Introduction
The Financial Crimes Enforcement Network ("FinCEN"), along with the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, and the Securities and Exchange Commission ("SEC"), in consultation with the Commodity Futures Trading Commission, issued a joint release on March 5, 2010, Guidance on Obtaining and Retaining Beneficial Ownership Information (the "Guidance").1 The Guidance states that it is intended "to clarify and consolidate existing regulatory expectations for obtaining beneficial ownership information for certain accounts and customer relationships." In fact, for many financial institutions, including mutual funds and broker-dealers, the Guidance effectively creates a new legal obligation—never before articulated by the regulators—to "look through" certain account holders and verify the identity of beneficial owners.2 In light of the Guidance, financial thereinstitutions should immediately review their anti-money laundering programs and internal controls and determine what compliance measures are necessary.
Background
In 2003, FinCEN and various federal financial regulators jointly adopted rules that require mutual funds and other financial institutions to verify the identity of their customers.3 For this purpose, the rules generally allow financial institutions to treat the named accountholder as their "customer."4 FinCEN and the federal financial regulators had proposed to also require financial institutions to verify the identity of any person authorized to effect transactions in an account, but that proposal was not adopted.5 Instead, a financial institution's customer identification program ("CIP") must address situations where the financial institution, consistent with a risk-based approach, will take steps to verify the identity of a customer that is not an individual by seeking information about individuals with authority or control over the account, including persons with authority to effect transactions in the account, in order to verify the customer's identity.6 Accordingly, while a mutual fund or other financial institution may request additional information about higher-risk accounts opened by persons other than individuals, a financial institution ordinarily is not required to obtain information about beneficial owners under the CIP rules.
Furthermore, in numerous releases and guidance issued since the adoption of the USA PATRIOT Act in 2001, FinCEN and the SEC have acknowledged that mutual funds and other financial institutions generally are not required to "look through" certain types of intermediated accounts to the identity of beneficial owners for purposes of complying with their broader anti-money laundering responsibilities. For example, in the release adopting anti-money laundering program ("AML Program") requirements for mutual funds, FinCEN acknowledged that, in the case of omnibus accounts, "funds and their transfer agents do not know the identities of the individual investors. Only the distributor (e.g., a broker-dealer) will have contact with the individual investors . . . and will have access to individuals' trading activity."7 FinCEN stated that it did not expect a mutual fund to look as closely at activity in omnibus accounts as in individual accounts, but that the fund should instead "analyze the money laundering risk posed by particular omnibus accounts based upon a risk-based evaluation of relevant factors regarding the entity holding the omnibus account."8 Similarly, in adopting the CIP rule for mutual funds, FinCEN and the SEC stated that "with respect to an omnibus account established by an intermediary, a mutual fund generally is not required to look through the intermediary to the underlying beneficial owners."9 In later guidance about the CIP rule for broker-dealers, FinCEN and the SEC confirmed that broker-dealers are not required to "look through" omnibus accounts and sub-accounts established by financial intermediaries, "[e]ven if the brokerdealer has some information about a beneficial owner of assets in an omnibus account (e.g., batch execution account) or a sub-account."10
FinCEN and the SEC also have confirmed that mutual funds are not required to "look through" accounts opened by a broker-dealer or other financial intermediary through the National Securities Clearing Corporation's Fund/SERV system for purposes of the mutual fund CIP rule.11 In guidance issued in 2003, FinCEN and the SEC said that "[t]hese accounts ... function in manner similar to omnibus accounts," and therefore a mutual fund need not verify the identity of persons that transact through such accounts—even in cases where the mutual fund has information about such persons.
There are several rules under the USA PATRIOT Act that may require mutual funds, broker-dealers and other financial institutions, under certain circumstances, to obtain information about beneficial owners—but only with respect to certain types of accounts with non-U.S. persons. Mutual funds, broker-dealers and certain other financial institutions are required to establish and maintain a due diligence program reasonably designed to detect and report known or suspected money laundering or suspicious activity in "private banking accounts" for non-U.S. persons.12 Under the private banking account rule (which applies to mutual funds even though FinCEN recognizes such accounts are not offered by mutual funds13), a financial institution must take reasonable steps to identify nominal and beneficial owners of the foreign private banking account.14 Financial institutions also are required to conduct due diligence on correspondent accounts maintained in the United States on behalf of foreign financial institutions. 15 Such due diligence may include obtaining information about persons that transact through such accounts, under appropriate circumstances. Each of these requirements was either adopted and effective with the adoption of the USA PATRIOT Act, or was the subject of formal rulemaking by FinCEN and/or the federal financial regulators.
