WIXLIB

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceCIP Definition ‐ CustomerCustomerA customer is:– A “person” (an individual, a corporation, partnership, a trust, anestate, or any other entity recognized as a legal person)– Who opens a new account, an individual who opens a new account foranother individual who lacks legal capacity, and an individual whoopens a new account for an entity that is not a legal person (e.g., acivic club).35Customer Does Not Include Existing customers who open new accounts provided the bankhas a reasonable belief that it knows the customer’s trueidentity– NOTE: However, coverage includes new cosigners added to existingaccounts and borrowers who assume existing loans A person who does not receive banking services, such as aperson whose loan application is denied. Excluded from the definition of customer are federallyregulated banks, banks regulated by a state bank regulator,governmental entities, and publicly traded companies.36Financial Solutions * May 201718

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceMinimum CIP RequirementsThe CIP must contain account‐opening procedures detailing theidentifying information that must be obtained from eachcustomer.At a minimum, the bank must obtain the following identifyinginformation from each customer before opening the account:– Name– Date of birth, forindividuals– Physical Address– Identification Number37CIP Address Individual– Residential or street address.– Army Post Office (APO) orFleet Post Office (FPO).– Street address of next of kinor another contact individual.– Description of physicallocation.38Financial Solutions * May 201719

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceCIP Address Business– Principal place ofbusiness.– Office location.– Other physical address.39CIP Identification Number U.S. Person Non‐U.S. Person– Taxpayer ID Number (TIN) orevidence of one.––––ITIN.Passport number.Alien ID card Number.Number & country ofissuance of any unexpiredgovernment issued ID(showing nationality orresidence)40Financial Solutions * May 201720

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceCustomer Identification Program (CIP)Three matters to consider:– Collection– Verification– Timing41CIP ProceduresRisk‐based Customer VerificationCIP must contain procedures for verifyingcustomers identity within reasonable periodof time after account is opened. Documentary Non‐documentary Lack of verification42Financial Solutions * May 201721

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceAdditional Verification for CertainCustomersThe CIP must address situations where, based on its riskassessment of a new account opened by a customer that is notan individual, the bank obtains information about individualswith authority or control over such accounts, includingsignatories, in order to verify the customer’s identity.For example: A bank may need to obtain information about and verify theidentity of a sole proprietor or the principals in a partnership when the bankcannot otherwise satisfactorily identify the sole proprietorship or thepartnership.– Regulators have finalized Beneficial Ownership requirements43Failure to Verify Identities The bank’s CIP should contain procedures to addresssituations when the bank cannot verify the customer’s trueidentity. These should include:– When the bank should refuse to open an account– When the bank should allow a customer to use an account whileit attempts to verify the customer’s identify– When the bank should close an account after attempts atidentity verification have failed– When the bank should file a SAR in connection with the failureto verify a customer’s identity or other suspicious activity44Financial Solutions * May 201722

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceMaintaining CIP Records and RetentionThe bank’s CIP must maintaining records of all accountinformation obtained during the verification process, including:––––All identifying information about the customerA description of any document that was relied onA description of the methods and resultsA description of the resolution of any discrepancyRecords retention– All records obtained to identify the customer before opening an account mustbe retained for five years after the date the account is closed. These records include the customer’s name, date of birth, address, and ID number.For credit card accounts, records must be maintained for five years after theaccount is closed or becomes dormant.– Records used to verify the customer’s identity using documents, non‐documentary methods, or other methods must be retained for five years afterthe record was made.45Additional CIP RequirementsComparison with Government Lists The bank’s CIP must contain procedures for determining whether thecustomer appears on any government‐issued lists of suspected orknown terrorists or terrorist organizations. As of this date of this training, there are no designated governmentlists to verify specifically for CIP purposes.Customer Notice Providing customers with a notice that the information is being usedto verify their identities. The notice must be placed in a manner that the customer will be ableto view it before opening an account. For example, it can be:– Posted in the bank’s lobby– Printed on applications– Posted on the bank’s Web site46Financial Solutions * May 201723

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceSample Notice LanguageIMPORTANT INFORMATION ABOUT PROCEDURES FOROPENING A NEW ACCOUNT:To help the government fight the funding of terrorism andmoney laundering activities, federal law requires all financialinstitutions to obtain, verify, and record information thatidentifies each person who opens an account. What this meansfor you: When you open an account, we will ask for your name,address, date of birth, and other information that will allow us toidentify you. We may also ask to see your driver’s license orother identifying documents.47Additional CIP InformationReliance on Another Financial InstitutionA bank is permitted to rely on another financial institution (including an affiliate) toperform some or all of the elements of the CIP, if reliance is addressed in the CIP andthe following criteria are met: The relied‐upon financial institution is subject to a rule implementing the AMLprogram requirements of 31 USC 5318(h) (Maintain an Anti‐Money LaunderingProgram) and is regulated by a federal functional regulator.The customer has an account or is opening an account at the bank and at theother functionally regulated institution.Reliance is reasonable, under the circumstances.The other financial institution enters into a contract requiring it to certify annuallyto the bank that it has implemented its AML program, and that it will perform (orits agent will perform) the specified requirements of the bank’s CIP48Financial Solutions * May 201724

