for inconsistent application of unclear or
unexpressed expectations. The same commenter also asserted that
imposing this requirement unilaterally ``places FinCEN at odds with the
prudential regulators.'' However, FinCEN notes that the proposed CDD
rule as well as this final rule, were issued after consultation with
the staffs of the prudential regulators.
Most bank commenters did not raise objections to the concept of a
customer risk profile. The banks that commented on this issue noted
generally that they understood the concept as it applied to their
industry. One commenter subject to AML requirements for banks, broker-
dealers, mutual funds, and insurance companies raised concerns that the
concept of a customer risk profile implicated personal privacy
interests and that information about personal attributes of customers
could be used for inappropriate profiling. We reiterate here that for
banks, the term ``customer risk profile'' is used to refer to the
information gathered about a customer to develop the baseline against
which customer activity is assessed for suspicious transaction
reporting. As such, we would not expect there to be any significant
changes to current practice that is consistent with existing
expectations and requirements, and certainly not in the form of
inappropriate profiling.
A few commenters raised objections to the ongoing monitoring
element in the proposal, contending that, as articulated, it was
inconsistent with current requirements or expectations regarding the
monitoring of customers and transactions and appeared to impose a new
requirement to monitor, maintain, and update customer information on a
continuous basis. Commenters also requested that FinCEN clarify the
relationship between ongoing monitoring and updating beneficial
[[Page 29421]]
ownership information, asserting that the expectation articulated in
the proposal that financial institutions should update beneficial
ownership information in connection with ongoing monitoring was
unclear. As we noted in the proposal and above, the purpose of
articulating the requirement regarding updating customer information
was to codify existing practice relating to ongoing monitoring, and not
to impose a new categorical requirement to continuously update customer
information. However, we agree with the commenters that this element as
presented in the proposal could be construed in this fashion. Thus, the
final rule amends the ongoing monitoring prong to state that ongoing
monitoring is conducted to identify and report suspicious transactions
and, on a risk basis, to maintain and update customer information. For
these purposes, customer information shall include information
regarding the beneficial owners of legal entity customers (as defined
in Sec. 1010.230).
We believe that this change to the ongoing monitoring clause better
encapsulates current practice in the AML/CFT area, and therefore, the
nature of the obligation--that is, financial institutions are presently
expected to conduct a monitoring-triggered update of customer
information when they detect information during the course of their
normal monitoring relevant to assessing or reevaluating the risk of a
customer relationship. Such information could include, e.g., a
significant and unexplained change in customer activity. It could also
include information indicating a possible change in beneficial
ownership, when such change might be relevant to assessing the risk
posed by the customer. In any such event, it is appropriate to update
the customer information accordingly. As we noted in the proposal,
including the ongoing monitoring element in the AML program rules
serves to reflect existing practices to satisfy SAR reporting
obligations. Although the beneficial ownership information collection
requirement was not in place at the time of the proposal, this
information may be relevant in assessing the risk posed by the customer
and in assessing whether a transaction is suspicious. Moreover, FinCEN
believes it is also consistent that this updating requirement should
apply not only to customers with new accounts, but also to customers
with accounts existing on the Applicability Date. That is, should the
financial institution learn as a result of its normal monitoring that
the beneficial owner of a legal entity customer may have changed, it
should identify the beneficial owner of such customer. For example, we
can envision a situation where an unexpected transfer of all of the
funds in a legal entity's account to a previously unknown individual
would trigger an investigation in which the bank learns that the funds
transfer was directly related to a change in the beneficial ownership
of the legal entity.\84\ FinCEN emphasizes that the obligation to
update customer information pursuant to this provision, including
beneficial ownership information, is triggered only when, in the course
of its normal monitoring, the financial institution detects information
relevant to assessing the risk posed by the customer; it is not
intended to impose a categorical requirement to update customer or
beneficial ownership information on a continuous or ongoing basis.
---------------------------------------------------------------------------
\84\ The same changes are being made to the ongoing monitoring
provisions of the AML program rules for the other covered financial
institutions.
---------------------------------------------------------------------------
One commenter asserted that it would be difficult to conceive of a
scenario where the ongoing monitoring of transactions would provide
information to a financial institution indicating a potential change in
beneficial ownership. Accordingly, the commenter suggested that we link
the expectation to update beneficial ownership information only to
monitoring of the customer relationship. We generally agree with the
notion that it is unlikely that transaction monitoring will uncover
information suggestive of a change of beneficial ownership, because
such monitoring generally does not tend to provide insight into the
transfer of ownership or operational control. Nevertheless, we do not
believe that a categorical exclusion of beneficial ownership
information from this element would be appropriate. First, FinCEN
believes that the revision of the ongoing monitoring element for the
final rule as described above largely addresses this concern--as we
have noted repeatedly, our requirement is consistent with current
practice, and we expect monitoring-triggered updating of beneficial
ownership information (as with other customer information) only to
occur on a risk basis when material information about a change in
beneficial ownership is uncovered during the course of a bank's normal
monitoring (whether of the customer relationship or of transactions).
As noted in the preceding paragraph, there may be unusual cases where
transaction monitoring might lead to information about a possible
change in beneficial ownership, and we are therefore unwilling to
categorically foreclose this avenue of inquiry. However, there is no
expectation that a financial institution obtain updated beneficial
ownership information from its customers on a regular basis, whether by
using the Certification Form in Appendix A or by any other means.
This commenter also expressed concern about subjecting all account
relationships to the requirement to monitor to identify and report
suspicious transactions, contending that this implied a uniform
requirement for monitoring transactions that was inconsistent with the
risk-based approach. Therefore, the commenter requested that FinCEN
expressly articulate that ongoing monitoring be conducted pursuant to
the risk-based approach. We clarify first that our expectation that all
accounts be subject to ongoing monitoring does not mean that we expect
all accounts to be subject to a uniform level of scrutiny. Rather, we
fully expect financial institutions to apply the risk-based approach in
determining the level of monitoring to which each account will be
subjected. Thus, consistent with current practice, we would expect the
level of monitoring to vary across accounts based on the financial
institution's assessment of the risk associated with the customer and
the account. We also noted that all account relationships would be
subject to this requirement merely to reflect the fact that all
accounts must necessarily be monitored in some form in order to comply
with existing SAR requirements, and not only those subject to the CIP
rule.
Section 1023.210 Anti-money laundering program requirements for
brokers or dealers in securities. The structural changes to this
section, as well as the rationale for these amendments, are identical
to those articulated for banks above.\85\
---------------------------------------------------------------------------
\85\ As we noted in the proposal, FinCEN's current AML program
rule for broker-dealers differs from the current program rule issued
by FINRA, principally because FINRA has included as a pillar within
its AML program rule a requirement with respect to suspicious
activity reporting. This integrated treatment of the SAR requirement
also differs from the practice of the other financial sectors
covered by this rulemaking. We reiterate that FinCEN is not
proposing to incorporate, as FINRA has done, a SAR reporting
requirement as a separate pillar within the AML program rules, as
the existing stand-alone SAR obligation within FinCEN's regulations
is sufficient. However, the decision to not include a SAR
requirement within the program rules is not meant to affect its
treatment in any way within the FINRA rule.
---------------------------------------------------------------------------
As in the case of banks described above, FinCEN emphasizes that the
incorporation of these elements is
[[Page 29422]]
intended to explicitly articulate current practices consistent with
existing regulatory and supervisory expectations. Thus, understanding
the nature and purpose of customer relationships encapsulates practices
already generally undertaken by securities firms to know and understand
their customers. In the proposal, we observed that under the existing
requirement for financial institutions to report suspicious activity,
they must file SARs on a transaction that, among other things, has no
business or apparent lawful purpose or is not the sort in which the
particular customer would normally be expected to engage.\86\ To
understand the types of transactions in which a particular customer
would normally be expected to engage necessarily requires an
understanding of the nature and purpose of the customer relationship,
which informs the baseline against which aberrant, suspicious
transactions are identified. As described at greater length below,
however, we understand that this type of assessment may not necessarily
be contemporaneous.
---------------------------------------------------------------------------
\86\ 31 CFR 1020.320(a)(2)(iii); see also 31 CFR
1023.320(a)(2)(iii), 1024.320(a)(2)(iii), and 1026.320(a)(2)(iii).
---------------------------------------------------------------------------
For example, as a part of their due diligence at account opening,
broker-dealers are expected to, inter alia, ``inquire about the source
of the customer's assets and income so that the firm can determine if
the inflow and outflow of money and securities is consistent with the
customer's financial status,'' as well as ``gain an understanding of
what the customer's likely trading patterns will be, so that any
deviations from the patterns can be detected later on, if they occur.''
\87\ And as FinCEN stated in the proposal, in some circumstances an
understanding of the nature and purpose of a customer relationship can
also be developed by inherent or self-evident information about the
product or customer type, or basic information about the customer, and
such information may be sufficient to understand the nature and purpose
of the relationship. We further noted that, depending on the facts and
circumstances, other relevant facts could include basic information
about the customer, such as annual income, net worth, domicile, or
principal occupation or business, as well as, in the case of
longstanding customers, the customer's history of activity. For
example, FinCEN understands that some securities firms sometimes use
suitability information gathered pursuant to FINRA Rule 2111 in
determining whether a given transaction is one which would be expected
from a particular customer. It is these types of current practices that
FinCEN sought to encapsulate in its articulation of the third element.
---------------------------------------------------------------------------
\87\ Nat'l Ass'n of Securities Dealers, Special NASD Notice to
Members 02-21 7 (Apr. 2002).
---------------------------------------------------------------------------
Regarding the fourth element as proposed in the NPRM, conducting
ongoing monitoring to maintain and update customer information and to
identify and report suspicious transactions, we noted our understanding
and expectation that, as with the third element, current industry
practice for SAR reporting should already satisfy this proposed
requirement. In short, the proposal was intended to codify existing
supervisory and regulatory expectations as explicit requirements within
FinCEN's AML program requirement, in order to make clear that the
minimum standards of CDD, as articulated, include ongoing monitoring of
all transactions by, at, or through the financial institution.
Securities industry commenters raised a number of concerns about
the proposed fifth pillar as it would apply to their industry. A few
commenters sought clarification of the concept of a customer risk
profile, as well as of how the nature and purpose of customer
relationships were to be understood for customers of broker-dealers.
Commenters also requested that FinCEN clarify the extent of the ongoing
monitoring requirement for the securities industry.
Commenters asked that FinCEN clarify or define what constitutes a
customer risk profile, noting that the term is not commonly used in the
securities industry. One commenter noted that while some securities
firms assign risk scores to customers, the practice is not mandated by
regulation and not widely adopted in the industry; thus, this commenter
opposed imposing such a categorical requirement. As it does for banks,
the term ``customer risk profile'' is used to refer to the information
gathered about a customer to develop the baseline against which
customer activity is assessed for suspicious transaction reporting.
Depending on the firm and the nature of its business, it may
appropriately take the form of individualized risk scoring, placement
of customers into risk categories, or some other method of assessing
customer risk. We note that neither the Federal securities laws nor
FINRA rules explicitly require firms to create a formal risk ``score''
for all customers. However there is a basic expectation that members of
the industry understand the risks posed by their customers and be able
to demonstrate this understanding. As with banks, we do not expect the
customer risk profile to necessarily be integrated into existing
monitoring systems to serve as the baseline for identifying and
assessing suspicious transactions on a contemporaneous basis. Rather,
we expect broker-dealers to utilize the customer risk profile as
necessary or appropriate during the course of complying with their SAR
requirements--as we understand is consistent with the general current
practice--in order to determine whether a particular transaction is
suspicious.
On a related note, commenters also requested that FinCEN clarify
the manner in which understanding the nature and purpose of customer
relationships would apply to broker-dealers, particularly with respect
to how such information would relate to existing transaction monitoring
practices. They claimed that most existing monitoring systems in the
securities industry identify typologies of suspicious activity, such as
market manipulation or money movements, in a manner that does not
depend on a concurrent understanding of the customer to trigger an
alert. Accordingly, commenters stated that because such customer
information is not always necessary for the initial recognition of
suspicious activity, it is generally not integrated into these
monitoring systems. Thus, one commenter asked FinCEN to clarify that
nature and purpose information would not be required for use in
transaction monitoring.
We note that understanding the nature and purpose of customer
relationships does not necessarily require broker-dealers to integrate
customer information into transaction monitoring systems in all
instances. Rather, as it relates to broker-dealers' SAR requirements,
we expect this information to be used at least in some cases in
determining whether a particular flagged transaction is suspicious. As
a part of broker-dealers' SAR reporting obligations, they must
necessarily have an understanding of the nature and purpose of a
customer relationship in order to determine whether a transaction is
not the sort in which the particular customer would normally be
expected to engage.\88\ FinCEN understands that many broker-dealers use
this information during the course of an investigation into suspicious
activity triggered by transaction monitoring, i.e., after and not
necessarily concurrent with transaction monitoring; accordingly, based
on our understanding of these
[[Page 29423]]
practices, we generally do not expect that such firms would need to
change these practices in order to be in compliance with this
requirement.
---------------------------------------------------------------------------
\88\ 31 CFR 1023.320(a)(2).
---------------------------------------------------------------------------
One commenter questioned the need to incorporate the nature and
purpose element into the AML program rules for broker-dealers if it is
an inherent part of suspicious activity reporting. This commenter noted
its concern that express incorporation of this element into the AML
program rules might require changes to broker-dealers' account opening
procedures in order to demonstrate compliance with this provision, and
requested that FinCEN clarify its reasons for amending the AML program
rules in this way. As we noted above, FinCEN believes that, in order to
bring uniformity and consistency across sectors, it is important that
these due diligence elements be made explicit, and that they be part of
the AML program of broker-dealers in securities (as well as of the
other covered financial institutions). We believe that harmonizing
these requirements across financial sectors will strengthen the system
as a whole, by further limiting opportunities for inconsistent
application of unclear or unexpressed expectations. FinCEN further
expects that broker-dealers would generally not need to alter their
account opening procedures to satisfy this requirement to the extent
that broker-dealers are compliant with existing supervisory or
regulatory expectations as discussed herein.
Commenters also requested that FinCEN clarify the nature of the
ongoing monitoring requirement. One commenter urged FinCEN to remove
the clause pertaining to maintaining and updating customer information
because securities firms do not currently have an obligation to conduct
ongoing monitoring to update customer information. Another urged FinCEN
to limit the obligation to update customer information to ``negative-
event'' triggers discovered during the course of monitoring. We believe
that the clarifying changes made to the ongoing monitoring clause for
the final AML program rules for all covered financial institutions and
described above in the discussion of banks addresses these concerns.
The final rule states that ongoing monitoring is conducted to identify
and report suspicious transactions and, on a risk basis, to maintain
and update customer information. For these purposes, customer
information shall include information regarding the beneficial owners
of legal entity customers (as defined in Sec. 1010.230).
As discussed above for banks, broker-dealers are presently expected
to conduct a monitoring-triggered update of customer information when
they learn of material information relevant to assessing the risk of a
customer relationship during the course of their normal monitoring.
Under this rule, financial institutions shall include beneficial
ownership information in the customer information to be updated, in
cases where a change in such information could affect the risk
presented by the customer, since such information could be relevant to
assessing customer risk. As we noted in the proposal, including the
ongoing monitoring element in the AML program rules served to reflect
existing practices to satisfy SAR reporting obligations. Although the
beneficial ownership information collection requirement was not in
place at the time of the proposal, this information may be relevant in
assessing the risk posed by the customer and in assessing whether a
transaction is suspicious. Moreover, FinCEN believes it is also
consistent that this requirement should apply not only to customers
with new accounts, but also to customers with accounts existing on the
Applicability Date. That is, should the financial institution detect as
a result of its normal monitoring that the beneficial owner of a legal
entity customer may have changed, it should identify the beneficial
owner of such customer, whether or not it has already done so. For
example, we can envision a situation where an unexpected transfer of
all of the funds in a legal entity's account to a previously unknown
individual would trigger an investigation in which the financial
institution learns that the funds transfer was directly related to a
change in the beneficial ownership of the legal entity.\89\ FinCEN
emphasizes that the obligation to update customer information pursuant
to this provision, including beneficial ownership information, is
triggered only when, in the course of its normal monitoring, the
financial institution detects information relevant to assessing the
risk posed by the customer; it is not intended to impose a categorical
requirement to update customer or beneficial ownership information on a
continuous or ongoing basis.
---------------------------------------------------------------------------
\89\ The same changes are being made to the ongoing monitoring
provisions of the AML program rules for the other covered financial
institutions.
---------------------------------------------------------------------------
Section 1024.210 Anti-money laundering program requirements for
mutual funds. The structural changes to this section, as well as the
rationale for these amendments, are identical to those articulated for
banks and broker-dealers above. However, as an initial matter, FinCEN
notes that, unlike the situation for other covered financial
institutions, a relatively small proportion of a mutual fund's
underlying customers purchase their shares directly from the fund.
Rather, the great majority of mutual fund investors purchase shares
through an intermediary, such as a securities broker-dealer, and
therefore the mutual fund has no direct relationship with them. In
addition, of all the legal entity customers of a mutual fund, a
significant number are typically financial intermediaries (e.g.,
securities broker-dealers), most of which are regulated. Such
intermediaries are nonetheless subject to a mutual fund's AML program,
which requires the application of risk-based due diligence. Of those
legal entity customers that are not financial intermediaries, a
substantial number are in many cases corporations that are
administering benefit plans for their employees (or administrators
doing this on behalf of such employers); these relationships are also
subject to risk-based due diligence. Thus, FinCEN understands that any
legal entities that are direct customers of a fund, and not any type of
intermediary, would comprise a relatively small portion of its direct
customers, and FinCEN expects that such non-intermediary legal entity
customers would be subject to a different risk assessment than
intermediary customers for due diligence purposes. The following
discussion of mutual fund customer relationships must be read in this
context.
As in the case of banks and broker-dealers as described above,
FinCEN emphasizes that the incorporation of these elements serves only
to articulate current practice consistent with existing regulatory and
supervisory expectations. Thus, understanding the nature and purpose of
customer relationships encapsulates practices already generally
undertaken by mutual funds to know and understand their customers. In
the proposal, we observed that under the existing requirement for
financial institutions to report suspicious activity, they must file
SARs on a transaction that, among other things, has no business or
apparent lawful purpose or is not the sort in which the particular
customer would normally be expected to engage.\90\ To understand the
types of transactions in which a particular customer would normally be
expected
[[Page 29424]]
to engage necessarily requires an understanding of the nature and
purpose of the customer relationship, which informs the baseline
against which aberrant, suspicious transactions are measured. As FinCEN
stated in the proposal, depending on the facts and circumstances, other
relevant facts could include basic information about the customer, such
as annual income, net worth, domicile, or principal occupation or
business, as well as, in the case of longstanding customers, the
customer's history of activity. Furthermore, in some circumstances an
understanding of the nature and purpose of a customer relationship can
also be developed by inherent or self-evident information about the
product or customer type, or basic information about the customer, and
such information may be sufficient to understand the nature and purpose
of the relationship.
---------------------------------------------------------------------------
\90\ 31 CFR 1024.320(a)(2)(iii).
---------------------------------------------------------------------------
This final point is particularly relevant for the mutual fund
industry. As commenters from the industry noted, mutual funds are best
understood as a form of financial product rather than as an institution
providing financial services or investment advice. We understand that
much of a mutual fund's understanding of the nature and purpose of a
customer relationship arises predominantly from the customer's initial
decision to invest in a mutual fund, as reflected largely by the
customer's choice of product. As with banks and broker-dealers, such
customer information is not necessarily used as a contemporaneous point
of comparison in monitoring systems. However, as with banks and broker-
dealers, we also understand that many mutual funds use this information
during the course of an investigation into suspicious activity
triggered by transaction monitoring, i.e., after and not concurrent
with transaction monitoring; we would not generally expect such firms
to change their practices in order to comply with this requirement. It
was this fundamental established practice that FinCEN sought to
encapsulate in its articulation of the third element. Accordingly, we
expect this element to be construed fully consistently with the SAR
rule and associated guidance for mutual funds.\91\ As with banks and
broker-dealers, the term ``customer risk profile'' means information
gathered about a customer to develop the baseline against which
customer activity is assessed for suspicious transaction reporting. We
also do not expect the customer risk profile to necessarily be
integrated into existing monitoring systems to serve as the baseline
for understanding suspicious transactions on a contemporaneous basis
(as described with regard to banks and broker-dealers). Rather, we
expect mutual funds to utilize the customer risk profile as necessary
or appropriate during the course of complying with their SAR
requirements--as we understand is consistent with the general current
practice--in order to determine whether a particular transaction is
suspicious.
---------------------------------------------------------------------------
\91\ See 74 FR 26213, 26216 n.29 (May 4, 2006); Frequently Asked
Questions, Suspicious Activity Report Requirements for Mutual Funds,
FIN-2006-G013 (Oct. 4, 2006).
---------------------------------------------------------------------------
Regarding the fourth element as proposed in the NPRM, conducting
ongoing monitoring to maintain and update customer information and to
identify and report suspicious transactions, we noted our understanding
that, as with the third element, current industry expectations for SAR
reporting should already satisfy this proposed requirement. In short,
we intended the proposal to codify existing supervisory and regulatory
expectations as explicit requirements within FinCEN's AML program
requirement in order to make clear that the minimum standards of CDD,
as articulated, include ongoing monitoring of all transactions by, at,
or through the financial institution. As proposed, the obligation to
update customer information in the course of monitoring would generally
only be triggered when the financial institution became aware of
information as part of its normal monitoring relevant to assessing the
risk posed by a customer; it was not intended to impose a categorical
requirement to update customer information on a continuous or ongoing
basis. Because of the structural ambiguities in the proposal as
articulated above, we have also amended the ongoing monitoring prong
for the final rule for mutual funds. The final rule states that ongoing
monitoring is conducted to identify and report suspicious transactions
and, on a risk basis, to maintain and update customer information. For
these purposes, customer information shall include information
regarding the beneficial owners of legal entity customers (as defined
in Sec. 1010.230).
As described above in the sections addressing banks and broker-
dealers, we believe that this change to the ongoing monitoring
provision is more consistent with current practice, and therefore, with
the nature of the obligation--that is, when mutual funds detect
information relevant to assessing the risk of a customer relationship
during the course of their normal monitoring, they would then be
expected to update customer information. Consistent with the new
requirement to collect beneficial ownership information in this
rulemaking, such customer information would include beneficial
ownership information, and would apply to new customers as well as
those existing on the Applicability Date.
Section 1026.210 Anti-money laundering program requirements for
futures commission merchants and introducing brokers in commodities.
The structural changes to this section, as well as the rationale for
these amendments, are identical to those articulated for other covered
financial institutions described above.
As in the case of the other covered financial institutions, FinCEN
reiterates that the incorporation of these elements is intended to
explicitly articulate current practices consistent with existing
regulatory and supervisory expectations. Thus, understanding the nature
and purpose of customer relationships encapsulates practices already
generally undertaken by futures firms to know and understand their
customers. In the proposal, we observed that under the existing
requirement for financial institutions to report suspicious activity,
they must file SARs on a transaction that, among other things, has no
business or apparent lawful purpose or is not the sort in which the
particular customer would normally be expected to engage.\92\ To
understand the types of transactions in which a particular customer
would normally be expected to engage necessarily requires the futures
commission merchant or introducing broker to have an understanding of
the nature and purpose of the customer relationship, which informs the
baseline against which aberrant, suspicious transactions are
identified. As described at greater length below, we understand that
for the futures industry, this may not necessarily be a contemporaneous
assessment.
---------------------------------------------------------------------------
\92\ 31 CFR 1020.320(a)(2)(iii); see also 1023.320(a)(2)(iii),
1024.320(a)(2)(iii), and 1026.320(a)(2)(iii).
---------------------------------------------------------------------------
For example, under the National Futures Association's (NFA) AML
Interpretive Notice, futures commission merchants and introducing
brokers are expected to understand the nature and purpose of their
customer relationships to inform their suspicious activity reporting:
``Recognizing suspicious transactions requires familiarity with the
firm's customers, including the customer's business practices, trading
activity and patterns. What constitutes a suspicious transaction will
vary
[[Page 29425]]
depending on factors such as the identity of the customer and the
nature of the particular transaction.'' \93\ And as FinCEN stated in
the proposal, in some circumstances an understanding of the nature and
purpose of a customer relationship can also be developed by inherent or
self-evident information about the product or customer type, or basic
information about the customer, and such information may be sufficient
to understand the nature and purpose of the relationship. It also may
vary depending on the type of entity opening the account. For example,
a clearing futures commission merchant at account opening would be
focused on the creditworthiness of the customer, and not necessarily
trading patterns, as the trades would be executed through an executing
futures commission merchant. The nature and purpose of the relationship
for the clearing futures commission merchant would be a clearing
account for futures and options transactions. We further noted and
understand that, depending on the facts and circumstances, relevant
information regarding the customer obtained under NFA Compliance Rule
2-30 and CFTC Rule 1.37(a)(1) could include basic information about the
customer such as annual income, net worth, domicile, or principal
occupation or business, as well as, in the case of longstanding
customers, the customer's history of activity. Such information could
be useful to understand the nature and purpose of the customer
relationship, and to determine whether a given transaction is one which
would be expected from a particular customer. It is these types of
current practices that FinCEN sought to encapsulate in its articulation
of the third element.
