Customer Due Diligence Requirements for Financial Institutions, 29397-29458 [2016-10567]

Download as PDF Vol. 81 Wednesday, No. 91 May 11, 2016 Part III Department of the Treasury mstockstill on DSK3G9T082PROD with RULES3 Financial Crimes Enforcement Network 31 CFR Parts 1010, 1020, 1023, et al. Customer Due Diligence Requirements for Financial Institutions; Final Rule VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 PO 00000 Frm 00001 Fmt 4717 Sfmt 4717 E:\FR\FM\11MYR3.SGM 11MYR3 29398 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations DEPARTMENT OF THE TREASURY Financial Crimes Enforcement Network 31 CFR Parts 1010, 1020, 1023, 1024, and 1026 RIN 1506–AB25 Customer Due Diligence Requirements for Financial Institutions Financial Crimes Enforcement Network (FinCEN), Treasury. ACTION: Final rules. AGENCY: FinCEN is issuing final rules under the Bank Secrecy Act to clarify and strengthen customer due diligence requirements for: Banks; brokers or dealers in securities; mutual funds; and futures commission merchants and introducing brokers in commodities. The rules contain explicit customer due diligence requirements and include a new requirement to identify and verify the identity of beneficial owners of legal entity customers, subject to certain exclusions and exemptions. DATES: The final rules are effective July 11, 2016. Applicability Date: Covered financial institutions must comply with these rules by May 11, 2018. FOR FURTHER INFORMATION CONTACT: FinCEN Resource Center at 1–800–767– 2825. Email inquiries can be sent to frc@ fincen.gov. SUPPLEMENTARY INFORMATION: SUMMARY: mstockstill on DSK3G9T082PROD with RULES3 I. Executive Summary A. Purpose of This Regulatory Action Covered financial institutions are not presently required to know the identity of the individuals who own or control their legal entity customers (also known as beneficial owners). This enables criminals, kleptocrats, and others looking to hide ill-gotten proceeds to access the financial system anonymously. The beneficial ownership requirement will address this weakness and provide information that will assist law enforcement in financial investigations, help prevent evasion of targeted financial sanctions, improve the ability of financial institutions to assess risk, facilitate tax compliance, and advance U.S. compliance with international standards and commitments. FinCEN believes that there are four core elements of customer due diligence (CDD), and that they should be explicit requirements in the anti-money laundering (AML) program for all covered financial institutions, in order to ensure clarity and consistency across sectors: (1) Customer identification and VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 verification, (2) beneficial ownership identification and verification, (3) understanding the nature and purpose of customer relationships to develop a customer risk profile, and (4) ongoing monitoring for reporting suspicious transactions and, on a risk-basis, maintaining and updating customer information. The first is already an AML program requirement and the second will be required by this final rule. The third and fourth elements are already implicitly required for covered financial institutions to comply with their suspicious activity reporting requirements. The AML program rules for all covered financial institutions are being amended by the final rule in order to include the third and fourth elements as explicit requirements. FinCEN has the legal authority for this action in the Bank Secrecy Act (BSA), which authorizes FinCEN to impose AML program requirements on all financial institutions 1 and to require financial institutions to maintain procedures to ensure compliance with the BSA and its implementing regulations or to guard against money laundering.2 B. Summary of the Major Provisions of the Rulemaking 1. Beneficial Ownership Beginning on the Applicability Date, covered financial institutions 3 must identify and verify the identity of the beneficial owners of all legal entity customers (other than those that are excluded) at the time a new account is opened (other than accounts that are exempted). The financial institution may comply either by obtaining the required information on a standard certification form (Certification Form (Appendix A)) or by any other means that comply with the substantive requirements of this obligation. The financial institution may rely on the beneficial ownership information supplied by the customer, provided that it has no knowledge of facts that would reasonably call into question the reliability of the information. The identification and verification procedures for beneficial owners are very similar to those for individual customers under a financial institution’s customer identification program (CIP),4 except that for beneficial owners, the institution may rely on copies of 1 31 U.S.C. 5318(h)(2). U.S.C. 5318(a)(2). 3 The term ‘‘covered financial institution’’ refers to: (i) Banks; (ii) brokers or dealers in securities; (iii) mutual funds; and (iv) futures commission merchants and introducing brokers in commodities. 4 31 CFR 1020.220, 1023.220, 1024.220, 1026.220. 2 31 PO 00000 Frm 00002 Fmt 4701 Sfmt 4700 identity documents. Financial institutions are required to maintain records of the beneficial ownership information they obtain, and may rely on another financial institution for the performance of these requirements, in each case to the same extent as under their CIP rule. The terms used for the purposes of this final rule, including account, beneficial ownership, legal entity customer, excluded legal entities, new account, and covered financial institution, are set forth in the final rule. Financial institutions should use beneficial ownership information as they use other information they gather regarding customers (e.g., through compliance with CIP requirements), including for compliance with the Office of Foreign Assets Control (OFAC) regulations, and the currency transaction reporting (CTR) aggregation requirements. 2. Anti-Money Laundering Program Rule Amendments The AML program requirement for each category of covered financial institutions is being amended to explicitly include risk-based procedures for conducting ongoing customer due diligence, to include understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile. A customer risk profile refers to the information gathered about a customer at account opening used to develop a baseline against which customer activity is assessed for suspicious activity reporting. This may include self-evident information such as the type of customer or type of account, service, or product. The profile may, but need not, include a system of risk ratings or categories of customers. In addition, customer due diligence also includes conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For these purposes, customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230). The first clause of paragraph (ii) sets forth the requirement that financial institutions conduct monitoring to identify and report suspicious transactions. Because this includes transactions that are not of the sort the customer would be normally expected to engage, the customer risk profile information is used (among other sources) to identify such transactions. This information may be integrated into the financial institution’s automated monitoring system, and may be used E:\FR\FM\11MYR3.SGM 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES3 after a potentially suspicious transaction has been identified, as one means of determining whether or not the identified activity is suspicious. When a financial institution detects information (including a change in beneficial ownership information) about the customer in the course of its normal monitoring that is relevant to assessing or reevaluating the risk posed by the customer, it must update the customer information, including beneficial ownership information. Such information could include, e.g., a significant and unexplained change in the customer’s activity, such as executing cross-border wire transfers for no apparent reason or a significant change in the volume of activity without explanation. It could also include information indicating a possible change in the customer’s beneficial ownership, because such information could also be relevant to assessing the risk posed by the customer. This applies to all legal entity customers, including those existing on the Applicability Date. This provision does not impose a categorical requirement that financial institutions must update customer information, including beneficial ownership information, on a continuous or periodic basis. Rather, the updating requirement is event-driven, and occurs as a result of normal monitoring. C. Costs and Benefits This is a significant regulatory action pursuant to Executive Order 12866 (‘‘E.O. 12866’’) because it is likely to result in a final rule that may have an annual effect on the economy of $100 million or more. Accordingly, FinCEN published for comment on December 24, 2015 a preliminary Regulatory Impact Assessment (RIA) for the proposed rule (80 FR 80308), which provided a quantitative estimate of the costs to the private sector for which adequate data are available and a qualitative discussion of both the costs and benefits for which data are not available. As a result of the comments submitted, FinCEN revised the preliminary RIA to include additional cost estimates 5 and is publishing with this final rule a final RIA. The annualized quantified costs (under low cost scenarios) are estimated to be $153 million (at a seven percent discount rate) and $148 million (at a three percent discount rate). The annualized quantified costs (under high cost scenarios) are estimated to be $287 million (at a seven percent discount 5 In the final RIA, we estimate that 10-year quantifiable costs range from $1.15 billion to $2.15 billion in present value using a seven percent discount rate, and from $1.3 billion to $2.5 billion using a three percent discount rate. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 rate) and $282 million (at a three percent discount rate). Because the benefits of the rule cannot be quantified, FinCEN has utilized a breakeven analysis to determine how large the final rule’s benefits would have to be in order to justify its estimated costs. The RIA uses Treasury’s estimate of $300 billion in illicit proceeds generated annually in the United States due to financial crimes, to determine the minimum level of effectiveness that the final rule would need to achieve for the benefits to equal the costs. Based on this analysis, using the upper bound of our cost assessment, FinCEN has concluded that the final rule would only have to reduce illicit activity by 0.6 percent to yield a positive net benefit. The Treasury Department believes that the final rule will reduce illicit activity by a greater amount than this. II. Background A. The Bank Secrecy Act FinCEN exercises regulatory functions primarily under the Currency and Foreign Transactions Reporting Act of 1970, as amended by the USA PATRIOT Act of 2001 (PATRIOT Act) and other legislation, which legislative framework is commonly referred to as the ‘‘Bank Secrecy Act’’ (BSA).6 The BSA authorizes the Secretary of the Treasury (Secretary) to require financial institutions to keep records and file reports that ‘‘have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism.’’ 7 The Secretary has delegated to the Director of FinCEN the authority to implement, administer, and enforce compliance with the BSA and associated regulations.8 FinCEN is authorized to impose anti-money laundering (AML) program requirements on financial institutions,9 as well as to require financial institutions to maintain procedures to ensure compliance with the BSA and the regulations promulgated thereunder or to guard against money laundering.10 6 The BSA is codified at 12 U.S.C. 1829b, 12 U.S.C. 1951–1959, 18 U.S.C. 1956, 1957, and 1960, and 31 U.S.C. 5311–5314 and 5316–5332 and notes thereto, with implementing regulations at 31 CFR chapter X. See 31 CFR 1010.100(e). 7 31 U.S.C. 5311. 8 Treasury Order 180–01 (July 1, 2014). 9 31 U.S.C. 5318(h)(2). 