NEWS: Under the 2016 Customer Due Diligence (CDD) beneficial ownership rules, credit unions must have written procedures to identify “beneficial owners” – the people who own and control “legal entity customers/members” – organizations opening credit union accounts. Credit unions then must verify the identities of those beneficial owners. The rule required credit unions to verify the beneficial owners of a legal entity member every single time that organization opened a new account (including a new sub-account).
On Feb 13, the Financial Crimes Enforcement Network (FinCEN) issued an Order granting exceptive relief to covered financial institutions from the CDD rule requirement. Rather than having to identify and verify a legal entity customer’s beneficial owners each time the customer/member opens an account, the credit union may now limit its identification and verification of the identities of beneficial owners to the following circumstances:
- When a legal entity member first opens an account with the credit union;
- Any time thereafter when the credit union has knowledge of facts that would reasonably call into question the reliability of beneficial ownership information previously obtained about the legal entity member; and
- As needed based on the credit union’s risk-based procedures for conducting ongoing customer due diligence.
By shifting CDD obligations to a member’s initial onboarding, rather than requiring it every time a new account is opened, and then updating it as needed based on risk, FinCEN has taken an important step toward a more efficient, risk-focused regulatory approach that allows credit unions to devote resources to detecting and preventing illicit financial activity rather than duplicative compliance exercises.
The credit union must still have written procedures in place to manage the risks associated with your legal entity members. You are expected to continue to use your internal monitoring systems to detect when a member profile might have changed. This means that the burden of proof has shifted from a calendar or event-based trigger to a behavioral and risk-based trigger. If the credit union notices unusual transaction patterns or receives information suggesting a change in control, it must re-verify and update the beneficial ownership information.
The credit union will still have to comply with all other applicable anti-money/countering the financing of terrorism (AML/CFT) requirements under the Bank Secrecy Act.
FinCEN is in the process of updating the CDD FAQs to reflect the exceptive relief granted in the Order. We will update ii Release No. 0159 – BSA: Customer Identification Program and Customer Due Diligence accordingly.