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceUse of Third‐Parties for CIPUse of Third PartiesThe CIP rule does not alter a bank’s authority to use a third party, such as an agent orservice provider, to perform services on its behalf. Therefore, a bank is permitted toarrange for a third party, such as a car dealer or mortgage broker, acting as its agent inconnection with a loan, to verify the identity of its customer.The bank can also arrange for a third party to maintain its records. However, as with any other responsibility performed by a third party, the bank isultimately responsible for that third party’s compliance with the requirements ofthe bank’s CIP. As a result, banks should establish adequate controls and review procedures forsuch relationships.49Customer Due DiligenceBeneficial Ownership50Financial Solutions * May 201725

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceCustomer Due Diligence (CDD):Beneficial Ownership Prior to the rule, there was no mandatory requirement for banks to knowthe identity of individuals who own or control a legal entity customer FinCEN’s final rule was published on May 11, 2016 and applies to MANYtypes of financial entities– Has been in process since February 29, 2012 Enhances CDD requirements by mandating that financial institutionsidentify and verify the identity of the beneficial owners of their legalentity customers Two‐Pronged Test– Ownership – Identify up to 4 individuals with 25% or more direct or indirectownership in the entity’s equity– Control – Identification of one individual with significant responsibility tocontrol, manage, or direct a legal entity At your discretion based on risk, you may want to REQUIRE more control individuals51Beneficial Ownership Two‐Year Compliance Transition Period. Covered financial institutionshave until May 11, 2018 to implement the new requirements. Must verify the identity of the individual identified as a beneficial owner,but NOT his or her status as a “beneficial owner.” Required identity information can be obtained by any means, and recordsof the information can be kept in any manner that satisfies the applicablerecordkeeping rules. The CDD Rule is not retroactive; it does not require a “lookback” to obtainbeneficial ownership information from existing customers, unless thosecustomers experience a triggering event.– Customer information should be updated on an event‐driven basis in the course ofnormal monitoring activity. For example, opening a new account, applying for a newloan, requesting signature card or transaction authorization updates, replacing existingguarantors with new individuals, etc.52Financial Solutions * May 201726

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceNew Fifth Pillar of an Effective AML Program1.2.3.4.5.Board approved policies and proceduresA designated compliance officerAn ongoing training programAn independent audit functionConduct customer due diligenceA. Understand the nature and purpose of customerrelationships for the purpose of developing a customerrisk profileB. Conduct ongoing monitoring to identify and reportsuspicious transactions and, on a risk basis, maintain andupdate customer information, including beneficial ownerinformation53Legal Entity Customer An entity that files a public document with aSecretary of State, or similar state official oroffice, including any similar entity formedunder the laws of a foreign jurisdiction. Examples include corporations, limited liabilitycorporations, partnerships, etc.54Financial Solutions * May 201727

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceCustomer Due Diligence – New RuleLegal EntityNot a Legal EntityCorporationNatural PersonLLCSole ProprietorshipPartnership, generalUnincorporated assoc.or limitedUnregistered trustBusiness trusts (registered)Created by filing ofpublic document with government55Customer Due Diligence – New RuleImportant Dates and Key Points: Effective July 11, 2016 You have to comply by May 11, 2018 You should be building a coalition of stakeholderswithin your firm to contemplate compliance The rule only applies to new accounts openedafter May 11, 2018 (new accounts opened fornew or existing legal entity customers)56Financial Solutions * May 201728

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceKnow Your Customer’s Owners According to FinCEN, clarifying and strengthening CDDrequirements will advance BSA’s purpose in a number ofways.– Enhance the ability of law enforcement to access beneficialownership information.– Increase the ability of various stakeholders to identify assetsassociated with criminals and terrorists, helping to strengthencompliance with sanctions programs.– Help financial institutions assess and mitigate potential risks andcomply with legal requirements.– Facilitate tax compliance, especially as it relates to the ForeignAccount Tax Compliance Act (FATCA) and reciprocity with otherjurisdictions.– Promote consistency in implementing and enforcing CDDregulatory expectations across financial sectors.57Legal Entity Customer Enhanced TransparencyIdentify andverify customeridentityIdentify andverify beneficialowners(Individuals!!)Understand thenature andpurpose ofcustomerrelationshipConduct ongoingmonitoring toidentify andreport suspiciousactivity58Financial Solutions * May 201729

