May 6, 2016, the Financial Crimes Enforcement Network of the U.S. Department of the Treasury (FinCEN) finalized regulations that will require banks, securities broker dealers, mutual funds, futures commission merchants, and introducing brokers in commodities (collectively, Covered Institutions) to identify and perform due diligence on the ultimate beneficial owners and control persons of any legal entity customer that establishes an account at a Covered Institution. Although FinCEN received more than 140 comments in response to the proposed rule, including comments that raised significant concerns with and sought substantial modifications to the proposal, the final rule is largely identical to the proposed rule.
What Legal Entities are Subject to Ownership Disclosure? "Legal entity customer" means any corporation, limited liability company, partnership or similar business entity that, regardless of the jurisdiction it is organized under, opens a new account at a Covered Institution. Importantly, the regulation clarifies that a legal entity customer does not include: a trust (other than a statutory trust); a financial institution in the United States regulated by a federal functional regulator; a public company; a registered mutual fund; a registered investment adviser; a securities exchange; any entity registered with the Commodity Futures Trading Commission; a public accounting firm registered under the Sarbanes-Oxley Act; a charity that has tax-exempt status; a bank holding company; or a pooled investment vehicle. Given the narrowness of the exemptions, virtually all legal entity customers that open accounts with Covered Institutions will be required to disclose ultimate beneficial owner and control person information.
What Ownership Information is Collected, and from Whom? For each legal entity customer that opens a new account at a Covered Institution, the customer due diligence (CDD) procedures must enable the Covered Institution to identify and verify the identity of: (i) the beneficial owner(s) of each legal entity customer, and (ii) the significant control person of each legal entity customer.
A. With respect to beneficial owner identification and verification, the Covered Institution must:
(i) Identify each (up to a maximum of four) 25 percent-or-greater ultimate beneficial holder of voting or nonvoting equity interests of each nonexempt legal entity customer. A Covered Institution would identify an ultimate beneficial owner by obtaining, at the time a new legal entity account is opened, a certification (in the form provided in Appendix A to the rule) in which the customer certifies the names, Social Security numbers (for U.S. individuals), and passport numbers (for nonresident aliens) of the reporting ultimate beneficial owners. A Covered Institution may also obtain this information through means other than the Appendix A certification form, such as a form created by the Covered Institution for this purpose, provided that the individual providing the information certifies its accuracy. The final rule clarifies that a Covered Institution may rely upon information supplied by the legal entity customer, provided that it has no knowledge of facts that would reasonably call into question the reliability of the information.
(ii) Verify the identity of each reporting ultimate beneficial owner by, at a minimum, using the Covered Institution’s existing Customer Identification Program (CIP) procedures to verify the identity of individual customers.
B. With respect to significant control person identification and verification, the Covered Institution must:
(i) Identify one single individual with "significant responsibility to control, manage or direct" a legal entity customer, such as a CEO, CFO, COO, managing member, general partner, president or treasurer or other individual who performs similar functions. A Covered Institution would identify the significant control person of a legal entity account by obtaining the same certification form completed for the ultimate beneficial owner(s). Again, a Covered Institution may also obtain this information through means other than a certification, provided that the individual providing the information certifies its accuracy.
(ii) Verify the identity of the reporting significant control person by, at a minimum, using the Covered Institution’s existing CIP procedures to verify the identity of individual customers.
Recordkeeping Requirements. As is the case with existing CIP regulations of FinCEN, Covered Institutions must establish recordkeeping procedures for legal entity customer CDD documentation, including: (i) the identification certification form; and (ii) the documentary and nondocumentary methods relied upon in the verification process. The record retention period would be (a) for the identification certification, five years after the date the account is closed; and (b) for the verification documents, five years after the record is made.
Reliance on Another Institution’s Diligence. As with the CIP rules, Covered Institutions would be permitted to rely upon the performance by another financial institution or an affiliate thereof with regard to the identification and verification that would be required for legal entity customers, provided that: (i) such reliance is reasonable; (ii) the financial institution is subject to an anti-money laundering (AML) program requirement and is regulated by a federal functional regulator; and (iii) the other financial institution enters into a contract with the Covered Institution requiring it to certify annually that it has implemented its AML program.
Effective Date. Compliance with the final rule is not required until May 11, 2018. FinCEN specifically declined to make the final rule retroactive, stating “we believe that retroactive application would be unduly burdensome.”
Practical Considerations for Corporate Customers. For privately-held U.S. and non-U.S. corporate customers of Covered Institutions, these regulations bring the concern that U.S. law enforcement will finally have relatively easy access (via a USA PATRIOT Act of 2001 Section 314(a) information request, subpoena or other comparable process) to the names and other identifying records of the ultimate beneficial owners of such entities.