---------------------------------------------------------------------------
\93\ National Futures Association Compliance Rule 2-9: FCM and
IB Anti-Money Laundering Program Interpretive Notice.
---------------------------------------------------------------------------
Regarding the fourth element as proposed in the NPRM, conducting
ongoing monitoring to maintain and update customer information and to
identify and report suspicious transactions, we noted our understanding
and expectation that, as with the third element, current industry
practice for SAR reporting should already satisfy this proposed
requirement. In short, the proposal served to codify existing
supervisory and regulatory expectations as explicit requirements within
FinCEN's AML program requirement in order to make clear that the
minimum standards of CDD, as articulated, include ongoing monitoring of
all transactions by, at, or through the financial institution. As
proposed, the obligation to update customer information in the course
of monitoring would generally only be triggered when the financial
institution became aware of information as a result of its normal
monitoring relevant to assessing the risk posed by a customer; it was
not intended to impose a categorical requirement to update customer
information on a continuous or ongoing basis. Because of the structural
ambiguities in the proposal as articulated above, we have also amended
the ongoing monitoring prong for the final rule for futures commission
merchants and introducing brokers. The final rules states that ongoing
monitoring is conducted to identify and report suspicious transactions
and, on a risk basis, to maintain and update customer information. For
these purposes, customer information shall include information
regarding the beneficial owners of legal entity customers (as defined
in Sec. 1010.230).
As described in the sections above pertaining to banks, securities
broker-dealers, and mutual funds, we believe that this change better
articulates current practice and, therefore, the nature of the
obligation--that is, when futures firms detect information relevant to
assessing the risk of a customer relationship during the course of
their normal monitoring, they then would be expected to update customer
information.
A commenter representing the futures industry raised a number of
concerns about the third and fourth elements of CDD as put forth in the
proposal.
The commenter challenged FinCEN's authority to amend the AML
program rules in this fashion, contending principally that it was
outside FinCEN's authority to incorporate non-BSA regulatory schemes--
specifically, suitability and know-your-customer rules that we cited in
the proposal when describing current practices at futures firms for
understanding customers--into BSA regulations. First, FinCEN reaffirms,
as described above, its general statutory authority to amend the AML
program rules by adding elements beyond those specifically listed in
the statute. We also reject the notion that amending the AML program
rules in this way is an incorporation-by-reference of other regulatory
schemes outside of the scope of FinCEN's statutory authority. Our
citation to CFTC and NFA rules in the proposal served only to reflect
that ``this information could be relevant for understanding the nature
and purpose of customer relationships,'' \94\ and would also be
relevant for compliance with NFA Compliance Rule 2-9. Recognition of
the relevance of this information is not tantamount to mandating the
inclusion of these other regulatory schemes into BSA regulations. As we
noted above, we understand that as a matter of practice some futures
firms use this information to understand the nature and purpose of the
customer relationship, but the fifth element does not require that such
information be integrated into futures firms' AML monitoring programs
on a contemporaneous basis, as a matter of regulatory compliance or
expectation.
---------------------------------------------------------------------------
\94\ 79 FR at 45163 n.51.
---------------------------------------------------------------------------
This commenter also requested that FinCEN clarify what constitutes
a customer risk profile, noting that the term is not commonly used in
the AML context in the futures industry. The commenter urged FinCEN to
remove this term from the final rule or provide additional
opportunities for comment because of this lack of understanding. As it
does for banks, broker-dealers, and mutual funds, the term ``customer
risk profile'' refers to the information gathered about a customer to
develop the baseline against which customer activity is assessed for
suspicious transaction reporting. We note that neither the Federal
futures laws nor the National Futures Association's rules explicitly
require firms to create a ``customer risk profile'' or a formal risk
``score'' for all customers. However, there is a basic expectation that
members of the industry understand the risks posed by their customers
and be able to demonstrate this understanding. As with banks, broker-
dealers, and mutual funds, we do not expect a customer risk profile to
necessarily be integrated into existing monitoring systems to serve as
the baseline for understanding suspicious transactions on a
contemporaneous basis. Rather, we expect futures commission merchants
and introducing brokers to utilize the customer risk profile
information as necessary or appropriate during the course of complying
with their SAR requirements--as we understand is consistent with
current practice--in order to determine whether a particular
transaction is suspicious. Because of this, we do not believe it is
necessary to eliminate the term nor provide additional opportunity for
comment.
In addition, the commenter also requested that FinCEN clarify the
nature of the ongoing monitoring requirement, contending that it would
be burdensome if FinCEN intended by this element to require continuous
monitoring for the purpose of updating customer information. We believe
that the clarifying changes made to the ongoing
[[Page 29426]]
monitoring clause for the final rule, discussed above, address this
concern.
Finally, the commenter requested that FinCEN clarify the
significance of the distinction between the terms ``account'' and
``customer'' with respect to the statement in the proposal that the
fifth pillar not be limited only to customers for purpose of the CIP
rules, but rather, extend to all accounts established by the
institution. This commenter urged FinCEN to clarify this point
particularly with respect to guidance for the futures industry, stating
that CIP obligations do not apply to executing brokers in give-up
arrangements and omnibus relationships, concerned that the fifth pillar
might otherwise supersede the guidance. We noted that all account
relationships, and not only those which are ``accounts'' within the CIP
rule definition, would be subject to this requirement merely to reflect
that all accounts must necessarily be monitored in some form in order
to comply with existing SAR requirements.\95\
---------------------------------------------------------------------------
\95\ ``Although a futures commission merchant's customer
identification program will not apply when it is operating solely as
an executing broker in a give-up arrangement, the futures commission
merchant's anti-money laundering program should contain risk-based
policies, procedures, and controls for assessing the money
laundering risk posed by its operations, including its execution
brokerage activities; for monitoring and mitigating that risk; and
for detecting and reporting suspicious activity.'' FIN-2007-G001.
---------------------------------------------------------------------------
IV. Regulatory Analysis
A. Executive Orders 13563 and 12866
It has been determined that this regulation is an economically
significant regulatory action as defined in section 3(f)(1) of
Executive Order (E.O.) 12866, as amended. Accordingly, this final rule
has been reviewed by the Office of Management and Budget (OMB). As a
result of being an economically significant regulatory action, FinCEN
prepared and made public a preliminary RIA, along with an Initial
Regulatory Flexibility Analysis (IRFA) pursuant to the Regulatory
Flexibility Act, discussed below, on December 24, 2015. We received 38
comments about the RIA and/or the IRFA, which we address below. We have
incorporated additional data points, additional sources of costs, and
other points raised by commenters, directly into the final RIA itself,
which we publish below in its entirety, following our narrative
response to the remaining comments not addressed by these changes to
the RIA.
1. Discussion of Comments to the RIA
General Comments
A few commenters sought an extension of the comment period for the
RIA, contending principally that 30 days was an inadequate amount of
time to gather additional data to respond to the RIA's analyses,
especially in light of its publication during the winter holidays.
FinCEN denied the requests, noting that we believed the time period to
be sufficient, ``particularly in light of the extensive comment period
provided over the course of the CDD rulemaking, which included
industry's views on the perceived costs and burdens regarding . . .
CDD.'' In the preamble to the final rule, we described the extensive,
years-long outreach conducted during the course of this rulemaking,
during which time several commenters provided input regarding costs
that they expected to incur implementing the rule. Of these commenters,
only a small portion quantified these expected effects in a meaningful
way. As described at greater length below in the section addressing
cost-related comments, FinCEN and Treasury's Office of Economic Policy
(OEP) conducted substantial follow-up with parties that provided such
figures, and determined that it was impracticable to obtain the data
necessary to fully quantify the costs associated with implementing the
CDD rule. This challenge, combined with the difficulty of quantifying
many of the CDD rule's expected benefits, led us to rely predominantly
upon the breakeven analysis \96\ to assess the relative benefits and
costs of the CDD rule. The cost used in the breakeven analysis includes
an order-of-magnitude assessment of information technology (IT) upgrade
costs, identified by financial institutions during the comment period
and our subsequent outreach as the most substantial driver of
implementation costs. Because the RIA is meant to measure the expected
costs and benefits of the rule in aggregate, and given the data quality
and quantity concerns, we conducted an order-of-magnitude assessment.
The conclusion of the order-of-magnitude assessment probably would not
be materially changed by gathering additional data unless the current
data points are outliers. The conclusions of the primary cost
estimation would not be changed and thereby would not materially affect
the RIA's ultimate conclusion. We did not receive any substantive
comment on the IT cost during the comment period. The comments and any
associated data points that we received, whether pertaining to
categories of implementation costs that were already included in the
RIA or costs that we had overlooked and have since added (note that we
incorporated all relevant quantifiable data received from the
commenters into the updated RIA, which upwardly adjusted its cost
calculations), have not significantly impacted our results.
---------------------------------------------------------------------------
\96\ As described at greater length in the RIA, a breakeven
analysis asks how large the present value of benefits has to be so
that it is just equal to the present value of costs.
---------------------------------------------------------------------------
Some commenters took issue with the ``academic'' nature of the
analysis set forth in the RIA, asserting that it was based on unfounded
assumptions about the impact of the rule upon the behavior of illicit
actors and therefore on aggregate levels of crime. For example, a few
commenters challenged the notion that the beneficial ownership
requirement would result in criminal actors actually providing
information to financial institutions that would be valuable to law
enforcement agencies; these commenters noted that such actors could
simply provide false information, or hire straw men for the sole
purpose of opening accounts. We address the specific comments regarding
the various assumptions underlying our analysis below.
As for the general comment that the approach we took in the RIA was
too academic, we note first that OMB guidance recommends that an RIA
should be ``based on the best reasonably obtainable . . . economic
information available. To achieve this, [agencies] should generally
rely on peer-reviewed literature, where available.'' \97\
Unfortunately, there is not a body of direct empirical evidence
regarding criminals' behavior in response to AML/CFT laws and
regulations. In the absence of such analysis, and relatedly, the
absence of any data on which to perform our own analysis, FinCEN
asserts that it is both reasonable and appropriate to look to the
academic literature on the economics of crime for a framework for
formally thinking about how the CDD rule would potentially affect
criminal outcomes. In this less-than-ideal situation where empirical
estimates of the rule's effects on crime are lacking, the canonical
economic model of crime at least provides useful insights into the
mechanisms by which the rule could affect crime, which can in turn be
assessed on the grounds of their plausibility. Like any economic model,
this one assumes that its actors behave rationally, a premise that some
commenters found objectionable and used to justify their protests of
our use of any economic model of crime.\98\ On
[[Page 29427]]
this point--that criminals are not economic actors and thus do not
respond to incentives--we strongly disagree based on empirical evidence
appearing in peer-reviewed academic journals.\99\
---------------------------------------------------------------------------
\97\ OMB Circular A-4, available at https://www.whitehouse.gov/omb/circulars_a004_a-4.
\98\ More formally, an individual's preferences are rational if
(1) she has a well-defined preference between any two possible
alternatives and (2) her preferences exhibit transitivity--for
alternatives x, y, and z, if x is preferred to y and y is preferred
to z, then x is preferred to z. See page 6 of Mas-Colell, Andreu,
Michael D. Whinston, and Jerry R. Green. Microeconomic Theory. New
York: Oxford University Press, 1995.
\99\ The canonical model of the economics of crime predicts that
the CDD rule would reduce illicit activity by causing criminal
actors to perceive a higher risk to setting up financial accounts in
support of their illegal activities. Analogously, increased police
presence deters criminal activity by increasing its perceived risk.
A recent survey of empirical research on how different policing
strategies deter crime states: ``. . . there is robust evidence that
crime responds to increases in police manpower and to many varieties
of police redeployments.'' See Chalfin, Aaron and Justin McCrary,
``Criminal Deterrence: A Review of the Literature,'' forthcoming,
Journal of Economic Literature (2016). Importantly, the authors also
discuss their assessment that police tactics characterized by high
visibility likely reduce crime more through deterrence than through
incapacitation. Therefore, we feel confident in assuming that
potential criminal actors are rational in thinking through how they
would respond to the imposition of the CDD rule.
---------------------------------------------------------------------------
Some commenters asserted that FinCEN and OEP took an inconsistent
approach towards assessing the expected costs and benefits in the RIA.
These commenters contended that we included certain unquantified
benefits but excluded certain unquantified costs, rendering the
analysis arbitrary. This RIA quantifies some of the cost categories and
qualitatively describes the other cost categories and benefits
consistent with OMB guidance. OMB Circular A-4 directs agencies to
quantify both costs and benefits to the extent possible. Where we were
``not able to quantify the effects,'' we ``present[ed] any relevant
quantitative information along with a description of the unquantified
effects.'' \100\ Contrary to these commenters' assertions, we did not
selectively rely upon unquantified benefits while ignoring unquantified
costs. In the case of costs that were not initially accounted for in
the RIA, but later identified by commenters, we have revised portions
of the RIA to incorporate them. As for the largest cost that we were
unable to quantify, IT upgrade costs, we fully acknowledge and
recognize the importance of assessing this cost in the RIA and describe
the difficulties we encountered in trying to obtain meaningful data for
these costs. We offer an order-of-magnitude assessment in the
qualitative cost section and carry that analysis into the breakeven
analysis.
---------------------------------------------------------------------------
\100\ OMB Circular A-4.
---------------------------------------------------------------------------
A few commenters took issue with the general approach of the
regulatory scheme, whereby the costs would be incurred almost entirely
by financial institutions, while the benefits would accrue to society
more broadly rather than to financial institutions and their customers,
specifically. In their view, this made the CDD rule an impermissible
tax upon financial institutions. But this rule is not a tax.
Furthermore, we disagree with the characterization of this regulatory
scheme as improper or out of the ordinary. There are numerous Federal
regulatory schemes that have similar underlying assumptions,
structures, and impacts--for example, the costs of some environmental
regulations fall predominantly (if not almost exclusively) on producers
of emissions (power plants, automobile manufacturers, etc.), while the
benefits accrue to the members of society as a whole. Similar to
environmental regulations, the CDD rule is meant to correct for a
positive spillover that in this case leads to a less-than-efficient
level of investment in AML/CFT security measures. Specifically,
reductions in illicit activity from the collection of beneficial
ownership information will benefit all members of society, but
financial institutions will rationally only account for their own
benefits when making their investment decisions. By compelling
financial institutions to retrieve beneficial ownership information,
the CDD rule's intent is to increase investment in AML/CFT measures to
a level that results in higher overall wellbeing (even once costs to
financial institutions are netted out). Recognizing the costs of
implementing the CDD rule, we have made numerous changes to the rule
itself, as described in the preamble above, so as to minimize as much
as possible the impact of compliance upon covered financial
institutions while still furthering the purposes of the rule.
One commenter representing a business formation agent reiterated
the recommendation proffered during the NPRM comment period to expand
the reliance provision of the beneficial ownership requirement to
include non-financial institutions, contending that such an expansion
would reduce the costs of compliance. We decline to do so for the
reasons articulated in the preamble to the final rule.
During the comment period to the RIA, a few commenters raised
substantive concerns about the rule itself that were essentially
identical to concerns identified by commenters during the NPRM comment
period, such as, among other things, requests to exempt smaller
institutions from the rule, and requests to eliminate the verification
requirement; these issues have been addressed in the preamble to the
final rule.
Cost-Related Comments
Some commenters objected to our overall approach to evaluating the
expected costs associated with implementation of the CDD rule. A few of
these commenters took issue with the limited sample size of financial
institutions that provided the data supporting our quantitative
assessment of the costs, and contended that we were required to
undertake a fully quantified analysis using a large and representative
sample of financial institutions. One commenter representing mid-sized
banks stated that the RIA was deficient because it only accounted for
the impact of the CDD rule on covered financial institutions writ
large, and did not allow for the rule's impact to differ based on a
variety of categories, such as size, business lines, structure,
geography, or customer base. This commenter asserted that we should
have given additional consideration in the RIA to the impact of the CDD
rule on small and mid-sized banks, provided additional data from mid-
sized banks regarding the expected costs of implementing the CDD rule,
and identified additional expected sources of costs not included in the
RIA.
As to the assertion that it was inappropriate to rely upon such a
small sample size in developing our cost data, we agree that it might
arguably have been preferable to obtain specific, granular data from a
large and diverse set of financial institutions. However, based on our
outreach to financial institutions and IT firms, we determined that it
would be impracticable to do so. To further develop our cost data
following the NPRM comment period, we identified and assessed all of
the comment letters that raised the cost issue with specificity, and
substantiated the assertion that FinCEN underestimated the costs
associated with implementing the CDD rule with data or a narrative
explanation. From this initial review, FinCEN engaged in outreach to
many of these commenters to determine their willingness to engage in a
more extensive voluntary discussion regarding the cost issues that they
raised. To facilitate these commenters' participation in this dialogue,
FinCEN identified in advance a number of topics to guide the
discussion, including:
A description of the commenting institution's processes
for onboarding legal entity customers and how that
[[Page 29428]]
information is used to comply with AML/CFT requirements;
the types of documentation required to onboard legal
entity customers;
an estimate of the amount of time it takes to set up legal
entity customer accounts;
the approximate number of legal entity accounts
established at the commenting institution on an annual basis;
anticipated changes to onboarding procedures that would be
necessary to identify and verify beneficial owners, consistent with the
requirement as proposed in the NPRM, and the approximate costs of such
changes;
the frequency with which the commenting institution
updates its computerized onboarding system, as well as the base cost
associated with ``opening'' these systems for updates and the
approximate incremental costs associated with each substantive change;
anticipated changes or updates to other systems required
to comply with the requirement as proposed in the NPRM, and the
approximate costs of such changes;
the expected costs and logistical difficulties associated
with integrating the Certification Form into the commenting
institution's operations;
additional employee training required to implement the
requirement as proposed in the NPRM, and how those costs compare to
total annual BSA training expenditures; and
any additional costs associated with implementing the
requirement as proposed in the NPRM that FinCEN did not take into
account.
Because we understood that it was likely that such a discussion would
necessarily require a detailed description of proprietary business
information, we noted that institutions' specific answers would not be
made a part of the public record, but informed participants that we
might describe responses in general terms without attribution as a part
of the rulemaking.
During our outreach discussions, we learned that each institution's
onboarding process is different from the others, making it difficult to
draw broad conclusions about the types of things covered financial
institutions would have to do to implement the rule, from which we
could extrapolate generally applicable cost estimates. More
importantly, while institutions were generally able to provide
estimates of training-related and other expected human resources costs,
several of the institutions with which we spoke were unable to provide
any estimates about many of the other types of costs they expected to
incur to implement the proposed CDD rule, even when pressed to provide
rough estimates, or even estimates within a broad range of potential
expected costs. Given this lack of usable data, and because FinCEN
understands that the majority of financial institutions purchase their
systems for entering and storing customer data rather than building the
systems internally, we also sought similar information from several of
the major vendors that provide these AML/CFT-compliant IT systems. As
with the financial institutions, we provided participating IT vendors
the same basic topics to guide the discussion (identified above), with
modifications to reflect the different role that these vendors play in
the onboarding and screening processes. Although we obtained insight
into the manner in which many of the major IT vendors work with
financial institutions, none were able to provide meaningful quantified
estimates of the expected costs associated with modifying their
systems, even when pressed for rough estimates or estimates within a
wide range of potential costs. For these reasons, we determined that it
would likely be futile to conduct a broader survey of financial
institutions and vendors to support our analysis. Thus, consistent with
OMB guidance, we instead specified the expected sources of costs, and
quantified these costs where possible. In order to assess the proposed
rule, we relied upon the breakeven analysis, which used an order-of-
magnitude assessment of the IT upgrade costs, resulting in an upper
bound of $10 billion (identified by most commenters during the NPRM and
RIA as by far the most substantial projected outlay) and the highest
cost-scenarios for other significant costs quantified in the RIA.
With respect to the concern that we did not adequately account for
the impact of the proposed CDD rule upon mid-sized and smaller
institutions, we note that throughout this rulemaking process, we have
been cognizant of the challenges that such institutions might face when
implementing the rule; these concerns contributed to shaping several of
the modifications we have made to the rule in order to facilitate its
implementation, as described at length in the Section-by-Section
Analysis above. For example, in response to comments to the NPRM, we
determined that use of the Certification Form would not be mandatory,
and financial institutions have the flexibility to utilize their
existing onboarding systems to comply with the beneficial ownership
certification requirement. During the NPRM comment period, some
commenters identified additional categories of entities whose
beneficial ownership information is otherwise available, and we
excluded these categories from the definition of legal entity customer,
further reducing the burden. In response to numerous comments
contending that the proposed exclusion for charitable organizations
would be difficult to administer, and therefore burdensome, we
simplified it. And importantly, in response to many comments regarding
the difficulties of implementing the CDD rule within a year of
publication of the final rule, we increased the time for financial
institutions to comply, to two years. As for the additional sources of
cost and additional cost data provided by the commenters, we appreciate
this additional information and have incorporated it, where
appropriate, into our analysis in the RIA, as described below.
Some commenters asserted that we underestimated certain costs, and
failed to account for other steps that financial institutions would
have to take to comply with the proposed CDD rule in our cost analysis.
We address these comments here.
Customer Onboarding. A few commenters asserted that our time
estimates for onboarding were too low. In response to these comments,
we have made adjustments to the calculations in the RIA, as described
in greater detail therein. Some of these commenters also asserted that
our hourly wage figures for ``new account clerks'' was too low, noting
that the average wage for their clerks was substantially higher. While
we certainly recognize that the wages earned by account clerks in large
metropolitan areas characterized by elevated cost of living will be
higher than the average, those wage levels are not representative of
the wages for the entire country (in the same way that wages for
account clerks in rural areas of the United States characterized by
very low cost of living would not accurately represent wages for the
whole country). Given that the average occupational wages produced by
the Bureau of Labor Statistics use wage data from throughout the United
States--taking into account variation in wages for the same occupation
across all of the very different local labor markets--we believe that
the national average for account clerks is representative and therefore
decline to use a different wage for these calculations.
[[Page 29429]]
One commenter also asserted that we mischaracterized the manner in
which this additional onboarding time would be incorporated into the
onboarding process, contending that our view was founded on ``the
plainly incorrect assumption that the additional documentation required
under the proposed CDD Rules can be collected in one (slightly longer)
meeting.'' Contrary to this notion, our assessment of the additional
incremental time for onboarding was not premised on this assumption.
Indeed, it has been our understanding that, as this commenter noted,
``[f]inancial institutions typically offer clients a period of time,
such as 30 days, to gather the appropriate account opening
documentation, and the process routinely takes more than one meeting.''
This characterization of current practices underscores one of our
broader points about our expectation that the additional burden on
prospective customers after the final rule is in force will be
limited--that is, it is already the case that prospective business
customers who seek to open accounts at financial institutions often do
not have on hand all the documentation required (including CIP
information), and that financial institutions have practices in place
to inform these prospective customers of the documentation they need to
provide in order to open an account. We would expect these existing
practices to be leveraged, and that an institution's practices for
collection of this information for legal entity customers would not
deviate substantially from those described above.
Developing and Conducting Employee Training. A few commenters noted
that we did not account for the costs associated with designing and
conducting training of employees on the new obligations in the CDD rule
(as distinct from the cost to financial institutions of employees' time
spent in training, for which we did account in the RIA). In response to
these comments, we have added a new section incorporating these costs
into the RIA, as described in greater detail therein.
Revising Policies and Procedures. A few commenters observed that
the RIA did not account for costs associated with revisions to policies
and procedures that would be necessary as a part of implementing the
CDD rule. In response to these comments, we have added a new section
incorporating these costs into the RIA, as described in greater detail
therein.
Additional Costs for Internal Controls. Some commenters noted that
the RIA did not account for additional costs for internal controls,
including compliance reviews, relating to the collection of beneficial
ownership information. As noted in the RIA, because of the lack of
actual estimates of such costs, we have not included them in the
aggregate quantified costs of the rule. We believe, however, that the
actual additional costs for internal controls will be small in
comparison to the quantified costs included in the RIA, particularly
the upper bound in the order-of-magnitude assessment for IT upgrade
costs, and thus that not including these additional internal control
costs does not influence the RIA's conclusion.
