What is cdd rule?
Description Customer Due Diligence Requirements for Financial Institutions (US Financial Crimes Enforcement Network Regulation) (FINCEN) (2018 Edition) The Law Library presents the complete text of the Customer . Google Books
- Customer identification and verification.
- Understanding the nature and purpose of the business-customer relationship.
- Beneficial ownership identification and verification.
- Ongoing monitoring for suspicious activities.
The CDD Rule requires that financial institutions maintain “appropriate risk-based procedures for conducting ongoing customer due diligence,” including “nderstanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile” and “onducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information,” including beneficial ownership information for legal entity customers.
In Question 1, FinCEN explains, in response to the question of whether covered financial institutions are required to collect information about expected activity on all customers at account opening, or on an ongoing or periodic basis, that the CDD Rule does not categorically require the collection of any particular customer information other than information necessary to develop a customer risk profile, conduct monitoring, and verify beneficial ownership (for legal entity customers). Likewise, FinCEN explains that there is no categorical requirement to conduct media and news screening on all customers and related parties, such as beneficial owners, or to identify transacting parties that conduct transactions through a customer’s correspondent account relationship or omnibus account. However, a financial institution should determine on a risk basis whether such information is needed in order to adequately understand a particular customer relationship and to identify potentially suspicious activity.
With respect to information about expected account activity, covered financial institutions should keep in mind that they are required to “understand the types of transactions in which a particular customer would normally be expected to engage.” In some cases, this understanding can reflect “inherent or self-evident information about the product or customer type, such as the type of customer, the type of account opened, or the service or product offered, or other basic information about the customer.” In such cases, no additional information would be needed. However, for other customers, financial institutions may be expected to collect information about expected account activity in order to satisfy the CDD Rule.
With respect to information about underlying transaction parties other than the customer (e.g., a customer’s customer), financial institutions should keep in mind that such parties are relevant to understanding the risks involved in the customer relationship. Thus, although such persons are not subject to customer identification and beneficial ownership verification, and financial institutions may have no blanket obligation under the BSA to collection information about them, financial institutions still should have risk-based procedures that govern when they will require information about such parties and how they will process information about such third-parties that they do receive. Expanding on this point, in the notice of proposed rulemaking for the CDD Rule, FinCEN explained that “a financial institution’s AML program should contain risk‐based policies, procedures, and controls for assessing the money laundering risk posed by underlying clients of a financial intermediary, for monitoring and mitigating that risk, and for detecting and reporting suspicious activity.” As a result, “hile a financial intermediary’s underlying clients may not be subject to the beneficial ownership requirement, a financial institution would nonetheless be obligated to monitor for and report suspicious activity associated with intermediated accounts, including activity related to underlying clients.” In many cases, this may be general, categorical information about the specific types of counterparties that will use the intermediated relationship. In cases of greater risk, it is possible that more specific information about particular customers and their activity may be relevant.
In addition, FinCEN’s guidance does not displace the obligation to avoid processing transactions involving persons subject to sanctions either as specially-designated nationals or as residents of sanctioned jurisdictions. As a result, covered financial institutions still have a reason to collect enough information to screen transaction parties even when they are not a customer.
In Question 2, FinCEN explains that the CDD Rule does not require financial institutions to use a specific method or categorization to establish customer risk profiles, or to automatically categorize as “high risk” products or customer types identified in government publications as posing specific potential risks. This is because, “even within the same risk category, a spectrum of risks may be identifiable and due diligence measures may vary on a case-by-case basis.” Covered financial institutions are required to understand the financial crime risks of their particular customers, and should utilize risk profiles that are “sufficiently detailed to distinguish between significant variations in the risks of its customers.” In short, “here are no prescribed risk profile categories, and the number and detail of these categories can vary.”
In Question 3, FinCEN explains that the CDD Rule does not require financial institutions to update customer information on a continuous or periodic schedule, though they may decide to do so on a risk basis. Rather, financial institutions must update customer information when they become aware, through normal monitoring, of a change in customer information that is relevant to assessing the risk posed by the customer. In such cases, financial institutions also may need to reassess the customer’s overall risk profile. This guidance is consistent with FinCEN’s previous statements in the preamble to the final CDD Rule as well as in the 2018 FAQs.
