Revised Customer Due Diligence (CDD) rules will go into effect on May 11, 2018, and banks are now completing preparations for the new Beneficial Ownership requirement. Shane B. Bauer is First Vice President of Compliance, BSA and Security Officer at Bankers' Bank.  In this article he provides a helpful overview of the changes and an eleven-point list of clarifying points and recommendations. 


Mastering Beneficial Ownership 

By Shane B. Bauer, FVP – Compliance, BSA and Security Officer *

[ PDF of article ]

For many years, a successful Bank Secrecy Act/Anti-Money Laundering (BSA/AML) program rested on four pillars of compliance:  internal policies and procedures, the designation of a BSA Officer, employee training and independent review.  Auditors and examiners, intimately familiar with these four requirements, have evaluated the programs at every regulated financial institution using the pillars as the benchmark for a successful BSA program.  

In 2016, FinCEN introduced a fifth pillar, Customer Due Diligence (CDD).  While the concepts in the fifth pillar go back many years to “Know Your Customer” procedures, the new CDD rules raise due diligence and risk-based Enhanced Due Diligence (EDD) out of policies and procedures and into a new pillar for special consideration.  These rules will be fully implemented in May 2018, when every successful BSA/AML program will include rigorous attention to understanding who your bank is doing business with.

A key component of the new CDD rules involves determination of Beneficial Ownership.  Until now, customer identification and verification requirements did not specify that banks had to uncover the ownership structure of legal entities to ascertain the people behind the businesses and organizations.  Under the new requirements, subject to some exceptions, every new account must be examined to identify the people behind a legal entity.

FinCEN has helped the industry prepare for the May 11, 2018, deadline by developing informational materials. Resources include a sample Beneficial Ownership certification form (Appendix A), and two rounds of published Frequently Asked Questions (FAQs).  Links to these resources are provided below for easy reference.

Banks are now finalizing their operations for the May deadline, many having already implemented their Beneficial Ownership procedures.  To help with your final pre-deadline reviews, here are some recommendations and clarifications on successfully incorporating Beneficial Ownership into your Customer Due Diligence policies and procedures:

1. You are not required to use the provided certification form (Appendix A).  If you do not you must create one that captures the same information.

2. Unlike CIP, the new CDD rules are account, not customer-based.  They apply to every new account opened with legal entity customers, even those with existing relationships with your bank.  You are allowed to refer back to a previous certification form if you receive assurance that nothing has changed from it, allowing for an abbreviated re-verification.  While the most recent FAQ (April 2018, see Question 7) says this can be a verbal verification, every bank should make a risk-based decision on how to document their process and many may require a written form and a signature.  

3. Your bank is allowed to include an “Agreement to Notify” clause on your certification form, requiring the customer to proactively notify your bank of any change of ownership.  This could be a statement added to the certification signature box saying “I also agree to notify [BANK NAME] of any change in regard to this Certification.”  This could be particularly helpful for auto-renewing relationships such as CDs.  Without an Agreement to Notify, your bank will need to document re-verification with every renewal.  Note:  the Certification Form (Appendix A) linked below does not include this statement, though it can easily be added.

4. Banks should have separate policies and procedures for Beneficial Ownership.  These may be substantially similar, but will not be identical to, those for their Customer Identification Program (CIP).  One difference between Beneficial Ownership and CIP is new CDD rules allow banks to rely on one person to complete and certify the accuracy of the form regardless of the number of beneficial owners.  Your bank is allowed to accept copies and reproductions of required identification and may rely on the information provided without further verification as to its accuracy provided they have no reason to believe it is unreliable.  See §230(b)(2).  

5. Similarly, banks should consider maintaining separate records documenting their Beneficial Ownership process for each new account.  These are required to be retained for five years after the closing of the account.

6. Review the list of legal entities exempted from Beneficial Ownership requirements as detailed in §230(e)(2).  These include other banks, publicly traded companies and governmental organizations among others.  Reference to these exemptions should be included in your procedures.  Note that nonprofits and charitable organizations largely are not exempt from Beneficial Ownership requirements.  At least one person identified through the “control prong” should be recorded as a beneficial owner for these customers.

7. ndividuals identified solely as beneficial owners are not required to be included in mandatory information sharing under FinCEN section 314(a).  However, a bank may, on a risk basis, choose to include beneficial owners in 314(a) checks.  Knowing if you are doing business with a law-enforcement-monitored individual is useful information.  

8. Beneficial owners should be included in OFAC screening, following procedures in line with CIP.  When your bank performs periodic re-verification of customers against watch lists it may be prudent to include beneficial owners in these reviews as well.

9. As clarified in the second FAQ (see Question 3), banks are required to identify any individuals with 25% or more ownership in a legal entity customer, even if that means identifying the ownership in additional layers of legal entities (businesses owning businesses, for example).  Banks should use reasonable means to ascertain the ownership of any legal entity that itself owns a legal entity customer in attempt to find individuals that thereby exceed the 25% ownership threshold.  Note, it is not prohibited to set a lower ownership threshold (below 25%) on a risk basis.  See Question 1 of the second FAQ.  

10. Like the CIP rules, it is permitted for a bank to rely on a third party to perform the requirements of Beneficial Ownership (“reliance”).  If your bank has such arrangements you may want to ensure that your documentation references Customer Due Diligence and not specifically CIP.  If not, you should update the verbiage to ensure it is clear that the new CDD rules are included in your reliance.     

11. Finally, do not underestimate the value of educating customers on this process, as it is new to them, too.  Soon, like CIP rules from the early 2000s, Beneficial Ownership questions will be expected.  Until then, some additional care in explaining why this new information is required may avoid challenges from customers unaccustomed to being asked for this information.

The new requirements of the Customer Due Diligence fifth pillar are the most significant changes to BSA/AML rules in many years, and banks can expect significant scrutiny from regulators.   With the right planning and execution your bank will clear this compliance hurdle cleanly.  If I can provide any guidance or support please reach out to me at This email address is being protected from spambots. You need JavaScript enabled to view it..  

Beneficial Ownership Rule – 31 CFR 1010.230
Beneficial Ownership Form – Appendix A – Revised September 2017
FinCEN FAQ One – July 2016
FinCEN FAQ Two – April 2018

* Shane Bauer is First Vice President – Compliance, BSA and Security Officer at Bankers’ Bank and holds a BS and a MBA from the University of Wisconsin-Madison. He completed the Graduate School of Banking at UW-Madison and is a member of the International Association of Financial Crimes Investigators.  In his 20 years at Bankers’ Bank, Shane has provided knowledge and expertise in payments, compliance and security.