Costs Associated with Additional SAR Investigation and Filing. A
few commenters noted that there would likely be additional costs for
financial institutions associated with investigating and reporting SARs
that should have been accounted for in the RIA. However, as described
in the RIA, given the difficulty of determining whether the final rule
would result in additional costs of this nature and if so, their
amount, we have not attempted to quantify such costs.
Employee Training Costs. One commenter representing banks asserted
that respondents to its survey about implementation costs believed that
on average, employees would require three times the amount of training
identified by the RIA. This commenter did not, however, provide any
explanation of the basis for this estimate, the assumptions used to
generate this estimate, nor any dollar figure estimates. Nor did the
commenter state whether this treble estimate pertained to the low or
high end of the range described in the RIA (though we presume this
multiplier applies to the high end of the range) or whether it applied
to training in the first year or to refresher training. All of the
other commenters addressing this issue articulated estimated costs that
fell within the range identified in the RIA. For this reason, we
decline to alter the estimated costs associated with employee training
(except as described above).
Information Technology Costs. One commenter representing banks
contended that FinCEN did not adequately account for the costs
associated with IT upgrades in the RIA. This assertion is an inaccurate
characterization of our approach to IT costs. As described at length
above, FinCEN unsuccessfully attempted to obtain detailed figures for
these upgrade costs, in part necessitating the order-of-magnitude
analysis. This analysis directly accounted for IT upgrade costs by
assessing the order-of-magnitude based on limited data, which resulted
in an upper bound of $10 billion (derived from the rough estimates
provided by some financial institutions).\101\
---------------------------------------------------------------------------
\101\ Some commenters to the preliminary RIA and IRFA stated
that they believed that they would need to install expensive IT
upgrades in order to track changes in beneficial ownership
information, in order to comply with the requirements of the
proposed amendments to the respective AML program rules. FinCEN
believes that these comments are based on a misunderstanding of
those proposed requirements. As a result, FinCEN has revised this
proposed requirement, as explained in the Section-by-Section
Analysis.
---------------------------------------------------------------------------
Costs Associated with Lost Business/``De-Risking.'' A few
commenters took issue with the decision not to include costs associated
with lost business attributable to either privacy-minded owners of
legal entity customers declining to open accounts or financial
institutions refusing to extend accounts to legal entity customers for
which they cannot obtain the owners' personal information. In the views
of some commenters, a substantial number of owners of small businesses
would flee to unregulated sources of financing because of their
aversion to providing personal information to covered financial
institutions during the account-opening process. To the same effect,
one commenter representing banks asserted that the proposed CDD rule
would ``likely contribute to `de-risking,' as many financial
institutions will find it increasingly difficult to open accounts or
extend credit where the risk of correctly identifying the beneficial
owners cannot be managed to the satisfaction of regulatory
requirements.''
As for deposit or transaction accounts as well as most credit
products, FinCEN is not persuaded that the beneficial ownership
requirement would have a meaningful effect on the behavior of the vast
majority of owners of legal entities subject to it. Legitimate
businesses need transaction accounts within the financial system to
conduct their business, and in many cases, it would be extraordinarily
difficult (as well as far more risky and costly) to operate solely
using cash or through unregulated entities. Furthermore, we do not
expect most owners of legal entity customers to be so averse to
providing their personal information to covered financial institutions
that they refuse to open an account, particularly considering that they
have to provide the same type of personal information to open
individual accounts at those institutions. In any event, the cost of
such aversion--essentially being unbanked--would be high, for the
reasons given above. Moreover, irrespective of one's views on the
disclosure of personal information in business relationships, such
information
[[Page 29430]]
is routinely required for a variety of commercial interactions, such as
obtaining an insurance policy, or verifying eligibility for employment
in the United States via U.S. Customs and Immigration Services Form I-
9. We accordingly reject the contention put forth by one commenter that
it would be ``virtually impossible . . . to convince some beneficial
owners to provide their personal information'' on the grounds that many
people are ``especially sensitive to disclosing personal information''
(although we recognize and appreciate this concern as a general
matter).
For these same reasons, we do not believe that the beneficial
ownership requirement would produce a significant ``de-risking'' effect
as identified by the commenter above. As we note in the preamble to the
final rule, covered financial institutions will generally be allowed to
rely upon the representations of the legal entity customer regarding
their ownership structure, substantially mitigating what this commenter
identified as the principal driver of ``de-risking.''
With respect to the issue of potential lost business, while FinCEN
believes it is the case that legitimate businesses need transaction
accounts from banks, this is not necessarily the case with respect to
certain specialized types of credit products, which can also be
obtained from unregulated competitors. We have given careful
consideration to the comments describing the expected impact of
imposing this requirement upon specialized types of accounts in markets
where the increased burden would likely drive prospective customers
into unregulated alternatives. As we describe in greater detail above
in the Section-by-Section Analysis, we believe the policy reasons for
exempting these types of accounts from the scope of the rule proffered
by commenters are compelling, and we have accordingly exempted such
accounts from the scope of the beneficial ownership requirement. We
therefore do not have to account for this type of possible flight as a
cost of the rule.
Other Miscellaneous Costs. Several trade association commenters
identified a variety of sources of costs that were not widely
applicable to the institutions they represented. For example, one of
these commenters who surveyed a group of banks noted that a few of
these banks identified costs, such as those accruing to one bank's
financial investigative unit, that were not identified by others.
However, because such costs cannot be quantified, they are not included
in the RIA. Yet because we are confident that the actual miscellaneous
costs incurred will likely be very small compared to the included
quantified costs in the RIA, in particular the improbably high value
for IT upgrade costs, we firmly believe that excluding these
miscellaneous costs does not affect the RIA's conclusion.
Benefit-Related Comments
Several commenters questioned the assumption that the beneficial
ownership requirement would produce useful information, contending,
among other things, that criminals would easily avoid the requirement
by simply lying on the Certification Form, or by employing an
unaffiliated individual for the sole purpose of opening an account.
They also questioned the value of the information provided when there
are no means of verifying the person's status as a beneficial owner.
One commenter suggested that illicit actors might evade the requirement
entirely by simply setting up a complex structure of shell companies.
We address these contentions in turn.
We first accept the uncontroversial notion that criminal actors
will generally seek to evade legal and regulatory requirements as they
carry out their illicit schemes but stress that as the probability of
detection in carrying out these schemes increases, some criminals would
be less likely to engage in these illegal activities (at least through
the U.S. financial system). While it is the case that clever illicit
actors can and sometimes do evade many such requirements through deceit
or trickery, ``criminals will lie'' is a truism that could be used to
justify the elimination of any number of criminal and regulatory
prohibitions, and is insufficient justification here. This fundamental
practice does not obviate the significant benefits to law enforcement
and regulatory authorities associated with identifying and verifying
the identity of at least one natural person associated with legal
entities later determined to be engaged in illicit activity. Illicit
actors may well set up complex webs of shell companies or structure
their ownership so as to increase the difficulty of determining the
individual who in fact owns the entity; it is because of this
vulnerability that legal entities are also required to provide the name
of one natural person under the control prong. And while a criminal may
well lie regarding a legal entity's beneficial ownership information,
verification of the identity of the natural person(s) identified as a
beneficial owner will limit her ability to do so in a meaningful way
such that she could avoid scrutiny entirely. Furthermore, as the
Department of Justice has noted throughout this rulemaking process, a
falsified beneficial ownership identification would be valuable
evidence in demonstrating criminal intent. Even the verified identity
of a natural person whose status as a beneficial owner has not been
verified provides law enforcement and regulatory authorities with an
investigatory lead from whom they can develop an understanding of the
legal entity. Although we accept that it would be theoretically
possible for an illicit actor to hire a random person to set up an
account for her shell company at a covered financial institution, we
question the wisdom and practicality of effectively giving a stranger
access and control, even if only for a limited time, to something as
important as a financial institution account.
Along the line of these criticisms, some of these commenters
contended that we did not demonstrate a sufficiently strong link
between the expected law enforcement and regulatory benefits and the
reduction in illicit flows that we identified as the principal measure
of benefit in our breakeven analysis. As described at length in the
RIA, there are myriad complex factors that contribute to whether
criminal and regulatory investigations are initiated and pursued, and
whether prosecutions are brought and successfully concluded, and it
would not be possible to demonstrate the causative effect of any single
factor, such as the introduction of the CDD rule, on these outcomes. We
believe, for the reasons we describe in the RIA, that the beneficial
ownership requirement would reduce annual illicit flows in the U.S.
both by deterring their entry into the U.S. financial system, and
stemming them entirely through convictions and forfeitures.
A few commenters challenged our decision to identify compliance
with international standards as a benefit weighed in the RIA. In
response, we note that OMB guidance recognizes that ``[h]armonization
of U.S. and international rules may require a strong Federal regulatory
role.'' \102\
---------------------------------------------------------------------------
\102\ OMB Circular A-4.
---------------------------------------------------------------------------
Other Issues
A few commenters asserted that FinCEN's consideration of regulatory
alternatives was inadequate. They thought, for example, that FinCEN
should consider requiring the collection and verification of this
information by states at the time of company formation, or that such
information should be collected by the IRS through the tax
[[Page 29431]]
filing system. We discuss these additional alternatives in the RIA.
As noted above, several commenters requested that FinCEN exclude
from the scope of the beneficial ownership requirement certain types of
specialized accounts, such as accounts established for the purpose of
financing property and casualty insurance premiums; accounts
established to finance the leasing of heavy machinery and equipment;
and accounts established to finance postage and related items. These
requests have been addressed in the Section-by-Section Analysis above.
B. Final Regulatory Impact Assessment
1. Executive Summary
The primary purpose of customer due diligence (CDD) requirements is
to assist financial investigations by law enforcement, with the goal
being to impair criminals' ability to exploit the anonymity provided by
the use of legal entities to engage in financial crimes including fraud
and money laundering, and also terrorist financing, corruption, and
sanctions evasion. Treasury presents expected cost estimates for some
requirements and qualitative assessment of other cost components and
the benefits. In addition to the qualitative benefit assessment, we
present a breakeven analysis to assess the level of benefits that would
justify incurring the quantified costs associated with this rule.
Treasury acknowledges that there are uncertainties associated with this
assessment and discusses those uncertainties in this Regulatory Impact
Assessment (RIA). Although data and modeling limitations prevent us
from fully quantifying all costs and benefits attributable to the CDD
rule, the U.S. Department of the Treasury believes that the final rule
would yield a positive net benefit to society.
The RIA employs a breakeven analysis that concludes that the CDD
rule would have to induce a modest reduction of between 0.16 and 0.6
percent in annual U.S. real illicit proceeds in each of ten years
(2016-2025) to achieve this positive net benefit. If the definition of
illicit proceeds is expanded to include money exchanged in illicit drug
sales, which, as described in the RIA, are not always included in such
measurements, then the analogous required reduction must be between
0.12 and 0.47 percent. For either set of illicit activities, this would
correspond to a reduction in real proceeds ranging from $1.46 billion
in 2016 to $1.81 billion in 2025, at the upper bound for IT upgrade
costs. The analogous reductions at the lower bound of IT upgrade costs
are $0.38 billion and $0.47 billion.
This RIA argues, however, that both of the above upper threshold
estimates are exceedingly conservative in that they are based on an
upper bound for the rule's costs while not incorporating all of its
benefits.\103\ Specifically, the estimates:
---------------------------------------------------------------------------
\103\ The estimated thresholds for the percent reduction in real
illicit proceeds are assumed to be constant across each year of the
ten-year horizon for the given set of illicit activities, and
computed using an upper bound for costs based on estimated and
hypothetical values. At the threshold estimates, the present value
of the rule's benefits would just be equal to the present value of
its costs.
---------------------------------------------------------------------------
[ssquf] Are based on an order-of-magnitude cost assessment with an
upper bound present value for 10-year IT upgrade costs of $10 billion;
[ssquf] incorporate the highest cost scenarios for the costs that
are quantified in the RIA--financial institution employee training
(including the development of this training), new client onboarding,
and the revision of policies and procedures;
[ssquf] are not in relation to, and therefore do not account for,
all of the benefits that would be realized in the form of saved costs
from crimes that would not occur in the presence of the rule because
any reduction in illicit proceeds would only reflect saved costs in the
form of funds no longer involuntarily transferred from victims to
offenders; the excluded benefits include, for example, time not devoted
to handling the aftermath of--for example--fraud victimization, and
psychological pain and suffering not experienced due to those fraud
victimizations avoided; and
[ssquf] are not in relation to, and therefore do not account for,
other effects discussed in the RIA, including increased asset recovery,
increased tax revenue due to stronger tools for detecting and
remediating under reporting and under payment of Federal taxes, and
reputational benefits to the U.S. Government of meeting international
standards.
Therefore, even though the RIA assumes high IT costs, we find that
the final CDD rule would still only need to exhibit a modest level of
effectiveness for its benefits to justify its costs as laid out in the
RIA. It is the view of the Treasury Department that these reductions in
illicit activity would be achieved upon the implementation of the CDD
rule.
2. Introduction and Summary
a. Overview of the RIA
The Financial Crimes Enforcement Network (FinCEN) is publishing
rules under the Bank Secrecy Act to clarify and strengthen customer due
diligence (CDD) requirements for the following financial institutions:
Banks, brokers or dealers in securities, mutual funds, and futures
commission merchants and introducing brokers in commodities. The final
rule contains explicit CDD provisions and a new regulatory requirement
to identify beneficial owners of legal entity customers. The beneficial
owners are defined as each individual who owns, directly or indirectly,
25 percent or more of the equity interests of the entity, and one
individual with significant responsibility to control, manage, or
direct the entity.\104\
---------------------------------------------------------------------------
\104\ Treasury's Office of Economic Policy worked with FinCEN to
prepare this Assessment pursuant to Executive Orders 13563 and 12866
because the proposed rules have been determined by the Office of
Management and Budget (OMB) to be an economically significant
regulatory action. The Notice of Proposed Rulemaking was published
at 79 FR 45151 (August 4, 2014).
---------------------------------------------------------------------------
The final CDD rule is expected to contribute to a reduction in
illicit activity by providing easier access to beneficial ownership
information to support law enforcement investigations at the expense of
additional costs to gather and store the data on the beneficial owners
of legal entity accounts. We expect that there will be a meaningful
impact on illicit activity and law enforcement investigations, but
these effects are notoriously difficult to quantify. Thus, we can only
describe the rule's benefits qualitatively. We later offer a
conservative estimate of the required minimum level of the rule's
effectiveness at which its benefits would just offset its costs.
We quantify certain costs to financial institutions and their
clients of complying with the final rule, specifically the value of
additional time spent on these activities: Training financial
institution staff, designing and conducting staff trainings, revising
compliance policies and procedures, and onboarding new accounts.
Throughout this analysis, we use a ``no action'' baseline, meaning that
we compute and discuss costs and benefits of the final rule relative to
a situation where the rule is not adopted. We estimate that these
first-year costs would range from roughly $370 million to $520 million.
Close to half of the costs incurred over 10 years would be borne by
customers in additional time spent opening accounts, with the other
half due to additional staff time devoted to training, compliance, and
account onboarding at the roughly 29,000 covered institutions.\105\
Training costs
[[Page 29432]]
would fall sharply after the first year as the majority of first-year
costs are due to time spent designing training modules for employees, a
cost that we assume will not recur after the first year. We estimate
that 10-year quantifiable costs range from $1.15 billion to $2.15
billion in present value using a seven-percent discount rate and from
$1.3 billion to $2.5 billion using a three-percent discount rate. The
annualized costs range from $153 million to $287 million using a seven-
percent discount rate; $148 million to $282 million using a three-
percent discount rate.
---------------------------------------------------------------------------
\105\ The Treasury Department computed the number of covered
institutions based on information provided by the Federal Deposit
Insurance Corporation, the National Credit Union Administration, the
Securities and Exchange Commission, and the Commodity Futures
Trading Commission. The Treasury Department did not conduct an
incidence analysis as to whether the regulated entities will be able
to pass along the costs to their customers ultimately.
---------------------------------------------------------------------------
As described at greater length below in the breakeven analysis,
given even an unrealistically high hypothetical value for the rule's
total costs, the CDD rule would only have to reduce annual real illicit
activity by between 0.16 percent (roughly $0.38 billion in 2016, rising
to 0.47 billion in 2025) and 0.6 percent (roughly $1.46 billion in
2016, rising to $1.81 billion in 2025), to yield a positive net benefit
(the required reduction in illicit proceeds would only be between 0.12
percent and 0.47 percent if proceeds from illicit drug sales are
included).106 107
---------------------------------------------------------------------------
\106\ This calculation uses the $300 billion estimate for annual
illicit proceeds generated in the United States on page 2 of U.S.
Department of the Treasury. Office of Terrorism and Financial
Intelligence. 2015. National Money Laundering Risk Assessment.
\107\ The distinction between illicit proceeds that include and
exclude money exchanged in illicit drug sales matters for the
interpretation of proceeds as costs of crime. As discussed later,
illicit proceeds that are involuntarily transferred from victims to
offenders--for example, via fraud--are naturally counted among
``external'' costs of crime. On the other hand, illicit proceeds
from transactions that are arguably voluntary, like illicit drug
sales, do not fit into the set of external costs so readily. To the
extent that the size of proceeds from illicit drug sales are
indicative of the costs to society of the drugs consumed from those
transactions--loss of health and quality of life and lost labor
market productivity, among many others--then this justifies using
the broader measure of illicit activity (i.e., including drug sales)
for estimating the social benefits of reduced crime. Although in
this instance we are not accounting for the effects of the proposed
rule on other types of illicit activity (e.g., terrorist financing)
in the breakeven analysis, the CDD rule would potentially impact the
likelihood of low probability, high impact events occurring. Such
reductions have the potential to yield significant benefits. For
example, the costs of terrorism and financial crime can run into the
billions of dollars in terms of property destruction, foregone tax
revenues, and loss of life. The American Academy of Actuaries has
estimated that a medium-impact scenario involving a chemical,
nuclear, biological, or radiological attack in New York City could
result in insured losses of over $445 billion, while a truck bomb
attack in San Francisco could result in insured losses of nearly $9
billion. ``Letter to President's Working Group on Financial Markets
regarding Terrorism Risk Analysis,'' American Academy of Actuaries,
April 21, 2006.
---------------------------------------------------------------------------
To summarize: This cost-benefit analysis provides a qualitative
discussion of the rule's benefits and some costs, and quantitative
estimates of those costs for which adequate data are available. Due to
the limited availability of data on illicit activity and in the absence
of previous changes in beneficial ownership disclosure policy, the
final rule's effects in terms of reducing such crime cannot be
estimated with sufficient accuracy to warrant quantitative assessment.
In the absence of fully quantified benefits and costs, we rely on a
breakeven analysis to determine how large the final rule's benefits
would have to be in order to justify its costs. Given that the
breakeven analysis depends on an argument about the final rule's
effectiveness in generating benefits, and that the benefit of a crime
prevented is the inverse of that crime's cost,\108\ we need a value for
the costs of the crimes that the rule would impact. For this specific
regulation's RIA, we choose to utilize the Treasury Department's
estimate of $300 billion in illicit proceeds generated annually in the
United States due to financial crimes as the basis for determining the
rule's minimum level of effectiveness in the breakeven analysis, at
which benefits would exactly justify costs. The whole of these proceeds
must be laundered before they can re-enter the economy under a guise of
legitimacy.\109\
---------------------------------------------------------------------------
\108\ The terms ``costs'' and ``benefits'' can be
interchangeable depending on whether one is examining the effect of
crime or the effectiveness of a crime reduction program. See page
276 of Cohen, Mark A., ``Measuring the Costs and Benefits of Crime
and Justice,'' Criminal Justice 4 (2000): 263-315 (``. . . the cost
of a crime is the same as the benefit of a crime that was
prevented'').
\109\ See footnote 106.
---------------------------------------------------------------------------
The remainder of this section provides the rationale for the CDD
rule, discusses regulatory alternatives, and summarizes the findings of
the cost-benefit analysis. The second section reports quantitative
estimates of certain costs; the third section provides a qualitative
discussion of benefits and those costs that we cannot quantify; the
fourth and final section employs a breakeven analysis to make the case
for the adoption of the final rule.
b. Rationale for the CDD Rule
Under certain circumstances, markets lead to socially desirable
allocations of goods and services. Yet when all the necessary
conditions are not met, a market's allocation of goods may not be
efficient, a situation known as a market failure. Economists consider
the presence of a market failure to be a justification for policy
intervention. The final CDD rule intends to address two related market
failures. Both of these are spillovers (also called externalities) in
that the wellbeing of parties not buying or selling in a market is
impacted by transactions in that market. Spillovers can either be
positive or negative. For example, a positive spillover occurs in the
market for influenza vaccinations: Those who receive the vaccine reduce
the chances of others who do not receive the vaccine from catching the
flu. From the perspective of society's overall wellbeing, the existence
of a positive spillover implies that fewer transactions are taking
place in the market in question than is socially optimal. Conversely,
in the case of a negative spillover, too many transactions occur,
resulting in lower societal wellbeing. For example, a paper mill that
pollutes a river by releasing wastewater may negatively affect
recreational fishermen downstream who may find fewer fish or be unable
to eat the fish they catch due to the pollution.\110\ We discuss the
spillovers addressed by the CDD rule in more detail below.
---------------------------------------------------------------------------
\110\ Whether the spillover is positive or negative, the market
failure is attributable to the lack of a second market that would
allow participants and nonparticipants in the market with the
spillover to compensate one another so that the quantity produced
and consumed is socially optimal in the market with the spillover.
For example, the fishermen have no formal mechanism for paying the
owners of the paper mill to produce less wastewater by producing
less paper. The implication of this ``missing market'' is that the
overall wellbeing might be lower than what society would be willing
to pay for, if it could.
---------------------------------------------------------------------------
Illegal activities are social ``bads'' rather than social goods.
Because financial institutions bear the cost of collecting the
beneficial ownership information, they only take into account their own
benefit to doing so when selecting their level of investment in crime-
reducing security measures.\111\ The implication is that financial
institutions underinvest in such measures from the standpoint of
society. If all members of society are potential victims of future
criminal activity, then the prevention of financial crimes including
money laundering and terrorist financing have the characteristics of
public goods, meaning that all citizens benefit from actions to
[[Page 29433]]
mitigate these activities regardless of who pays for the prevention.
---------------------------------------------------------------------------
\111\ Even in the extreme case where financial institutions
could pass along the entire cost of collecting this information, it
does not follow that the resulting level of investment in crime-
reducing security measures would maximize social wellbeing.
Realistically, competition among financial institutions for clients
will limit the extent to which they can pass these costs along to
customers.
---------------------------------------------------------------------------
Absent this final rule, financial institutions will continue to
invest at lower than efficient levels, in accordance with their private
interests, neglecting the incremental positive impact of each
additional dollar spent on security measures on broader social welfare.
This is especially true if financial institutions that are considering
collecting beneficial ownership information perceive that they would
lose business to competitors that do not require that information. By
compelling universal compliance across all covered institutions,
implementation of the final rule would increase beneficial ownership
disclosure at financial institutions, making illicit activities more
costly to commit.
Without the final rule, the negative spillover arises because a
country with less stringent anti-money laundering and countering the
financing of terrorism (AML/CFT) regulations may become a destination
for the laundering of proceeds generated by illicit activities
committed in other countries. The country with less stringent rules and
regulations receives the inflow of capital without bearing the costs of
the criminal offenses that created that inflow of capital.
International cooperation that harmonizes AML/CFT policies may reduce
this market failure. By helping to harmonize U.S. standards with those
of the global community, adopting this final rule would make laundering
the proceeds in the United States from illicit activities committed in
the other countries more costly and thereby mitigate the current
negative spillover.
c. Discussion of Regulatory Alternatives to the Final CDD Rule
In this section, we discuss five alternatives to the final CDD
rule, which will set a 25 percent beneficial ownership disclosure
threshold for new legal entity accounts. The first three alternatives
are variants of the CDD rule, while the remaining two are alternative
regulatory approaches:
Alternative 1: 10 percent beneficial ownership disclosure
threshold.
Alternative 2: 50 percent beneficial ownership disclosure
threshold.
Alternative 3: Applying the proposed 25 percent beneficial
ownership disclosure threshold to existing legal entity accounts, as
well as to new accounts.
Alternative 4: Collection and verification of the identities of
beneficial owners by State officials at the time of company
formation.
