Skip to content Skip to navigation menu
Your browser is not supported by this site.
Please update to the latest version, or use a different browser for the best experience.

Insights & Trends

The CLEAR Picture

September 2016 edition

Implementing the CDD rule in your small organization

Jeremy Byellin, JD

IranIt has been several months since the U.S. Department of the Treasury announced the final publication of the Customer Due Diligence (CDD) rule, and financial institutions continue to scramble to bring their organizations into compliance with the rule before it takes effect in May 2018. Of course, while large institutions may have the resources to meet the requirements of the CDD rule, many smaller financial firms may not, and consequently may instead be facing difficulties implementing and complying with the rule.

Although there is no true substitute for direction from compliance professionals, hopefully this article provides some guidance for smaller organizations in tackling the new CDD rule.

What does the CDD rule require?

The CDD rule requires “covered financial institutions” (as defined by 31 C.F.R. § 1010.605(e)(1)) to identify the “beneficial owners” of “legal entity customers.”

In plain English: the rule requires federally regulated and/or insured institutions and brokers to gather, verify, and record the identities of the actual individuals who own and control a company when said company opens an account.

However, the new requirements are far more extensive than the above statement makes them sound. For example, the CDD rule also amends existing anti-money laundering (AML) program requirements for each covered institution to, among other things, conduct ongoing suspicious activity monitoring and reporting.

(The full text of the rule is available online, but if you want a quick overview and don’t have time to parse through all 120-plus pages of the rule right now, FinCEN has published an FAQ.)

Under the rule, a beneficial owner is defined as each individual in each of the two following prongs:

  • The ownership prong: any individual who directly or indirectly “owns 25% or more of the equity interests of a legal entity customer,” and
  • The control prong: “a single individual with significant responsibility to control, manage, or direct a legal entity customer … or any other individual who regularly performs similar functions.”

According to FinCEN’s FAQ, “a legal entity will have a total of between one and five beneficial owners” – at least one person under the control prong, and between zero to four persons under the ownership prong.

What kind of documentation must be collected?

For each individual who qualifies as a beneficial owner under the either of the above prongs, financial institutions must collect the following information:

  • Name
  • Date of birth
  • Address
  • Social Security number or other government identification number

The information must be verified at the time a new account is opened, most typically through the review by the institution of a current government-issued form of identification bearing a photograph of the individual, such as a driver’s license or passport.

The rule notes that these verification requirements are similar to existing customer identification program (CIP) verification requirements for individual customers.

How can my organization make this easier?

That is the million-dollar question, isn’t it?

While there are no easy shortcuts, those familiar with the new rule along with current federal regulations may have noticed relationships and similarities between many CDD and existing AML and CIP requirements.

For instance, the CDD rule requires covered institutions’ procedures for identifying and verifying the identity of beneficial owners to “at a minimum, contain the same elements as required for verifying the identity of customers that are individuals under the applicable CIP rule.” In addition, the CDD rule uses the same definition of “account” as that used for CIP purposes.

Furthermore, covered financial institutions are required to include these procedures in the institution’s AML compliance program.

The point here is that, while the CDD does impose a broad array of new regulations on financial institutions, many simply build on existing CIP and Bank Secrecy Act (BSA)/AML requirements. As such, there should be no need to reinvent the wheel in many circumstances, and organizations may be able to save time and money in the implementation of CDD rule requirements by leveraging existing CIP and BSA/AML compliance programs.

Court Express