Regulations can be shaped and changed according to technological innovations and the geopolitical situation. Regulatory bodies aim to have an equal area of practice for everyone. It creates new rules by changing the existing laws to involve everyone in the game. In addition to being aware of these rules before, understanding these rules' content is essential in the harmonization process.
The Financial Crimes Enforcement Network (FinCEN) has performed the CDD Ultimate Rule published by the U.S. Department for financial institutions in May 2018. The CDD Final Rule includes a set of new Customer Due Diligence requirements.
The CDD Final Rule was by the U.S. Treasury Department's FinCEN to ensure that banks, brokers, insurance companies, real estate, and other compulsory financial institutions have usufruct benefits for their corporate clients.
To be more precise, the CDD Final Rule's application is necessary to determine which under the companies' control financial institutions are affiliated and reveal their relationship with criminal activities such as money laundering and terrorist financing. CDD Final Rule is a solution to understanding the precision of forward-looking processes and systems. Other CDD Ultimate Rule objectives are to strengthen and clarify the CDD requirements of banks and expose money laundering risks and terrorist financing by ensuring that financial institutions cannot conduct a risk assessment for legal entities and institutions' dependents.
Since its introduction, the CDD Final Rule has undergone some changes and updates. Financial institutions need to keep up with these changes to ensure they remain compliant and avoid potential fines or other penalties. Here are some changes to expect in the CDD Final Rule:
According to FinCEN, there are four significant factors for Customer Due Diligence:
AML provides recommendations on how regulators should protect their UBO information when formulating policies and procedures. Organizations need to be UBO-compatible with professional businesses to access the source of information. The basic principles that AML professionals must follow when preparing procedures and collecting UBO information are as follows:
The fact that businesses do not face money laundering risks and be instantly informed about the necessary aml regulations ensures that they protect their reputation. That's why accessing UBO information is an essential thing for professional organizations. With these steps, you can make your company's compliance program robust and scalable.
CDD Final Rule requires financial institutions to identify and verify the identity of the beneficial owners of their clients. Beneficial owners are individuals who ultimately own or control a legal entity or arrangement, such as a company or trust. By identifying and verifying beneficial owners, financial institutions can better understand the true ownership structure of their clients and identify any potential money laundering or terrorist financing risks.
Also, CDD Final Rule emphasizes the importance of conducting ongoing monitoring of clients' transactions and activities to detect and report suspicious activity. Financial institutions are required to establish and maintain risk-based procedures for monitoring their clients' transactions and activities, including the transactions of their beneficial owners. By doing so, financial institutions can identify and report suspicious transactions in a timely manner, which can help prevent money laundering and terrorist financing.
It applies not only to banks but also to other types of financial institutions, such as broker-dealers, mutual funds, and insurance companies. This means that a wide range of financial institutions must comply with the CDD Final Rule and implement effective customer due diligence procedures.
In 2016, FinCEN introduced a new Customer Due Diligence (CDD) rule. It consisted of specific rules on Beneficial Owners. The rule required financial institutions to comply by May 11, 2018. The Final Rule indicates new FinCEN rules with the applicability date of May 11, 2018. But before we understand the importance of the FinCEN CDD rule, let’s have a look at what these terms mean and how they impact due diligence.
The Financial Crimes Enforcement Network (FinCEN) is a government body of the United States. It maintains a network whose objective is to prevent and punish criminals and criminal networks. These are associated with money laundering and other financial crimes. FinCEN is overseen by the U.S. Department of the Treasury. It operates domestically and internationally, and has three major players —
law-enforcement agencies, the regulatory community, and the financial-services community.
Customer Due Diligence (CDD) is the process of determining your customers’ background. This is done in order to determine their identity and the level of risk they possess.
The application of CDD is necessary when companies with AML processes enter a business relationship. This can be with a customer/potential customer. It may be needed to assess their risk profile and verify their identity.