Alternative 5: Collection and verification of the identities of
beneficial owners by the Internal Revenue Service (IRS).
Alternative 6: Exempt financial institutions below a certain
asset size, or that maintain fewer than a specified minimum number
of legal entity accounts.
Alternative 1, setting a 10 percent beneficial ownership threshold,
would provide more information to potentially identify individuals
involved in illicit financial activity. Collecting information for a
maximum of 11 people \112\ can potentially identify illicit financing
through owners of stakes as small as 10 percent. However, as a
practical matter, we believe that this threshold would predominantly
impact legitimate legal entities, and impose upon them a significant
burden that would not be outweighed by the incremental benefit to law
enforcement of additional identities of beneficial owners. Such a
change would also come at higher costs in terms of more financial
institution and client onboarding time (in some instances, up to twice
as much, since the maximum number of beneficial owners would be more
than doubled from a maximum of five to a maximum of eleven) and
additional data storage. In FinCEN's assessment, the incremental
benefit of this approach does not outweigh the burdens associated with
having to collect and verify the identities of more than twice as many
beneficial owners in some circumstances. Incremental costs to financial
institutions for IT updates, staff training, and internal controls,
above and beyond those incurred for the final rule, would likely be
limited.
---------------------------------------------------------------------------
\112\ Under the two elements of the definition of beneficial
owner described earlier, up to 10 individuals under the ownership
element and one individual under the control element.
---------------------------------------------------------------------------
Alternative 2, setting a 50 percent beneficial ownership threshold,
is less stringent, but provides less information to potentially
identify those involved in illicit financing. Using a 50 percent
threshold would forego information on owners of stakes as high as 49
percent. Furthermore, setting the threshold this high would render the
rule more susceptible to evasion, as beneficial owners of legal
entities could more easily manage their ownership interests to fall
below this level than 25 percent. Requiring personal information for a
maximum of three people \113\ would somewhat reduce data collection
costs to financial institutions and their customers' costs. But,
because major cost elements such as IT updates, staff training, and
internal controls would still be incurred by financial institutions,
overall savings would probably be limited relative to the final rule.
We cannot quantify how much the benefit from the final rule would be
reduced by this higher threshold for disclosure but are confident that
with this threshold illicit actors would have greater ease in using
legal entities to mask their financial activities than with the
proposed threshold.
---------------------------------------------------------------------------
\113\ Two individuals under the ownership element and one
individual under the control element.
---------------------------------------------------------------------------
Alternative 3 would apply the same beneficial ownership disclosure
threshold as the final rule to new accounts, but would also require
retroactive collection of beneficial ownership information for existing
accounts at the time the rule comes into force. The increased costs
from complying with Alternative 3 would likely take the form of
significant labor costs as financial institutions hired additional
workers to gather beneficial ownership data from customers and input it
into account databases. Alternative 3 would also impose costs on
existing customers of covered financial institutions. We do not foresee
additional IT development costs beyond those for the final rule. We
expect that the above-described costs would be substantial. In the 2012
ANPRM, FinCEN sought comments on whether to require retroactive
collection of beneficial ownership information for existing accounts.
Many commenters to the ANPRM viewed a retroactive requirement to obtain
beneficial ownership information for all existing accounts as extremely
burdensome, and opposed such a requirement. In light of these
representations about the burdens associated with such a requirement,
FinCEN proposed in the NPRM that the beneficial ownership requirement
would apply only with respect to legal entity customers that open new
accounts going forward from the Applicability Date. During the NPRM
comment period, the vast majority of commenters who addressed this
issue reiterated this objection to retroactive application of the
beneficial ownership obligation. Alternative 3 may offer substantially
larger benefits than the final rule because it would make available
beneficial ownership information for far more accounts than the final
rule, as the stock of existing accounts covered would greatly exceed
the flow of new accounts. The advantage in terms of greater beneficial
ownership information would fall over time; the higher requirements of
Alternative 3 may also require a later deadline for compliance.
As to Alternative 4, many commenters stated that it would be more
efficient, as well as more appropriate, to place the obligation to
obtain beneficial ownership information on the States that create the
entities rather than on financial institutions at the time that
accounts are opened. While the
[[Page 29434]]
existence of such a requirement may reduce some costs that would be
borne by financial institutions under the rule, Treasury believes that
it would not eliminate the need for an independent obligation of
covered financial institutions to collect and verify the beneficial
ownership information at the time an account is opened. Additionally,
as stated in the NPRM, the Administration supports the collection of
this information at both the time of company formation and at the time
an account is opened. There are important reasons for this: (i) Company
formation and account opening generally take place at different points
in time which may result in the information changing; and (ii) there is
no requirement for a legal entity formed in the United States to open a
bank account in the United States, nor is there a bar on non-U.S. legal
entities opening accounts in the United States. Therefore it is
important to have requirements that apply to both points of entry. In
addition, there are Constitutional impediments on the manner and extent
to which the Federal government could impose such a requirement on the
States, as there is no Constitutional provision authorizing the Federal
government to directly mandate that States collect such information.
Furthermore, without concerted action on such a proposal by all 50
States and the District of Columbia, we would expect illicit actors to
simply incorporate in those States without such a requirement. Such
gaps would obviate the benefit of such a requirement at the State
level.
With respect to Alternative 5, some commenters also urged that
beneficial ownership information could more efficiently be collected by
Federal officials at the IRS through the process of obtaining Employer
Identification Numbers for legal entities, which would shift the costs
from financial institutions to government. For the reasons stated
above, Treasury believes that collection and verification of beneficial
ownership information is necessary and valuable both at the time of
company formation and at the time of account opening. Moreover, FinCEN
lacks the authority to impose such an information collection
requirement upon the IRS, and because of the sensitive nature of tax
information and the many statutory restrictions on the use of such
information in order to protect taxpayers' privacy, legislative changes
to the tax code would be required.
Regarding Alternative 6, FinCEN also considered exempting small
financial institutions below a certain asset size or that have a
minimal number of legal entity accounts. In this regard, FinCEN has
determined that identifying the beneficial owner of a financial
institution's legal entity customers and verifying that identity is a
necessary part of an effective AML program. Were FinCEN to exempt small
entities from this requirement, or entities that establish fewer than a
limited number of accounts for legal entities, those financial
institutions would be at greater risk of abuse by money launderers and
other financial criminals, as criminals would identify institutions
without this requirement.
d. Summary of Findings
i. Costs
(1) Quantitative Assessment
In response to comments that our compliance cost estimates in the
proposed rule were unrealistically low, we conducted telephone
interviews with financial institutions that submitted comments, as well
as with IT vendors which currently supply related AML/CFT software to
financial institutions.\114\ Using information from those interviews,
we estimate the cost to financial institutions and their clients of the
additional time required to open new legal entity accounts under the
CDD rule, and the costs to financial institution costs for employee
training and the revision of AML program procedures. For a discount
rate of seven percent, Table 1a lists the high-cost and low-cost
estimates for each of the quantified categories of costs incurred in
the first year alone, in the first ten years in terms of present value,
and on annual basis over the first ten years.\115\
---------------------------------------------------------------------------
\114\ Treasury understands that most financial institutions do
not build their own systems for entering and storing data regarding
their customers, but rather purchase such systems from third parties
that specialize in providing such products to financial
institutions.
\115\ The annualized cost value is the undiscounted constant
annual cost incurred in each of the ten years that, if it occurred,
would yield the value for the corresponding ``present value of 10-
year costs'' entry in the table after the stream of costs were
discounted (using the seven-percent rate in Table 1a) and summed.
For example, a 10-year stream of $59 million (the ``High Estimate''
annualized cost for training in Table 1a) has a present value of
$439 million using the seven-percent discount rate.
Table 1a--Quantified Costs for 7% Discount Rate
[Millions of USD]
----------------------------------------------------------------------------------------------------------------
Financial institution
-------------------------------------------------------------------------------
Training Onboarding Compliance Client Total
----------------------------------------------------------------------------------------------------------------
First-Year Costs:
Low Estimate................ $211 $45 $55 $61 $371
High Estimate............... 256 89 55 121 521
Present Value of 10-Year Costs:
Low Estimate................ 264 353 55 477 1,149
High Estimate............... 439 705 55 955 2,154
Annualized Costs:
Low Estimate................ 35 47 7 64 153
High Estimate............... 59 94 7 127 287
----------------------------------------------------------------------------------------------------------------
Source: Treasury Department calculations.
Note: First year of analysis is 2016. All figures in 2014 dollars.
We estimate that first-year costs would range from roughly $370
million to $520 million; training costs would be lower in subsequent
years. Furthermore, we estimate that the 10-year costs range from
roughly $1.15 billion to $2.15 billion in present value and that
annualized costs would range from approximately $150 million to $290
million. Table 1b reports the analogous costs for a three-percent
discount rate. For this lower discount rate, first-year costs are
unchanged, but we estimate that the 10-year cost range shifts up to
roughly $1.3 billion to $2.5 billion while the annualized costs shift
down slightly to a range of $150 million to $290 million.
[[Page 29435]]
Table 1b--Quantified Costs for 3% Discount Rate
[Millions of USD]
----------------------------------------------------------------------------------------------------------------
Financial institution
-------------------------------------------------------------------------------
Training Onboarding Compliance Client Total
----------------------------------------------------------------------------------------------------------------
First-Year Costs:
Low Estimate................ $211 $45 $55 $61 $371
High Estimate............... 256 89 55 121 521
Present Value of 10-Year Costs:
Low Estimate................ 274 414 55 560 1,303
High Estimate............... 476 827 55 1,120 2,479
Annualized Costs:
Low Estimate................ 31 47 6 64 148
High Estimate............... 54 94 6 128 282
----------------------------------------------------------------------------------------------------------------
Source: Treasury Department calculations.
Note: First year of analysis is 2016. All figures in 2014 dollars.
(2) Qualitative Assessment
Several types of costs associated with the implementation of this
rule cannot be reliably quantified due to a lack of data. For example,
we provide qualitative discussions of information technology upgrades
by covered institutions and incremental costs to U.S. criminal
investigations because the data are insufficient for quantitative
assessments.
ii. Benefits
The primary purpose of the final CDD rule is to reduce illicit
activity, including financial crimes such as money laundering and
terrorist financing. Yet, none of the benefits of the final rule, in
terms of reducing crime, can be measured with sufficient accuracy at
this time to warrant quantitative assessment. Two primary factors
impede credible quantitative estimation of the rule's benefits: Illicit
activity is difficult to observe, meaning that reported measures are
likely unreliable, and there is no past variation in beneficial
ownership requirements in the United States from which to estimate the
effects on outcomes.
Furthermore, estimation of effects of policy changes using
historical data is challenging in this context. Existing AML/CFT
regulations under the Bank Secrecy Act and subsequent legislation
already help mitigate financial crimes including money laundering and
terrorist financing. In addition, extensive changes in the United
States and international regulatory regimes following the financial
crisis of 2008 further complicate the estimation of potential effects
of any change in the CDD rule, as even changes to non-AML/CFT
regulations may alter regulated parties' behavior in ways that make it
difficult to attribute potential effects to the CDD rule alone. Ongoing
financial regulatory reforms, including for example, the Dodd-Frank
Wall Street Reform and Consumer Protection Act of 2010, add to the
challenge of assessing the potential impacts of this final rule.
Finally, changing external factors such as evolving AML/CFT policies of
foreign governments and management practices of overseas financial
institutions may affect the level of illicit activities in the United
States, including through cross-border institutions.
For all of the above reasons and others, this cost-benefit analysis
relies extensively on a qualitative assessment of potential effects,
based on relevant literature. Finally, while we believe that a
significant increase in, for example, the number of prosecutions for
money laundering, following the CDD rule's possible adoption would
signal its effectiveness in diminishing the level of criminal activity,
given the time required to build and prosecute cases, that sort of
quantitative assessment would not be possible for several years.
3. Quantitative Estimates of Costs
a. Costs to Covered Institutions
i. Employee Training
We generate high- and low-cost estimates of the training costs to
covered institutions based on input from the institutions and data from
the Bureau of Labor Statistics (BLS). These estimates pertain only to
the training costs directly associated with the final rule, not the
full set of training activities needed to address the broader set of
AML/CFT regulations for financial institutions. Based on the total
number of employees and the employee-weighted average hourly wage at
covered institutions, we estimate high- and low-cost scenarios by
varying the share of employees receiving training and the length of
that training.\116\ The high-cost estimate assumes two-thirds of
covered institution employees receive training, and one-time initial
training runs for one hour while subsequent annual refresher trainings
last 15 minutes. The low-cost estimates assume one-third of employees
are trained, the initial training takes 30 minutes, and the annual
refresher trainings run 10 minutes.
---------------------------------------------------------------------------
\116\ To represent the workforce in covered institutions, we use
wage data for all employees working in business establishments in
sectors having one of the following four-digit North American
Industry Classification System (NAICS) codes: 5221 (Depository
Credit Intermediation), 5222 (Nondepository Credit Intermediation),
5223 (Activities Related to Credit Intermediation), or 5231
(Securities and Commodity Contracts Intermediation and Brokerage).
---------------------------------------------------------------------------
In both the high-cost and low-cost estimates, we make four main
assumptions. First, we assume the opportunity cost of staff time spent
in training is equal to the wage rate rather than total compensation
(wage rate plus benefits).\117\ Second, we apply the BLS 2012-22
projected employment growth rate of 0.9 percent per year for Financial
Activities to our 10-year time horizon.\118\ Third, we use the
aggregate annual real wage growth rate of 1.2 percent (rounded
intermediate assumption) from the 2015 Social Security Trustees
Report.\119\ Finally, we assume that staff turnover rates are
consistent with the rates provided in the Finance and Insurance sector
in the BLS
[[Page 29436]]
Job Openings and Turnover Survey.\120\ We believe this set of
assumptions yields estimates that account for the primary factors that
may affect costs in the period of analysis.
---------------------------------------------------------------------------
\117\ This assumption results in a higher opportunity cost of
training than might be warranted if employees' brief time in
training mostly displaces less-than-fully productive activities.
\118\ BLS. 2013. ``Industry Employment and Output Projections to
2022,'' Monthly Labor Review. http://www.bls.gov/opub/mlr/2013/article/industry-employment-and-output-projections-to-2022.html.
\119\ The Board of Trustees, Federal Old-Age and Survivors
Insurance and Federal Disability Insurance Trust Funds. 2015. The
2015 Annual Report of the Board of Trustees of the Federal Old-Age
and Survivors Insurance and Federal Disability Insurance Trust
Funds. http://www.ssa.gov/oact/tr/2015/tr2015.pdf.
\120\ BLS. 2015. Job Openings and Labor Turnover Survey News
Release. http://www.bls.gov/news.release/archives/jolts_03102015.htm#jolts_table9.f.2
We use the average of the 2010-14 total annual separations rates
for the Finance and Insurance industry, provided in Table 16.
---------------------------------------------------------------------------
Table 2 summarizes the estimated costs. Estimated first year
training costs range from roughly $210 million to $260 million
depending on the share of employees trained and the duration of the
training sessions. First-year costs are so much greater than the costs
in subsequent years for two reasons: All employees who receive training
are given the longer initial training in the first year, but take
shorter refresher training in the following years, and compliance staff
must design the training in the first year.\121\ We allow for employee
turnover by assuming that new hires in positions requiring training
would be given the full initial training in their first years, and
refresher trainings in each subsequent year. We also assume that
turnover rates are equivalent for positions requiring and not requiring
training.
---------------------------------------------------------------------------
\121\ Using information provided in a comment by a major trade
association, we adopted 200 hours as the necessary amount of time to
design training per financial institution. Furthermore, we use wage
data from the May 2014 BLS Occupational Employment Statistics for
``compliance officers'' working in business establishments in
sectors having one of the four-digit North American Industry
Classification System (NAICS) codes mentioned in footnote 116; the
average hourly wage for these compliance officers is $34.03. The
total cost of designing trainings is the product of this wage, 200
(hours), and the number of financial institutions.
---------------------------------------------------------------------------
The present discounted values of our low- and high-cost scenarios
over the 10-year period range from roughly $265 million to $440 million
and from roughly $275 million to $475 million using the seven-percent
and three-percent discount rates, respectively.122 123
---------------------------------------------------------------------------
\122\ For completeness, as per guidance from OMB, we estimate
the 10-year present discounted values using both 7-percent and 3-
percent discount rates. The latter is generally appropriate for
discounting future consumption flows when a regulation primarily
affects private consumption, while the former is more applicable for
regulations affecting private-sector financial institutions. (See
Office of Management and Budget (OMB), Regulatory Impact Analysis: A
Primer, Aug. 15, 2011)
\123\ One of the financial institutions we interviewed was a
large bank whose representatives stated that all of its employees
would require training for one-half hour. In the above analysis, if
all employees at all covered institutions required one hour of
initial training and subsequent annual refresher training of 15
minutes, then the present value of 10-year training costs would be
$561 million. Although we think it is unlikely that labor force
training would need to be this widespread, this estimate provides an
upper bound for total training costs.
Table 2--Estimated Training Costs
[Millions of USD, present value]
----------------------------------------------------------------------------------------------------------------
7% discount rate 3% discount rate
Year -----------------------------------------------------------------------
Low estimate High estimate Low estimate High estimate
----------------------------------------------------------------------------------------------------------------
1....................................... $211.1 $256.0 $211.1 $256.0
2....................................... 7.0 24.4 7.3 25.3
3....................................... 6.7 23.3 7.2 25.1
4....................................... 6.4 22.2 7.2 24.9
5....................................... 6.1 21.2 7.1 24.7
6....................................... 5.9 20.2 7.0 24.5
7....................................... 5.5 19.3 7.0 24.3
8....................................... 5.3 18.4 6.9 24.1
9....................................... 5.1 17.6 6.9 23.8
10...................................... 4.8 16.8 6.8 23.6
-----------------------------------------------------------------------
Present Value........................... $263.8 $439.4 $274.4 $476.3
----------------------------------------------------------------------------------------------------------------
Source: Treasury Department calculations.
Notes: Year 1 is 2016. Includes annual real wage growth rate based on aggregate intermediate rate in 2015 Social
Security Annual Trustees Report. Mean industry wage rates are based on BLS Occupational Employment Statistics,
May 2014 for NAIC-4 codes 5221, 5222, 5223, and 5231. Job turnover rates are a 5-year average from BLS total
separations rates for the Finance and Insurance sector from Job Openings and Labor Turnover Survey, March
2015. Employment growth projections come from BLS Economic News Release, December 2013. Low estimate assumes
one-third of employees are trained with a 30-minute initial training and 10-minute annual refreshers. High
estimate assumes that two-thirds of employees are trained with a 1-hour initial training and 15-minute annual
refreshers.
ii. Incremental Onboarding
Financial institutions would primarily satisfy the final CDD rule's
requirement to collect beneficial ownership and control information
during the legal entity account opening process. We estimate the
incremental onboarding costs to institutions of the CDD rule by
multiplying the expected annual number of new legal entity accounts by
the value of the expected additional onboarding time due to the final
rule.\124\ We use an estimate of 8 million new accounts per year, which
takes into account all financial accounts that will be excluded or
exempted from the rule. We consider a range of 20 to 40 minutes of
additional time on average to open an account under the CDD rule, based
on a series of telephone calls with covered institutions, and on public
comments received in response to both the NPRM and the preliminary
version of the RIA published in December 2015.\125\ We base a financial
institution's cost of the additional time spent onboarding a single
account on $16.77, the average wage for ``new account clerks'' in the
financial industry according to data furnished by the BLS. For a seven-
percent discount rate, the present value of onboarding costs has an
approximate range of $350 million to $705 million; for a three-percent
discount rate, the present value of onboarding costs is roughly $410
million to $825 million.
---------------------------------------------------------------------------
\124\ We expect that the tasks included in this additional
onboarding time would include collection and verification of
beneficial ownership information, as well as associated
recordkeeping.
\125\ In the preliminary RIA, we used 15 and 30 minutes for the
low and high scenario average increases, respectively, in onboarding
time per account, but some commenters objected to these values as
being too low.
---------------------------------------------------------------------------
Table 3 shows the estimated onboarding costs associated with the
final rule for the 10-year period of analysis.
[[Page 29437]]
Table 3--Estimated Onboarding Costs for Financial Institutions
[Millions of USD, present value]
----------------------------------------------------------------------------------------------------------------
7% discount rate 3% discount rate
-----------------------------------------------------------------------
Low estimate High estimate Low estimate High estimate
Year -----------------------------------------------------------------------
20 Minutes 40 Minutes 20 Minutes 40 Minutes
additional time additional time additional time additional time
----------------------------------------------------------------------------------------------------------------
1....................................... $44.7 $89.4 $44.7 $89.4
2....................................... 42.3 84.6 43.9 87.9
3....................................... 40.0 80.0 43.2 86.3
4....................................... 37.8 75.7 42.4 84.8
5....................................... 35.8 71.6 41.7 83.3
6....................................... 33.8 67.7 40.9 81.9
7....................................... 32.0 64.0 40.2 80.5
8....................................... 30.3 60.5 39.5 79.1
9....................................... 28.6 57.3 38.8 77.7
10...................................... 27.1 54.2 38.2 76.3
-----------------------------------------------------------------------
Present Value........................... $352.5 $705.0 $413.6 $827.2
----------------------------------------------------------------------------------------------------------------
Source: Treasury Department calculations.
Notes: Year 1 is 2016. Includes annual real wage growth rate based on aggregate intermediate rate in 2015 Social
Security Annual Trustees Report. Mean wage rates is based on BLS Occupational Employment Statistics, May 2014
for New Account Clerks. Based on expectation of 8 million legal entity accounts opened each year.
iii. Revising Policies and Procedures
In order to ensure adherence to the final CDD rule, compliance
officers will have to revise their financial institution's AML program
procedures--for example, account onboarding--that will be affected by
the final rule. In comments submitted regarding the RIA, a major trade
association estimated that this process would require an additional 56
hours of work per financial institution. Multiplying this additional
hours figure by the average wage of compliance officers working in the
relevant industries ($34.03; see footnote 122) by the number of covered
institutions yields a total cost of $55 million for updating compliance
procedures, which is only incurred in the first year.
b. Additional Client Time in New Account Opening Process
Covered institution clients would also incur costs due to the
additional onboarding time resulting from the final rule (for covered
institutions, we gave consideration to this cost above). Based on a
series of telephone conversations with covered institutions and public
comments we received in response to the NPRM and the preliminary
version of the RIA published in December 2015, we estimate client
costs. Our estimates assume the incremental time requirements for
clients opening new legal entity accounts equal the incremental
onboarding time for institutions and are products of the average
additional time required to open an account, an estimate of the number
of new accounts that would be opened, and an estimate of the value of
client time. Also, for the sake of consistency with the computations
for additional onboarding costs for financial institutions, we
necessarily assume that 8 million new legal entity accounts are opened
each year in calculating client costs. We use $22.71 per hour, the
weighted average hourly wage for all employees from the May 2014
National Occupational Employment and Wage Estimates report. Using a
seven-percent discount rate, the present value of the total additional
cost to covered institution clients opening a new account range from
$475 million to $955 million; the analogous figures for a three-percent
discount rate are $560 million and $1.2 billion.
Table 4--Estimated Client Costs
[Millions of USD, present value]
----------------------------------------------------------------------------------------------------------------
7% discount rate 3% discount rate
-----------------------------------------------------------------------
Low estimate High estimate Low estimate High estimate
Year -----------------------------------------------------------------------
20 Minutes 40 Minutes 20 Minutes 40 Minutes
additional time additional time additional time additional time
----------------------------------------------------------------------------------------------------------------
1....................................... $60.6 $121.1 $60.6 $121.1
2....................................... 57.3 114.6 59.5 119.0
3....................................... 54.2 108.3 58.5 116.9
4....................................... 51.2 102.5 57.4 114.9
5....................................... 48.5 96.9 56.4 112.9
6....................................... 45.8 91.7 55.5 110.9
7....................................... 43.3 86.7 54.5 109.0
8....................................... 41.0 82.0 53.5 107.1
9....................................... 38.8 77.6 52.6 105.2
10...................................... 36.7 73.3 51.7 103.3
-----------------------------------------------------------------------
Present Value........................... $477.3 $954.7 $560.1 $1,120.3
----------------------------------------------------------------------------------------------------------------
Source: Treasury Department calculations.
[[Page 29438]]
Notes: Year 1 is 2016. Includes annual real value of time growth rate based on aggregate intermediate real wage
growth rate in 2015 Social Security Annual Trustees Report. Real value of time rate is based on U.S. BLS
Occupational Employment Statistics (2014) weighted average hourly wage rate for all occupations. Based on
expectation of 8 million legal entity accounts opened each year.