GBA 2017 Advanced Compliance SchoolManaging BSA/AML Compliance“Beneficial Owner” The definition of “beneficial owner” would have twocomponents: an ownership prong and a control prong.– Under the ownership prong, a beneficial owner would be anindividual who, directly or indirectly, owns 25% or more of theequity interests of the legal entity. There could be no more than4 individuals in this context.– The control prong would apply to an individual with significantresponsibility to control, manage or direct a legal entitycustomer, such as an executive officer, senior manager or anindividual who performs similar functions. You would only needto identify a single individual. Each prong would be an independent test, although oneindividual could potentially satisfy both tests.59Beneficial Ownership Key Points Each individual who owns 25% or more of the equity interests ina legal entity customer and one individual who exercisessignificant managerial control over the legal entity customer. Legal entity customers include corporations, limited liabilitycompanies, partnerships or similar business entities, but nottrusts. No requirement to identify underlying customers inintermediated accounts. Standard beneficial ownership certification form is optional. Verify identity of beneficial owner, not beneficial owner status. Preserves a risk‐based approach –the rule serves as theminimum. Recordkeeping is required.60Financial Solutions * May 201730

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceBeneficial Ownership Requirement Covered financial institutions will be required to identifybeneficial owners of new legal entity customers, subject tocertain exemptions. Covered institutions:– Will not have to identify beneficial owners of certain types of legalentity customers.– Will not have to identify the beneficial owners of anintermediary’s underlying clients if that financial institution has noCustomer Identification Program (CIP) obligation with respect tothose underlying clients.– Will be able to rely on a standard certification form at the bank’soption (was originally a required form in proposal).– Will be able to rely on the CDD of other financial institutions,consistent with the approach in the existing CIP reliance structure.61Exclusions from Legal Entity Customer A financial institution regulated by a federal functionalregulator or a bank regulated by a state bank regulator A department or agency of the United States, a State orthe political subdivision of a State An entity established under the laws of the UnitedStates, a State or the political subdivision of a Statethat exercises governmental authority An entity other than a bank whose stock is listed on anational exchange or a subsidiary of that entity if thelisted entity owns at least 51% of the equity of thesubsidiary62Financial Solutions * May 201731

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceExclusions from Legal Entity Customer(continued) Other entities not covered by the CDD requirement:–––––––––––An issuer of certain securities registered with the SECAn investment companyAn investment adviserAn exchange or clearing agencyAny other entity registered with the SECCertain entities registered with the CFTCA public accounting firm registered under Sarbanes‐OxleyA bank holding companyA pooled investment vehicleA state‐regulated insurance companyA foreign financial institution63Limited Beneficial Ownership CDD Entities For some entities, only a control person mustbe identified and verified:– A pooled investment vehicle operated or advisedby a financial institution– A legal entity established as a non‐profit that hasfiled appropriate documents with the State64Financial Solutions * May 201732

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceAccounts Exempt from CDD BO Requirements Accounts opened at the point‐of‐sale solelyfor purchase at that retailer Accounts to finance the purchase of postage Accounts to finance payments of property andcasualty insurance premiums Accounts to finance equipment leases orpurchase65Identify the Individual in Control Under the ownership prong, eventhough there may be complexstructures and ownerships, FinCENexpects financial institutions willidentify the natural person whoexercises control. FinCEN does not expect financialinstitutions to analyze whetherindividuals are acting in concert toexercise control. If a trust owns 25% or more of theequity interests of a legal entitycustomer, the trustee is consideredthe beneficial owner.66Financial Solutions * May 201733

GBA 2017 Advanced Compliance SchoolManaging BSA/AML ComplianceNatural Person Required Information Natural person opening the account for the legal entitycustomer – name and title Beneficial owners:––––Name (plus title for the controlling individuals)Date of birthAddressSocial Security Number (for US Persons) or passport numberand country of issuance or similar documentation (for non USPersons) New CDD rule does not require that CDD verification stepsbe identical to CIP requirements67New Accounts & Certification The requirement to obtain beneficial ownership information would applyonly when a new account is opened. It would not apply to existingaccounts, but would apply when an existing customer opened a newaccount.– FinCEN suggests, however, that financial institutions may want toobtain a certificate from existing customers when the customer’s riskprofile is updated. When an account is opened, require that the customer execute astandardized certification form or provide required information. The process requires the individual opening an account to certify, to thebest of his or her knowledge, on behalf of the entity, that the informationis complete and correct. The financial insti

Customer Identification Program (CIP) CIPis intended to enable a bank to form a reasonable belief it knows the true identity of each customer. -AllBanks must have a risk‐based written CIP appropriate for its size and type of business. -Typically incorporated into the banks BSA/AML compliance program.