Last week the Financial Crimes Enforcement Network (FinCEN) issued much-anticipated Frequently Asked Questions (FAQs) that provide additional guidance to financial institutions relating to the implementation of the new Customer Due Diligence Rule (CDD Rule), set to go into effect on May 11, 2018.1 In general, the FAQs clarify certain issues that have caused implementation challenges for financial institutions. While FinCEN's earlier guidance provided a general overview of the CDD Rule-including the purpose of the rule, the institutions to which it is applicable, and some relevant definitions-the new FAQs provide greater detail for financial institutions seeking to comply with the CDD Rule. The FAQs are meant to assist covered financial institutions in understanding the scope of their customer due diligence (CDD) obligations, as well as the rule's impact on their broader anti-money laundering (AML) compliance. While the guidance is helpful in clarifying some of FinCEN's expectations, the implementation challenge lies in applying the CDD Rule to a financial institution's specific products and services.

As financial institutions work to meet the CDD Rule's fast-approaching May 11 compliance deadline, they should pay special attention to the following key areas summarized below.

Overview of New FAQs: Key Issues for Financial Institutions

FinCEN's 37 new FAQs aim to provide clarity on a range of issues in the application of the CDD Rule. The topics generally include identification, collection, and verification of beneficial ownership information; the accounts subject to the beneficial ownership requirements; customers and accounts excluded from the beneficial ownership requirements; Currency Transaction Report (CTR) filing with respect to beneficial owners; and ongoing customer monitoring.

"Fifth Pillar" Requirements

The CDD Rule establishes CDD as the "fifth pillar" of an AML compliance program. One of the key elements of the CDD pillar is understanding the nature and purpose of a customer relationship to develop a customer risk profile, which is required for all customers and accounts.2 Addressing the nature and purpose requirement, FAQ 37 states that "[f]inancial institutions must implement risk-based procedures as part of their AML program to demonstrate an understanding of the nature and purpose of customer relationships to develop customer risk profiles."3 Customer risk profiles should include "the information gathered about a customer at account opening," and they are "used to develop a baseline against which customer activity can be assessed for suspicious activity reporting."4 If account activity changes relative to the baseline of the original nature and purpose of the account, risk-based ongoing monitoring may identify a need to update customer information, such as beneficial ownership.5

A customer risk profile may include a system of risk ratings or categories of customers, but this is not required.6 The documentation required to demonstrate an understanding of the nature and purpose of a customer relationship may vary with the type of customer, account, service, or product.7 In the case of certain products such as safety deposit boxes, for example, the nature and purpose of the customer relationship is self-evident, and no additional documentation would be needed to demonstrate this understanding beyond the documentation needed to establish that type of account.8 Every financial institution should consider the risks presented by each type of account it offers, the risks presented by its particular customer base, and how those two sets of risks interact.

Updating Beneficial Ownership Information

As a general matter, the FAQs make clear that the CDD Rule establishes a minimum standard, a 25 percent ownership interest in the legal entity customer, requiring the collection of beneficial ownership information. However, financial institutions may choose to collect and verify beneficial ownership information at a lower ownership threshold than the rule requires.9 FinCEN also states that "[t]here may be circumstances where a financial institution may determine" that collecting information at a lower threshold "may be warranted."10 Although FinCEN does not directly say so, the implication is that financial institutions should strongly consider applying a lower ownership threshold based on the customer's risk. FinCEN also notes that a financial institution "may reasonably conclude" that collecting information at a level lower than 25 percent "would not help mitigate" the customer's specific risk or otherwise provide useful information to the financial institution.11 FinCEN adds that financial institutions could also mitigate "any additional heightened risk" by other means, such as "enhanced monitoring or collecting other information, including expected account activity, in connection with the particular legal entity customer."12

In all cases, institutions must maintain written procedures reasonably designed to identify and verify beneficial ownership and include such procedures in their AML program regardless of whether they adhere to the 25 percent threshold or use a lower threshold (such as 10 percent).13


1 U.S. DEP'T OF THE TREASURY, FIN. CRIMES ENF'T NETWORK, Frequently Asked Questions Regarding Customer Due 2018),

2 FAQ 35.

3 FAQ 37.

4 Id. See also 81 Fed. Reg. 29398.

5 FAQ 36.

6 FAQ 35.

7 Id.

8 FAQ 37.

9 FAQ 1.

10 FAQ 2.

11 Id.

12 Id.

13 Id.

To view the full article, please click here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.