4. Qualitative Discussion of Costs
a. Incremental Costs to U.S. Criminal Investigations and the Justice
System
The U.S. Department of the Treasury believes the final rule may
increase costs for Federal financial intelligence and criminal justice
agencies because of the additional resources needed to handle the
potentially increased volume of Suspicious Activity Reports (SARs),
investigations, prosecutions, and incarcerations triggered by the final
rule when adopted. These activities are part of the process of bringing
financial criminals, money launderers, terrorist financiers, and other
national security threats to justice, which confers benefits in the
forms of reduced crime and terrorist financing. We do not attempt to
quantify the scale of changes in these law enforcement activities (and
their associated costs) attributable to implementation of the final
rule, but we describe them briefly in the following sections. As noted
below, even predicting the directions of the changes in law enforcement
activity due to the final rule can be difficult, so any attempt at
estimating magnitudes would be speculative.
i. Suspicious Activity Report Processing
We expect that with adoption of the final rule, SARs filed by
covered financial institutions will be increasingly likely to include
beneficial ownership information for legal entity accounts as, over
time, the share of accounts on which beneficial ownership information
would be gathered at opening rises. This information would speed the
identification of complicit individuals by law enforcement agencies.
The potential effects on the number of SARs filed, and the resulting
Federal resources used for analysis, however, are ambiguous. Of the
SARs currently filed, a significant number involve transactions that
financial institutions deem suspicious because they are executed by or
involve potential shell companies. Any increase in the number of SARs
filed under the final rule would likely be offset by the capacity of
newly collected beneficial ownership data to remove some flagged
transactions from suspicion. The new information would result in some
SARs not being filed that formerly would have been. The number of
initial SAR filings grew from 2010 to 2014, as shown in Table 6. Due to
the uncertainties associated with attributing future changes in SAR
filings to the final CDD rule, we do not estimate the magnitude of this
potential effect.
Table 6--Initital Suspicious Activity Reports (SARs) Filed in the United States by Covered Institutions
[Sums of all reported types of intial SARs]
--------------------------------------------------------------------------------------------------------------------------------------------------------
2010 2011 2012 2013 2014 5 Year average
--------------------------------------------------------------------------------------------------------------------------------------------------------
690,603.................................................. 798,780 842,947 1,000,074 909,371 848,355
--------------------------------------------------------------------------------------------------------------------------------------------------------
Source: FinCEN's System of Record.
Note: Statistics are based on counts of SARs identified as initial filings with filing received dates in the indicated year, as of 10/8/2015.
ii. Investigations
The collection of beneficial ownership information on legal
entities by covered institutions may lead to more Federal
investigations of financial crime and greater expense on such
investigations. Improved access to beneficial ownership information
would facilitate the process of ``following the money trail'' of
affiliated entities and individuals associated with legal entity
accountholders, and may lead to the discovery of previously unknown
linkages to criminal activity. However, accessible beneficial ownership
information would also enable law enforcement agencies to better target
their efforts, which could more than offset the higher resource
requirements by increasing the rate at which investigations result in
prosecutions.
iii. Prosecutions
The final rule may similarly facilitate the identification and
prosecution of the beneficial owners of a legal entity involved in
illicit activity, as well as other key individuals associated with the
legal entity, possibly resulting in more instances where charges are
formally filed (compared to the number of cases brought if the final
rule were not adopted). Growth in prosecution activity would increase
the hours of Federal staff and contractors engaged in this activity.
The availability of beneficial ownership information, had the final
rule been in place, could have assisted in prosecution of several
categories of crime; Table 7 shows the number of prosecutions in each
of those categories for the last five years. Due to the uncertainties
associated with attributing future changes in prosecutions to the final
CDD rule, we do not estimate the magnitude of this potential effect,
but even a hypothetical 1 percent increase on the five-year average of
about 46,000 would raise the number of prosecutions by 460.
Table 7--Federal Prosecutions by Program Category
--------------------------------------------------------------------------------------------------------------------------------------------------------
Program category 2010 2011 2012 2013 2014 5 Year average
--------------------------------------------------------------------------------------------------------------------------------------------------------
Drug Dealing and Possession................. 26,805 28,422 26,858 25,884 21,577 25,909
Government Regulatory....................... 2,974 2,815 2,455 2,728 2,501 2,693
National Internal Security/Terrorism........ 365 319 267 269 212 286
Official Corruption......................... 727 585 633 636 524 621
Organized Crime............................. 572 582 363 390 316 445
Weapons..................................... 7,614 7,465 7,774 7,136 6,632 7,324
White Collar Crime.......................... 9,722 10,162 8,433 8,373 7,864 8,911
-----------------------------------------------------------------------------------------------------------
[[Page 29439]]
Total................................. 48,779 50,350 46,773 45,416 39,626 46,189
--------------------------------------------------------------------------------------------------------------------------------------------------------
Source: TRACFed database.
iv. Incarcerations
If the number of successful prosecutions increased due to the final
rule, we expect that incarceration costs would rise. Increased
incarcerations may incur greater variable costs (such as food,
clothing, and dwellings), and personnel costs at Federal penitentiaries
(guards and other staff, and their workspaces, training, and
equipment). In principle, if incremental incarcerations attributable to
the final rule are substantial enough that one or more new Federal
institutions must be built and put into operation, then costs would
likely rise further.\126\ Table 8 shows the number of prison sentences
during 2010-14 for categories of crime where the availability of
beneficial ownership information could have aided in prosecution. Due
to the uncertainties associated with attributing future changes in
incarcerations to the final CDD rule, we do not estimate the magnitude
of this potential effect, but even a hypothetical 1 percent increase on
the five-year average of roughly 36,000 would raise the number of
incarcerations by 360.
---------------------------------------------------------------------------
\126\ It would be unlikely that prison overpopulation would be
attributable to the proposed rule alone, but we mention this point
for completeness. Currently, the Federal Bureau of Prisons operates
or manages 141 institutions in the United States and the inmate
population totals approximately 194,000. By type of offense, those
potentially affected by the proposed rule may include (percent of
total Federal inmates in parentheses): Banking and insurance,
counterfeiting, and embezzlement (0.3 percent); drug offenses (48.4
percent); extortion, fraud, and bribery (6.3 percent); and national
security (0.0 percent). (According to the data, 76 people are
incarcerated for national security offenses.) Federal Bureau of
Prisons, Inmate Statistics--Offenses, available at http://www.bop.gov/about/statistics/statistics_inmate_offenses.jsp
(accessed October 15, 2015).
Table 8--Sentenced to Prison Term for Federal Crime
--------------------------------------------------------------------------------------------------------------------------------------------------------
Program category 2010 2011 2012 2013 2014 5 Year average
--------------------------------------------------------------------------------------------------------------------------------------------------------
Drug Dealing and Possession................. 21,426 21,686 23,449 21,663 20,990 21,843
Government Regulatory....................... 1,000 1,053 1,065 929 856 981
National Internal Security/Terrorism........ 198 186 154 177 176 178
Official Corruption......................... 357 343 358 339 373 354
Organized Crime............................. 340 367 363 252 248 314
Weapons..................................... 6,594 6,428 6,553 6,311 5,981 6,373
White Collar Crime.......................... 6,211 6,381 5,844 5,444 5,537 5,883
-----------------------------------------------------------------------------------------------------------
Total................................. 36,126 36,444 37,786 35,115 34,161 35,926
--------------------------------------------------------------------------------------------------------------------------------------------------------
Source: TRACFed database.
b. Costs to Covered Institutions
i. Information Technology Upgrades
The final CDD rule will require financial institutions to collect,
house, and retrieve beneficial ownership data for new accountholders,
meaning that the rule would impact financial institutions' IT systems.
Financial institutions either build their IT networks themselves ``in-
house'' or procure these systems from third-party vendors, with which
they sign multiyear service contracts for achieving and maintaining
regulatory compliance. A single vendor likely sells multiple core
platforms, tailored to different types of financial institutions (e.g.,
credit unions instead of banks), to possibly hundreds of financial
institution clients. The vendor will then customize the purchased IT
platform for the individual financial institution.
If a vendor selling the same platform (with individual
customizations) to multiple clients can make all of these IT systems
conform to the final rule by just upgrading the core platform's
software once, then there are economies of scale in producing CDD-
compliant IT systems. In other words, as the vendor sells the compliant
platform to another client, the average cost of achieving compliance
falls for all clients purchasing that platform. This is in contrast to
a situation where the vendor incurs the same additional cost of
upgrading each client's IT system in response to the final rule. In the
presence of economies of scale, the costs incurred in terms of number
of hours of programmer labor to conform to the final rule would be
lower the smaller the number of core platforms used by covered
financial institutions, all else equal. We can think of financial
institutions that build and maintain their networks in-house as vendors
having a single client.
Under standard service contracts with financial institutions,
third-party vendors monitor rules and then implement changes to their
IT systems so that they maintain regulatory compliance on behalf of the
financial institution. During the term of a contract, the vendor
normally bears the cost of the necessary changes to maintain
compliance. In discussions with the Treasury Department, however, some
vendors stated that the CDD rule would be too costly to implement under
the terms of these service contracts and would likely result in
additional charges to their clients. The magnitude of the increase in
IT costs from having to comply with the final rule would also depend in
part on how financial institutions are required to use the collected
beneficial ownership data. For example, merely electronically storing
the information to be turned over to the government upon request would
be less costly than requiring that financial institutions integrate
that information with data from other databases.
Even if we could accurately predict vendors' additional charges to
financial
[[Page 29440]]
institution clients in response to the CDD rule's implementation, these
values would not necessarily represent the full IT-related costs to
society of imposing the CDD rule. In addition to the increased costs in
terms of programmers' hours, vendors also claimed that they would have
to delay the development work for other new initiatives (e.g.,
developing further functionality of existing platforms). In principle,
the full IT-related costs of the CDD rule would equal the value of the
hours of labor that vendors and financial institutions performing IT
service in-house would have to hire in order to both comply with the
rule and not delay any of their other development initiatives.
During the comment period following the release of the NPRM,
financial institutions stated that the IT costs for upgrading existing
systems to comply with the final CDD rule would be large, although they
generally did not cite specific amounts. We were able, however, to
obtain incremental IT cost estimates specific to a few financial
institutions during one-on-one calls. Specifically, one large bank, one
mid-sized bank, and one smaller credit union reported expected IT
upgrade costs of $20 million, $3 million to $5 million, and $50,000 to
$70,000, respectively. Two larger credit unions reported estimated
costs of $23,270 and $11,500. Applying these per-firm data points to
the estimated number of affected banks and non-bank financial
institutions to assess an order-of-magnitude IT cost, Treasury believes
that the actual aggregate IT cost which will likely occur in the first
year of the implementation of the rule may be in low to mid billion
dollars.
The order-of-magnitude assessment of the IT cost should be
understood carefully due to the information deficiencies. FinCEN only
obtained five self-reported IT upgrade costs estimates with broad
ranges. Some of the cost estimates provided seem to be contradictory
since we expect larger firms to incur larger costs. Because of the
small self-selected sample, coupled with unknown data quality
associated with the per-firm cost information, we cannot reasonably
extrapolate these per-firm estimates to the industry as a robust
estimate of cost. We only present these findings to provide the order-
of-magnitude information and to support the case for a breakeven
analysis.
----------------------------------------------------------------------------------------------------------------
Per-firm average Total IT upgrade
Number of banks IT upgrade costs costs for bin ($
Total assets bin or institutions (based on data Million except
received) Total)
----------------------------------------------------------------------------------------------------------------
>$200 billion....................................... 11 $20,000,000 $220
$10 billion-$200 billion............................ 74 3,000,000-5,000,00 222-370
0
$1 billion-$10 billion.............................. 473 11,500-23,270 5-11
<1 billion.......................................... 4,762 50,000-70,000 238-333
Non-bank Institutions (including credit unions)..... 23,496 129,000-176,000 3,030-4,140
-----------------------------------------------------------
Total............................................... 28,816 .................. $ Billions
----------------------------------------------------------------------------------------------------------------
ii. Suspicious Activity Report Generation and Transmittal
When a financial institution detects suspected money laundering or
fraud, its employees must investigate further to determine whether the
activities warrant filing a SAR with FinCEN. In many instances,
financial institutions decide that upon closer inspection the actions
that were initially seen as suspicious do not necessitate filing a SAR.
The presence of these false positives implies that the ultimate number
of SARs filed by a financial institution does not directly correspond
to the labor resources expended on the filing of SARs. In phone
conversations with the Treasury Department, some financial institutions
stated they thought they would detect more suspicious activity under
the final rule, but that this increased detection would not necessarily
lead to more SARs being transmitted. Given the difficulty of
determining how the final rule will affect financial institutions'
labor needs with regard to SAR generation and transmittal, we do not
attempt to quantify this cost.
iii. Internal Control/Compliance
The CDD rule would require additional work for financial
institutions' compliance officers, who ensure that procedures at their
organizations adhere to the rule. According to phone conversations
between financial institutions and the Treasury Department, the process
of ensuring compliance with the CDD rule would take the form of
additional procedures and reviews in audits of work performed. One
financial institution stated that the addition of more audit functions
might eventually necessitate hiring additional compliance staff. Given
the uncertainty regarding how financial institutions would adjust
compliance officer staffing in response to the final CDD rule, we do
not quantify this cost.
iv. Potential Capital Loss (Accounts Moving Abroad) and Forgone Capital
(Accounts Not Opened)
While a prospective study of the European Union's beneficial
ownership disclosure rule \127\ posited that its implementation in 2007
could drive some account holders to relocate their assets to foreign
jurisdictions where the policies do not apply,\128\ that seems unlikely
to occur if the United States implements the CDD rule. The CDD rule
also appears unlikely to trigger a diversion of legal entity accounts
that would have been opened at domestic covered institutions, to be
opened instead at uncovered domestic or foreign financial institutions.
---------------------------------------------------------------------------
\127\ The rule is Directive 2005/60/EC of the European
Parliament and of the Council of October 26, 2005 on the prevention
of the use of the financial system for the purpose of money
laundering and terrorist financing. It required member states to
comply by December 15, 2007.
\128\ Estimated capital loss is derived based on survey
responses. One-third of National Bankers' Associations respondents
agreed that the beneficial disclosure rule could lead to an increase
in capital outflow from the national banking sector (p. 215).
Transcrime. 2007. Cost Benefit Analysis of Transparency Requirements
in the Company/Corporate Field and Banking Sector Relevant for the
Fight Against Money Laundering and Other Financial Crime. A study
financed by the European Commission.
---------------------------------------------------------------------------
The Treasury Department supports the perspective that beneficial
ownership disclosure is unlikely to trigger legitimate transaction
account holder closings or to dissuade legitimate would-be transaction
account holders
[[Page 29441]]
from opening new accounts. This view has a three-part rationale:
(1) First, most businesses operating in the United States would
have difficulty conducting basic functions (e.g., accepting receivables
and paying invoices) without a transaction account at a domestic
bank.\129\
---------------------------------------------------------------------------
\129\ Some commenters stated that with regard to certain
specialized credit products, the beneficial ownership requirement
would be likely to cause businesses to utilize uncovered
competitors. Because FinCEN views such products as low risk for
money laundering or terrorist financing, they have been exempted
from the beneficial ownership requirement, subject to the
satisfaction of certain conditions.
---------------------------------------------------------------------------
(2) Second, Financial Action Task Force (FATF) recommendations call
for all member countries to require domestic financial institutions to
conduct customer due diligence, and for their law enforcement agencies
to cooperate with other member country enforcement agencies, which
includes U.S. law enforcement. Unlike the situation at the time of the
2007 EU study referred to above, the majority of FATF members (as well
as many other jurisdictions) are now in compliance with the FATF
customer due diligence standards; as a result of which there are few
safe havens in the world (not just advanced economies) where financial
institutions are not required to obtain beneficial ownership
information about legal entities when they open an account.
(3) Third, the Financial Account Tax Compliance Act (FATCA)
requires foreign financial institutions to report to the IRS
identifying and income information on accounts held by U.S.
taxpayers.\130\ FATCA's requirements apply to all financial
institutions worldwide; the United States has negotiated
intergovernmental agreements with 112 jurisdictions to implement FATCA,
and financial institutions in jurisdictions without intergovernmental
agreements are still subject to FATCA's reporting requirements. Because
legal entities opening an account in any of these 112 foreign
jurisdictions would be required to disclose U.S. beneficial ownership
information, opening a bank account outside the United States would
offer no material advantage, in terms of concealing of beneficial
ownership information, versus opening an account in the United States.
---------------------------------------------------------------------------
\130\ Or certain foreign entities in which U.S. taxpayers are
considered either ``substantial U.S. owners,'' defined as having a
10 percent or greater ownership stake in the entity, or, for
financial institutions in jurisdictions with an intergovernmental
agreement, ``controlling persons,'' defined in accordance with the
FATF recommendations as the natural persons who exercise control
over the entity.
---------------------------------------------------------------------------
c. Increased Costs Associated With Non-Criminal Activities \131\
---------------------------------------------------------------------------
\131\ These costs would be over and above any incremental
compliance costs of the CDD rule passed on to clients by financial
institutions.
---------------------------------------------------------------------------
i. Reduced Privacy
We expect financial institution clients would experience minimal
costs with regard to the loss of privacy. Some costs arise because the
disclosure of beneficial ownership information may require the legal
entity to reveal previously undisclosed information, which is not
required in any State at the time of the legal entity's formation. As
such, it is likely that many entities would report some previously
undisclosed beneficial ownership information.
While findings of academic research may not strictly apply in the
context of this rule because disclosure would be legally required, that
research suggests that when individuals self-disclose personal
information, they do so after weighing the expected benefits and any
negative consequences.\132\ Individuals tend to readily disclose
biographical information in exchange for small (and often non-
financial) benefits.\133\ The willingness of individuals to share
information with organizations increases if they trust the
organization's ability to store and use that information
responsibly.\134\ Because the quantity of beneficial ownership
information is small and its dissemination would be limited to the
financial institution (or law enforcement pursuant to legal process),
we expect the cost to law-abiding individuals of disclosing private
information to be quite low.
---------------------------------------------------------------------------
\132\ Varian, Hal. ``Economic Aspects of Personal Privacy,'' In
Internet Policy and Economics, edited by W.H. Lehr and L.M. Pupillo,
101-109. New York: Springer, 2009. See also: Hann, Il-Horn; Kai-Lung
Hui, Tom Lee, and I Png. ``Online Information Privacy: Measuring the
Cost-Benefit Trade-Off.'' ICIS 2002 Proceedings, Paper 1 (2002).
\133\ Grossklags, Jens, and Alessandro Acquisti. ``What Can
Behavioral Economics Teach Us about Privacy?'' In Digital Privacy:
Theory, Technologies, and Practices, edited by Acquisti, Alessandro,
Stefanos Gritzalis, Costas Lambrinoudakis, and Sabrina De Capitani
di Vimercati, 363-377. Boca Raton: Auerbach Publications, 2008.
\134\ Dinev, Tamara and Paul Hart. ``An Extended Privacy
Calculus Model for E-Commerce Transactions.'' Information Systems
Research 17, no. 1 (2006): 61-80. This study pre-dates the major IT
data breaches at large firms and government institutions that have
occurred in recent years.
---------------------------------------------------------------------------
By contrast, we expect financial criminals would bear much higher
costs of revealing previously private beneficial ownership information,
as the consequences of disclosure could include denial of services by
the financial institutions, asset forfeiture, or prosecution and
incarceration. Since the expressed intent of the final rule is to
increase the costs of criminal activity, this variation in the cost of
privacy loss is consistent with the intended effect of the final rule.
We do not attempt to estimate the value of privacy loss.
ii. Potential Impact on Clients, Including Access to Banking for the
Unbanked
The ``unbanked'' population in the United States stood at 7.7
percent of all households in 2013, according to a Federal Deposit
Insurance Corporation (FDIC) survey.\135\ Unbanked households do not
have an account at an insured financial institution. We see value in
developing a financial system whereby ``. . . banks effectively serve
the broadest possible set of consumers.''
---------------------------------------------------------------------------
\135\ Federal Deposit Insurance Corporation. 2014. 2013 FDIC
National Survey of Unbanked and Underbanked Households.
---------------------------------------------------------------------------
If compliance costs faced by financial institutions are passed
through to their clients (for example, through increased minimum
deposit levels and/or higher fees), this theoretically could raise
clients' barriers to entry, and may price some consumers out of
participating in the banking system.\136\ However, we find no
literature estimating the potential impact of AML/CFT on the unbanked
population in the United States, and we do not attempt to quantify its
magnitude. Nonetheless, we reason that since the costs incurred by
financial institutions from the final rule appear to be relatively
modest, and the passed-through costs would be spread across a broad
client base, we expect the marginal effect on unbanked groups would
likely be small.
---------------------------------------------------------------------------
\136\ Reuter, Peter, and Edwin Truman. Chasing Dirty Money:
Progress on Anti-Money Laundering. Washington: Peterson Institute,
2004.
---------------------------------------------------------------------------
5. Qualitative Discussion of the Benefits
a. Reduced Crimes and Terrorist Activity
The primary purpose of this final rule is to reduce illicit
activity. Yet credible quantitative estimates of how the CDD rule would
affect these outcomes, on which the benefit calculation in the cost-
benefit analysis would be based, do not exist, for the reasons
discussed above. Therefore, this analysis provides a qualitative
assessment of potential reductions in illicit activity based on
relevant literature.
The National Money Laundering Risk Assessment 2015 estimated the
annual volume of money laundering in the United States at $300 billion.
The same source notes that one of the key vulnerabilities exploited by
money
[[Page 29442]]
launderers is ``creating legal entities without accurate information
about the identity of the beneficial owner.'' \137\ The report suggests
that the ease of concealment plays a primary role in the execution of
many financial crimes.\138\ Therefore, the beneficial ownership
disclosure requirement in this final rule would likely have a
mitigating effect on a large share of financial crime in the United
States.
---------------------------------------------------------------------------
\137\ U.S. Department of the Treasury. Office of Terrorism and
Financial Intelligence. 2015. National Money Laundering Risk
Assessment.
\138\ U.S. Department of the Treasury concludes that, ``The
potential for anonymity in financial transactions underlies most of
the vulnerabilities in this risk assessment.'' See U.S. Department
of the Treasury. Office of Terrorism and Financial Intelligence.
2015. National Money Laundering Risk Assessment.
---------------------------------------------------------------------------
In the absence of direct empirical estimates on the link between
AML/CFT policy and illicit activity, we refer to the literature on the
economics of crime. This body of work, pioneered by Nobel laureate Gary
Becker, assumes criminals make rational decisions based on their
expected costs and benefits of committing crime.\139\ In Becker's
approach, an individual's decision to commit a criminal offense is a
function of the income associated with getting away with the crime, the
probability of conviction, the punishment if convicted, and earnings
from legitimate work. A rational individual chooses to commit a crime
when it yields higher expected wellbeing (accounting for risk of
conviction and the associated punishment) than does time spent in
legitimate employment.
---------------------------------------------------------------------------
\139\ See Becker, Gary, ``Crime and Punishment: an Economic
Analysis.'' Journal of Political Economy 78 (1968). 169-217.
---------------------------------------------------------------------------
Applying Becker's model to criminals allows us to evaluate how the
new policy would affect the level of illicit activity. By revealing
more criminals' identities and therefore facilitating the linkage of
criminal acts to perpetrators by financial intelligence and law
enforcement, the CDD rule would increase the probability of conviction.
Therefore, in the context of Becker's model, we expect that the CDD
rule would reduce the level of illicit activity. Subsequent
incarceration would render these criminals unable to engage in illicit
activity while serving their sentences, a phenomenon known as the
``incapacitation effect.'' Higher rates of apprehension and conviction
may also deter potential criminals from committing crime. The large
empirical literature on the economics of crime shows convincing
evidence that higher probabilities of apprehension and conviction
(usually in the form of stronger police presence) tend to reduce crime
rates through some combination of incapacitation and deterrence.\140\
---------------------------------------------------------------------------
\140\ See, for example, Chalfin, Aaron and Justin McCrary,
``Criminal Deterrence: A Review of the Literature,'' Paper prepared
for the Journal of Economic Literature (2015). See also Nagin,
Daniel, ``Deterrence: A Review of the Evidence by a Criminologist
for Economists.'' Annual Review of Economics 5 (2013): 83-105.