The Guidance
The Guidance discusses three areas: (i) "customer due diligence" ("CDD") procedures; (ii) private banking account due diligence programs; and (iii) foreign correspondent account due diligence programs. The discussion of the private banking account and foreign correspondent account due diligence programs essentially restates the regulatory requirements and related guidance that has previously been provided by FinCEN, and is not discussed in this DechertOnPoint. However, the discussion regarding CDD procedures represents a new statement of policy never before articulated by FinCEN or the financial regulators—particularly insofar as it relates to mutual funds, broker-dealers, and other financial institutions not subject to separate anti-money laundering obligations under the federal banking regulations.16
The Guidance states that "a financial institution should establish and maintain CDD procedures that are reasonably designed to identify and verify the identity of beneficial owners of an account, as appropriate, based on the institution's evaluation of risk pertaining to an account." The Guidance does not define the term "beneficial owner" in this context. A footnote merely suggests that the definition of "beneficial owner" in FinCEN's regulation regarding due diligence for foreign private banking accounts "may be useful for the purposes of this guidance." That regulation defines "beneficial owner" of an account as:
an individual who has a level of control over, or entitlement to, the funds or assets in the account that, as a practical matter, enables the individual, directly or indirectly, to control, manage or direct the account. The ability to fund the account or the entitlement to the funds of the account alone, however, without any corresponding authority to control, manage or direct the account (such as in the case of a minor child beneficiary), does not cause the individual to be a beneficial owner.17
The Guidance states that CDD procedures may include the following:
- Determining whether a customer is acting as an agent for or on behalf of another, and if so, obtaining information regarding the capacity in which and on whose behalf the customer is acting.
- Where the customer is a legal entity not publicly traded in the United States, including a private investment company ("PIC"), an unincorporated association, trust, or foundation, obtaining information about the ownership or structure of such entity so as to allow the financial institution to determine whether the account poses a heightened risk.
- Where the customer is a trustee, obtaining trust structure information sufficient to allow the financial institution to establish a reasonable understanding of such trust's structure and to determine the identity of the provider of funds and any persons or entities that have control over such funds or have the power to remove the trustee or trustees.
Importantly, while a financial institution's CDD procedures may be related to the financial institution's CIP, the Guidance does not alter or supersede the CIP rules or the related guidance thereunder. In addition, the Guidance states that a financial institution's CDD procedures should be "commensurate with its [Bank Secrecy Act/Anti-Money Laundering] risk, with particu- lar focus on high risk customers." According to the Guidance, accounts maintained for certain trusts, corporate entities, shell entities and PICs "may pose heightened risk." If an account has been identified by a financial institution's CDD procedures as posing a heightened risk, such account should be subjected to enhanced due diligence ("EDD") that is reasonably designed to ensure compliance with a financial institution's obligations under the Bank Secrecy Act. The Guidance suggests that the EDD should include steps, in accordance with the level of risk presented by such account, "to identify and verify beneficial owners, to reasonably understand the sources and uses of funds in the account, and to reasonably understand the relationship between the customer and the beneficial owner."
According to the Guidance, "CDD and EDD information should be used for both monitoring purposes and for determining whether there are discrepancies between information obtained regarding an account's intended purpose and expected account activity and the actual sources of funds and uses of the account."
Issues and Conclusion
Because the Guidance is purportedly a restatement of existing regulatory expectations for financial institutions, it was effective upon publication.18 Financial institutions should review their AML Programs promptly to determine whether any changes are required in light of the Guidance.
Notably absent from the Guidance is any indication about how often a financial institution should conduct CDD on a particular account. The CIP rules require a financial institution to verify the identity of a customer at the time the customer opens an account.19 In contrast, the foreign correspondent and private banking account due diligence rules require a financial institution to periodically conduct due diligence on these accounts.20 As a practical matter, it may prove very challenging for a financial institution to periodically obtain information about changes in the "structure" of customers that are trusts or corporations, for example, after the time an account is opened.