10 31 U.S.C. 5318(a)(2). PO 00000 Frm 00003 Fmt 4701 Sfmt 4700 29399 B. The Importance of Customer Due Diligence FinCEN, after consultation with the staffs of the Federal functional regulators and the Department of Justice, has determined that more explicit rules for covered financial institutions with respect to customer due diligence (CDD) are necessary to clarify and strengthen CDD within the BSA regime, which in turn will enhance financial transparency and help to safeguard the financial system against illicit use. Requiring financial institutions to perform effective CDD so that they understand who their customers are and what type of transactions they conduct is a critical aspect of combating all forms of illicit financial activity, from terrorist financing and sanctions evasion to more traditional financial crimes, including money laundering, fraud, and tax evasion. For FinCEN, the key elements of CDD include: (i) Identifying and verifying the identity of customers; (ii) identifying and verifying the identity of beneficial owners of legal entity customers (i.e., the natural persons who own or control legal entities); (iii) understanding the nature and purpose of customer relationships; and (iv) conducting ongoing monitoring. Collectively, these elements comprise the minimum standard of CDD, which FinCEN believes is fundamental to an effective AML program. Clarifying and strengthening CDD requirements for U.S. financial institutions, including with respect to the identification of beneficial owners, advance the purposes of the BSA by: (1) Enhancing the availability to law enforcement, as well as to the Federal functional regulators and self-regulatory organizations (SROs), of beneficial ownership information about legal entity customers obtained by U.S. financial institutions, which assists law enforcement financial investigations and a variety of regulatory examinations and investigations; (2) Increasing the ability of financial institutions, law enforcement, and the intelligence community to identify the assets and accounts of terrorist organizations, corrupt actors, money launderers, drug kingpins, proliferators of weapons of mass destruction, and other national security threats, which strengthens compliance with sanctions programs designed to undercut financing and support for such persons; (3) Helping financial institutions assess and mitigate risk, and comply with all existing legal requirements, including the BSA and related authorities; E:\FR\FM\11MYR3.SGM 11MYR3 29400 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations (4) Facilitating reporting and investigations in support of tax compliance, and advancing commitments made to foreign counterparts in connection with the provisions commonly known as the Foreign Account Tax Compliance Act (FATCA); 11 (5) Promoting consistency in implementing and enforcing CDD regulatory expectations across and within financial sectors; and (6) Advancing Treasury’s broad strategy to enhance financial transparency of legal entities. mstockstill on DSK3G9T082PROD with RULES3 1. Assisting Financial Investigations by Law Enforcement The abuse of legal entities to disguise involvement in illicit financial activity is a longstanding vulnerability that facilitates crime, threatens national security, and jeopardizes the integrity of the financial system. Criminals have exploited the anonymity that use of legal entities can provide to engage in money laundering, corruption, fraud, terrorist financing, and sanctions evasion, among other financial crimes. There are numerous examples that Treasury has tracked as a part of its National Money Laundering Risk Assessment and Terrorist Financing Risk Assessment.12 For example, in 2013, prosecutors in New York indicted 34 alleged members of RussianAmerican organized crime groups, charging that they participated in a range of racketeering activities. One of the constituent racketeering enterprises was alleged to have moved millions of dollars in unlawful gambling proceeds through a network of shell companies 13 in Cyprus and the United States.14 In 2011, Federal prosecutors indicted 13 individuals for their alleged unlawful takeover and looting of a publicly-held mortgage company. Some of these 11 Officially the Hiring Incentives to Restore Employment Act of 2010, Public Law 111–147, 124 Stat. 71, Section 501(a). 12 U.S. Dep’t of the Treasury, National Money Laundering Risk Assessment (2015), available at https://www.treasury.gov/resource-center/terroristillicit-finance/Documents/National%20Money%20 Laundering%20Risk%20 Assessment%20%E2%80%93%2006-12-2015.pdf; U.S. Dep’t of the Treasury, National Terrorist Financing Risk Assessment (2015), available at https://www.treasury.gov/resource-center/terroristillicit-finance/Documents/National %20Terrorist%20Financing%20Risk%20 Assessment%20%E2%80%93%2006-12-2015.pdf. 13 A shell company is a legal entity that has been registered with a state but has no physical operations or assets. Shell companies can serve legitimate purposes, such as holding financial assets or other property, but can also be used to conceal the source, ownership, or control of illegal proceeds. U.S. Dep’t of the Treasury, National Money Laundering Risk Assessment at 43. 14 Id. at 20. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 defendants allegedly used the assets of the company to acquire shell companies, while other defendants are alleged to have further obscured the ownership of these companies through complex legal structures involving other shell companies.15 In 2006, prosecutors indicted a number of individuals for their roles in supporting a long-running nationwide drug trafficking organization. The proceeds generated by this trafficking organization were laundered through numerous shell and shelf 16 corporations created to provide apparently legitimate fronts for this income. These legal entities were further used to open accounts at financial institutions and hold title to property.17 Other examples cited by law enforcement officials include major drug trafficking organizations using shell companies to launder drug proceeds.18 In 2011, a World Bank report highlighted how corrupt actors consistently abuse legal entities to conceal the proceeds of corruption, which the report estimates to aggregate at least $40 billion per year in illicit activity.19 Other criminals also make aggressive use of front companies,20 which may also conduct legitimate business activity, to disguise the deposit, withdrawal, or transfer of illicit proceeds that are intermingled with legitimate funds. Strong CDD practices that include identifying and verifying the identity of the natural persons who own or control a legal entity—i.e., the beneficial owners—help defend against these abuses in a variety of ways. The collection of beneficial ownership information by financial institutions can provide law enforcement with key details about suspected criminals who 15 Id. 16 A shelf corporation is a legal entity that has been registered with a state but not yet used for any purpose; it has instead been kept on the ‘‘shelf’’ for a buyer who does not want to go through the process of creating a new legal entity. Id. 17 Id. at 44. 18 Combating Transnational Organized Crime: International Money Laundering as a Threat to Our Financial System, Before the Subcommittee on Crime, Terrorism, and Homeland Security, H. Comm. on the Judiciary, 112th Cong. (February 8, 2012) (statement of Jennifer Shasky Calvery as Chief, Asset Forfeiture and Money Laundering Section, Criminal Division of the U.S. Department of Justice). 19 The Puppet Masters: How the Corrupt Use Legal Structures to Hide Stolen Assets and What to Do About It, The International Bank for Reconstruction and Development/The World Bank (2011). 20 A front company is a legitimate business that combines illicit proceeds with earnings from its legitimate operations, thereby obscuring the source of the illegitimate funds. See U.S. Dep’t of the Treasury, National Money Laundering Risk Assessment at 43. PO 00000 Frm 00004 Fmt 4701 Sfmt 4700 use legal structures to conceal their illicit activity and assets. Moreover, requiring legal entities seeking access to financial institutions to disclose identifying information, such as the name, date of birth, and Social Security number of natural persons who own or control them, will make such entities more transparent, and thus less attractive to criminals and those who assist them. Even if an illicit actor tries to thwart such transparency by providing false beneficial ownership information to a financial institution, law enforcement has advised FinCEN that such information can still be useful in demonstrating unlawful intent and in generating leads to identify additional evidence or co-conspirators. 2. Advancing Counterterrorism and Broader National Security Interests As noted, criminals often abuse legal entities to evade sanctions or other targeted financial measures designed to combat terrorism and other national security threats. The success of such targeted financial measures depends, in part, on the ability of financial institutions, law enforcement, and intelligence agencies to identify a target’s assets and accounts. These measures are thwarted when legal entities are abused to obfuscate ownership interests. Effective CDD helps prevent such abuses by requiring the collection of critical information, including beneficial ownership information, which may be helpful in implementing sanctions or other similar measures. 3. Improving a Financial Institution’s Ability To Assess and Mitigate Risk Explicit CDD requirements would also enable financial institutions to assess and mitigate risk more effectively in connection with existing legal requirements. It is through CDD that financial institutions are able to understand the risks associated with their customers, to monitor accounts more effectively, and to evaluate activity to determine whether it is unusual or suspicious, as required under suspicious activity reporting obligations.21 Further, in the event that a financial institution files a suspicious activity report (SAR), information gathered through CDD in many instances can enhance SARs, which in turn can help law enforcement, intelligence, national security, and tax authorities investigate and pursue illicit financing activity. 21 See, E:\FR\FM\11MYR3.SGM e.g., 31 CFR 1020.320. 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations 4. Facilitating Tax Compliance Customer due diligence also facilitates tax reporting, investigations and compliance. For example, information held by banks and other financial institutions about the beneficial ownership of companies can be used to assist law enforcement in identifying the true owners of assets and their true tax liabilities. The United States has long been a global leader in establishing and promoting the adoption of international standards for transparency and information exchange to combat cross-border tax evasion and other financial crimes. Strengthening CDD is an important part of that effort, and it will dovetail with other efforts to create greater transparency, some of which are longstanding, such as the United States’ commitments to exchanging information with other jurisdictions under its tax treaties and tax information exchange agreements, and others of which are new, such as the information reporting requirements under FATCA.22 FATCA requires foreign financial institutions to identify U.S. account holders, including legal entities with substantial U.S. ownership, and to report certain information about those accounts to the Internal Revenue Service (IRS).23 The United States has negotiated with foreign governments to enter into intergovernmental agreements that facilitate the effective implementation of these requirements. These agreements allow foreign financial institutions to rely on existing AML practices in a number of circumstances, including, in the case of the intergovernmental agreements, for purposes of determining whether certain legal entity customers are controlled by U.S. persons. Pursuant to many of these agreements, the United States has committed to pursuing equivalent levels of reciprocal automatic information exchange with respect to collecting and reporting to the authorities of the FATCA partner jurisdiction information on the U.S. financial accounts of residents of that jurisdiction. A general requirement for U.S. financial institutions to obtain beneficial ownership information for AML purposes advances this mstockstill on DSK3G9T082PROD with RULES3 22 Hiring Incentives to Restore Employment Act of 2010, Public Law 111–147, Section 501(a). 23 See generally Internal Revenue Service, ‘‘Regulations Relating to Information Reporting by Foreign Financial Institutions and Withholding on Certain Payments to Foreign Financial Institutions and Other Foreign Entities,’’ RIN 1545–BK68 (January 28, 2013), available at https://www.irs.gov/ PUP/businesses/corporations/TD9610.pdf. For further updates on FATCA regulations, see https:// www.irs.gov/Businesses/Corporations/ForeignAccount-Tax-Compliance-Act-(FATCA). VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 commitment, and puts the United States in a better position to work with foreign governments to combat offshore tax evasion and other financial crimes. 5. Promoting Clear and Consistent Expectations and Practices Customer due diligence is universally recognized as fundamental to mitigating illicit finance risk, even though not all financial institutions use the specific term ‘‘customer due diligence’’ to describe their practices. While Treasury understands from its outreach to the private sector that financial institutions broadly accept this principle and implement CDD practices in some form under a risk-based approach, financial institutions have expressed disparate views about what precise activities CDD entails. At public hearings held after the closing of the comment period to the Advance Notice of Proposed Rulemaking (ANPRM),24 discussed below, financial institutions described widely divergent CDD practices, especially with respect to identifying and verifying the identities of beneficial owners outside of limited circumstances prescribed by statute.25 For example, during one of these hearings, FinCEN learned that some financial institutions already obtain beneficial ownership information in all circumstances, while others obtain this information only for certain categories of customers or following a triggering event. Institutions also identified a range of practices, from varied percentage of ownership thresholds, to the extent of information collected (e.g., only the name of the beneficial owner(s) versus collection of additional information, such as addresses, etc.).26 FinCEN believes that this disparity adversely affects efforts to mitigate risk and can promote an uneven playing field across and within financial sectors. Financial institutions have noted that unclear CDD expectations can result in inconsistent regulatory examinations, potentially causing them to devote their limited resources to managing derivative legal risk rather than fundamental illicit finance risk. Private sector representatives have also noted that inconsistent expectations can 24 Financial Crimes Enforcement Network (FinCEN), ‘‘Customer Due Diligence Requirements for Financial Institutions,’’ 77 FR 13046 (March 5, 2012). 25 See, e.g., FinCEN, Summary of Public Hearing: Advance Notice of Proposed Rulemaking on Customer Due Diligence (October 5, 2012), available at https://www.fincen.gov/whatsnew/html/ 20121130NYC.html. (‘‘Participants expressed varied views as to whether, how and in what circumstances, financial institutions obtain beneficial ownership information.’’). 