BNA INSIGHTS: Perspectives on the New Customer Due Diligence Rule

Money Laundering

This article focuses on the commentary released along with the final version of the Customer Due Diligence Requirements for Financial Institutions, which address the collection of beneficial ownership regarding entity accounts, the designation of “fifth pillar” status for customer due diligence in an AML program, and the requirement for monitoring of transactions and customer profiles responsive to the customer due diligence to be collected.

Robert M. Axelrod

By Robert M. Axelrod

Robert M. Axelrod is a director in Deloitte Transactions and Business Analytics LLP, an affiliate of Deloitte Financial Advisory Services LLP. He specializes in projects addressing financial transactions in regulatory and compliance contexts, including anti-money laundering and anti-terrorist financing, as well as anti-corruption concerns in the financial services industry, specifically addressing banks, insurance companies and broker dealers.

On May 11, the Financial Crimes Enforcement Network (FinCEN) released a veritable tome of commentary to accompany the publication of the final version of the Customer Due Diligence (CDD) Requirements for Financial Institutions.1 The release notes for the rule, the initial draft of which was released in 2012, run about 62 pages in the compact Federal Register, and more than 200 pages in the prepublication PDF.

This commentary lays out FinCEN's overall expectations of anti-money laundering (AML) compliance for financial institutions, some economic theories of criminal behavior, and some emphasis on the role of U.S. regulation in the global community. The result is long on high ideals if a bit short on empathy, and is worth considering as firms revisit their compliance and business priorities.

This article focuses on these perspectives, rather than the specific provisions of the new rules, which address the collection of beneficial ownership regarding entity accounts, the designation of “fifth pillar” status for customer due diligence in an AML program, and the requirement for monitoring of transactions and customer profiles responsive to the customer due diligence to be collected.

Compliance is not market-driven from a financial institution perspective.

 FinCEN recognizes that the benefits flowing from AML compliance, as well as the risks for incomplete compliance occur in part outside the experience of financial institutions. Thus, the benefits financial institutions may recognize from better (in this case, Customer Due Diligence or CDD) compliance may not seem to fully be offset by their cost, but FinCEN’s computation of benefits has a broader, societal reach. Simply put, financial institutions shouldn’t expect to see the full measure of crime reduction from their efforts within their own transaction or customer set. If financial institutions could see this, they might, in a market sense, adjust their effort accordingly. But FinCEN does not see this as realistic because financial institutions see their costs more clearly than the total benefits. FinCEN thus sees the regulation as a way of having financial institutions behavior reflect a broader view of financial crime economics than the financial institutions themselves may have.

The benefits of AML compliance include tax compliance and the furthering of cooperation from foreign governments.

By gathering the CDD information as prescribed in the rule, financial institutions facilitate appropriate taxation under the Foreign Accounts Tax Compliance Act (FATCA), which also, in turn, fulfills U.S. commitments to foreign governments. Considering this as an AML goal might be mildly surprising to some, and it underscores that FinCEN’s agenda reflects its perspective as part of the U.S. government, rather than merely a benevolent force against crime. In particular, FinCEN sees this compliance as part of its reciprocal information exchange with foreign governments to improve intergovernmental cooperation in the fight against financial crime. FinCEN has a distinctly global view here.

The perceived incremental costs of compliance with the new rules are softened by the fact that FinCEN regards the thrust of the rules to be consistent with good and existing practice or consistent with existing expectations for financial institutioncompliance otherwise.

FinCEN underscores that since a financial institution cannot fully recognize suspicious activity in the absence of knowing its customers, the rule only clarifies and makes explicit that which was necessarily required to be undertaken in some fashion anyway. This is consistent with numerous enforcement actions from regulators where information about customers was either ignored or not taken into account in making flawed judgments not to file a suspicious activity report. 

FinCEN characterizes the rule as an “effective means of clarifying, consolidating, and harmonizing expectations and practices across all covered financial institutions” and, indeed, the explication of the rule is largely framed in terms of a consistent approach to this basic process of having robust customer information and being able to use it to ascertain whether there is reportable activity.

FinCEN does not appear to be troubled by the prospect that affected accounts will pick up and go elsewhere, because FinCEN sees so many jurisdictions requiring comparable treatment around the world such as to leave little alternative, anyway.

On one hand, FinCEN notes that the beneficial owners of potentially opaque shell companies may have to reveal their identity for tax or additional reasons otherwise, and on the other hand, that the rule is part of a largely successful global effort to enforce similar requirements of transparency around the world. Therefore, FinCEN reasons, customers are unlikely to disturb their existing choices for account placement because of this rule. Most of them already have to reveal this information to someone, somewhere, and they aren’t likely to move to have to do it one more time where they already have an account.

The prospect that brilliant criminals can evade the rule through falsehood and chicanery is rejected as an argument against AML compliance.

One potential argument against making the effort associated with compliance is that really smart criminals will know how to avoid the “trap” of the AML program, including monitoring. As a result, under this argument, the financial institutions carry a big burden that falls on bank employees and loyal, law-abiding customers rather than the intended target.

