USA PATRIOT Act/AML Update: FinCEN Issues Long-Awaited Proposed Regulations Regarding Beneficial Ownership Disclosure
On July 23, 2014, the Financial Crimes Enforcement Network of the U.S. Department of the Treasury (FinCEN) published highly-anticipated proposed regulations that, if adopted into final regulations, would require banks, securities broker dealers, mutual funds, futures commission merchants, and introducing brokers in commodities (collectively, Covered Institutions) to identify and perform due diligence on the ultimate beneficial owners and control persons of any legal entity customer that establishes an account at a Covered Institution. It is unknown at this time when final regulations will be adopted or become effective, and whether the final regulations will deviate from the proposed regulations summarized below.
What Legal Entities are Subject to Ownership Disclosure? "Legal entity customer" means any corporation, limited liability company, partnership or similar business entity, regardless of jurisdiction it is organized under, that opens a new account at a Covered Institution. Importantly, FinCEN commentary to the proposed regulation states that a legal entity customer does not include trusts, except statutory business trusts. This means that Covered Institutions would not be obligated to identify and verify the beneficiaries of common law trusts or foreign trusts, although one would expect many Covered Institutions as a matter of best practice to satisfy supervisory expectations and collect such information from such trusts. In addition to non-statutory trusts, the following entities are excluded from the definition of legal entity customer: a financial institution in the United States regulated by a federal functional regulator; a public company; a registered mutual fund; a registered investment adviser; a securities exchange; any entity registered with the Commodity Futures Trading Commission; a public accounting firm registered under the Sarbanes-Oxley Act; or a charity that has tax-exempt status. Given the narrowness of the exemptions, virtually all legal entity customers that open accounts with Covered Institutions will be required to disclose ultimate beneficial owner and control person information.
What Ownership Information is Collected, and from Whom? For each legal entity customer that opens a new account at a Covered Institution, the customer due diligence (CDD) procedures must enable the Covered Institution to identify and verify the identity of (i) the beneficial owner(s) of each legal entity customer and (ii) the significant control person of each legal entity customer.
A. With respect to beneficial owner identification and verification, the Covered Institution must:
(i) Identify each (up to a maximum of four) 25 percent-or-greater ultimate (i.e., top-of-the-org-chart indirect) beneficial holder of voting or non-voting equity interests of each non-exempt legal entity customer. A Covered Institution would identify an ultimate beneficial owner by obtaining, at the time a new legal entity account is opened, a two-page certification in which the customer certifies the names, social security numbers (for U.S. individuals), and passport numbers (for non-resident aliens) of the reporting ultimate beneficial owners.
(ii) Verify the identity of each reporting ultimate beneficial owner by, at a minimum, using the Covered Institution’s existing Customer Identification Program (CIP) procedures to verify the identity of individual customers.
B. With respect to significant control person identification and verification, the Covered Institution must:
(i) Identify one single individual with "significant responsibility to control, manage or direct" a legal entity customer, such as a CEO, CFO, COO, managing member, general partner, president or treasurer or other individual who performs similar functions. A Covered Institution would identify the significant control person of a legal entity account by obtaining the same certification form completed for the ultimate beneficial owner(s).
(ii) Verify the identity of the reporting significant control person by, at a minimum, using the Covered Institution’s existing CIP procedures to verify the identity of individual customers.
Recordkeeping Requirements. As is the case with existing CIP regulations of FinCEN, Covered Institutions must establish recordkeeping procedures for legal entity customer CDD documentation, including the (i) identification certification form; and (ii) the documentary and non-documentary methods relied upon in the verification process. The record retention period would be (a) for the identification certification, five years after the date the account is closed; and (b) for the verification documents, five years after the record is made.
Reliance on Another Institution’s Diligence. As with the CIP rules, Covered Institutions would be permitted to rely upon the performance by another financial institution or an affiliate thereof with regard to the identification and verification that would be required for legal entity customers, provided that (i) such reliance is reasonable; (ii) the financial institution is subject to an anti-money laundering (AML) program requirement and is regulated by a federal functional regulator; and (iii) the other financial institution enters into a contract with the Covered Institution requiring it to certify annually that it has implemented its AML program.
Practical Considerations for Corporate Customers. For privately-held U.S. and non-U.S. corporate customers of Covered Institutions, the greatest concern that these proposed regulations brings is that, if final regulations are implemented, U.S. law enforcement will finally have relatively easy access (via an USA PATRIOT Act of 2001 Section 314(a) information request, subpoena or other comparable process) to the names and other identifying records of the ultimate beneficial owners of such entities.