26 Id. PO 00000 Frm 00005 Fmt 4701 Sfmt 4700 29401 effectively discourage best practices, because financial institutions with robust compliance procedures may believe that they risk losing customers to other institutions with more lax procedures. Greater consistency across the financial system addresses this competitive inequality. Providing a consolidated and clear CDD framework will help address these issues. As part of this framework, expressly stating CDD requirements in these regulations with respect to (i) understanding the nature and purpose of customer relationships and (ii) conducting ongoing monitoring will facilitate more consistent implementation, examination, supervision and enforcement of these expectations. With respect to the beneficial ownership requirement, requiring all covered financial institutions to identify and verify the identities of beneficial owners in the same manner and pursuant to the same definition also promotes consistency across industry. Requiring covered financial institutions to operate under one clear CDD framework will promote a more level playing field across and within financial sectors. 6. Advancing Treasury’s Broad Strategy To Enhance Financial Transparency of Legal Entities Finally, clarifying and strengthening CDD is an important component of Treasury’s broader three-part strategy to enhance financial transparency of legal entities. Other key elements of this strategy include: (i) Increasing the transparency of U.S. legal entities through the collection of beneficial ownership information at the time of the legal entity’s formation and (ii) facilitating global implementation of international standards regarding CDD and beneficial ownership of legal entities. This final rule thus complements the Administration’s ongoing work with Congress to facilitate adoption of legislation that would require the collection of beneficial ownership information at the time that legal entities are formed in the United States. This final rule also advances Treasury’s ongoing work with the Group of Twenty Finance Ministers and Central Bank Governors (G–20), the Financial Action Task Force (FATF), the Global Forum on Transparency and Exchange of Information for Tax Purposes, and other global partners, who have emphasized the importance of improving CDD practices and requiring the disclosure of beneficial ownership information at the time of company formation or transfer. Moreover, this proposal furthers the E:\FR\FM\11MYR3.SGM 11MYR3 29402 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations United States’ Group of Eight (G–8) commitment as set forth in the United States G–8 Action Plan for Transparency of Company Ownership and Control, published on June 18, 2013.27 This Action Plan is in line with principles agreed to by the G–8, which the Administration noted ‘‘are crucial to preventing the misuse of companies by illicit actors.’’ 28 It is also found in the U.S. Action Plan to Implement the G– 20 High Level Principles on Beneficial Ownership, published on October 16, 2015.29 While these elements are all proceeding independently, together they make up a comprehensive approach to promoting financial transparency of legal entities. mstockstill on DSK3G9T082PROD with RULES3 C. The Advance Notice and Notice of Proposed Rulemaking FinCEN initiated this rulemaking process in March 2012 by issuing an ANPRM that described FinCEN’s potential proposal for codifying explicit CDD requirements, including customer identification and verification, understanding the nature and purpose of accounts, ongoing monitoring, and obtaining and verifying beneficial ownership information.30 FinCEN received 90 comments, mostly from banks, credit unions, securities and futures firms, mutual funds, casinos, and money services businesses. In general, these commenters raised concerns about the potential costs and practical challenges associated with a categorical requirement to obtain beneficial ownership information. They also expressed concerns with respect to FinCEN’s articulation of the other components of CDD (understanding the nature and purpose of customer relationships and ongoing monitoring), asserting that, contrary to FinCEN’s stated intention, these would in part be new requirements rather than an 27 United States G–8 Action Plan for Transparency of Company Ownership and Control, available at https://www.whitehouse.gov/the-pressoffice/2013/06/18/united-states-g-8-action-plantransparency-company-ownership-and-control. 28 White House Fact Sheet: U.S. National Action Plan on Preventing the Misuse of Companies and Legal Arrangements (June 18, 2013), available at https://www.whitehouse.gov/the-press-office/2013/ 06/18/fact-sheet-us-national-action-planpreventing-misuse-companies-and-legal. 29 U.S. Action Plan to Implement the G–20 High Level Principles on Beneficial Ownership, available at https://www.whitehouse.gov/blog/2015/10/16/usaction-plan-implement-g-20-high-level-principlesbeneficial-ownership. 30 Two years prior to that, in March 2010, FinCEN, along with several other agencies, published Joint Guidance on Obtaining and Retaining Beneficial Ownership Information, FIN– 2010–G001 (March 5, 2010). Industry reaction to this guidance is one reason that FinCEN sought to further clarify CDD requirements by making them explicit within FinCEN’s regulations. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 explicit codification of pre-existing obligations. To better understand and address these concerns, Treasury held five public hearings from July to December 2012 in Washington, DC, Chicago, New York, Los Angeles and Miami.31 At these meetings, participants expressed their views on the ANPRM and offered specific recommendations about how best to balance the benefits with the practical burdens associated with obtaining beneficial ownership information. These discussions were critical in the development of the Notice of Proposed Rulemaking (NPRM) issued on August 4, 2014 (79 FR 45151). The NPRM proposed a new requirement for covered financial institutions to identify the natural person or persons who are beneficial owners of legal entity customers opening new accounts, subject to certain exemptions, and to verify the identity of the natural person(s) identified. As proposed, a covered financial institution would satisfy this requirement at the time a new account is opened by obtaining information on a standard certification form directly from the individual opening the new account on behalf of the legal entity customer, and by verifying the identity of the natural person(s) identified consistent with existing customer identification program (CIP) procedures for verifying the identity of customers who are natural persons. The NPRM thus sought to facilitate this proposed new requirement by leveraging the CIP procedures that have been required of all covered financial institutions since 2003. The NPRM also proposed that the AML program requirements for all types of covered financial institutions be amended to include appropriate riskbased procedures for conducting ongoing due diligence, to include: (i) Understanding the nature and purpose of customer relationships in order to develop a customer risk profile; and (ii) conducting ongoing monitoring to 31 Summary of Public Hearing: Advance Notice of Proposed Rulemaking on Customer Due Diligence (July 31, 2012), available at https:// www.regulations.gov/#!documentDetail;D=FINCEN2012-0001-0094; Summary of Public Hearing: Advance Notice of Proposed Rulemaking on Customer Due Diligence (September 28, 2012), available at https://www.fincen.gov/whatsnew/html/ 20121130CHI.html; Summary of Public Hearing: Advance Notice of Proposed Rulemaking on Customer Due Diligence (October 5, 2012), available at https://www.fincen.gov/whatsnew/html/ 20121130NYC.html; Summary of Public Hearing: Advance Notice of Proposed Rulemaking on Customer Due Diligence (October 29, 2012), available at https://www.fincen.gov/whatsnew/html/ 20121130LA.html; Summary of Public Hearing: Advance Notice of Proposed Rulemaking on Customer Due Diligence (December 3, 2012), available at https://www.fincen.gov/whatsnew/pdf/ SummaryofHearing-MiamiDec3.pdf. PO 00000 Frm 00006 Fmt 4701 Sfmt 4700 maintain and update customer information and to identify and report suspicious transactions. FinCEN viewed this part of the rulemaking as not imposing new requirements, but rather making explicit the activities that covered financial institutions are already expected to undertake, based on guidance and supervisory expectations, in order to satisfy their existing obligations to detect and report suspicious activities. D. Summary of Comments In response to the NPRM, FinCEN received 141 comments from financial institutions, trade associations, Federal and State agencies, non-governmental organizations, members of Congress, and other individuals. The great majority of the private sector commenters, which were primarily banks, credit unions, and their trade associations, asserted that the proposed beneficial ownership requirement would be very burdensome to implement and require more than the proposed 12 months, would be far more expensive than estimated by FinCEN, and would not achieve the proposal’s expressed goals. The commenters addressed many aspects of the proposed beneficial ownership requirement, including the use of the proposed certification form; the extent to which a covered financial institution may rely on the information provided by the customer; the meaning of verification and the extent to which it would be required; the application of the requirement to existing customers; the extent to which the information would need to be updated; and the definitions of beneficial ownership and legal entity customer and the proposed exclusions from those definitions. Commenters raised a number of questions regarding the proposed certification form, including whether beneficial owner information must be obtained through the certification form or could be obtained by other means; whether the certification form should be an official government form; and who is authorized to sign the certification form on behalf of the customer. Many urged FinCEN to treat the receipt of the certification form as a ‘‘safe harbor,’’ similar to the treatment of the certification used for compliance with the foreign shell bank regulation.32 Commenters submitted several other comments and suggestions regarding the information to be included in the certification form. Many commenters sought clarification regarding the verification requirement 32 31 E:\FR\FM\11MYR3.SGM CFR 1010.630(b). 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations and the extent to which a financial institution may rely on the information submitted by its customer. Financial institutions also pointed out that there would be difficulties with adopting ‘‘identical’’ procedures to those used for verifying the identity of individual customers as done for CIP. Moreover, many commenters noted the practical difficulties resulting from the fact that there is no authoritative source for beneficial ownership information of legal entities, as there is no requirement for U.S. States to collect this information at the time a company is formed. Commenters also sought guidance regarding how they should utilize the beneficial ownership information once collected and how its availability would impact compliance with other obligations. While many private sector commenters noted that the proposed definition of beneficial owner was an improvement over the definition discussed in the ANPRM, some sought greater clarity about the meaning of ‘‘indirect’’ ownership and guidance regarding how the percentage of ownership held indirectly should be measured in specific situations, as well as clarification of the meaning of ‘‘equity interest.’’ They also suggested eliminating any reference to using a 10 percent threshold on a risk basis, so as to reduce the likelihood of examiners requiring a threshold lower than the 25 percent specified in the proposed rule. On the other hand, non-governmental organizations and many individuals asserted that the proposed 25 percent ownership threshold is too high and that it should be lowered to 10 percent (or eliminated entirely) in the final rule. A number of commenters urged clarification of the proposed definition of ‘‘legal entity customer,’’ and many urged expansion of the proposed exclusions from the definition to include, for example, accounts opened to participate in employee benefit plans subject to the Employee Retirement Income Security Act of 1974 (ERISA) and accounts for foreign publicly traded companies, regulated financial institutions, and governmental entities. Many commenters also noted difficulties in applying the proposed exclusion for nonprofits and urged FinCEN to simplify it. Commenters also sought clarification regarding whether beneficial ownership would need to be obtained each time a legal entity customer opens a new account after the rule’s compliance deadline, and to what extent the information would need to be updated. Some commenters also sought to exempt from the beneficial ownership requirement certain categories of VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 financial products that they contended presented a low risk of money laundering. Many comments also addressed the proposed amendments to the AML program rules, including urging FinCEN to clarify the proposed requirement to understand the nature and purpose of the customer relationship and the meaning of ‘‘customer risk profile’’ and of the proposed requirement to conduct ongoing monitoring to update customer information, separate from monitoring to detect and report suspicious activity. Some commenters representing the securities and futures industries asserted that, contrary to assumptions in the NPRM, these are not in fact existing requirements in those industries, and that such requirements would be burdensome and of little utility. Some commenters also questioned statements in the preamble that the proposed requirements would not reduce or limit the due diligence expectations of the Federal functional regulators or their regulatory discretion, asserting that such an approach would undermine the clarity and consistency that FinCEN is seeking to provide by the proposed rules. Finally, a great majority of the comments stated that the proposed 12month implementation period following issuance of a final rule would not be adequate to implement the necessary modifications to their data systems, customer on-boarding procedures, employee training, and other requirements, and sought a period of at least 18–24 months. Based