New Customer Due Diligence Requirements for Financial Institutions

October 24, 2017

In May 2016, the Financial Crimes Enforcement Network (FinCEN), U.S. Department of the Treasury, issued final rules under the Bank Secrecy Act (BSA) to clarify and strengthen customer due diligence requirements. These new rules generally apply to financial institutions, including brokers or dealers in securities and mutual funds. The rules explicitly require certain due diligence efforts, as well as require the identification and verification of the identity of all beneficial owners of legal entity customers, subject to certain exceptions.

The applicability date for being in compliance with the rules is May 11, 2018.


FinCEN has taken these actions in an effort to strengthen financial transparency and combat the misuse of companies to engage in illicit activities. Previously, financial institutions were not required to know the identity of the individuals who own or control their legal entity customers (also known as “beneficial owners”). The new rules now require them to collect and verify the personal information of all beneficial owners and persons who own, control, and profit from companies when those companies open accounts.


The rules contain three new core elements which are expected to become explicit requirements in an Anti-Money Laundering (AML) Program, those being: (1) identifying and verifying the identity of all beneficial owners of companies opening accounts; (2) understanding the nature and purpose of customer relationships to develop customer risk profiles; and (3) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.


Beneficial Ownership

Under the new rules, covered firms will have to identify and verify the identity of all beneficial owners of legal entity customers (other than those that are excluded) at the time that a new account is opened. The firm may comply by either obtaining this information on a standard certification form provided by FinCEN, or using its own processes for collecting the information.

For purposes of these rules, “beneficial ownership” is defined as “each individual, if any, who directly or indirectly owns 25% of the equity interests of a legal entity customer” and “a single individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager or any other individual who regularly performs similar functions”.

FinCEN notes that the identification and verification requirements for beneficial owners are very similar to those for individual customers under a firm’s Customer Identification Program (CIP), except that a firm may rely on copies of identity documents for beneficial owners.

Anti-Money Laundering Program

The AML program requirement now explicitly includes risk-based procedures for conducting ongoing customer due diligence, to allow for understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile. In addition, customer due diligence also requires conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.

Next Steps:

Accordingly, firms should take the following actions to enhance their existing AML Programs pursuant to the new Customer Due Diligence Rules:

1. Customer Identification and Verification – Develop a process for the identification and verification of the identity of customers; and for making a determination on the beneficial owner(s) of customers, as applicable.

NOTE: A firm may rely on the beneficial ownership information supplied by the customer, provided that it has no knowledge of facts that would reasonably call into question the reliability of the information.

2. Risk-Based Assessment – Develop and implement a risk-based process for conducting ongoing customer due diligence.

3. Risk Profile – Develop and implement a risk profile for each customer so that the firm can understand the nature and purpose of the customer relationship.

4. Ongoing Monitoring – Conduct ongoing monitoring to identify suspicious transactions (based on the risk profile).

5. Reporting – Report any suspicious transactions that run counter to a customer’s risk profile.

NOTE: Beneficial ownership should also be factored into compliance with the existing Office of Foreign Assets Control (OFAC) regulations and the currency transaction reporting (CTR) aggregation requirements.

6. Maintain Customer Data – Maintain and update customer information and revise the customer risk profile accordingly.

NOTE: The update requirement is event-driven. When a firm detects information (including a change in beneficial ownership information) about the customer in the course of its normal monitoring that is relevant to assessing or reevaluating the risk posed by the customer, it must update the customer information, including beneficial ownership information.

7. New Policies and Procedures – Adopt policies and procedures to govern the new CDD processes detailed above.

8. AML Procedures – Amend existing AML Procedures to reflect and cross-reference the new CDD processes/requirements.

9. Recordkeeping – Revise existing recordkeeping procedures to provide that a firm must retain records of the beneficial ownership information that it obtains for a period of five (5) years after such record is made, as well as for five (5) years after the date the account is closed.

10. Service Provider Oversight – As a covered firm may rely on another financial institution to maintain the records of a customer’s beneficial ownership information, to the same extent as under the CIP rule, the third party service provider (such as the transfer agent or administrator) must have policies and procedures in place to comply with the new rules.

Click here to see the Rules.


Compliance, Investment Companies, Mutual Funds, Regulatory