Although the Guidance requiring CDD procedures does not specifically cite to any prior rulemaking or other authority to support the regulators' expectations in this area,21 it states that a "cornerstone of a strong [AML Program] is the adoption and implementation of internal controls, which include comprehensive CDD policies, procedures, and processes for all customers...." It is therefore reasonable to assume that the Guidance is based on the broad mandate for all financial institutions to have an AML Program reasonably designed to prevent a financial institution from being used for money laundering or terrorist financing purposes.22 As noted above, in adopting the AML Program rule for mutual funds, FinCEN stated that mutual funds were not expected to look through omnibus accounts to beneficial owners. Accordingly, it seems reasonable to conclude that the Guidance was not intended to alter the existing treatment of omnibus accounts by mutual funds. For similar reasons, a mutual fund should not be required to look through Fund/SERV accounts, which FinCEN has acknowledged "function in a manner similar to omnibus accounts." For other types of accounts, however, mutual funds and other financial institutions should begin taking steps to consider the circumstances under which they will verify the identity of beneficial owners, consistent with the Guidance.
Footnotes
1 Financial Crimes Enforcement Network et al., Guidance on Obtaining and Retaining Beneficial Ownership Information (Mar. 5, 2010), available at http://www.fincen.gov/statutes_regs/guidance/html/fin-2010-g001.html
2 In adopting the Guidance, the SEC indicated that it was merely clarifying and consolidating "existing regulatory expectations for obtaining beneficial ownership information for certain accounts and customer relationships," and that the provisions of the Administrative Procedure Act requiring notice of proposed rulemaking, opportunity for public comment, and prior publication there fore were not applicable. Policy Statement on Obtaining and Retaining Beneficial Ownership Information for Anti-Money Laundering Purposes, SEC Release No. 34-61651 (Mar. 5, 2010). Notably, however, the SEC cites to no release, no-action relief, or other authority to support this statement.
3 See, e.g., Customer Identification Programs for Mutual Funds, SEC Release No. IC-26031 (Apr. 29, 2003) [Mutual Fund CIP Rule].
4 31 C.F.R. § 103.131(c)(2)(i).
5 Customer Identification Programs for Mutual Funds, SEC Release No. IC-25657 (July 12, 2002) (proposed rule).
6 See, e.g., 31 C.F.R. § 103.131(b)(2)(ii)(C).
7 Financial Crimes Enforcement Network; Anti-Money Laundering Programs for Mutual Funds, 67 Fed. Reg. 21,117, 21,118 (Apr. 29, 2002).
8 Id. at 21,120. This treatment of omnibus accounts is consistent with the legislative history of the customer identification and verification provisions of the USA PATRIOT Act. The House Report on the legislation states that where mutual fund shares are held in an omnibus account, "[t]he mutual fund would not be required to 'look through' the broker-dealer to identify and verify the identities of those customers." H.R. Rep. No. 107-250, pt. 1, at 62 (2001).
9 Mutual Fund CIP Rule, supra note 3.
10 FinCEN and SEC, Question and Answer Regarding the Broker- Dealer Customer Identification Program Rule (Oct. 1, 2003), available at http://www.sec.gov/divisions/marketreg/ qa-bdidprogram.htm.
11 FinCEN and SEC, Questions and Answers Regarding the Mutual Fund Customer Identification Program Rule (Aug. 11, 2003), available at http://www.sec.gov/divisions/investment/guidance/qamutualfund.htm.
12 31 C.F.R. § 103.175.
13 See Financial Crimes Enforcement Network; Anti-Money Laundering Programs; Special Due Diligence Programs for Certain Foreign Accounts, 71 Fed. Reg. 496, 505 (Jan. 4, 2006).
14 Id. § 103.178(b)(1).
15 Id. § 103.176; see also id. § 103.177 (requiring certain financial institutions, but not mutual funds, to obtain information about ownership of foreign banks for which the financial institution maintains a correspondent account in the United States).
16 Banks have been subject to AML Program requirements under the federal banking regulations since 1998, and may look to the Federal Financial Institutions Examination Council ("FFEIC") exam manual for additional information about the banking agencies' anti-money laundering regulatory expectations. The Guidance, in a footnote, states that while the FFEIC manual addresses anti-money laundering requirements applicable to banks, "it contains guidance that may be of interest to securities and futures firms."
17 31 C.F.R. § 103.175(b).
18 Theoretically, a regulator might argue that Guidance was effective prior to publication, since, as the SEC release noted, the Guidance simply "clarifies and consolidates existing regulatory expectations."
19 See, e.g., 31 C.F.R. § 103.131 (Mutual Fund CIP Rule).
20 Id. §§ 103.176, 103.178.
21 The Guidance does cite to other rules previously discussed in this DechertOnPoint, but not as the basis for the CDD procedures discussed in the Guidance. The Guidance notes, however, that CDD procedures are an essential part of "internal controls" required by the AML Program rules.
22 See 31 U.S.C. § 5318(h) and the implementing regulations thereunder.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