on the comments addressing the potential cost of implementing the requirement, FinCEN conducted outreach to a number of the financial institution commenters to obtain additional information regarding the anticipated costs of implementing the proposed requirements. As a result of the limited information received from these discussions, Treasury prepared a preliminary Regulatory Impact Assessment (RIA) that was made available for comment on December 24, 2015 (80 FR 80308). FinCEN received 38 comments on this preliminary assessment; a summary of the comments we received and the final RIA is included in the Regulatory Analysis section of this preamble. All of the substantive comments received on the NPRM, FinCEN’s response, and resulting modifications to the final rule are discussed in detail in the following Section-by-Section Analysis. However, we first address certain general comments. PO 00000 Frm 00007 Fmt 4701 Sfmt 4700 29403 E. General Comments Regulatory deference. Commenters raised a number of general comments regarding this rulemaking. Several commenters took issue with the following statement in the NPRM (which we reiterate here as modified for this final rule).33 Nothing in this final rule is intended to lower, reduce, or limit the due diligence expectations of the Federal functional regulators or in any way limit their existing regulatory discretion. To clarify this point, the final rule incorporates the CDD elements on nature and purpose and ongoing monitoring into FinCEN’s existing AML program requirements, which generally provide that an AML program is adequate if, among other things, the program complies with the regulation of its Federal functional regulator (or, where applicable, selfregulatory organization (SRO)) governing such programs.34 In addition, the Treasury Department intends for the requirements contained in the customer due diligence and beneficial ownership final rules to be consistent with, and not to supersede, any regulations, guidance or authority of any Federal banking agency, the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), or of any SRO relating to customer identification, including with respect to the verification of the identities of legal entity customers. These commenters contended, among other things, that these statements were unduly deferential to the Federal functional regulators, and would serve to undermine rather than promote clear and consistent CDD standards across financial sectors. They accordingly urged FinCEN to strike this language from the final rulemaking. FinCEN appreciates the concerns about uneven and inconsistent application of CDD standards that underlie these comments, but nevertheless believes that these statements are an important articulation of FinCEN’s understanding of what it is—and is not—accomplishing by this rulemaking. At their core, these statements in the NPRM and this final rule preamble articulate the nature of the relationship of FinCEN’s rulemaking authority with that of the Federal functional regulators 35—that is, as with 33 The original statement can be found at 79 FR 45152 (Aug. 4, 2014). 34 See, e.g., 31 CFR 1020.210, which currently provides that a financial institution regulated by a Federal functional regulator that is not subject to the regulations of a self-regulatory organization shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if it implements and maintains an anti-money laundering program that complies with the regulation of its Federal functional regulator governing such programs. (emphasis added). 35 Where appropriate, working closely with Federal functional regulators may involve E:\FR\FM\11MYR3.SGM Continued 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 29404 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations all BSA rulemakings, FinCEN determines the appropriate minimum regulatory standards that should apply across an industry. From that baseline, the Federal functional regulators have authority to establish AML program requirements in addition to those established by FinCEN that they determine are necessary and appropriate to address risk or vulnerabilities specific to the financial institutions they regulate. This is particularly true within the context of separate but related concerns that exist for these institutions beyond the strict scope of AML, such as in the area of safety and soundness. These statements simply reflect this basic reality of the existing regulatory framework. Furthermore, as we have maintained throughout this rulemaking process, one of our overarching goals was to clarify and harmonize expectations while at the same time minimizing disruption to the greatest extent possible. Accordingly, we believe that it is critical to make clear— especially with respect to the changes to the AML program rules—that these standards simply articulate current practices pursuant to existing standards and expectations, in order to facilitate implementation and minimize the burden on financial institutions. We believe that leveraging the experience accrued from interpretation of and compliance with prior regulations and guidance that have already been issued in this space will be a net benefit to financial institutions. As FinCEN explained in the proposal, these requirements represent a floor, not a ceiling, and, consistent with the riskbased approach, financial institutions may do more in circumstances of heightened risk, as well as to mitigate risks generally. Compliance Deadline. Most commenters strongly opposed FinCEN’s proposal for a compliance deadline of one year from the date the final rule is issued, identifying a wide range of changes to systems and processes that would be required in order to implement the rule. Many of these commenters requested that FinCEN provide financial institutions two years to implement the final rule. Based on the well-founded, detailed explanations put forth by these commenters of the difficulties that would arise from a oneyear implementation period, FinCEN is extending the period for implementation to two years from the date this final rule is issued (the Applicability Date). consulting with the applicable SROs in the securities and futures/commodities industries. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 III. Section-by-Section Analysis Section 1010.230 Beneficial Ownership Requirements for Legal Entity Customers Section 1010.230(a) In general. As proposed, this paragraph delineated in broad terms the scope of the beneficial ownership obligation—i.e., that covered financial institutions are required to establish and maintain written procedures reasonably designed to identify and verify the identities of beneficial owners of legal entity customers. There were no significant objections to this general formulation, and we are adopting it as proposed, with the addition that the procedures adopted will be included in the institution’s AML program. Several commenters questioned the efficacy of having financial institutions collect beneficial ownership information, contending that State government offices responsible for the formation and registration of legal entities and/or the IRS would be better suited to collect this information due to their roles in the company formation process. Although FinCEN supports the collection of beneficial ownership information in these other circumstances as well, it does not believe that such collection would replace the independent obligation of financial institutions to collect this information. As described above, we view this rulemaking as but one part of Treasury’s comprehensive strategy to enhance financial transparency in the U.S. financial system and worldwide, and we believe the beneficial ownership requirement for financial institutions would be necessary even if these other measures were already in place. One of the principal rationales for this new requirement is that financial institutions should know who their customers are to help them more effectively mitigate risks. This requirement is therefore separate from a policy objective of requiring States to obtain beneficial ownership information from the legal entities they create at the time of formation and upon specified circumstances thereafter (although none currently have such requirements). Presently, corporate laws and regulations differ from State to State, and from FinCEN’s regulations, but generally do not require information regarding beneficial ownership. Thus, the information that will be provided under FinCEN’s regulations will significantly augment information presently available to law enforcement from State authorities, thereby improving the overall investigative, regulatory, and prosecutorial processes. PO 00000 Frm 00008 Fmt 4701 Sfmt 4700 In the NPRM, FinCEN proposed that the beneficial ownership requirement would apply only with respect to legal entity customers that open new accounts going forward from the date of implementation, noting that many commenters to the ANPRM viewed a retroactive requirement to obtain beneficial ownership information for all existing accounts as extremely burdensome. We received comments reflecting a wide range of views on this subject. The vast majority of commenters who addressed this issue reiterated this objection to retroactive application of the beneficial ownership obligation. A few commenters, however, urged FinCEN to require covered financial institutions to collect beneficial ownership information on existing accounts on a categorical basis, while some others thought that financial institutions should collect this information retroactively for all higher risk customers. We decline to impose a categorical, retroactive requirement. Based on our understanding of the significant changes to processes and systems that will be required to implement this requirement simply on a prospective basis, we believe that retroactive application would be unduly burdensome. As we noted in the proposal, the absence of a categorical mandate to apply the requirement retroactively would not preclude financial institutions from deciding that collecting beneficial ownership information on some customers on a risk basis during the course of monitoring may be appropriate for their institution. In our assessment, we have concluded that financial institutions should obtain beneficial ownership information from customers existing on the Applicability Date when, in the course of their normal monitoring, the financial institution detects information relevant to assessing or reevaluating the risk of such customer (as more fully described in the sections below addressing the amended AML program requirements). Section 1010.230(b) Identification and Verification. In the NPRM, FinCEN proposed that covered financial institutions be required to develop customer due diligence procedures that enabled institutions to (1) identify the beneficial owner(s) of legal entity customers by collecting a mandatory certification form provided by the individual opening the account on behalf of the legal entity customer; and (2) verify the identity of the identified beneficial owner(s) according to riskbased procedures that are, at a minimum, identical to the institutions’ CIP procedures required for verifying E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations the identity of customers that are individuals. Section 1010.230(b)(1). The NPRM proposed to require the use of a standard certification form (Certification Form) in order to, among other purposes, promote consistent practices and regulatory expectations, reduce compliance burden, and provide a uniform customer experience across much of the U.S. financial system. To facilitate institutions’ abilities to rely upon the Certification Form, the proposed Certification Form included a section that required the individual opening the account on behalf of a legal entity customer to certify that the information provided on the form is true and accurate to the best of his or her knowledge. Commenters raised a number of issues regarding this proposed requirement. Some commenters asked whether the Certification Form must be used to obtain the information, whether the Certification Form should be an official government form, and what individuals representing the customer would be authorized to provide the Certification Form. Several commenters urged a variety of changes to the fields on the Certification Form in order to conform it more closely to current CIP requirements, to otherwise facilitate use of the form, and to promote other regulatory goals. Some commenters also urged FinCEN to provide a safe harbor to institutions that use the model Certification Form adopted in the final rule akin to, for example, the safe harbor provided for foreign bank certifications.36 The comments FinCEN received related to the Certification Form varied widely. Some commenters urged FinCEN to make the Certification Form an official U.S. Government document, with the certification made under the penalty of perjury (rather than only to the best of the knowledge of the certifying party), and a few commenters thought that the Certification Form should be notarized. However, many commenters requested that the proposed Certification Form be permissive rather than mandatory, and that financial institutions be permitted to obtain the information through their standard account opening process without utilizing the Certification Form. A few commenters thought that the person opening the account should be required to have actual personal knowledge of the information provided on the Certification Form, or that the certification should take the form of a resolution ratified or adopted by the 36 31 CFR 1010.630(b). VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 legal entity’s board or governing body. These commenters thought that a Certification Form without attestation requirements more substantial than those in the proposal would reduce accountability for false representations on the Certification Form. As noted above, a primary reason that FinCEN proposed the Form was to balance the benefits and burdens of this new requirement to the financial institution and its customers with the benefits to law enforcement and regulatory