As of May 11, 2018, all financial institutions must be compliant with the Financial Crimes Enforcement Network (FinCEN)’s due diligence rule to collect ultimate beneficial ownership (UBO) information on clients. The Customer Due Diligence (CDD) Rule, long on the horizon and long-speculated about, is finally here.
How can you ensure your institution is prepared?
Follow our 10-point checklist.
1. Run pilot tests
You should be running pilots and test programs, involving a limited number of client accounts, to ensure your new procedures are working properly.
2. Do a gap analysis
Find any weak spots in your institution’s compliance efforts. Look for the most potentially damaging gaps between existing record-keeping procedures and what is expected for CDD Rule compliance and prioritize fixing them.
3. Keep an eye on regulators
Financial institutions still expect guidance from banking regulators on such critical information as what constitutes a new client account. “For example, if there’s a 5% increase in credit [to an existing client], does that create a new account? It’s still unclear,” notes Brett Wolf, at Thomson Reuters Regulatory Intelligence.
Be prepared to quickly incorporate new information provided close to the deadline, such as an updated section in FinCEN’s FAQ on beneficial ownership developed by the FFIEC.
4. Determine your thresholds
Banks need to determine whether they’ll use the 25% beneficial ownership threshold or the more severe 10% threshold. “All institutions need to keep in mind that regulators are going to be looking for risk-based decisions,” Wolf says.
For larger institutions with substantial international business, the 10% threshold may be unavoidable. And while 25% appears to be adequate for community banks with few international clients, “Examiners may still come in and say such-and-such business you’re doing will force you to go to a lower percentage.”
5. Document, document, document
You need a cultural shift in your organization – every decision you make applying to CDD compliance should be thoroughly backed up in documentation. It’s like expecting a tax audit every quarter.
“Make it clear to regulators why you made the decisions you did,” Wolf says. “So even if examiners disagree with you, you’ll have a solid defense. This will prevent the appearance you only made a ham-fisted effort to comply with the rule.”
6. Get external communications going
How are customers being made aware of what’s required from them? Your institution should be doing outreach, letting clients know what information they’ll need to provide, and whether to verify an existing account or open a new one. For mom-and-pop entities in particular, this could be a challenge – it could take time to get necessary documentation.
“You need to explain the history of this rulemaking process and why they now need to turn over this information,” Wolf says. Consider drafting talking points for client service representatives to answer common client questions. Make requests for information clear and concise and be sympathetic to client concerns.
7. Do internal training
From client services representatives to your board of directors, everyone in your organization should know what’s changing and what’s at stake. This could require a combination of conducting internal seminars, doing one-on-one employee training, and regular email blasts.
8. Establish lines of communication
Frontline personnel working with clients need a direct link to your compliance department. You need to have a system in place: who to contact for compliance questions, how best to reach this contact (phone, text, or email, for example), and what steps a client rep should take if they can’t get their question answered.
9. Make sure vendors are up to speed
Some financial institutions are leaning heavily on third-party vendors to get their systems up to speed. If this applies to your organization, have they run enough tests and are they ready to handle the new compliance rules?
10. Prepare for worst-case scenarios
Get a process in place for clients that are either unwilling or unable to provide the necessary information. “There probably will be situations where customers aren’t comfortable sharing that information,” Wolf says. “If so, you have to be prepared to get out of the relationship.” That could be difficult if there’s an outstanding debt, for example. Determine which factors could trigger the severance of a client relationship and how to wind the relationship down with the least amount of stress and potential losses.
Being CDD Rule-compliant is no longer a hypothetical. Your institution needs to start preparing today, if you haven’t already. “There are some stragglers out there who haven’t moved as fast as they should have,” Wolf says. “Examiners are going to come into most organizations pretty soon, and it could be ugly for some of them. Banks need to make clear to examiners exactly what work they’ve done: Be prepared to have those conversations. It will be very obvious when someone clearly didn’t move on this soon enough.”
Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.