The above risks mainly highlight money laundering and terrorist financing. Companies may need to ‘know their customers’ for a variety of reasons:
The idea behind this new rule to fortify CDD requirements. The rule establishes explicit requirements for CDD. Further, it imposes a new requirement for the FIs. This requires identifying and verifying Beneficial Owners of legal entity customers (businesses).
The CDD Rule applies to Banks, Brokers or dealers in securities, Mutual funds etc
Customer Due Diligence Best Practices
There are 4 crucial elements for due diligence as per FinCEN:
(1) Customer identification and verification,
(2) beneficial ownership identification and verification,
(3) understanding the nature and purpose of customer relationships. This can help to develop a customer risk profile,
(4) continuous monitoring for reporting malicious transactions. On a risk-basis, this can be used for maintaining and updating customer information.
The new rules are not retroactive. In other words, it’s not necessary to acquire beneficial ownership information on every existing client. FinCEN felt that this would be too cumbersome for the institutions.
However, it’s not just an account opening where this information is mandatory. During monitoring the account, the risk profile may change drastically. In that case, the customer information — including beneficial ownership — should be updated. For example, new transaction types or amounts may reflect the change. This can be in terms of account or new ownership. They then fall under the coverage of the new final rule.
FinCEN has restated that the specified threshold (25%) is the base, not the apex. It is at the discretion of covered (FIs) to implement stricter thresholds. FinCEN further states that any incremental risk factors may be mitigated by other reasonable means. This includes enhanced monitoring, collection of additional non-mandatory information and recording information relating to expected account activity.
2. Highlighting Identification and Verification Procedures
Although the CDD Rule’s verification procedures are required to contain similar elements, they may not be identical. For example, a financial institution choosing to accept photocopies of identification documents. This would not meet the standard under the Customer Identification Program (CIP) rules. This derogation is expressly authorized within the CDD rule. Financial institutions should determine the documentation standards. This must pertain to the outcome of the required risk-based analysis. It will lead towards the identification and verification (ID&V) of beneficial owners.
3. Determining beneficial owners of new legal entity customer accounts
Where the individual identified as the beneficial owner must be:
(i) a pre-existing customer of the particular FI, and
(ii) is covered under the FI’s CIP,
A financial institution may recycle the information previously collected. This can be done provided the existing information is up-to-date & accurate. Further, the legal entity customer’s representative must certify or confirm the accuracy of this (verbally or in writing).
4. FinCEN Certification Template
As seen earlier, financial institutions are not mandated to use the template certification. They may use alternative formats such as the institutions’ own forms or similar means. These must comply with the substantive requirements. In the given instance, covered FIs should retain the form and refrain from filing it with FinCEN.
5. Document retention periods for ID&V records
Covered FIs must compulsorily retain all beneficial ownership information collected about a legal entity customer. Identifying information must be held for at least five years after the legal entity’s account is closed. Ex: the Certification Form or its equivalent.
6. Certification of a beneficial owner of multiple accounts
An institution may already have obtained a Certification Form (or its equivalent) for the beneficial owner(s). In such case, the FI may rely on that information to satisfy the beneficial ownership requirement for subsequent accounts. This is provided the customer certifies or confirms (verbally or in writing) that:
(i) such information is updated accurately at the time each subsequent account is opened, and
(ii) the FI is not aware of facts that would question the reliability of such information.
On August 3, 2020, FinCEN introduced additional frequently-asked-questions (FAQs) r4egarding CDD requirements. These were for covered financial institutions detailed in FinCEN’s “CDD Rule”. The 2020 FAQs follow earlier FAQs from FinCEN in July 2016 and April 2018. They provide additional detail on implementing due diligence, building customer risk ratings, and updating customer data.
2020 FAQs — Question 1
Question 1 is in response to the question of whether covered FIs are required to collect information. This is with respect to expected activity on all customers at account opening, or on an ongoing or periodic basis. FinCen highlights that the CDD Rule does not require acquiring of any particular customer information. The only information necessary is to develop a customer risk profile. Others include to conduct monitoring and verify beneficial ownership (for legal entity customers). Likewise, FinCEN states that there is no categorical to conduct media screening on all customers. However, an FI can determine on a risk basis whether such information is needed. This is in order to adequately understand a particular customer relationship. It also helps to identify potentially suspicious activity.