authorities. We also note that in the case of many legal entities that are small businesses, the natural person opening the account will often be one of the beneficial owners, who would have direct knowledge of the beneficial ownership information of the legal entity customer. FinCEN understands that many institutions obtain and maintain customer data electronically rather than in paper form to the greatest extent possible, and that mandating the use and retention of a specific form would require significant technological and operational changes that could be costly and challenging to implement for some financial institutions. We have therefore amended the final rule to permit, but not require, financial institutions to use the Certification Form to collect beneficial ownership information. Accordingly, in the final rule, § 1010.230(b)(1) is revised to state that covered financial institutions must identify the beneficial owner(s) of each legal entity customer at the time a new account is opened, unless the customer is otherwise excluded or the account is exempted. A covered financial institution may accomplish this either by obtaining certification in the form of appendix A of the section from the individual opening the account on behalf of the legal entity customer, or by obtaining from the individual the information required by the form by another means, provided the individual certifies, to the best of the individual’s knowledge, the accuracy of the information.37 Thus, covered financial institutions can satisfy this requirement through (1) the use of FinCEN’s Certification Form; (2) the use of the financial institution’s own forms, so long as they meet the requirements of § 1010.230(b)(1); or (3) any other means that satisfy the substantive requirements of § 1010.230(b)(1). These records may be retained electronically and incorporated into existing databases as a part of financial institutions’ overall 37 This revision will also require a corresponding change to the Recordkeeping subsection, described in greater detail below. PO 00000 Frm 00009 Fmt 4701 Sfmt 4700 29405 management of customer files, and covered financial institutions will have flexibility in integrating the beneficial ownership information requirement into existing systems and processes. The certification of accuracy by the individual submitting the information may be obtained without use of the Certification Form in the same way the financial institution obtains other information from its customers in connection with its account opening procedures. FinCEN expects that such flexibility will facilitate the implementation of the beneficial ownership requirement—some commenters noted that giving financial institutions flexibility in integrating this requirement would substantially reduce resource outlays to change customer onboarding processes and to train frontline employees. In addition, to facilitate use of the Certification Form by those institutions that choose to utilize it, FinCEN will also make an electronic version available, although it will not be an official U.S. Government form. Some commenters asked that FinCEN clarify who an appropriate individual to certify the identity of the beneficial owners to the financial institution would be, whether by signing the Certification Form or otherwise providing the beneficial ownership information in accordance with this paragraph; some commenters also questioned whether the individual opening an account could be a low-level employee without knowledge of the entity’s owners. In this regard, FinCEN declines to impose specific accountopening procedures on financial institutions, and believes that financial institutions should be able to integrate this new requirement into their institution’s existing procedures with little disruption. FinCEN understands that financial institutions generally have long-standing policies and procedures, based on sound business practices and prudential considerations, governing the documentation required to open an account for a legal entity; these typically include resolutions authorizing the entity to open an account at the institution and identifying the authorized signatories. Such resolutions are typically certified by an appropriate individual, e.g., the secretary or other officer of a corporation, a member or manager of an LLC, or partner of a partnership. It would be appropriate for the same individual to certify the identity of the beneficial owners. Such an individual would typically have at least some familiarity with the entity’s owners and with individuals with responsibility to control or manage the E:\FR\FM\11MYR3.SGM 11MYR3 29406 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES3 entity, but may not have personal knowledge of individuals having an indirect ownership interest through, for example, intermediate legal entities or contractual arrangements with nominal owners, and would have to rely on others for any such information. Therefore, while FinCEN anticipates that the certifying individual would generally be able to provide accurate beneficial ownership information, it is appropriate that it be provided to the best of such person’s knowledge, rather than without qualification. Accordingly, FinCEN declines to require a heightened knowledge threshold, or notarization, or board approval requirement for the certification requirement, as some commenters suggested, as any such requirement would increase the amount of time to open an account, without commensurate benefit, and would be inconsistent with FinCEN’s goal of integrating this requirement into existing financial institution onboarding procedures to the greatest extent possible.38 FinCEN thus believes that the certification requirement as described in the final rule provides the appropriate level of accountability given the circumstances.39 Some commenters urged FinCEN to permit financial institutions to rely upon alternative sources, such as previously collected customer information in their databases, or the IRS Form W–8BEN, to satisfy the certification requirement. FinCEN recognizes that this could facilitate financial institutions’ ability to obtain this information. However, to be of greatest use, FinCEN believes that beneficial ownership information must be, at the time of account opening, both (1) current, and (2) certified by an individual authorized by the customer to open accounts at financial institutions to be accurate to the best of his or her knowledge. Furthermore, because FinCEN’s definition of beneficial ownership does not align precisely with, for example, the IRS’s definition in its Form W–8BEN, permitting reliance in some circumstances upon other agencies’ forms would be at odds with FinCEN’s goal of consistent beneficial ownership 38 FinCEN notes that in cases where the individual signing the documentation to open the account (and identifying the legal entity’s beneficial owners) does not deliver such documentation to the financial institution, it may be appropriate that the individual’s signature be notarized. 39 FinCEN also understands that in cases where a newly formed legal entity opens a financial institution account in order to commence business, the beneficial owner(s) would typically open the account in person and be the signatories on the account, and could readily certify their status as beneficial owners at that time. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 standards within and across industries for purposes of CDD. Thus, FinCEN declines to permit reliance solely upon previously gathered alternate sources of beneficial ownership information. Several commenters raised specific questions regarding the information in the proposed Certification Form. FinCEN agrees with the suggestions made by several commenters that the title of the person with significant management responsibility, as well as of the person submitting the Certification Form or supplying the information, should be included and has made these changes to the Form. We have also added fields on the Certification Form in which to identify the type of legal entity, and to note its address. Other commenters noted that the address fields as laid out in the proposed Certification Form, along with the description of the address requirement in the general instructions section, were not congruent with CIP’s address requirements, and accordingly asked FinCEN to confirm that the CIP rules’ address requirements remained applicable. As described in greater detail below, covered financial institutions’ procedures for identifying and verifying beneficial owners must contain all the elements of the applicable CIP rule, including the address, date of birth, and Taxpayer Identification Number requirements as set forth therein. Accordingly, FinCEN has revised the Certification Form to clarify this point, and notes that this information will be required whether or not the Certification Form is used. We have also amended item ‘‘a’’ of the Certification Form to clarify that the name of the certifying party should be that of a natural person authorized to open the account (and not of the legal entity itself). FinCEN also agrees with the suggestion made by a number of commenters that the Certification Form state that the information in the Certification Form is required by Federal regulation in order to explain to customers why this new requirement has been put in place; the Form has been edited appropriately. Several commenters sought clarification as to whether a financial institution must identify and verify a legal entity customer’s beneficial owners each time it opens a new account at the institution after the rule’s compliance deadline, or whether the requirement applies only the first time it opens a new account at such institution. FinCEN has concluded that, while it is not requiring periodic updating of the beneficial ownership information of all legal entity customers at specified intervals, the opening of a PO 00000 Frm 00010 Fmt 4701 Sfmt 4700 new account is a relatively convenient and otherwise appropriate occasion to obtain current information regarding a customer’s beneficial owners. Accordingly, FinCEN has added to the final rule as § 1010.230(g) a definition for ‘‘new account’’. One commenter urged FinCEN to mandate the use of the Legal Entity Identifier (LEI), a global standardized unique identifier for legal entities engaged in financial transactions, on the proposed Certification Form. This commenter noted that including such a requirement would further the goals of transparency and financial stability. FinCEN understands that the LEI was developed principally to aggregate data from across markets, products, and regions, giving global regulators a means to quickly identify parties to financial transactions, in order to enhance regulators’ ability to understand systemic risks to the financial system and act accordingly. Although this is an important and laudable purpose, FinCEN does not believe that mandating the LEI’s inclusion on the beneficial ownership Certification Form would further this goal substantially. We believe that the overwhelming majority of legal entities subject to this requirement will be smaller or nonfinancial entities that would not be typical applicants for LEIs in the first instance, and that the costs of mandating its use solely for the purposes of the Certification Form would not be outweighed by the benefit. FinCEN also understands that the authorized bodies that assign LEIs do not require the beneficial owner to be a natural person, use a 50 (rather than 25) percent threshold, and do not verify the identities of beneficial owners of legal entities, thereby rendering the LEI’s utility as a possible proxy or alternative source of verification minimal. For these reasons, FinCEN declines to mandate the use of the LEI. We do, however, recognize that covered financial institutions may find such information useful for enterprise-wide risk management or other purposes, and have accordingly included an optional LEI field on the Certification Form. Several commenters urged FinCEN to adopt an express safe harbor in the final rule deeming those financial institutions that use the Certification Form compliant with the beneficial ownership requirement. A few commenters recommended that FinCEN model such an express safe harbor on the safe harbor for foreign bank certifications found in § 1010.630. Other commenters opposed the notion of a safe harbor, contending that the Certification Form should serve as the E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations starting point for financial institutions’ risk-based due diligence into a legal entity’s beneficial ownership. As discussed in greater detail below, we have included in § 1010.230(b)(2) of the final rule a description of the extent to which financial institutions can rely upon the beneficial ownership information provided by the person opening the account. We decline, however, to include in the final rule a blanket safe harbor triggered by the use and collection of the standard Certification Form. FinCEN believes that there are a number of factors present in the context of foreign bank certifications (but absent here) that make a blanket safe harbor appropriate in that context. The foreign bank certification was used to satisfy several obligations arising under Sections 313 and 319(b) of the USA PATRIOT Act, including not only for the foreign bank to certify facts such as its status and in certain cases its owners, but also to set forth its agreement not to provide banking services to foreign shell banks and to appoint a U.S. process agent. Moreover the foreign bank official was required to certify that the information in the document was true and correct, whereas the beneficial ownership information is to be provided to the best of the knowledge of the customer’s agent. In addition, the population of legal entities subject to the final rule is exponentially larger than that of foreign banks with U.S. correspondent accounts, and the proposed certification in the proposed rule does not include affirmative obligations. We believe that the provision inserted into § 1010.230(b)(2) of the final rule describing the extent to which the