FinCEN looks to the theories of economists and notes that making the path of laundering money more difficult is likely to reduce criminal activity. Criminals are deemed economically rational actors that may defer or abandon action when it becomes incrementally more costly. As a result, the cost of illegal conduct goes up since lying to avoid acknowledging beneficial ownership (one of the key pieces of information collected under the rule) makes it easier to prove criminal intent.  The criminal may also find it difficult to recruit a surrogate owner, and incur the added risk that the surrogacy will occasion a leak of information to law enforcement. Finally, the cost goes up because prosecutors can use information about shell companies to better locate and seize the criminal’s assets.

The point of collecting information about customers is not merely to have a complete file but to use the information in the AML program.

This seemingly obvious point is often lost in compliance programs. The idea behind gathering customer information is for the financial institution to use it. This information is essential to discerning whether transactions picked up by monitoring rules or even the nature of account transactions are surprising or reasonable in light of who the customer is and what the customer’s purported business purpose may be. It is also essential to be aware whether an entity is a front for a (beneficial owner) sanctioned party or could bring the institution negative news and reputational risk that is not apparent at the entity level. It may, as well, figure into how and whether the financial institution aggregates different cash transactions in deciding when to file a currency transaction report, or how to recognize structuring activity.  

One way in which this reasoning is not fully explored in the release is the treatment of reliance on another party to gather beneficial ownership information. If another party gathers information, will the financial institution have the use of the information? This is not listed as one of the criteria for permissible reliance, but the financial institution's access to and use of the CDD information, regardless of who gathers it, seems consistent with the commentary in the rule. Additionally, it is somewhat surprising that placement of beneficial ownership information at government levels is used by FinCEN as support for an exemption, but this may presuppose that the collecting government agency has or will make the information available to the financial institution,2 who would, in turn, be able to use it appropriately.

In making CDD the new “fifth pillar” to AML programs, FinCEN encountered and denied a challenge to its ability to supplement the (statutory) Bank Secrecy Act.

The four pillars of an AML program set out in section 352 of the USA Patriot Act — internal controls, independent testing, employee training and a designated BSA officer — now have an added fifth pillar, customer due diligence. FinCEN addresses and rejects the comments that it has effectively overstepped its authority by amending legislation, and states that its statutory ability to flesh out programs by regulation allows the creation of a fifth pillar around CDD. It additionally reasons that the CDD requirements of the rule are implicit in the requirement of a workable AML program anyway. Nonetheless, by having codified CDD as an explicit regulatory requirement, FinCEN has potentially lowered the threshold for enforcement actions premised on discrete regulatory violations, because there are now requirements that are newly the subject of regulations.

With this rule, the compliance process edges a little closer toward a prescriptive approach, as opposed to a risk-based one.

A number of financial institutions, and particularly banks, have long gathered much of the CDD information required by the rules.3 On a risk basis, banks have determined what percentage of beneficial ownership is worth collecting, with some banks seeking information on beneficial owners with as little as 5 percent of the customer entity. This is in contrast to the flat 25 percent required by the rule. FinCEN makes clear how important consistency is both within institutions of the same type (hence the decision not to exempt smaller banks from the rule) and across different institutions so that criminals cannot easily slip from one harbor to another. And although it is mentioned in a segment on costs, FinCEN seems to have been taken with its finding that financial institutions have heretofore been inconsistent in the operations of their onboarding processes. However, consistency is in some ways the adversary of discretion. FinCEN has opted here to have, as a practical matter, the same certification and percentages (as a minimum) and identification standards for beneficial ownership across financial institutions, with a few modest exemptions. Financial institutions may choose to deviate in favor of more rigor on a risk basis if they wish, but the rules are sufficiently demanding to implement (FinCEN extended the required date of implementation for two years hence in deference to the difficulties) that one might not expect such deviations to be frequent, at least in the near term.


FinCEN sets out in the lengthy rules commentary a good deal of its philosophy of AML compliance. It emphasizes its cooperation with foreign governments, the integrated nature of AML compliance around information gathering and reporting, and the relatively recent presence of a widespread and successful international coalition against financial crime. It embraces a broad view of deterring criminal activity, and explains why it has such a priority on consistent treatment of AML issues, at least regarding the CDD of the rule.

The Customer Due Diligence Requirements for Financial Institutions, RIN 1506-AB25 (the “rule”) can be accessed here. However, the prepublication version, in PDF format, may be easier to navigate, and can be found here. The 2012 Advance Notice of Proposed Rulemaking, 2012-5187, Customer Due Diligence Requirements for Financial Institutions, was the opening salvo for this rule, which can be accessed here.   

It is not necessary, therefore, to gather beneficial ownership information from bank holding companies. FinCEN also chose to continue the rubric of intermediary as customer use in the Customer Information Program rules and guidance, and continues to allow financial institutions that address customers through intermediaries (such as broker with investment adviser sub accounts) to treat the intermediary as the customer rather than the investor, and thus not gather beneficial ownership information in that regard except as to the intermediary.  

See federal banking regulators' guidance on beneficial ownership in 2010, FIN-2010-G001, Guidance on Obtaining and Retaining Beneficial Ownership Information.

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.