2020 FAQs — Question 2
In Question 2, FinCEN elaborates that the CDD Rule does not require financial institutions to use a specific method. This refers to the method to establish customer risk profiles. It can also automatically categorize as “high risk” products or customer types. These can be identified in government publications as posing specific potential risks. Covered financial institutions are required to comprehend the financial crime risks of their particular customers. They should utilize risk profiles that are “sufficiently detailed. These can be used to distinguish between significant variations in the risks of its customers.
2020 FAQs — Question 3
In Question 3, FinCEN talks about how the CDD Rule does not require financial institutions to update customer information on a continuous or periodic schedule. However, they may decide to do so on a risk basis. Rather, financial institutions must update customer information when they become aware. This can be the result of normal monitoring. It can also be a change in customer information that is relevant to the risk posed by the customer. In such cases, financial institutions also may need to reassess the customer’s overall risk profile. This guidance is consistent with FinCEN’s previous statements in the preamble to the final CDD Rule as well as in the 2018 FAQs.
The 2020 FAQs do not break any major new ground with respect to the CDD Rule. It is helpful for financial institutions seeking to set risk-based limits. It helps determine when specific types of information are needed to determine customer risk. FIs should review their CDD policies and procedures. This is with respect to developing and updating customer risk profiles against the new FAQs. Doing so will help identify any areas that may need to be updated or adjusted.
On the other hand, the guidance emphasizes FinCEN’s preference against customer risk profiling that uses broad categories to assign customer risk. It is in favor of a methodology that is more individually-tailored. It focuses on a solution suitable to the characteristics of particular customers and the products and services they use. This is somewhat in contrast with FinCEN’s statement in the preamble of the Rule. It states that risk profiles in certain cases can be based on “categories of customers” or “risk categories”. The 2020 FAQs appear to allow such an approach at least where a financial institution concludes that a customer’s risk profile is low.
No matter the case, these FAQs may provide a valuable reference point for financial institutions. They explain — for example, to regulators — the risk-based decisions that have gone into their AML programs. They also shed light on why not all accounts with certain characteristics are similarly treated.
The European Union (EU) appears to be far ahead in terms of implementing the rules. They display clarity in the beneficial ownership structure of legal entities. The problem with UBO identification was on the regulatory agenda. This was as early as 2005, with the introduction of the 3rd European Directive on AML. This critical case of European AML Regulation promoted the risk-based approach. It was as a key strategy for tackling money laundering and terrorist financing. It also required obliged entities to identify the individuals controlling legal entities. This would ensure that they cannot be used for hiding asset ownership.
Guidelines for enhanced transparency on legal entities’ ownership were brought about by the 4th (2015) and 5th (2018) money laundering directives to:
In the UK, there exists the People with Significant Control (PSC) register. It consists of information about the owners who own or control companies. Currently, however, only a few countries have collected beneficial ownership data. This is due to the numerous challenges inherent in such an initiative. The UK parliament also decided earlier this year to accept an amendment to the sanctions. There was mention of an anti-money laundering bill that requires the UK’s overseas territories (the British Virgin Islands, Cayman Islands etc.). It would mandate to publish public registers of company ownership by the end of 2020. This reflects the will to extend the beneficial ownership disclosure to tax heavens across the Atlantic. This is sure to improve the governance of tax avoidance and corruption. It might also influence the Americas to follow a similar path.
FinCEN has initiated the journey towards the implementation of sound UBO identification requirements. EU regulations might set the path for the United States to catch up. It will be interesting to observe whether the United States follows the same path and if so, at what pace.
Perhaps the biggest challenge now is to meet the CDD Rule’s compliance requirements efficiently. Identifying UBOs can be a tedious and time-consuming task. it often results in individuals physically constructing the ownership tree on paper. This is highly inefficient and open to regulatory questioning.
With the new regulations hopefully, UBO will be collected digitally in the years to come. There are already many significant developments in this direction. Multiple countries are now placing measures to adopt UBO collection as part of the standard AML process.
Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.
Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.
Visit www.signzy.com for more information about us.
You can reach out to our team at firstname.lastname@example.org
Reach us at: www.signzy.com