financial institution may rely on the information provided by the customer strikes the right balance between the need to minimize burden upon covered financial institutions and the risk of abuse of legal entities for illicit purposes. A few commenters raised concerns that the collection of sensitive personal information of beneficial owners would impinge upon their privacy and increase their vulnerability to identity theft. FinCEN recognizes the critical importance of protecting individuals’ privacy interests, as well as the serious threat posed by cyberattacks and identity theft, particularly with respect to the personal information held at financial institutions. These concerns, while valid and significant, are insufficient to justify elimination of the requirement. From both the privacy and identity-theft perspectives, the incremental impact upon the vast majority of beneficial owners will be VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 slight, because, pursuant to CIP requirements, they already have to provide the same sensitive personal information to financial institutions to open individual accounts and access the U.S. financial system. We note that financial institutions are expected to protect this information just as they do CIP information, as well as comply with all applicable Federal and State privacy laws, including, but not limited to, the Right to Financial Privacy Act 40 and the Gramm-Leach-Bliley Act.41 Section 1010.230(b)(2). With respect to verification of identity, we proposed that verification meant that financial institutions were required to verify the identity of the individual identified as a beneficial owner (i.e., to verify the individual’s existence), and not his or her status as a beneficial owner. We proposed that this verification be done via risk-based procedures that are identical to the institutions’ CIP procedures required for verifying the identity of customers that are individuals, to facilitate financial institutions’ implementation of the requirement through leveraging existing procedures and systems. Many commenters sought clarification of the meaning of the verification requirement in proposed § 1010.230(b)(2) and the means by which it may be accomplished. Some pointed out the potential confusion between two statements in the NPRM discussing the distinction between verifying the identity of the beneficial owner and verifying the status.42 In order to resolve any potential confusion regarding the beneficial ownership identification and verification obligation of financial institutions, FinCEN is revising § 1010.230(b)(2) in the final rule to clarify that a covered financial institution may rely on the information supplied by the legal entity customer regarding the identity of its beneficial owner or owners, provided that it has no knowledge of facts that would reasonably call into question the reliability of such information. FinCEN anticipates that, in the overwhelming majority of cases, a covered financial institution should be able to rely on the 40 12 U.S.C. 3401 et seq. U.S.C. 6801 et seq. 42 FinCEN stated that ‘‘[i] n light of these considerations, FinCEN is not proposing that financial institutions verify the status of a beneficial owner. Financial institutions may rely on the beneficial ownership information provided by the customer on the standard certification form.’’ On the other hand, the proposal also states that its procedures for verifying beneficial ownership ‘‘should enable the financial institution to form a reasonable belief that it knows the true identity of the beneficial owner of each legal entity customer.’’ (79 FR 45162) 41 15 PO 00000 Frm 00011 Fmt 4701 Sfmt 4700 29407 accuracy of the beneficial owner or owners identified by the legal entity customer, absent the institution’s knowledge to the contrary. FinCEN recognizes the necessity for permitting reliance on the identification supplied by the legal entity customer, considering the fact the customer is generally the best source of this information, and that there is generally no other source of beneficial ownership information available to covered financial institutions, aside from the legal entity itself. Several commenters sought clarification of the requirement as described in the NPRM in proposed § 1010.230(b)(2) that beneficial ownership information procedures be, at a minimum, ‘‘identical’’ to the existing CIP procedures for verifying the identity of individual customers. Some commenters noted that it would be infeasible to simply replicate, without modification, existing CIP procedures for individual customers to implement the beneficial ownership verification requirement. They noted, for example, that because the beneficial owners will in many cases not be physically present at the financial institution at account opening, an institution using documentary verification may not have access to the documents listed in the relevant paragraph of the CIP rule, and therefore may need to rely on a photocopy or other reproduction of such document. Commenters also noted that some current procedures for nondocumentary verification of individual customers could not be applied to nonconsenting beneficial owners, because of limitations on the use of credit reports imposed by the Fair Credit Reporting Act.43 FinCEN agrees that it would be impracticable for covered financial institutions to implement the beneficial ownership verification requirement with procedures that are identical to the institution’s existing CIP rule procedures for individual customers. Accordingly, § 1010.230(b)(2) has been amended to require that at a minimum, these procedures must contain the elements 44 required for verifying the identity of customers that are individuals under paragraph (a)(2) of 43 15 U.S.C. 1681 et seq. clause ‘‘in the covered financial institution’s Customer Identification Program procedures’’ in the proposed rule text have been deleted, because, for the reasons described above, the verification procedures for beneficial owners of legal entity customers may be different from the procedures in the covered financial institution’s CIP that apply to individual customers. 44 The E:\FR\FM\11MYR3.SGM 11MYR3 29408 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES3 the applicable CIP rule,45 but are not required to be identical. In addition, the final rule clarifies that in the case of documentary verification, the financial institution may use photocopies or other reproductions of the documents listed in paragraph (a)(2)(ii)(A)(1) 46 of the applicable CIP rule. Because the risk-based verification procedures must contain the same elements as required by the applicable CIP rule to verify the identity of individual customers, verification must be completed within a reasonable time after the account is opened. In addition, the beneficial ownership identification procedures must address situations in which the financial institution cannot form a reasonable belief that it knows the true identity of the beneficial owner of a legal entity customer after following the required procedures.47 It remains the case that covered financial institutions may generally rely on government-issued identification as verification of an individual’s identity, absent obvious indications of fraud.48 FinCEN notes that such reliance is also generally appropriate in the case of photocopies or other reproductions obtained pursuant to § 1010.230(b)(2). However, given the vulnerabilities inherent in the reproduction process, covered financial institutions should conduct their own risk-based analyses of the types of photocopies or reproductions that they will accept in accordance with this section, so that such reliance is reasonable. For 45 Paragraph (a)(2) of each of the CIP rules requires that the relevant financial institution’s CIP includes risk-based procedures to verify the identity of each customer, to the extent reasonable and practicable. The elements of such program must include identifying the customer, verifying the customer’s identity (through documents or nondocumentary methods), and procedures for circumstances where the institution cannot form a reasonable belief that it knows the true identity of the individual. 46 Relevant documentation may include unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s license or passport. See, e.g., 31 CFR 1020.220(a)(2)(ii)(A)(1). 47 Under the CIP rules, a financial institution’s CIP must include procedures for responding to circumstances in which the financial institution cannot form a reasonable belief that it knows the true identity of a customer. These procedures should describe: (A) When the institution should not open an account; (B) The terms under which a customer may use an account while the institution attempts to verify the customer’s identity; (C) When it should close an account, after attempts to verify a customer’s identity have failed; and (D) When it should file a Suspicious Activity Report in accordance with applicable law and regulation. See, e.g., 31 CFR 1020.220(a)(2)(iii). 48 See, e.g., Customer Identification Programs for Banks, Savings Associations, Credit Unions and Certain Non-Federally Regulated Banks, 68 FR 25090, 25099 (May 9, 2003). VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 example, a covered financial institution could determine that it will not accept reproductions below a certain optical resolution, or that it will not accept reproductions transmitted via facsimile, or that it will only accept digital reproductions transmitted in certain file formats. As with CIP, covered financial institutions are not required to maintain these copies or reproductions, but only a description of any document upon which the financial institution relied to verify the identity of the beneficial owner. We note, however, that although covered financial institutions are not required to maintain these reproductions, they are not prohibited from keeping them in a manner consistent with all other applicable laws or regulations. Some commenters urged FinCEN to permit covered financial institutions to take a risk-based, rather than categorical, approach to the identification and verification requirements. Among the objections lodged against a categorical requirement were that: Conducting CIP procedures on non-present beneficial owners would be too difficult; the benefit of a categorical requirement was outweighed by the costs; and expanding the number of natural persons subject to CIP procedures would increase costs, particularly for institutions that rely upon vendors that charge on a per capita basis for CIP. FinCEN believes that categorical application of this requirement across covered financial institutions will reduce illicit actors’ opportunities to slip into the financial system by masking their legal entities with markers indicative of a low risk profile. As to concerns about costs and difficulties, we believe that the abovedescribed changes and clarifications made to this paragraph have given financial institutions greater flexibility in determining how to implement the identification and verification requirements, thereby reducing their impact. As described above, because financial institutions will in most instances be able to rely upon the information provided by the customer, FinCEN believes that financial institutions generally will not expend substantially greater resources by collecting and verifying the information in all cases (subject to permitted exemptions) than by engaging in a risk analysis to determine whether the beneficial ownership information should be collected and verified. We recognize that financial institutions that pay for systems and technology costs associated with CIP procedures on a per capita basis will face increased costs PO 00000 Frm 00012 Fmt 4701 Sfmt 4700 from identifying and verifying the identities of additional natural persons. However, we believe that the benefits of collecting this information, as described at greater length above and below, outweigh these additional costs. FinCEN accordingly declines to alter the categorical nature of the requirement for the final rule. Several commenters questioned the utility of collecting this information in the absence of an authoritative centralized resource against which to verify beneficial ownership status. They contended that the limited benefit of this information would not outweigh the costs imposed by the requirement. Law enforcement commenters, however, identified significant benefits to the collection of beneficial ownership information, regardless of financial institutions’ ability to verify ownership status. They noted that the identities of verified natural persons linked to legal entities of interest had significant value in law enforcement investigations, whether or not those natural persons are the actual beneficial owners, since at a minimum they may have information that can aid law enforcement in identifying the true beneficial owner(s). Furthermore, false beneficial ownership information is of significant use to prosecutors in demonstrating consciousness of guilt, as well as for impeachment purposes at trial. And law enforcement also noted the likely deterrent effect that a categorical collection and verification requirement would have on illicit actors, by making it more difficult for them to maintain anonymity while opening accounts. For these reasons, FinCEN rejects the notion that this requirement is of limited value. A few commenters requested that FinCEN eliminate the verification requirement entirely, contending that verification of the identities of nonpresent beneficial owners would be too difficult and burdensome, especially for smaller institutions. As described above, we are aware of the challenges associated with verifying the identities of non-present individuals and have accordingly made changes to simplify the process for financial institutions, which we expect will reduce the burden. Importantly, collecting beneficial ownership information without verifying the existence of the named person would substantially diminish the value of the information, and we therefore decline to eliminate the verification requirement. Some commenters asked FinCEN to clarify what