---------------------------------------------------------------------------
In principle, criminals could respond by attempting to move their
accounts to those countries that still have not adopted beneficial
ownership identification and verification, although we consider this to
be unlikely, because most of the world's countries already require
financial institutions to collect and verify beneficial ownership of
legal entity account holders. Criminals could theoretically also reduce
their beneficial ownership shares below the disclosure threshold; we
also view this response as unlikely, because of the practical
difficulties criminals would face laundering money through a vehicle in
which they hold only a minority stake. Those criminals may incur the
costs of taking those steps, and perhaps ongoing costs in the form of
using less convenient and costlier financial services. Combined, these
higher costs would reduce the expected returns to crime, which we
anticipate would therefore lower financial crime rates.
In order to compute the benefit of reduced crime from the CDD rule,
we would need to know both the causal negative effect of the CDD rule
on the level of illicit activity (discussed above) and the costs
imposed on society by the illicit activity that would not occur in the
presence of the rule. Enumerating these costs is not as straightforward
as it might appear, so we follow the cost-of-crime literature in
distinguishing between ``social costs'' and ``external costs'' of crime
in order to be more precise regarding the potential benefits of the
final rule.\141\ External costs are those that are involuntarily
imposed on one individual (the victim) by another individual (the
offender). In the case of an automobile theft, for example, the
external costs could include the resale value of the vehicle, the value
of items in the vehicle at the time of theft, the value of the victim's
time spent dealing with the aftermath of the crime, and any
psychological pain and suffering experienced by the victim. Yet whether
the perpetrator keeps or sells the vehicle and the items therein, these
are still available for use by someone in society and can be thought of
as transfers from one individual to another. Therefore one could reason
that, unlike the victim's pain and suffering and lost time--losses
which are not offset by gains to someone else--the value of stolen
goods (or money) does not represent a social cost.\142\ This view is
equivalent to the inclusion of perpetrators' wellbeing in overall
social welfare, for example, when evaluating a crime-reducing policy.
As a recent survey points out, however, ``[i]n practice, researchers
have generally adopted the perspective that an offender's utility ought
not to count as part of society's social welfare function.'' \143\ We
too adopt this approach in the RIA, using external costs as the
relevant concept for the cost of crime, meaning that any reduction in
funds involuntarily transferred from victim to offender would
constitute a benefit of the CDD rule.
---------------------------------------------------------------------------
\141\ The descriptions and examples of social and external costs
in this section closely follow the discussions in Chalfin, Aaron.
``The Economic Cost of Crime.'' Working paper, University of
Cincinnati (2013). and Cohen, Mark A. ``Measuring the Costs and
Benefits of Crime and Justice.'' Criminal Justice 4 (2000): 263-315.
\142\ Note that the social costs of crime are not a subset of
the external costs. Social costs of crime can also include any
resources devoted to crime prevention by the public sector or
private citizens that could be more productively put to other uses
and diminished economic opportunity in high crime areas where
businesses choose not to locate.
\143\ See page 5 of Chalfin, Aaron. ``The Economic Cost of
Crime.'' Working paper, University of Cincinnati (2013). and
articles cited within for additional perspectives.
---------------------------------------------------------------------------
A complete accounting of the value of reduced crime and terrorist
financing would include the full value of harm to victims averted by
the reduction in these activities. In addition to tangible costs such
as financial losses (which, given the adoption of external costs in our
approach, would not be balanced by gains to criminals), research on the
costs of crime finds intangible losses, including pain, suffering, and
reduced quality of life, associated with criminal activity. Button et
al. (2014) interviewed over 700 victims of financial fraud in London.
Among the effects reported by victims as important were ``depression or
a mental disorder'' (7 percent), ``psychological/emotional feelings,
loss of trust, and so on'' (37 percent), stress (44 percent), and anger
(68 percent).\144\ A national study of financial fraud in the United
States by the National Institute of Justice found that 14 percent of
fraud victims reported suffering health or emotional problems related
directly to their victimization.\145\ However, we find no empirical
estimates of the psychological costs of crime. Many studies of the
costs of
[[Page 29443]]
crime do not fully consider the psychological impact on its
victims,\146\ and therefore, the true economic value of averted crime
may exceed estimates derived from published studies of the costs of
crime.
---------------------------------------------------------------------------
\144\ Button, Mark, Chris Lewis, and Jacki Tapley. ``Not a
Victimless Crime: the Impact of Fraud on Individual Victims and
their Families.'' Security Journal 27, no. 1 (2014): 36-54.
\145\ Titus, Richard, Fred Heinzelmann, and John Boyle. ``The
Anatomy of Fraud: Report of a Nationwide Survey.'' National
Institute of Justice Journal (1995): 28-34.
\146\ McCollister, Kathryn, Michael French, and Hai Fang. ``The
Cost of Crime to Society: New Crime-Specific Estimates for Policy
and Program Evaluation.'' Drug and Alcohol Dependence 108 (2010):
98-109.
---------------------------------------------------------------------------
b. Law Enforcement Benefits
i. Reduced Cost of Beneficial Ownership Searches
A direct benefit of the final rule would be the reduction in the
cost to law enforcement agencies of obtaining beneficial ownership
information. The current system generally requires Federal
investigators to expend resources in search of beneficial ownership
information when conditions warrant it. Adoption of the final rule
would reduce law enforcement agencies' search costs because the
information would be collected by covered financial institutions for
new legal entity accounts and become more readily accessible to law
enforcement agency investigators with a subpoena. In addition, SARs
filed by the institutions would be increasingly likely to include
beneficial ownership information, making it readily available to
Federal authorities. We do not attempt to estimate the value of this
potential benefit, but we expect it to grow over time, as the share of
accounts whose beneficial ownership is disclosed gradually rises.\147\
---------------------------------------------------------------------------
\147\ We expect this gradual increase in the share of accounts
with disclosed beneficial ownership because only new legal entity
accounts would require this information under the proposed rule.
---------------------------------------------------------------------------
6. Transfers
In the next two sections, we identify a few potential effects that
do not conform to strictly-defined costs or benefits to society, but
may have impacts on selected stakeholders. These effects are not
included as costs or benefits.
a. Lost Tax Revenue Due to Capital Loss (Accounts Moving Abroad)
To the extent that financial accounts at covered institutions
generate taxable income and that the decision to open these accounts is
sensitive to the collection of beneficial ownership information, the
final CDD rule has the potential to eliminate tax revenue that would
otherwise be collected. However, from our perspective, beneficial
ownership disclosure would have a negligible effect on the number of
legal entity accounts because legal entities in the United States
generally require bank accounts to operate their businesses. In
addition, the vast majority of the world's countries require financial
institutions to collect and verify beneficial ownership of legal entity
accountholders. As a result, there are few safe havens in the world
that permit financial institutions to open an account for a legal
entity and not obtain the entity's beneficial ownership. (See
discussion in section 4.b.iv.)
b. Increased Asset Recovery
To the extent that the number of successful prosecutions increases
due to the final rule, we expect that the recovery of assets by Federal
authorities would rise. We would consider any increase in assets
recovered due to the final rule as transfers. Table 5 shows that the
value of assets forfeited to the U.S. Department of Justice Forfeiture
Fund has exceeded $1.5 billion every year from 2010 to 2014 and has
exceeded $4 billion in two of those years,\148\ and that the value of
assets forfeited to the U.S. Department of the Treasury Forfeiture Fund
has been greater than $500 million in every year over the same
period.\149\ Due to the uncertainties associated with attributing
future changes in asset recovery to the final CDD rule, we do not
estimate the magnitude of this potential effect, but even a
hypothetical 5 percent increase on the five-year average of $2.9
billion for the DOJ forfeitures alone would exceed $145 million in
additional assets recovered.
---------------------------------------------------------------------------
\148\ Based on statistics from the DOJ Asset Forfeiture Program.
The DOJ Asset Forfeiture Program Web page lists the following
participating institutions. DOJ institutions: The Asset Forfeiture
and Money Laundering Section of the Criminal Division; Bureau of
Alcohol, Tobacco, Firearms, and Explosives; Drug Enforcement
Administration; Federal Bureau of Investigation; U.S. Marshals
Service; U.S. Attorneys' Offices; and Asset Forfeitures Management
Staff. Institutions from other U.S. Government agencies include:
U.S. Postal Inspection Service; Food and Drug Administration; U.S.
Department of Agriculture, Office of the Inspector General;
Department of State, Bureau of Diplomatic Security; and Defense
Criminal Investigative Service. Source: U.S. Department of Justice.
2015. Participants and Roles. http://www.justice.gov/afp/participants-and-roles (accessed September 14, 2015).
\149\ Participating agencies include IRS Criminal Investigations
Division, U.S. Immigration and Customs Enforcement, U.S. Customs and
Border Protection, U.S. Secret Service, and U.S. Coast Guard.
Source: U.S. Department of the Treasury. 2015. Terrorism and
Financial Intelligence. http://www.treasury.gov/about/organizational-structure/offices/Pages/The-Executive-Office-for-Asset-Forfeiture.aspx (accessed October 8, 2015).
Table 5--Assets of Department of Justice Forfeiture Fund and Seized Assets Deposits Fund and Treasury Forfeiture Fund
[U.S. Department of Justice, U.S. Department of the Treasury]
[Millions of nominal USD]
--------------------------------------------------------------------------------------------------------------------------------------------------------
2010 2011 2012 2013 2014 5 Year average
--------------------------------------------------------------------------------------------------------------------------------------------------------
Forfeited to Department of Justice:
$1,947.................................................... $1,617 $4,453 $2,148 $4,551 $2,943
Forfeited to Treasury:
1,142..................................................... 929 523 1,713 784 1,018
--------------------------------------------------------------------------------------------------------------------------------------------------------
Sources: U.S. Department of Justice, Assets Forfeiture Program. Annual Reports to Congress (eds. 2004-2014). Adapted from ``Assets Forfeiture Fund and
Seized Assets Deposits Fund--Method of Disposition of Forfeited Property'' tables. http://www.justice.gov/afp/reports-congress, accessed October 8,
2015. Treasury Executive Office for Asset Forfeiture.
Note: Current year revenue includes direct revenue and reverse asset sharing.
c. Potential Increased Tax Revenue Through Improved Tax Compliance
According to the U.S. Department of the Treasury, the collection of
beneficial ownership information by covered financial institutions for
their domestic legal entity accounts would result in new information
being available to the IRS during audits and investigations into civil
and criminal tax noncompliance. Ready access to account beneficial
ownership information from covered financial institutions would help
the IRS determine whether beneficial owners are accurately reporting
income from entities. Moreover, IRS access to this information would
increase incentives
[[Page 29444]]
for voluntary tax compliance by beneficial owners of the accounts. Any
increased tax revenue would be considered a transfer.
7. Reputational Effects
a. Reputational Effects of Meeting International Policy Standards
FATF has set international standards to enhance the collective
effort to combat money laundering and terrorist financing. Widespread
adoption of such international standards can raise the cost of crime,
by limiting criminals' choices of where they can obtain accounts, and
eliminate ``safe havens'' for financial criminals seeking jurisdictions
with less rigorous laws or enforcement.
Recent reviews of U.S. compliance with international AML/CFT
standards have criticized the incomplete adoption of the customer due
diligence framework. The 2006 FATF Mutual Evaluation Report (MER) found
that the United States had implemented an AML/CFT system that was
broadly consistent with the international standard. However, the report
noted shortcomings related to CDD in the U.S. framework, and rated it
only ``partially compliant'' with the CDD recommendation, a significant
reason being the lack of an explicit beneficial ownership
identification requirement.\150\ The International Monetary Fund (IMF)
in 2010 found the United States had made ``limited progress'' since
2006 in strengthening requirements on identifying beneficial owners of
accounts.\151\ In its 2015 Financial Sector Assessment of the United
States, the IMF acknowledged U.S. efforts in addressing deficiencies
identified in the 2006 FATF MER, but cited a lack of substantive policy
progress by the end of its research mission in June 2015.\152\
---------------------------------------------------------------------------
\150\ Financial Action Task Force. 2006. Summary of the Third
Mutual Evaluation Report on Anti-Money Laundering and Combating the
Financing of Terrorism, United States of America. FATF is performing
its mutual evaluation of the United States, to be completed in
October 2016.
\151\ International Monetary Fund. IMF Country Report No. 10/
253. 2010. United States: Publication of Financial Sector Assessment
Program Documentation--Technical Note on Anti-Money Laundering/
Combating the Financing of Terrorism.
\152\ International Monetary Fund. IMF Country Report No. 15/
174. 2015. United States Financial Sector Assessment Program: Anti-
Money Laundering and Combating the Financing of Terrorism (AML/
CFT)--Technical Note.
---------------------------------------------------------------------------
The U.S. government responded to the 2006 FATF Report by committing
to strengthen customer due diligence standards. In 2013, the U.S. G-8
Action Plan for Transparency of Company Ownership and Control committed
to clarifying and strengthening customer due diligence standards for
U.S. financial institutions.\153\ In October 2015, the U.S. G-20 Action
Plan notes its engagement in developing a customer due diligence rule
with required beneficial ownership disclosure for financial
institutions.\154\
---------------------------------------------------------------------------
\153\ The White House. Office of the Press Secretary. 2013.
United States G-8 Action Plan for Transparency of Company Ownership
and Control. https://www.whitehouse.gov/the-press-office/2013/06/18/united-states-g-8-action-plan-transparency-company-ownership-and-control (accessed October 8, 2015).
\154\ The White House, The U.S. Action Plan to Implement the G-
20 High Level Principles on Beneficial Ownership, https://www.whitehouse.gov/blog/2015/10/16/us-action-plan-implement-g-20-high-level-principles-beneficial-ownership.
---------------------------------------------------------------------------
Implementing the CDD rule would advance compliance by the United
States with the FATF CDD standards and fulfill outstanding public
commitments. It would further enable the United States to demonstrate
progress at the FATF, and at other international bodies, and
bilaterally to encourage other jurisdictions to comply with the FATF
standards and avoid accusations of hypocrisy due to its own lack of
compliance. We do not attempt to quantify or monetize the magnitude of
this potential reputational effect, given the intangible nature of
reputational effects, but assess it to be significant. The United
States, which is generally considered a global leader in combating
money laundering and terrorist financing, is currently one of a very
small number of FATF members that are not in compliance with its core
standard requiring that financial institutions identify and verify the
identity of the beneficial owners of legal entity accounts. We assess
that this lack of full compliance with the standard with which the vast
majority of the rest of the world complies, undermines U.S. leadership
on illicit finance issues.
b. Reputational Effects on Financial Institutions
We believe the proposed CDD rule is unlikely to provide appreciable
reputational effects on covered financial institutions. Our reasoning
is as follows. Client confidence in financial institutions is a
necessary component of an effective financial system.\155\ Depositors
trust institutions to safeguard deposits, provide fund withdrawals upon
request, and meet regulatory and prudential requirements.
---------------------------------------------------------------------------
\155\ International Monetary Fund. Departments of Exchange
Affairs, Policy Development, and Review. 2001. Financial System
Abuse, Financial Crime, and Money Laundering--Background Paper.
---------------------------------------------------------------------------
In principle, financial institutions that maintain full compliance
with AML/CFT regulations, including the final rule, may be viewed as
less risky by clients and investors, at least when compared to non-
complying institutions. However, compliance with the CDD rule would
likely do little to distinguish any particular financial institution
from its peers, since all covered institutions would be subject to the
same requirement, and compliance is expected to be universal.
Therefore, in this context, we believe any potential reputational
effect to institutions that comply with the rule would be negligible.
8. Breakeven Analysis and Conclusion
Ideally, a cost-benefit analysis quantifies all benefits and costs,
converts them to present value, and then assesses whether the present
value of benefits exceeds the present value of costs. However, it is
not uncommon for a rule to generate benefits and costs that cannot be
fully quantified, in which case alternative methods can be used to
assess the rule.\156\ When such unquantifiable benefits and costs are
likely to be important, one should carry out a ``threshold,'' or
``breakeven'' analysis to evaluate their significance.\157\ Such an
analysis asks how large the present value of benefits has to be so that
it is just equal to the present value of costs.\158\ A credible claim
that a rule change would generate a discounted stream of benefits equal
to or greater than this breakeven level supports the argument that a
rule should be adopted.\159\ As we described at length above, we expect
there to be significant but unquantifiable benefits to this rule,
necessitating the use of a breakeven analysis. This analysis presents a
range of costs, including the primary quantified costs and the order-
of-magnitude IT cost assessment with an upper bound of $10 billion for
the cost of implementing the rule, which thus determines the threshold
that the benefits would need to meet for the rule to generate a net
benefit to society.
[[Page 29445]]
Given that the upper bound for costs used in the breakeven analysis is
high, the breakeven analysis is therefore very conservative in
specifying how effective the CDD rule would have to be in order to
justify its costs.
---------------------------------------------------------------------------
\156\ For a discussion of this situation, along with many
examples of proposed Federal regulations affected by it, see
Sunstein, Cass. ``The Limits of Quantification.'' California Law
Review 102, no. 6 (2014): 1369-1422.
\157\ See pages 2 and 10 of OMB Circular A-4. 2003.
\158\ For examples of regulatory analyses of past rules that
relied on breakeven analysis, see Customs and Border Protection,
Department of Homeland Security, ``Importer Security Filings and
Additional Carrier Requirements,'' 73 FR 71730 (November 25, 2008),
and Customs and Border Protection, Department of Homeland Security,
``Advance Electronic Transmission of Passenger and Crew Member
Manifests for Commercial Aircraft and Vessels,'' 72 FR 48320 (August
23, 2007).
\159\ In performing the breakeven analysis, we discount future
cash flows using the seven-percent discount rate.
---------------------------------------------------------------------------
As mentioned in the first section of the RIA, $300 billion in
illicit proceeds are generated annually in the United States according
to the Treasury Department's 2015 National Money Laundering Risk
Assessment.\160\ To the extent that this figure represents funds
involuntarily transferred from victims to offenders, the $300 billion
represents a portion of the total external costs imposed by the illicit
activity.\161\ The final CDD rule intends to diminish the volume of
such illegally generated funds, where any reduction represents the
``reduced crime'' portion of the unquantified ``reduced crime and
terrorist activity'' benefit described earlier. Any reduction of the
$300 billion figure is a lower bound for the final rule's actual
benefit, given the reliance on saved external costs as the relevant
concept (i.e., this does not reflect the value of individuals' lost
time in the aftermath of being victimized by financial crime or their
psychological suffering, among many other costs).\162\ Note that this
benefit is also a lower bound because it does not include the other
qualitative benefits (besides reduced terrorist activity) discussed in
the RIA.
---------------------------------------------------------------------------
\160\ See footnote 106.
\161\ This is plausible for proceeds not due to illicit drug
sales (representing approximately 22 percent of the total in the
United States according to United Nations Office on Drugs and Crime
estimates for 2010; we assume that this is also the case for 2015
and subsequent years), which are mostly attributable to fraud. This
distinction matters because individuals who buy and sell illicit
drugs presumably enter into individual transactions voluntarily. See
footnote 5 for a discussion of the circumstances under which the
inclusion of proceeds from illicit drug sales is justified in
computing the benefits to society of reduced crime.
\162\ For additional discussion of the importance of non-
pecuniary costs (including, but not limited to, victims' pain and
suffering, and the cost of risk of death from violent acts that
complement illicit activity) in the overall cost of crime to
society, see pages 3558-3560 of Freeman, Richard. ``The Economics of
Crime,'' In Handbook of Labor Economics, edited by Orley Ashenfelter
and David Card, 3530-3563. New York: Elsevier, 1999.
---------------------------------------------------------------------------
In terms of costs, IT upgrades represent the largest of the
qualitative costs examined in the RIA. In both public comments on the
NPRM and follow-up calls with individual commenters, financial
institutions emphasized that the rule would impose large IT upgrade
costs. In the breakeven analysis to follow, we present both the primary
quantified costs and the order-of-magnitude IT costs, setting aside all
other unquantified costs because we believe these other costs are
likely to be comparatively small. For example, as noted earlier, it is
very unclear whether law enforcement activity (and the associated
costs) would increase or decrease because of the rule.\163\ Similar
arguments can be made about financial institutions' costs for
generating and submitting SARs. Regarding the financial institutions'
capital loss from accounts closing or never being opened, the
respective sections of the RIA go into some detail on why these costs
would likely be negligible. Finally, earlier sections of the RIA also
explain why the unquantified costs to clients may be low.
---------------------------------------------------------------------------
\163\ Note that the CDD rule could lead to lower levels of
illicit activity without any increase in law enforcement activity
(even without a change in incarcerations, meaning the change in
illicit activity would occur exclusively via the deterrence effect)
if the rule allows the same resources to be deployed more
effectively in investigations and prosecutions.
[GRAPHIC] [TIFF OMITTED] TR11MY16.020
In summary, in this RIA, the major benefit that remains
unquantified is the reduction in crime and terrorist activity, and the
costs include costs associated with training, onboarding, compliance
and entity burdens, the order-of-magnitude assessment of the IT
upgrades as well as other qualitative costs. By including an order-of-
magnitude assessment with the other quantified costs, we can determine
the threshold level of the benefit that would
[[Page 29446]]
make the rule's adoption worthwhile. Figure 1 graphs the threshold
reduction in annual illicit activity that would be needed to justify
different levels of total costs for different definitions of illicit
activity (i.e., whether including illicit drug sales or
not).164 165 Given the assumed path of illicit activity
during 2016-2025, percent reductions in illicit proceeds in each year
equal to those in Figure 1 would yield a stream of benefits having
present values equal to the present value of costs.
---------------------------------------------------------------------------
\164\ Quantified costs are assumed to be constant as IT costs
change (meaning that a $1 increase in IT costs raises total costs by
$1) so the breakeven functions are able to take into account all
costs while only being graphed for different levels of IT costs.
\165\ To generate the profile of illicit proceeds during the
2016-2025 time horizon, we start with the 2015 levels (listed in
Figure 1) and then assume that the amount of illicit activity as a
proportion of the real economy will remain constant (for the year-
over-year real GDP growth rates used, see Table 2-1 of OMB. Fiscal
Year 2016 Analytical Perspectives of the U.S. Government. 2015.).
This means that illicit proceeds are always equal to the same
percent of production in the economy, but given that the real
economy is growing, illicit proceeds must grow as well to account
for that same proportional amount. For instance, real illicit
proceeds (including from illicit drug sales) are assumed to be $309
billion and almost $383 billion in 2016 and 2025, respectively.
---------------------------------------------------------------------------
The key conclusion from Figure 1 is that a reduction in annual
illicit activity (measured by dollars of real proceeds) of just 0.6
percent or 0.47 percent (depending on whether proceeds from drug sales
are included or not) or approximately $1.45 billion in 2016, at the
upper bound of IT costs, would mean that the CDD rule's benefits would
outweigh its costs.\166\ We are presenting two cost scenarios in this
breakeven analysis. We recognize that the order-of-magnitude IT cost
analysis is not of sufficient quality to be added to the primary cost
analysis. However for the purposes of this breakeven analysis, we
believe including the IT cost would present a conservative scenario
where the CDD rule would only need to generate a very modest relative
decrease in real illicit activity to justify the costs it would impose
with an upper bound of $10 billion. The Treasury Department thus
believes that the final rule will achieve a reduction in illicit
activity that would more than offset the burdens it would place on
government, financial institutions, clients, and other parts of
society.
---------------------------------------------------------------------------
\166\ To be exact, these are real IT costs incurred during the
10-year time horizon, the present value of which implies very little
about how these real costs are distributed across the 10 years.
---------------------------------------------------------------------------
We conclude that illicit activity would only have to decrease by
0.12% to 0.6% to offset the costs of the rule. Because of the modest
magnitude of the reduction, we believe that this rule would be
beneficial to society at large.
C. Final Regulatory Flexibility Act Analysis
When an agency issues a rule proposal, the Regulatory Flexibility
Act (RFA) requires the agency to either provide an Initial Regulatory
Flexibility Analysis or, in lieu of preparing an analysis, to certify
that the proposed rule is not expected to have a significant economic
impact on a substantial number of small entities.\167\ When FinCEN
issued its NPRM,\168\ FinCEN believed that the proposed rule would not
have a significant economic impact on a substantial number of small
entities, and certified that it would not.\169\ Because numerous
commenters to the NPRM asserted that the proposed rule would be more
costly to implement than estimated by FinCEN, FinCEN prepared and made
available on December 24, 2015 an Initial Regulatory Flexibility
Analysis (IRFA), along with a preliminary RIA in which it specifically
solicited comment, including from small entities, on whether the
proposed rule would have a significant economic impact on a substantial
number of small entities. FinCEN received a total of 38 comments,
including four from small entities (as well as several from
associations representing small entities); a discussion of all the
comments is set forth above.
---------------------------------------------------------------------------
\167\ 5 U.S.C. 601-612.
