Financial Institutions (FIs) around the world are under increasing pressure to know who they are doing business with, at all times. Risk of money laundering and funding of terrorist activities has compelled governments to impose stringent regulations for FIs.
Close on the heels of the 4th EU Money Laundering Directive, the Financial Crimes Enforcement Network (FinCEN) added the Ultimate Beneficial Ownership (UBO) to the Customer Due Diligence (CDD) rule. It mandates FIs to verify the information of beneficial owners, whether direct or indirect, who own 25 percent or more in a legal entity or a controlling stake in the legal entity.
The UBO rule was first proposed in 2014 and finally implemented on May 11, 2018, perhaps an indication of the complex UBO structures involved. The rule is fraught with implications for FIs as they will have to set up data management systems, risk assessment and verification processes to comply with this regulation.
The challenge looming large for covered FIs is the fact that there is no standard repository globally to help track the beneficiaries. This is being dubbed by many as looking for the proverbial needle in a haystack.
The rule allows banks to rely on the information given by the customer, provided it has no reasons to question the reliability of the information. This will require FIs to set up frameworks to define what constitutes reasonable doubt. Data management will be another significant challenge for FIs. Vast amounts of data will have to be analyzed to keep track of changes in ownership and flag risks.
Despite these challenges, FIs will urgently have to find ways to interpret the rule and set processes and frameworks to comply with the requirements. This WNS DecisionPointTM paper analyzes the UBO rule, its key tenets and way forward for FIs.
The Customer Due Diligence (CDD) Requirements for Financial Institutions Rule, including the requirement to obtain beneficial ownership information, became effective on May 11, 2018.
The CDD rule, issued by the Financial Crimes Enforcement Network (FinCEN), requires covered Financial Institutions (FIs) to establish and preserve written policies and procedures that are designed to identify and verify the identity of customers; verify the identity of beneficial owners of companies opening and operating accounts; assess the attributes and purpose of customer relationships for the development of customer risk profiles; undertake continuous monitoring to identify and report suspicious transactions and regularly update customer information to preclude risks.
Ultimate BENEFICIAL OWNERSHIP
The addition of new Ultimate Beneficial Ownership (UBO) information requires FIs to identify and verify the identity of any individual who owns 25 percent or more of a legal entity or a controlling stake in the legal entity.1 Covered FIs should obtain the identities of individuals who satisfy the definition through multiple corporate structures from their legal entity customers.
Let's illustrate with a hypothetical example. Adam is a beneficial owner of Customer since he owns indirectly 30 percent of its equity interests through direct ownership of company A. Barney is a beneficial owner of Customer through his equity interests of 20 percent as part of his direct ownership of company A and 16.5 percent through Company B as part of total indirect ownership interest of 36.6 percent. Neither Cameron nor Diana is a beneficial owner since each owns indirectly only 16.6 percent equity interests of Customer through their indirect ownership of company B.2
IDENTIFICATION & VERIFICATION OF BENEFICIAL OWNERS
As part of the UBO rule, FIs are required to identify and verify the beneficial owner of legal entity customers at the time of opening new accounts. If a customer identified as a beneficial owner is an existing customer of the covered FI and is subject to the FI's Customer Identification Program (CIP), the FI may depend on the existing information in its possession to fulfill the identification and verification requirements, provided that the information is up-to-date, precise and is confirmed verbally or in writing by the customer's representative. FinCEN's new identification and verification requirements have created more stringent data management and protection rules for FIs, thereby exerting pressure on them to upscale their data management and identification program procedures.
RETENTION OF BENEFICIAL OWNERSHIP INFORMATION
The retention of customer data has also got an overhaul with the UBO rule which requires covered FIs to retain all beneficial ownership information. The table below summarizes the key requirements under the retention of beneficial ownership rule.
IDENTIFICATION & VERIFICATION ACCOUNTS FOR INTERNAL RECORD-KEEPING PURPOSES
The beneficial ownership requirement applies to a 'new account,' defined as each new account opened by a legal entity customer. The rule differentiates between new accounts opened by a legal entity customer and by covered FIs for their own administrative or operational purposes and not at the customers' request.3 This interpretation is solely restricted to accounts created to accommodate the business of existing legal entity customers that have previously identified their beneficial ownership. Hence, the following accounts do not fall under the remit of the rule:
- Accounts created to accommodate a trading strategy being carried out by a separate legal entity, including a subsidiary of the existing legal entity customer
- Accounts through which the customer of a FI's existing legal entity customer carries out trading activity directly through the FI with no intermediation from the existing legal entity customer.4
The rules issued under the UBO regulation are complex and challenging. FIs covered under the rule have their work cut out for themselves with regard to enhancing their existing data management, protection and risk assessment procedures. While the rules require the establishment of advanced protocols to understand complex risk aversion systems, it's the complicated data management requirements that present the biggest challenge to FIs.
In situations where verification is required, the covered institution should determine the source and method of obtaining data to identify UBOs and collect information on them. These data searches should be done in an elaborate and sophisticated manner, and need to be updated on a continuous basis. Since there is no single, all-inclusive source of global UBO information today, an efficient and effective data search for verification will be critical.
While some government data is available in government-sponsored websites, registries and databases, these sources are voluminous (for example, 50 states for the U.S.), erroneous, flawed and costly for one individual to access. Other data is available through structured and unstructured data sources such as Google, but the effort required to integrate this data into Google is enormous.
FIs will also be required to conduct data mapping, testing, and ongoing governance to ensure that their systems are properly churning the data and scrubbing UBO information. Such time- consuming tasks can be simplified with the introduction of innovative cloud-based solutions that ease the process of aggregating and enriching data.
Evaluating UBO requirements requires sophisticated data analysis, given the complex structures of legal entities with multiple layers. A key component of the data analysis mechanism is the incorporation of artificial intelligence tools. Sophisticated deep learning algorithms can isolate fraudulent patterns in human identification. These models, whether human or machine generated, can be tested automatically to see if their addition can lead to the identification of more frauds than the set of rules and models already in place.
The UBO rules laid out by FinCEN have made it mandatory for covered FIs to be fully prepared in cases of heightened risks. These rules should be followed with precision to circumvent probable financial and reputational loss.
1. United States Department of the Treasury Financial Crimes Enforcement Network
2. United States Department of the Treasury Financial Crimes Enforcement Network, Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions, April 3 2018