FinCEN’s Customer Due Diligence Rule

Respond to the Final Rule with confidence

The Financial Crimes Enforcement Network (FinCEN) Final Rule regarding Customer Due Diligence (CDD) will soon be in force. With implementation required by May 11, 2018, covered financial institutions must ensure their due diligence programs are in line with FinCEN’s guidance on four core elements of a CDD program, including:

• Customer identification and validation

• Beneficial ownership identification and verification

• Understanding the nature and purpose of customer relationships to develop a customer risk profile

• Ongoing monitoring for reporting suspicious transactions and, on a risk-basis, maintaining and updating customer information

As your organization works toward restructuring or enhancing your CDD program ahead of the FinCEN deadline, certain short-term goals as outlined below are necessary for immediate compliance. But looking ahead, also consider long-term strategies for intrinsic, sustainable program compliance.

So, what should you do to prepare?

1. Identify customers and validate identifications

• Now: Know your customer and vendor base. This process may involve the vetting and/or a re-vetting of new and existing customers/vendors to ensure data integrity and consistency for regulatory reporting.

• Long-term: Develop, implement, and validate a systematic process for data collection. In the event of a potential third party risk, have an established path for escalation and decisioning within your organization.

2. Identify beneficial owners and verify identifications

• Now: Authenticate and validate your business relationships to ensure you can meet the regulatory expectation of identifying all individuals who maintain a 25% or greater equity interest or possess the ability to control any business entity you partner with. In cases where third party-provided information may be incomplete or insufficient, independently re-vet your partners and identify intermediary and ultimate ownership information, as well as any state ownership and/or political exposure.

Partner with a vendor who can help scale your research efforts using a variety of tools, including desktop research tools as well as in-country document retrieval.

Once beneficial ownership is established, confirm the individual’s source of wealth to ensure they meet regulatory standards.

Have an escalation path for atypical research results.

Try to achieve identification beyond the 25% identification suggested by the regulation.

• Long-term: Develop and implement a systematic approach to beneficial ownership identification and verification for record-keeping. Consider implementing a process for monitoring changes in beneficial ownership and for the regular refresh of records.

3. Establish a risk profile

•  Now: Evaluate due diligence and screening results, as well as consider utilizing questionnaires that allow for risk-ranking to enhance your understanding of customer profiles. Run screening and due diligence to establish a baseline score for your third party universe. Through this workflow process you can identify potential risk within your relationships. Create an escalation plan to mitigate the risk associated with your third parties.
• Long-term: Utilize technology to help facilitate a risk-based approach and program that includes questionnaires, scoring, vetting, record-keeping, and an escalation process.

4. Monitor, update, and maintain information

• Now: Evaluate technology solutions to facilitate monitoring and record keeping. Aim for implementation well in advance of The Final Rule.
• Long-term: Streamline your process with the help of technology to evaluate alerts and red flags that are identified in a timely fashion, consistently refining your process.