\168\ 79 FR 45151 (Aug. 4, 2014).
\169\ 79 FR 45151, 45168-45169.
---------------------------------------------------------------------------
The RFA requires each Final Regulatory Flexibility Analysis to
contain:
A succinct statement of the need for, and objectives of,
the rule;
A summary of the significant issues raised by the public
comments in response to the IRFA, a summary of the assessment of the
agency of such issues, and a statement of any changes made in the
proposed rule as a result of such comments;
A description of and an estimate of the number of small
entities to which the proposed rule would apply;
A description of the projected reporting, recordkeeping,
and other compliance requirements of the proposed rule, including an
estimate of the classes of small entities which will be subject to the
requirement and the type of professional skills necessary for the
preparation of the report or record; and
A description of the steps the agency has taken to
minimize the significant economic impact on small entities consistent
with the stated objectives of applicable statutes, including a
statement of the factual, policy, and legal reasons for selecting the
alternative adopted in the final rule and why each one of the other
significant alternatives to the rule considered by the agency which
affect the impact on small entities was rejected.
1. Statement of the Reasons For, and Objectives of, the Rule
FinCEN is adopting the final rule because it has determined that
more explicit rules for covered financial institutions \170\ are needed
to clarify and strengthen CDD within the BSA regime, in order to
enhance transparency and help safeguard the financial system against
illicit use. The CDD rule will advance the purposes of the BSA by (i)
enhancing the availability of beneficial ownership information to law
enforcement, Federal functional regulators, and SROs; (ii) increasing
the ability of financial institutions, law enforcement, and the
intelligence community to identify the assets and accounts of terrorist
organizations, drug kingpins, and financial criminals; (iii) helping
financial institutions to assess and mitigate risk and comply with
existing BSA and related authorities; (iv) facilitating reporting and
investigations in support of tax compliance, and advancing commitments
made in connection with the Foreign Account Tax Compliance Act; and (v)
promoting consistency in implementing and enforcing CDD regulatory
expectations across and within financial sectors.
---------------------------------------------------------------------------
\170\ Defined to include federally regulated banks, brokers and
dealers in securities, mutual funds, and futures commission
merchants and introducing brokers in commodities.
---------------------------------------------------------------------------
2. A Summary of the Significant Issues Raised by the Public Comments in
Response to the IRFA, a Summary of the Assessment of the Agency of Such
Issues, and a Statement of Any Changes Made in the Proposed Rule as a
Result of Such Comments
FinCEN has carefully considered the comment letters received in
response to the NPRM. The preamble above provides a general overview of
the comments, and the Section-by-Section Analysis discusses the
significant issues raised by comments. In addition, the section above
preceding the RIA includes a discussion of the comments received with
respect to the preliminary RIA and IRFA, including those with respect
to the estimated costs imposed on the industry resulting from the rule.
[[Page 29447]]
FinCEN has considered the comments received from small entities and
from associations representing them, whether or not the comments
referred to the IRFA. Three of the four small entities that commented
stated that the general increase in regulatory burden and costs for the
banking industry makes it increasingly difficult for small banks to
continue to operate profitably, and requested that FinCEN create an
exemption for entities below a certain asset size or number of legal
entity accounts. One of these commenters stated that while it has
relatively few business accounts, it would cost thousands of dollars to
purchase the tracking software that it asserted would be required to
comply with the rule. The fourth small bank is a niche lender that
provides primarily small business equipment leasing, and explained that
because many of its competitors will not be subject to the final rule,
it will put them at a significant competitive disadvantage. FinCEN has
determined that, because accounts created to provide this product
present a low risk for money laundering or terrorist financing, such
accounts will be exempt from the beneficial ownership requirement,
subject to certain conditions.
FinCEN has previously considered and rejected the alternative of
exempting small financial institutions from the rule. Were FinCEN to
exempt institutions below a certain size from the rule, those seeking
access to the financial system to perpetrate crime would have an easier
path in order to pursue such activities. As regards the institution
that raised the cost of purchasing tracking software in order to
comply, FinCEN never intended to impose a requirement that would
necessitate such an expense. There is no requirement for covered FIs to
have specific systems in place to track and monitor beneficial
ownership information. Rather, financial institutions are required to
update information about their customers, including beneficial
ownership information, when as a result of normal monitoring, the
financial institution detects information about the customer that may
be relevant to assessing the risk posed by the customer. Such
information could include a change in the customer's beneficial
ownership. This issue, including FinCEN's revision to the proposed rule
in order to clarify this in the final rule, is explained more fully in
the Section-by-Section Analysis above.
More specific information regarding the estimated costs for small
entities resulting from the final rule is set forth in section 4 below,
and other steps FinCEN has taken to minimize the economic impact of the
rule on small entities are set forth in section 5 below.
3. Description and Estimate of the Number of Small Entities to Which
the Proposed Rule Would Apply
This rule will apply to all Federally regulated banks and all
brokers or dealers in securities, mutual funds, and futures commission
merchants and introducing brokers in commodities, as each is defined in
the BSA. Based upon recent data, for the purposes of the RFA, there are
approximately 5,088 small Federally regulated banks out of a total of
6,348 (comprising 80 percent of the total number of banks); \171\ 6,165
Federally regulated credit unions (of which approximately 93 percent
are small credit unions),\172\ 1,349 small brokers or dealers in
securities out of a total of 4,269 (comprising 31.5 percent of the
total); \173\ 90 small mutual funds out of a total of 10,711
(comprising 8 percent of the total); \174\ no small futures commission
merchants; and a total of 1,323 introducing brokers in commodities, the
majority of which are small entities.\175\ Because the rule will apply
to all of these small financial institutions, FinCEN concludes that the
rule will apply to a substantial number of small entities.
---------------------------------------------------------------------------
\171\ The Small Business Administration (``SBA'') defines a
depository institution (including a credit union) as a small
business if it has assets of $550 million or less. The information
was provided by the FDIC as of June 30, 2015.
\172\ The information was provided by the NCUA as of June 30,
2015.
\173\ With regard to the definition of small entity as it
applies to broker-dealers in securities and mutual funds, FinCEN is
using the SEC's definitions found at 17 CFR 240.0-10(c), and 17 CFR
270.0-10, respectively. The information was provided by the SEC as
of December 31, 2014.
\174\ The information was provided by the SEC as of December 31,
2014.
\175\ The CFTC has determined that futures commission merchants
are not small entities for purposes of the RFA, and, thus, the
requirements of the RFA do not apply to them. The CFTC's
determination was based, in part, upon the obligation of futures
commission merchants to meet the minimum financial requirements
established by the CFTC to enhance the protection of customers'
segregated funds and protect the financial condition of futures
commission merchants generally. Small introducing brokers in
commodities are defined by the SBA as those having less than $7
million in gross receipts annually. While the CFTC has no current
data regarding the exact number of small entities, we understand
that the majority are small. The information was provided by the
CFTC as of June 30, 2015.
---------------------------------------------------------------------------
4. Description of the Projected Reporting, Recordkeeping, and Other
Compliance Requirements of the Proposed Rule, Including an Estimate of
the Classes of Small Entities Which Will Be Subject to the Requirement
and the Type of Professional Skills Necessary for the Preparation of
the Report or Record
a. Beneficial Ownership Requirement
The rule imposes on all covered financial institutions (including
all those that are small entities) a new requirement to identify and to
verify the identity of the beneficial owners of their legal entity
customers and to maintain a record of such information. Many of the
comments received in response to the NPRM stated that FinCEN had
underestimated the burden resulting from the proposal in the following
areas: (i) Additional time at account opening, (ii) training, and (iii)
information technology (IT), but very few comments contained any
specific cost estimates. To obtain more specific cost estimates
regarding this requirement, FinCEN conducted telephone interviews with
several financial institutions that had submitted comments, including
three small financial institutions. FinCEN conducted this outreach to
gather information for its preliminary RIA of the proposed rule
pursuant to Executive Orders 13563 and 12866 as well for the IRFA. The
final RIA is published concurrently with this FRFA. Additional
information that FinCEN obtained relevant to its estimate of costs is
included in the discussion below. FinCEN also notes that, in addition
to the estimates set forth below, the only small bank that estimated
the total costs resulting from the rule, estimated that they would be
$2,000 initially, and $1,500 per year on an ongoing basis.
(i) Additional time at account opening. The proposed rule would
require that the beneficial ownership requirement be satisfied by
obtaining and maintaining a certification from each legal entity
customer that opens a new account. The certification would contain
identifying information regarding each listed beneficial owner. The
financial institution would also be required to verify such identity by
documentary or non-documentary methods and to maintain in its records
for five years a description of (i) any document relied on for
verification, (ii) any such non-documentary methods and results of such
measures undertaken, and (iii) the resolution of any substantive
discrepancies discovered in verifying the identification information.
FinCEN believes that the financial institution
[[Page 29448]]
employees who open new accounts would have the necessary skills to
prepare the record of this information that must be maintained.
The burden on a small financial institution at account opening
resulting from the final rule would be a function of the number of
beneficial owners of each legal entity customer opening a new
account,\176\ the additional time required for each beneficial owner,
and the number of new accounts opened for legal entities by the small
financial institution during a specified period. At the time of its
certification in the NPRM, FinCEN had very little information on which
to base its estimate of any of these variables, and believed that it
was reasonable to assume that the great majority of legal entity
customers that establish accounts at small institutions are more likely
to be small businesses with simpler ownership structures (for example,
a single legal entity directly owned by two individuals) that will
result in one or two beneficial owners. In addition, FinCEN also
believed that, since all covered financial institutions have been
subject to CIP rules \177\ for more than 10 years, and the proposed
rule utilizes CIP rule procedures, small institutions would be able to
leverage these procedures in complying with this requirement. As a
result, in its certification FinCEN estimated that it would require, on
average, 20 minutes to fulfill the beneficial ownership identification,
verification and recordkeeping requirements in the proposal. Also, for
purposes of its certification FinCEN had no direct data on the
aggregate number of legal entity accounts opened per year by small
financial institutions, and (based in part on an estimate it obtained
from one very large financial institution of the legal entity accounts
it opens per year) FinCEN estimated that small institutions would open
at most 1.5 new accounts for legal entities per day, and probably
fewer. However, because statistical data does not exist regarding
either the average number of beneficial owners of legal entity
customers of small institutions or how many such accounts they
establish in any time period, FinCEN sought comment on these questions.
---------------------------------------------------------------------------
\176\ The NPRM proposed to define beneficial owner as (1) each
individual who owns, directly or indirectly, 25 percent or more of
the equity interests of a legal entity, and (2) one individual with
significant responsibility to control, manage, or direct the entity.
Thus, it is possible that a legal entity could have up to five
beneficial owners.
\177\ See 31 CFR 1020.220, 1023.220, 1024.220, and 1026.220.
---------------------------------------------------------------------------
As a result of the outreach referred to above, FinCEN obtained some
additional data on which to better estimate the additional costs at
account opening. Because financial institutions are not currently
required to collect beneficial ownership information, there is no way
to estimate the average number of beneficial owners of legal entity
customers of financial institutions, although FinCEN continues to
believe that it is reasonable to assume that small financial
institutions will generally have small businesses as customers, which
are likely to have not more than two beneficial owners. Banks we
surveyed estimated that it is likely to take an additional 10 to 15
minutes per beneficial owner. Assuming there would typically be two
individuals identified as beneficial owners, for purposes of the IRFA
FinCEN estimated the additional time to open a legal entity account
between a low estimate of an additional 15 minutes and a high estimate
of an additional 30 minutes to open a legal entity account. In its
outreach FinCEN asked three small financial institutions the number of
legal entity accounts they open each year. While financial institutions
do not generally maintain information about the number of their legal
entity customers, they typically maintain a database for their retail
(i.e., individual) customers, and another database for their customers
that are businesses or organizations. A significant number of a
financial institution's business or organization customers are sole
proprietorships that are not legal entities subject to the proposed
rule.\178\ As a result, it is very difficult to estimate with any
degree of precision the number of legal entity customers of a
particular small financial institution that would be subject to the
proposed rule. However, based on data obtained from FinCEN's outreach,
and utilizing the wage assumptions in the draft RIA, we estimated for
purposes of the IRFA that this requirement would result in a cost to a
small bank of between approximately $2,000 and $4,000 per year at
account opening.\179\
---------------------------------------------------------------------------
\178\ According to data obtained from the IRS regarding tax
returns, approximately 75 percent of all businesses filing tax
returns are sole proprietorships.
\179\ One small bank we surveyed reported that it opened 471
accounts for organizations in 2014. This number includes an unknown
number of sole proprietorships that would not be subject to the
rule, as well as 179 accounts for loan customers, for which the bank
would typically identify the beneficial owner(s) in order to obtain
personal guarantees. A second small bank we surveyed reported that
it opened 333 accounts in 2014 for legal entities, which includes an
unknown number of sole proprietorships, as well as 106 loan
customers. A small credit union we surveyed opens 24 to 36 accounts
for businesses per year, which includes an unknown number of sole
proprietorships. FinCEN believes its estimated range of costs may be
high because the calculation is based on the small bank that opened
the greater number of legal entity accounts, assumes that none of
the accounts reported were opened for sole proprietorships, and
includes loan customers, for which the bank would generally already
identify beneficial owners. The estimated cost is based on the bank-
reported 471 new accounts per year, additional time at account
opening of 15 to 30 minutes, and the average wage of $16.77 for the
financial industry ``new account clerks'' reported by the Bureau of
Labor Statistics. FinCEN believes that utilizing this number of new
accounts is more appropriate than the 1.5 new accounts per day
stated in the NPRM, since it is based on actual data from a small
bank.
---------------------------------------------------------------------------
None of the small businesses that commented on the IRFA included an
estimate of the amount of time to open a legal entity account; only one
noted the number of such accounts it opens per year (70). As a result
of the comments we received to the draft RIA from other commenters,
FinCEN has increased the estimated time for financial institutions to
open accounts, from a range of 15 to 30 minutes in the IRFA, to a range
of 20 to 40 minutes. Based on opening 471 new accounts for legal
entities and an average wage of $16.77 for ``new account clerks,'' this
would result in an annual cost to a small bank of $2,550 to $5,100.
FinCEN also notes that, even within the universe of small entities, the
costs could be expected to vary substantially. For example, for the
small bank that responded to the IRFA and estimated that it opens 70
new accounts for business customers per year, the estimated costs would
range from $380 to $760 per year.
(ii) Training (Employee time). In its certification FinCEN noted
that financial institutions generally conduct periodic training of
their employees for BSA compliance and that this new requirement would
be included in that periodic training. Many commenters noted that it
would be necessary to conduct additional training in order to comply
with this requirement, although none gave any specific estimate of the
cost. As a result FinCEN sought to determine this more specifically in
its outreach. Based on the sampling it conducted it learned that
financial institutions expect to train between one-third and two-thirds
of their employees regarding this requirement. Assuming that a small
financial institution has 125 employees and that the training would
take one hour, and applying the wage assumptions used in the RIA, this
would result in an estimated cost of between $1,250 and $2,500,
depending on the percentage of employees trained, for the first year
that the rule would be
[[Page 29449]]
in effect.\180\ The amount of necessary training would decrease
thereafter.
---------------------------------------------------------------------------
\180\ FinCEN believes that the estimated range of costs may be
high because it is based on the small financial institution
interviewed with the greatest number of employees. The cost
calculation is based on a weighted average wage of $29.92 for NAICS
codes 5221 (Depository Credit Intermediation), 5222 (Nondepository
Credit Intermediation), 5223 (Activities Related to Credit
Intermediation), and 5231 (Securities and Commodity Contracts
Intermediation and Brokerage), reported in the May 2014 Bureau of
Labor Statistics National Occupational and Wage Estimates.
---------------------------------------------------------------------------
FinCEN did not receive any comments from small entities regarding
the cost of developing and conducting the training. The estimates in
the comments received from all financial institutions in response to
the draft RIA generally fell within the estimated range in the IRFA,
and therefore FinCEN is maintaining this estimate in this FRFA. FinCEN
also notes that the estimate is almost certainly much greater than
would be the actual case for most small credit unions. This is because
FinCEN understands that approximately 3,000 small credit unions have
five or fewer employees.\181\ Training for an institution with five
employees, based on the assumptions above, would cost much less than
the $1,250 lower estimate above.
---------------------------------------------------------------------------
\181\ Comment letter from Credit Union National Association,
January 22, 2016, page 4.
---------------------------------------------------------------------------
(iii) Training (Developing and Conducting). In addition, some
commenters noted that FinCEN should account for the cost for the
institution to develop and design the training. Although no small
entities estimated the cost for this, an industry trade association
stated that small banks would incur expenses of nearly $13,000 to
develop and administer the training. While this seems plausible for
institutions at the larger end of the small entity definition, it seems
to be substantially greater than the costs that would be incurred for
developing and conducting training for the smaller institutions,
including those with five or fewer employees.
(iv) Information Technology. In its certification FinCEN noted that
financial institutions periodically update their IT systems, and that
small financial institutions typically outsource their IT requirements
to vendors, which would incorporate the required modifications into the
programs that they supply to small financial institutions at minimal
additional cost. FinCEN discussed with vendors the changes that would
result from the adoption of the proposed rule and the likely additional
costs that would be charged to customers in order to achieve compliant
systems. The vendors told FinCEN that they normally bear the costs of
system upgrades necessary to maintain compliance required during the
term of a contract, but some stated that the changes necessitated for
compliance with the new requirements would be too costly to implement
without increasing the charges to their customer financial
institutions. The vendors also informed FinCEN that, until a rule were
issued in final form, it would not be possible to determine how their
systems would need to be modified, or to estimate the additional
charges to their financial institution customers resulting from such
changes.
In response to the RIA and IRFA, two commenters included estimates
of the costs for IT upgrades that would be required to comply with the
Rule, although neither were small entities. Given the lack of specific
estimates for small entities, FinCEN is not able to include an estimate
or range of estimates for this expense for the FRFA. FinCEN notes that
one credit union with assets of $2.3 billion estimated the cost of IT
enhancements to be $23,270, and another with assets of $2.8 billion
estimated such costs at $11,500. Given that these institutions are
several times larger than the largest small credit unions, it would
seem that the IT upgrade costs for small entities could be expected to
generally be less than $10,000.\182\
---------------------------------------------------------------------------
\182\ In the course of FinCEN's outreach mentioned above
following the close of the NPRM comment period, one small credit
union that FinCEN contacted estimated IT upgrade costs of $50,000 to
$70,000. Based on the estimates referred to above, this estimate
appears to be an aberration and not a basis for industry-wide
estimates.
---------------------------------------------------------------------------
(v) Revising Policies and Procedures. In its certification FinCEN
noted that covered financial institutions would need to revise their
AML programs in order to comply with the proposed rule, but that since
financial institutions routinely update this program it was not able to
estimate the time or expense for updating AML programs for compliance
with the final rule specifically. In response to the NPRM FinCEN did
not receive any specific estimates for the cost for this activity, and
no estimate was included in the preliminary RIA or IRFA. In response to
the preliminary RIA and IRFA several financial institutions estimated
the cost for such updates and revisions. Although none were small
entities, a trade association stated that it surveyed a number of small
banks and that they estimated that this would take, on average, 40
hours to complete. Based on the salary estimates used in the RIA,
FinCEN estimates that this would cost, on average, $1,360 for a small
entity.\183\
---------------------------------------------------------------------------
\183\ For estimating this cost we use wage data from the May
2014 BLS Occupational Employment Statistics for ``compliance
officers'' working in business establishments in sectors having one
of the four-digit North American Industry Classification System
(NAICS) codes mentioned in footnote 116; the average hourly wage for
these compliance officers is $34.03.
---------------------------------------------------------------------------
(vi) Internal Controls. FinCEN understands that the rule would
result in additional costs for covered financial institutions for
internal controls and audit functions, including for small entities, to
determine that the financial institution is complying with the new
requirements. However, FinCEN did not obtain sufficient input in
response to either the NPRM or to the preliminary RIA and IRFA to
enable it to estimate the likely amount of such costs, and therefore is
not attempting to estimate this cost for purposes of the FRFA.
b. Customer Due Diligence Requirement
The final rule will also require that covered financial
institutions include in their AML programs customer due diligence
procedures, including understanding the nature and purpose of customer
relationships for the purpose of developing a customer risk profile and
conducting ongoing monitoring of these relationships to identify and
report suspicious activities and, on a risk basis, to maintain and
update customer information. FinCEN maintains that, because these are
necessary measures that covered financial institutions must currently
take in order to comply with existing requirements to detect and file
suspicious activity reports,\184\ they are implicit requirements and
would not impose any new obligations, and therefore would have no
material, measurable economic impact, on any small entities. FinCEN
believes that proposing clear CDD requirements is the most effective
means of clarifying, consolidating, and harmonizing expectations and
practices across all covered financial institutions. Expressly stating
the requirements facilitates the goal that financial institutions,
regulators, and law enforcement all operate under the same set of
clearly articulated principles.
---------------------------------------------------------------------------
\184\ See, e.g., 31 CFR 1020.320.
---------------------------------------------------------------------------
Some commenters to the preliminary RIA and IRFA, including one
small bank, stated that compliance with these requirements would
necessitate purchasing tracking software that would cost thousands of
dollars. FinCEN's response to this issue is discussed above under
section 2 of this FRFA and in the Section-by-Section Analysis.
[[Page 29450]]
5. A Description of the Steps the Agency Has Taken To Minimize the
Significant Economic Impact on Small Entities Consistent With the
Stated Objectives of Applicable Statutes, Including a Statement of the
Factual, Policy, and Legal Reasons for Selecting the Alternative
Adopted in the Final Rule and Why Each One of the Other Significant
Alternatives to the Rule Considered by the Agency Which Affect the
Impact on the Small Entities Was Rejected
FinCEN considered a number of alternatives to the proposed rule.
These included exempting small financial institutions below a certain
asset or legal entity customer threshold from the requirements, as well
as utilizing a lower (e.g., 10 percent) or higher (e.g., 50 percent)
threshold for the minimum level of equity ownership for the definition
of beneficial owner. As regards exempting financial institutions below
a specified amount of assets or of legal entity accounts, FinCEN has
determined that identifying the beneficial owner of a financial
institution's legal entity customers and verifying that identity is a
necessary part of an effective AML program. Were FinCEN to exempt small
entities from this requirement, or entities that establish fewer than a
limited number of accounts for legal entities, those financial
institutions would be at greater risk of abuse by money launderers and
other financial criminals, as criminals would identify institutions
without this requirement. FinCEN also has considered as alternatives
establishing a different threshold for ownership of equity interests in
the definition of beneficial ownership. For example, if the ownership
threshold were reduced to include each individual owning 10 percent or
more of the equity interests of a legal entity, a financial institution
would potentially have to identify more individuals as beneficial
owners, which would result in greater onboarding time and expense in
such cases, with commensurately greater available information.
Alternatively, should the ownership threshold be increased to owners of
50 percent or more of the equity interests, financial institutions
would be required to identify and verify the identity of up to three
individuals rather than five, thereby reducing marginally the cost of
the initial onboarding time. However, this change would not impact the
training or IT costs and therefore would not substantially reduce the
overall costs of the rule and also would provide less useful
information. FinCEN has also considered applying the beneficial
ownership requirement retroactively and requiring that financial
institutions identify the beneficial owners of all their existing
accounts as well as new accounts. While this would produce
substantially larger benefits because it would make available
beneficial ownership information for far more customers, it would also
result in a significantly greater burden for financial institutions.
After considering all the alternatives FinCEN has concluded that an
ownership threshold of 25 percent is appropriate to maximize the
benefits of the requirement while minimizing the burden.
While FinCEN did not determine to adopt one of the alternatives it
considered, it did take a number of steps in the final rule in response
to comments to minimize the economic impact on small entities subject
to the rule. These include clarifying the definition of ``legal entity
customer,'' extending the transition period from one year to two years;
eliminating the requirement that financial institutions use the
Certification Form to obtain the beneficial ownership information;
expanding the categories of excluded legal entities not subject to the
requirement; simplifying the requirements related to the charity and
nonprofit exemption; and as noted above, clarifying that financial
institutions are not required to update beneficial ownership
information on a periodic or ongoing basis, but only on an event-driven
basis, when in the course of their normal monitoring they detect
information about the customer that may be relevant to assessing the
risk posed by the customer. Such information could include a change in
the customer's beneficial ownership. This is explained more fully in
the Section-by-Section Analysis above.
D. Paperwork Reduction Act Analysis
The new recordkeeping requirement contained in this rule (31 CFR
1010.230) has been approved by the Office of Management and Budget
(OMB) in accordance with the Paperwork Reduction Act of 1995 (PRA), 44
U.S.C. 3501 et seq., under control number 1506-0070. The PRA imposes
certain requirements on Federal agencies in connection with their
conducting or sponsoring any collection of information as defined by
the PRA. Under the PRA, an agency may not conduct or sponsor, and a
person is not required to respond to, a collection of information
unless it displays a valid OMB control number.
In summary, the rule would require covered financial institutions
\185\ to collect, and to maintain records of, the information used to
identify and verify the identity of the names of the beneficial owners
\186\ of their legal entity customers (other than those that are
excluded from the definition).\187\
---------------------------------------------------------------------------
\185\ Banks, brokers and dealers in securities, mutual funds,
and futures commission merchants and introducing brokers.
\186\ Beneficial owners include any individual who, directly or
indirectly, owns 25 percent or more of the equity interests of a
legal entity, and one individual with significant responsibility to
control, manage, or direct a legal entity customer.
\187\ This requirement applies to accounts established for legal
entities. A legal entity generally includes a corporation, limited
liability company, or other entity that is created by a filing of a
public document with a Secretary of State or similar office, a
general partnership, or any similar entity formed under the laws of
a foreign country.
---------------------------------------------------------------------------
Under the proposed and final rule, covered financial institutions
are required to establish and maintain written procedures that are
reasonably designed to identify and verify beneficial owners of new
accounts \188\ opened by legal entity customers. They also must
maintain a record of the identifying information obtained, and a
description of any document relied on, of any non-documentary methods
and the results of any measures undertaken, and of the resolution of
each substantive discrepancy. Under the proposed rule covered financial
institutions were required to obtain from each legal entity customer a
certification, in a prescribed form, containing the identifying
information required. In the final rule the institution may obtain the
information either by using the Certification Form or by any other
means that it obtains information from the customer.
---------------------------------------------------------------------------
\188\ New accounts are those opened after the Applicability
Date, which is two years after the date of publication.
---------------------------------------------------------------------------
We received 141 comments in response to the proposed rule
addressing many issues. Many commenters stated that the rule would be
much more costly to implement than as estimated in the proposal for
several reasons. The largest cost that commenters stated would be
incurred to implement the rule would be those needed to upgrade IT
systems. Only one commenter referred specifically to the proposed rule
understating the PRA requirements. As a result of the comments
addressing the cost of implementing the proposal, Treasury conducted
and published a preliminary RIA and issued an IRFA. FinCEN received 38
comments addressing these documents, which are summarized above. As a
result of these comments FinCEN revised its RIA and IRFA and
[[Page 29451]]
issued a final RIA and FRFA, each of which is set forth above.
FinCEN has reconsidered the PRA burden estimates published in the
proposal, based on the comments received to the proposal and the
preliminary RIA and IRFA, and publishes below its revised estimates.
The revised estimates are a result of information that FinCEN obtained
as a result of the comments received, and particularly as a result of
developing the RIA. Specifically, FinCEN increased its estimate of the
time to develop and maintain beneficial ownership identification
procedures, from one hour to 56 hours (40 for small entities), and its
estimate of the time for identification, verification, and review and
recordkeeping of the beneficial owners of legal entity customers, from
20 minutes per customer to a range of 20-40 minutes per customer.
Affected public: Certain financial institutions, and businesses or
other for-profit and not-for-profit entities.
OMB Control Number: 1506-0070.
Frequency: As required.
Estimated Burden:
a. Develop and maintain beneficial ownership identification
procedures: 56 hours.\189\
---------------------------------------------------------------------------
\189\ A burden of 56 hours to develop the initial procedures is
recognized (40 hours for small entities). Once developed, an annual
burden of 20 minutes is recognized for maintenance.
---------------------------------------------------------------------------
b. Customer identification, verification, and review and
recordkeeping of the beneficial ownership information: A range of 20 to
40 minutes per legal entity customer.
Estimated Number of Respondents: 28,917.\190\
---------------------------------------------------------------------------
\190\ This includes depository institutions (12,513), broker-
dealers in securities (4,269), futures commission merchants (101),
introducing brokers in commodities (1,323), and open-end mutual
funds (10,711), each as defined under the BSA. These figures
represent the total number of entities that would be subject to the
requirements in the final rule.
---------------------------------------------------------------------------
Estimated Total Annual Responses: 10,843,875.\191\
---------------------------------------------------------------------------
\191\ Based on initial research, each covered financial
institution will open, on average, 1.5 new legal entity accounts per
business day. There are 250 business days per year.
---------------------------------------------------------------------------
Estimated Recordkeeping Burden: 7,041,289 hours.\192\
---------------------------------------------------------------------------
\192\ 10,843,875 x 30 minutes per account established / 60
minutes per hour = 5,421,937 hours (plus development time of
1,619,352 hours for a total of 7,041,289 hours in the first year).
---------------------------------------------------------------------------
The numbers presented assume that the number of account openings in
2013 is representative for an average yearly establishment of accounts
for new legal entities. Records are required to be retained pursuant to
the beneficial ownership requirement for five years. Comments
concerning the accuracy of this burden estimate and suggestions from
reducing this burden should be directed to the Desk Officer for the
Department of the Treasury, Office of Information and Regulatory
Affairs, Office of Management and Budget, Paperwork Reduction Act
Project (1506), Washington, DC 20503.
E. Unfunded Mandates Act of 1995 Statement
Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law
104-4 (Unfunded Mandates Act) requires that an agency prepare a
budgetary impact statement before promulgating a rule that includes a
Federal mandate that may result in expenditure by State, local, and
tribal governments, in the aggregate, or by the private sector, of $100
million or more in any one year. FinCEN believes that the RIA provides
the analysis required by the Unfunded Mandates Act.
List of Subjects in 31 CFR Parts 1010, 1020, 1023, 1024, and 1026
Administrative practice and procedure, Banks, Banking, Brokers,
Currency, Federal home loan banks, Foreign banking, Foreign currencies,
Gambling, Investigations, Mortgages, Penalties, Reporting and
recordkeeping requirements, Securities, Terrorism.
Authority and Issuance
For the reasons set forth in the preamble, chapter X of title 31 of
the Code of Federal Regulations is amended as follows:
PART 1010--GENERAL PROVISIONS
0
1. The authority citation for part 1010 continues to read as follows:
Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314
and 5316-5332; title III, sec. 314 Pub. L. 107-56, 115 Stat. 307.
0
2. Add Sec. 1010.230 to read as follows:
Sec. 1010.230 Beneficial ownership requirements for legal entity
customers.
(a) In general. Covered financial institutions are required to
establish and maintain written procedures that are reasonably designed
to identify and verify beneficial owners of legal entity customers and
to include such procedures in their anti-money laundering compliance
program required under 31 U.S.C. 5318(h) and its implementing
regulations.
(b) Identification and verification. With respect to legal entity
customers, the covered financial institution's customer due diligence
procedures shall enable the institution to:
(1) Identify the beneficial owner(s) of each legal entity customer
at the time a new account is opened, unless the customer is otherwise
excluded pursuant to paragraph (e) of this section or the account is
exempted pursuant to paragraph (h) of this section. A covered financial
institution may accomplish this either by obtaining a certification in
the form of appendix A of this section from the individual opening the
account on behalf of the legal entity customer, or by obtaining from
the individual the information required by the form by another means,
provided the individual certifies, to the best of the individual's
knowledge, the accuracy of the information; and
(2) Verify the identity of each beneficial owner identified to the
covered financial institution, according to risk-based procedures to
the extent reasonable and practicable. At a minimum, these procedures
must contain the elements required for verifying the identity of
customers that are individuals under Sec. 1020.220(a)(2) of this
chapter (for banks); Sec. 1023.220(a)(2) of this chapter (for brokers
or dealers in securities); Sec. 1024.220(a)(2) of this chapter (for
mutual funds); or Sec. 1026.220(a)(2) of this chapter (for futures
commission merchants or introducing brokers in commodities); provided,
that in the case of documentary verification, the financial institution
may use photocopies or other reproductions of the documents listed in
paragraph (a)(2)(ii)(A)(1) of Sec. 1020.220 of this chapter (for
banks); Sec. 1023.220 of this chapter (for brokers or dealers in
securities); Sec. 1024.220 of this chapter (for mutual funds); or
Sec. 1026.220 of this chapter (for futures commission merchants or
introducing brokers in commodities). A covered financial institution
may rely on the information supplied by the legal entity customer
regarding the identity of its beneficial owner or owners, provided that
it has no knowledge of facts that would reasonably call into question
the reliability of such information.
(c) Account. For purposes of this section, account has the meaning
set forth in Sec. 1020.100(a) of this chapter (for banks); Sec.
1023.100(a) of this chapter (for brokers or dealers in securities);
Sec. 1024.100(a) of this chapter (for mutual funds); and Sec.
1026.100(a) of this chapter (for futures commission merchants or
introducing brokers in commodities).
(d) Beneficial owner. For purposes of this section, beneficial
owner means each of the following:
(1) Each individual, if any, who, directly or indirectly, through
any contract, arrangement, understanding, relationship or otherwise,
owns 25 percent or more of the equity interests of a legal entity
customer; and
[[Page 29452]]
(2) A single individual with significant responsibility to control,
manage, or direct a legal entity customer, including:
(i) An executive officer or senior manager (e.g., a Chief Executive
Officer, Chief Financial Officer, Chief Operating Officer, Managing
Member, General Partner, President, Vice President, or Treasurer); or
(ii) Any other individual who regularly performs similar functions.
(3) If a trust owns directly or indirectly, through any contract,
arrangement, understanding, relationship or otherwise, 25 percent or
more of the equity interests of a legal entity customer, the beneficial
owner for purposes of paragraph (d)(1) of this section shall mean the
trustee. If an entity listed in paragraph (e)(2) of this section owns
directly or indirectly, through any contract, arrangement,
understanding, relationship or otherwise, 25 percent or more of the
equity interests of a legal entity customer, no individual need be
identified for purposes of paragraph (d)(1) of this section with
respect to that entity's interests.
Note to paragraph (d). The number of individuals that satisfy the
definition of ``beneficial owner,'' and therefore must be identified
and verified pursuant to this section, may vary. Under paragraph (d)(1)
of this section, depending on the factual circumstances, up to four
individuals may need to be identified. Under paragraph (d)(2) of this
section, only one individual must be identified. It is possible that in
some circumstances the same person or persons might be identified
pursuant to paragraphs (d)(1) and (2) of this section. A covered
financial institution may also identify additional individuals as part
of its customer due diligence if it deems appropriate on the basis of
risk.
(e) Legal entity customer. For the purposes of this section:
(1) Legal entity customer means a corporation, limited liability
company, or other entity that is created by the filing of a public
document with a Secretary of State or similar office, a general
partnership, and any similar entity formed under the laws of a foreign
jurisdiction that opens an account.
(2) Legal entity customer does not include:
(i) A financial institution regulated by a Federal functional
regulator or a bank regulated by a State bank regulator;
(ii) A person described in Sec. 1020.315(b)(2) through (5) of this
chapter;
(iii) An issuer of a class of securities registered under section
12 of the Securities Exchange Act of 1934 or that is required to file
reports under section 15(d) of that Act;
(iv) An investment company, as defined in section 3 of the
Investment Company Act of 1940, that is registered with the Securities
and Exchange Commission under that Act;
(v) An investment adviser, as defined in section 202(a)(11) of the
Investment Advisers Act of 1940, that is registered with the Securities
and Exchange Commission under that Act;
(vi) An exchange or clearing agency, as defined in section 3 of the
Securities Exchange Act of 1934, that is registered under section 6 or
17A of that Act;
(vii) Any other entity registered with the Securities and Exchange
Commission under the Securities Exchange Act of 1934;
(viii) A registered entity, commodity pool operator, commodity
trading advisor, retail foreign exchange dealer, swap dealer, or major
swap participant, each as defined in section 1a of the Commodity
Exchange Act, that is registered with the Commodity Futures Trading
Commission;
(ix) A public accounting firm registered under section 102 of the
Sarbanes-Oxley Act;
(x) A bank holding company, as defined in section 2 of the Bank
Holding Company Act of 1956 (12 U.S.C. 1841) or savings and loan
holding company, as defined in section 10(n) of the Home Owners' Loan
Act (12 U.S.C 1467a(n));
(xi) A pooled investment vehicle that is operated or advised by a
financial institution excluded under paragraph (e)(2) of this section;
(xii) An insurance company that is regulated by a State;
(xiii) A financial market utility designated by the Financial
Stability Oversight Council under Title VIII of the Dodd-Frank Wall
Street Reform and Consumer Protection Act of 2010;
(xiv) A foreign financial institution established in a jurisdiction
where the regulator of such institution maintains beneficial ownership
information regarding such institution;
(xv) A non-U.S. governmental department, agency or political
subdivision that engages only in governmental rather than commercial
activities; and
(xvi) Any legal entity only to the extent that it opens a private
banking account subject to Sec. 1010.620 of this chapter.
(3) The following legal entity customers are subject only to the
control prong of the beneficial ownership requirement:
(i) A pooled investment vehicle that is operated or advised by a
financial institution not excluded under paragraph (e)(2) of this
section; and
(ii) Any legal entity that is established as a nonprofit
corporation or similar entity and has filed its organizational
documents with the appropriate State authority as necessary.
(f) Covered financial institution. For the purposes of this
section, covered financial institution has the meaning set forth in
Sec. 1010.605(e)(1) of this chapter.
(g) New account. For the purposes of this section, new account
means each account opened at a covered financial institution by a legal
entity customer on or after the applicability date.
(h) Exemptions. (1) Covered financial institutions are exempt from
the requirements to identify and verify the identity of the beneficial
owner(s) set forth in paragraphs (a) and (b)(1) and (2) of this section
only to the extent the financial institution opens an account for a
legal entity customer that is:
(i) At the point-of-sale to provide credit products, including
commercial private label credit cards, solely for the purchase of
retail goods and/or services at these retailers, up to a limit of
$50,000;
(ii) To finance the purchase of postage and for which payments are
remitted directly by the financial institution to the provider of the
postage products;
(iii) To finance insurance premiums and for which payments are
remitted directly by the financial institution to the insurance
provider or broker;
(iv) To finance the purchase or leasing of equipment and for which
payments are remitted directly by the financial institution to the
vendor or lessor of this equipment.
(2) Limitations on Exemptions. (i) The exemptions identified in
paragraphs (h)(1)(ii) through (iv) of this section do not apply to
transaction accounts through which a legal entity customer can make
payments to, or receive payments from, third parties.
(ii) If there is the possibility of a cash refund on the account
activity identified in paragraphs (h)(1)(ii) through (iv) of this
section, then beneficial ownership of the legal entity customer must be
identified and verified by the financial institution as required by
this section, either at the time of initial remittance, or at the time
such refund occurs.
(i) Recordkeeping. A covered financial institution must establish
procedures for making and maintaining a record of all information
obtained under the procedures implementing paragraph (b) of this
section.
(1) Required records. At a minimum the record must include:
(i) For identification, any identifying information obtained by the
covered
[[Page 29453]]
financial institution pursuant to paragraph (b) of this section,
including without limitation the certification (if obtained); and
(ii) For verification, a description of any document relied on
(noting the type, any identification number, place of issuance and, if
any, date of issuance and expiration), of any non-documentary methods
and the results of any measures undertaken, and of the resolution of
each substantive discrepancy.
(2) Retention of records. A covered financial institution must
retain the records made under paragraph (i)(1)(i) of this section for
five years after the date the account is closed, and the records made
under paragraph (i)(1)(ii) of this section for five years after the
record is made.
(j) Reliance on another financial institution. A covered financial
institution may rely on the performance by another financial
institution (including an affiliate) of the requirements of this
section with respect to any legal entity customer of the covered
financial institution that is opening, or has opened, an account or has
established a similar business relationship with the other financial
institution to provide or engage in services, dealings, or other
financial transactions, provided that:
(1) Such reliance is reasonable under the circumstances;
(2) The other financial institution is subject to a rule
implementing 31 U.S.C. 5318(h) and is regulated by a Federal functional
regulator; and
(3) The other financial institution enters into a contract
requiring it to certify annually to the covered financial institution
that it has implemented its anti-money laundering program, and that it
will perform (or its agent will perform) the specified requirements of
the covered financial institution's procedures to comply with the
requirements of this section.
BILLING CODE P
[[Page 29454]]
[GRAPHIC] [TIFF OMITTED] TR11MY16.021
[[Page 29455]]
[GRAPHIC] [TIFF OMITTED] TR11MY16.022
[[Page 29456]]
[GRAPHIC] [TIFF OMITTED] TR11MY16.023
[[Page 29457]]
[GRAPHIC] [TIFF OMITTED] TR11MY16.024
PART 1020--RULES FOR BANKS
0
3. The authority citation for part 1020 continues to read as follows:
Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314
and 5316-5332; title III, sec. 314 Pub. L. 107-56, 115 Stat. 307.
0
4. Revise Sec. 1020.210 to read as follows:
Sec. 1020.210 Anti-money laundering program requirements for
financial institutions regulated only by a Federal functional
regulator, including banks, savings associations, and credit unions.
A financial institution regulated by a Federal functional regulator
that is not subject to the regulations of a self-regulatory
organization shall be deemed to satisfy the requirements of 31 U.S.C.
5318(h)(1) if the financial institution implements and maintains an
anti-money laundering program that:
(a) Complies with the requirements of Sec. Sec. 1010.610 and
1010.620 of this chapter;
(b) Includes, at a minimum:
(1) A system of internal controls to assure ongoing compliance;
(2) Independent testing for compliance to be conducted by bank
personnel or by an outside party;
(3) Designation of an individual or individuals responsible for
coordinating and monitoring day-to-day compliance;
(4) Training for appropriate personnel; and
(5) Appropriate risk-based procedures for conducting ongoing
customer due diligence, to include, but not be limited to:
(i) Understanding the nature and purpose of customer relationships
for the purpose of developing a customer risk profile; and
(ii) Conducting ongoing monitoring to identify and report
suspicious transactions and, on a risk basis, to maintain and update
customer information. For purposes of this paragraph (b)(5)(ii),
customer information shall include information regarding the beneficial
owners of legal entity customers (as defined in Sec. 1010.230 of this
chapter); and
(c) Complies with the regulation of its Federal functional
regulator governing such programs.
PART 1023--RULES FOR BROKERS OR DEALERS IN SECURITIES
0
5. The authority citation for part 1023 continues to read as follows:
Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314
and 5316-5332; title III, sec. 314 Pub. L. 107-56, 115 Stat. 307.
0
6. Revise Sec. 1023.210 to read as follows:
Sec. 1023.210 Anti-money laundering program requirements for brokers
or dealers in securities.
A broker or dealer in securities shall be deemed to satisfy the
requirements of 31 U.S.C. 5318(h)(1) if the broker-dealer implements
and maintains a written anti-money laundering program approved by
senior management that:
(a) Complies with the requirements of Sec. Sec. 1010.610 and
1010.620 of this chapter and any applicable regulation of its Federal
functional regulator governing the establishment and implementation of
anti-money laundering programs;
(b) Includes, at a minimum:
(1) The establishment and implementation of policies, procedures,
and internal controls reasonably designed to achieve compliance with
the applicable provisions of the Bank Secrecy Act and the implementing
regulations thereunder;
(2) Independent testing for compliance to be conducted by the
broker-dealer's personnel or by a qualified outside party;
(3) Designation of an individual or individuals responsible for
implementing and monitoring the operations and internal controls of the
program;
(4) Ongoing training for appropriate persons; and
(5) Appropriate risk-based procedures for conducting ongoing
customer due diligence, to include, but not be limited to:
(i) Understanding the nature and purpose of customer relationships
for the purpose of developing a customer risk profile; and
(ii) Conducting ongoing monitoring to identify and report
suspicious transactions and, on a risk basis, to maintain and update
customer information. For purposes of this paragraph (b)(5)(ii),
customer information shall include information regarding the beneficial
owners of legal entity customers (as defined in Sec. 1010.230 of this
chapter); and
(c) Complies with the rules, regulations, or requirements of its
self-regulatory organization governing such programs; provided that the
rules, regulations, or requirements of the self-regulatory organization
governing such programs have been made effective under the Securities
Exchange Act of 1934 by the appropriate Federal functional regulator in
consultation with FinCEN.
PART 1024--RULES FOR MUTUAL FUNDS
0
7. The authority citation for part 1024 continues to read as follows:
Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314
and 5316-5332; title III, sec. 314 Pub. L. 107-56, 115 Stat. 307.
0
8. Revise Sec. 1024.210 to read as follows:
Sec. 1024.210 Anti-money laundering program requirements for mutual
funds.
(a) Effective July 24, 2002, each mutual fund shall develop and
implement a written anti-money laundering program reasonably designed
to prevent the mutual fund from being used for money laundering or the
financing of terrorist activities and to achieve and monitor compliance
with the applicable requirements of the Bank Secrecy Act (31 U.S.C.
5311, et seq.), and the implementing regulations promulgated thereunder
by the
[[Page 29458]]
Department of the Treasury. Each mutual fund's anti-money laundering
program must be approved in writing by its board of directors or
trustees. A mutual fund shall make its anti-money laundering program
available for inspection by the U.S. Securities and Exchange
Commission.
(b) The anti-money laundering program shall at a minimum:
(1) Establish and implement policies, procedures, and internal
controls reasonably designed to prevent the mutual fund from being used
for money laundering or the financing of terrorist activities and to
achieve compliance with the applicable provisions of the Bank Secrecy
Act and implementing regulations thereunder;
(2) Provide for independent testing for compliance to be conducted
by the mutual fund's personnel or by a qualified outside party;
(3) Designate a person or persons responsible for implementing and
monitoring the operations and internal controls of the program;
(4) Implement appropriate risk-based procedures for conducting
ongoing customer due diligence, to include, but not be limited to:
(i) Understanding the nature and purpose of customer relationships
for the purpose of developing a customer risk profile; and
(ii) Conducting ongoing monitoring to identify and report
suspicious transactions and, on a risk basis, to maintain and update
customer information. For purposes of this paragraph (b)(4)(ii),
customer information shall include information regarding the beneficial
owners of legal entity customers (as defined in Sec. 1010.230 of this
chapter).
PART 1026--RULES FOR FUTURES COMMISSION MERCHANTS AND INTRODUCING
BROKERS IN COMMODITIES
0
9. The authority citation for part 1026 continues to read as follows:
Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314
and 5316-5332; title III, sec. 314 Pub. L. 107-56, 115 Stat. 307.
0
10. Revise Sec. 1026.210 to read as follows:
Sec. 1026.210 Anti-money laundering program requirements for futures
commission merchants and introducing brokers in commodities.
A futures commission merchant and an introducing broker in
commodities shall be deemed to satisfy the requirements of 31 U.S.C.
5318(h)(1) if the futures commission merchant or introducing broker in
commodities implements and maintains a written anti-money laundering
program approved by senior management that:
(a) Complies with the requirements of Sec. Sec. 1010.610 and
1010.620 of this chapter and any applicable regulation of its Federal
functional regulator governing the establishment and implementation of
anti-money laundering programs;
(b) Includes, at a minimum:
(1) The establishment and implementation of policies, procedures,
and internal controls reasonably designed to prevent the financial
institution from being used for money laundering or the financing of
terrorist activities and to achieve compliance with the applicable
provisions of the Bank Secrecy Act and the implementing regulations
thereunder;
(2) Independent testing for compliance to be conducted by the
futures commission merchant or introducing broker in commodities'
personnel or by a qualified outside party;
(3) Designation of an individual or individuals responsible for
implementing and monitoring the operations and internal controls of the
program;
(4) Ongoing training for appropriate persons;
(5) Appropriate risk-based procedures for conducting ongoing
customer due diligence, to include, but not be limited to:
(i) Understanding the nature and purpose of customer relationships
for the purpose of developing a customer risk profile; and
(ii) Conducting ongoing monitoring to identify and report
suspicious transactions and, on a risk basis, to maintain and update
customer information. For purposes of this paragraph (b)(5)(ii),
customer information shall include information regarding the beneficial
owners of legal entity customers (as defined in Sec. 1010.230 of this
chapter); and
(c) Complies with the rules, regulations, or requirements of its
self-regulatory organization governing such programs, provided that the
rules, regulations, or requirements of the self-regulatory organization
governing such programs have been made effective under the Commodity
Exchange Act by the appropriate Federal functional regulator in
consultation with FinCEN.
Dated: May 2, 2016.
David R. Pearl,
Executive Secretary, United States Department of the Treasury.
[FR Doc. 2016-10567 Filed 5-6-16; 8:45 am]
BILLING CODE C