we expect financial institutions to do with the beneficial ownership information that they collect and verify. FinCEN generally expects E:\FR\FM\11MYR3.SGM 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES3 beneficial ownership information to be treated like CIP and related information, and accordingly used to ensure that covered financial institutions comply with other requirements. For example, the Office of Foreign Assets Control (OFAC) requires covered financial institutions to block accounts (or other property and interests in property) of, among others, persons appearing on the Specially Designated Nationals and Blocked Persons List (SDN List), which includes any entity that is 50 percent or more owned, in the aggregate, by one or more blocked persons, regardless of whether the entity is formally listed on the SDN List.49 Therefore, institutions should use beneficial ownership information to help ensure that they do not open or maintain an account, or otherwise engage in prohibited transactions or dealings involving individuals or entities subject to OFACadministered sanctions. Covered financial institutions should also develop risk-based procedures to determine whether and/or when additional screening of these names through, for example, negative media search programs, would be appropriate. With respect to aggregation of transactions for Currency Transaction Reporting (CTR) purposes, FinCEN expects covered financial institutions to apply existing procedures consistent with CTR regulations and applicable FinCEN guidance from 2001 and 2012.50 Thus, while financial institutions should generally recognize the distinctness of the corporate form and not categorically impute the activities or transactions of a legal entity customer to a beneficial owner, they must aggregate multiple currency transactions if the financial institution has knowledge that these transactions are by or on behalf of any person and result in either cash in or cash out totaling more than $10,000 during any one business day.51 While the requirement to identify the beneficial owners of legal entity customers does not modify this existing CTR aggregation requirement, the beneficial ownership identification may provide financial institutions with information they did not previously have, in order to determine when 49 See generally 31 CFR part 500; see also, e.g., 31 CFR 590.406 (Ukraine-related sanctions regulations); Office of Foreign Assets Control, Frequently Asked Questions, available at https:// www.treasury.gov/resource-center/faqs/Sanctions/ Pages/faq_general.aspx#50_percent. 50 See 31 CFR 1010.313; FinCEN, Currency Transaction Report Aggregation for Businesses with Common Ownership FIN–2012–G001, (Mar. 16, 2012) (FIN–2012–G001); FinCEN, Currency Transaction Reporting: Aggregation, FinCEN Ruling 2001–2, (Aug. 23, 2001). 51 31 CFR 1010.313. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 transactions are ‘‘by or on behalf of’’ the same person. Thus, if a financial institution determines that a legal entity customer or customers are not being operated independently from each other or from their primary owner—e.g., the institution determines that legal entities under common ownership have common employees and are repeatedly used to pay each other’s expenses or the personal expenses of their primary owner—then the financial institution may determine that aggregating the transactions of a legal entity or entities and their primary owner would be appropriate.52 Under such circumstances, if a financial institution were aware that a beneficial owner made a $5,000 cash deposit into his personal account, and later the same business day, he made a $6,000 cash deposit into the account of a legal entity not being operated as an independent entity, the institution would be required to aggregate those transactions and file a CTR.53 And to the extent that the financial institution determined that such transactions had no other apparent purpose than to avoid triggering a CTR filing, the financial institution would need to consider whether filing a SAR about the transactions would be appropriate. A few commenters asked FinCEN to provide guidance as to how beneficial ownership information should be incorporated into processes for information sharing pursuant to USA PATRIOT Act Section 314(a); one of these commenters asked FinCEN to declare such information per se outside of the scope of Section 314(a). FinCEN does not expect the information obtained pursuant to the beneficial ownership requirement to add additional requirements with respect to Section 314(a) for financial institutions. The rule implementing Section 314(a), set forth at 31 CFR 1010.520, does not authorize the reporting of beneficial ownership information associated with an account or transaction matching a named subject. Under that rule, financial institutions need only search their records for account or transactions matching a named subject, and report to FinCEN whether such a match exists using the identifying information that FinCEN provides. Section 1010.230(c) Account. See discussion below under ‘‘Legal entity customer.’’ 52 In general, such aggregation would only be appropriate in cases where an individual owns all or substantially all of the legal entity’s equity interests. It is only in such cases that a transaction by a legal entity could be considered ‘‘by or on behalf of’’ the owner of the entity (or vice versa). 53 See FIN–2012–G001 at 2. PO 00000 Frm 00013 Fmt 4701 Sfmt 4700 29409 Section 1010.230(d) Beneficial Owner. In the NPRM, we proposed two prongs for the definition of beneficial owner: Each individual, if any, who directly or indirectly owned 25 percent of the equity interests of a legal entity customer (the ownership prong); and a single individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager or any other individual who regularly performs similar functions (the control prong). We noted that the number of beneficial owners identified would vary from legal entity customer to legal entity customer due to the ownership prong— there could be as few as zero and as many as four individuals who satisfy this prong. All legal entities, however, would be required to identify one beneficial owner under the control prong. We further noted that financial institutions had the discretion to identify additional beneficial owners as appropriate based on risk. Thus, in practice, the number of beneficial owners identified will vary based on the circumstances. For example: • Mr. and Mrs. Smith each hold a 50 percent equity interest in ‘‘Mom & Pop, LLC.’’ Mrs. Smith is President of Mom & Pop, LLC and Mr. Smith is its Vice President. Mom & Pop, LLC is required to provide the personal information of both Mr. & Mrs. Smith under the ownership prong. Under the control prong, Mom & Pop, LLC is also required to provide the personal information of one individual with significant responsibility to control Mom & Pop, LLC; this individual could be either Mr. or Mrs. Smith, or a third person who otherwise satisfies the definition. Thus, in this scenario, Mom & Pop, LLC would be required to identify at least two, but up to three distinct individuals—both Mr. & Mrs. Smith under the ownership prong, and either Mr. or Mrs. Smith under the control prong, or both Mr. & Mrs. Smith under the ownership prong, and a third person with significant responsibility under the control prong. • Acme, Inc. is a closely-held private corporation. John Roe holds a 35 percent equity stake; no other person holds a 25 percent or higher equity stake. Jane Doe is the President and Chief Executive Officer. Acme, Inc. would be required to provide John Roe’s beneficial ownership information under the ownership prong, as well as Jane Doe’s (or that of another control person) under the control prong. • Quentin, Inc. is owned by the five Quentin siblings, each of whom holds a 20 percent equity stake. Its President is Benton Quentin, the eldest sibling, who E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 29410 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations is the only individual at Quentin, Inc. with significant management responsibility. Quentin, Inc. would be required to provide Benton Quentin’s beneficial ownership information under the control prong, but no other beneficial ownership information under the ownership prong, because no sibling has a 25 percent stake or greater. One commenter raised a concern that this obligation would effectively require financial institutions to monitor the equity interests and management team of legal entity customers on an ongoing basis and continually update this information. FinCEN notes that it would be impracticable for financial institutions to conduct this type of inquiry, and emphasizes that this obligation should be considered a snapshot, not a continuous obligation. As discussed more fully in the Sectionby-Section Analysis addressing the amendments to the AML program rules, FinCEN does expect financial institutions to update this information based on risk, generally triggered by a financial institution learning through its normal monitoring of facts relevant to assessing the risk posed by the customer. The Ownership Prong. Commenters raised a number of points regarding the ownership prong. Several commenters speculated on FinCEN’s intention with respect to this requirement. FinCEN confirms here that by the phrase ‘‘directly or indirectly,’’ it intends that the financial institution’s customer identify its ultimate beneficial owner or owners as defined in the rule and not their nominees or ‘‘straw men.’’ In addition, as described in § 1010.230(b)(2), financial institutions may rely on information provided by the customer to identify and verify the beneficial owner. Many commenters supported FinCEN’s decision in the proposal to set the minimum threshold for equity holdings constituting ownership at 25 percent. Some of these commenters requested that FinCEN affirm this threshold as the regulatory expectation, notwithstanding our remarks in the proposal that financial institutions, after their own assessment of risk, could determine that a lower threshold percentage might be warranted. A few commenters, however, urged FinCEN to lower this threshold to 10 percent, contending that the higher threshold would be too easy to evade and is inconsistent with international AML norms and requirements of FATCA, and that the burden of a lower threshold would be minimal because some financial institutions as a matter of practice already collect beneficial VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 ownership information at thresholds lower than 25 percent. FinCEN has considered all of the arguments in favor of lowering the ownership threshold to 10 percent, and we decline to make this change in the final rule. Although it is true that some financial institutions already collect beneficial ownership information at a threshold lower than 25 percent in some cases, we do not believe that this practice is widely established enough to justify its categorical imposition for all legal entity customers across all covered financial institutions. As some proponents of the 10 percent threshold noted, this lower threshold would make it more difficult for illicit actors to structure ownership interests to evade the reporting threshold. However, it would also require financial institutions to identify and verify as many as eleven beneficial owners (including the control prong). In FinCEN’s assessment, the incremental benefit of this approach does not outweigh the burdens associated with having to collect and verify the identities of more than twice as many beneficial owners in some circumstances. Furthermore, the proposed 25 percent threshold is consistent with that of many foreign jurisdictions (including EU member states) and with the FATF standard, which in turn is used to define the controlling persons of an entity in the intergovernmental agreements that the United States has entered into with more than 110 other jurisdictions in order to enforce the requirements of FATCA. FinCEN continues to believe that a 25 percent threshold strikes the appropriate balance between the benefit of identifying key natural persons who have substantial ownership interests in the legal entity and the costs associated with implementing this informationcollection requirement. We reiterate that the 25 percent threshold is the baseline regulatory benchmark, but that covered financial institutions may establish a lower percentage threshold for beneficial ownership (i.e., one that regards owners of less than 25 percent of equity interests as beneficial owners) based on their own assessment of risk in appropriate circumstances. As a general matter, FinCEN does not expect covered financial institutions’ compliance with this regulatory requirement to be assessed against a lower threshold. Nevertheless, consistent with the riskbased approach, FinCEN anticipates that some financial institutions may determine that they should identify and verify beneficial owners at a lower threshold in some circumstances; we believe that making this clear in the PO 00000 Frm 00014 Fmt 4701 Sfmt 4700 note accompanying the regulatory text will aid them in doing so with respect to their customers. Some commenters urged FinCEN to include in the ownership prong a ‘‘fallback provision’’ to require the collection of beneficial ownership information for at least one individual with a significant equity stake in the legal entity, even if no beneficial owner meets the minimum ownership threshold. Such a provision was initially discussed in the ANPRM for this rulemaking but not included in the NPRM in response to concerns expressed by numerous commenters that the approach was impracticable. As we noted in the NPRM, commenters questioned the feasibility of engaging in a comparative analysis of every owner to determine the individual who ‘‘has at least as great an equity interest in the entity as any other individual.’’ Agreeing with that assessment, we removed this provision, and we do not believe that any benefit from its reintroduction would outweigh the difficulties that customers and front-line employees would face in implementing it. Although we have declined to include this provision in the final rule, financial institutions may determine, pursuant to a risk-based approach for their institutions, that certain higher risk circumstances may warrant the collection of beneficial ownership information for at least one natural person under the ownership prong even if no beneficial owner meets the 25 percent threshold. One commenter requested that FinCEN clarify whether covered financial institutions had an obligation to determine whether equity holders of a legal entity managed or structured their holdings to evade the 25 percent threshold for reporting. FinCEN notes that in most cases it would be impracticable for front-line employees to conduct this type of inquiry. Thus, FinCEN expects that financial institutions will generally be able to rely upon information about equity ownership provided by the person opening the account, and not to affirmatively investigate whether equity holders are attempting to avoid the reporting threshold. However, financial institution staff who know, suspect, or have reason to suspect that such behavior is occurring may, depending on the circumstances, be required to file a SAR. A few commenters sought clarification of the definition of ‘‘equity interests’’ provided in the proposal—to wit, an ownership interest in a business entity—contending that although the proposed definition provided a great E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations deal of latitude and flexibility, it might also cause confusion due to its broad sweep. Thus, commenters requested greater clarification and guidance in the form of examples or additional commentary, to assist customers in understanding and complying with the requirements of the regulation as well as employees in their determinations as to which types of ownership interests are subject to this prong. FinCEN appreciates that some financial institutions may find it challenging in some circumstances to determine whether a particular ownership interest qualifies as an ‘‘equity interest.’’ However, as we noted in the proposal, we deliberately avoided the use of more technical terms of art associated with the exercise of control through ownership; we did so in part based on the preferences expressed by many members of industry. The abovementioned commenters urged FinCEN to avoid creating a definition using technical and complex legal terms that would also be difficult for customers and front-line employees to understand and apply. Beyond the general examples provided in the proposal, however, we are reluctant to provide additional narrower examples that could be construed to limit a definition that we intend to be broadly applicable, particularly in light of the diversity of types of legal entities formed within the United States and abroad. By the same token, we also decline to provide a formal guidance document listing the types of documents that front-line employees should rely upon to demonstrate the existence of an equity interest over the triggering threshold. We reiterate that it is generally the responsibility of the legal entity customer (and its personnel) to make this determination and to identify the beneficial owners, and not front-line employees at the financial institution, unless the employees have reason to question the accuracy of the information presented. Some commenters noted that while they approved of FinCEN’s general approach to determining indirect ownership of legal entity customers— i.e., that FinCEN does not expect financial institutions or customers to undertake analyses to determine whether an individual is a beneficial owner under the definition—they nevertheless thought that FinCEN should provide additional guidance and examples of how legal entity customers should calculate ownership interests when natural persons have indirect equity interests. As an initial matter, as described above, we emphasize that VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 FinCEN expects that financial institutions will generally be able to rely on the representations of the customer when it identifies its beneficial owners. We also note that it would not be unreasonable to expect that a legal entity that has a complex structure would have personnel who necessarily have a general understanding of the ownership interests of the natural persons behind it for operational, management, accounting, and other purposes. Commenters also sought clarification regarding various scenarios where 25 percent or greater equity interests of a legal entity customer are held in such a manner that the interest is not ultimately owned, directly or indirectly, by any individual. This could occur, for example, where a 25 percent or greater ownership interest is held by an entity excluded from the legal entity customer definition under paragraph (e)(2) or by a trust. FinCEN notes that the exclusions in the proposed rule include any entity organized under the laws of the United States or of any State at least 51 percent of whose common stock or analogous equity interests are held by an entity listed on a U.S stock exchange. FinCEN believes that this should address the overwhelming majority of situations where an excluded entity is a 25 percent or more shareholder. In addition, in the relatively unusual situations where an excluded entity holds a 25 percent or greater equity interest that is not covered by the abovementioned exclusion, FinCEN notes that covered financial institutions are not required under the ownership prong to identify and verify the identities of a natural person behind these entities; this is because the definition of ‘‘beneficial owner’’ under the ownership prong refers to ‘‘[e]ach individual, if any, . . .’’, and in such a case there would not be any individual who is the ultimate owner of such interest. On the other hand, where 25 percent or more of the equity interests of a legal entity customer are owned by a trust (other than a statutory trust), covered financial institutions would satisfy the ownership prong of the beneficial ownership requirement by collecting and verifying the identity of the trustee, and FinCEN has amended the definition consistent with this. For clarity, FinCEN notes that in any such case the legal entity customer would nonetheless be required to identify an individual under the control prong. The Control Prong. Commenters also raised a variety of points regarding this element. A few commenters requested that we narrow or eliminate the control prong, PO 00000 Frm 00015 Fmt 4701 Sfmt 4700 29411 contending that it would be difficult to identify a control person under such a wide-ranging definition. We disagree. FinCEN proposed a broad definition to give legal entities a wide range of options from which to choose. Accordingly, the breadth of the definition will facilitate, rather than hinder, financial institutions’ ability to collect this information—because legal entity customers are required to provide information on only one control person who satisfies the definition, legal entities should be able to readily identify at least one natural person within their management structure who has significant management responsibility, consistent with the multiple examples of positions provided. Furthermore, there may be legal entities for which there are no natural persons who satisfy the ownership prong; without the control prong, this would create a loophole for legal entities seeking to obscure their beneficial ownership information. Requiring the identification and verification of, at a minimum, one control person ensures that financial institutions will have a record of at least one natural person associated with the legal entity, which will benefit law enforcement and regulatory investigations for reasons described previously. A few commenters requested that FinCEN provide additional information about the types of persons who would satisfy the control prong, contending that a level of detail similar to the explanations provided for the ownership prong would be helpful for implementation. We believe that such additional explanation is unnecessary. In contrast with the variety of possible complicated scenarios that a financial institution might encounter when trying to determine beneficial ownership under the ownership prong, the control prong provides for a straightforward test: The legal entity customer must provide identifying information for one person with significant managerial control. It further provides as examples a number of common, well-understood senior job titles, such as President, Chief Executive Officer, and others. Taken together, FinCEN believes that these clauses provide ample information for legal entity customers to easily identify a natural person that satisfies the definition of control person. A few commenters requested that FinCEN expand the reach of the control prong by, among other things, including within it the concept of ‘‘effective control,’’ and proposing a variety of changes to mandate the identification of additional natural persons under this E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 29412 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations prong, from all persons who exercise executive management and leadership, to all senior officials and all those who exercise effective control over a legal entity. FinCEN declines to make any of these changes to the control prong. While we recognize that our definition does not encapsulate all possible concepts of control, including effective control, we believe that our definition strikes the appropriate balance between including sufficiently senior leadership positions and practicability. As one of the proponents of including effective control conceded, effective control can be ‘‘difficult to determine.’’ We sought in our proposal to provide an easily administrable definition to facilitate collection of this information for both legal entities and financial institutions. As to the identification of additional natural persons, we believe that the challenges associated with identifying and verifying additional natural persons outweigh any incremental benefit of the information. Section 1010.230(e) Legal Entity Customer. As proposed, this paragraph defined the term ‘‘legal entity customer’’ and delineated a series of exclusions from this definition. Section 1010.230(e)(1). In the proposed rule, we to defined ‘‘legal entity customer’’ to mean a corporation, limited liability company, partnership or other similar business entity (whether formed under the laws of a state or of the United States or a foreign jurisdiction) that opens a new account. Many commenters raised questions about what entities and other businesses would be covered and requested that the proposed definition be clarified, particularly the meaning of ‘‘other similar business entity.’’ Some commenters urged us to include other business forms, such as unincorporated associations and sole proprietorships, within the definition of legal entity customer. We agree that covered institutions would benefit from a revised definition that further clarifies the entities that fall within the definition of ‘‘legal entity customer.’’ Thus, for the purposes of the final rule, we state that a legal entity customer means a corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction, that opens an account. This means that ‘‘legal entity customer’’ would include, in addition to corporations and limited liability companies, limited partnerships, business trusts that are created by a filing with a state office, VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 any other entity created in this manner, and general partnerships. (It would also include similar entities formed under the laws of other countries.) It would not include, for example, sole proprietorships or unincorporated associations even though such businesses may file with the Secretary of State in order to, for example, register a trade name or establish a tax account. This is because neither a sole proprietorship nor an unincorporated association is an entity with legal existence separate from the associated individual or individuals that in effect creates a shield permitting an individual to obscure his or her identity.54 The definition of ‘‘legal entity customer’’ also does not include natural persons opening accounts on their own behalf. In the final rule, we remove the reference to a ‘‘new’’ account to eliminate redundancies with other paragraphs of this provision, and because this account status is not a relevant characteristic for defining a legal entity customer. Trusts The definition would also not include trusts (other than statutory trusts created by a filing with a Secretary of State or similar office). This is because, unlike the legal entities that are subject to the final rule, a trust is a contractual arrangement between the person who provides the funds or other assets and specifies the terms (i.e., the grantor or settlor) and the person with control over the assets (i.e., the trustee), for the benefit of those named in the trust deed (i.e., the beneficiaries). Formation of a trust does not generally require any action by the state. As FinCEN noted in the NPRM, identifying a ‘‘beneficial owner’’ from among these parties, based on the definition in the proposed or final rule, would not be possible. FinCEN emphasizes that this does not and should not supersede existing obligations and practices regarding trusts generally. The preamble to each of the CIP rules notes that, while financial institutions are not required to look through a trust to its beneficiaries, they ‘‘may need to take additional steps to verify the identity of a customer that is not an individual, such as obtaining information about persons with control over the account.’’ 55 Moreover, as 54 FinCEN notes that this is consistent with the CIP rules, which include as a customer ‘‘an individual who opens a new account for . . . (B) an entity that is not a legal person, such as a civic club.’’ In such a case, the individual opening the account, rather than the civic club, is the customer. See, e.g., 31 CFR 1020.100(c)(1)(ii)(B). 55 See, e.g., ‘‘Customer Identification Programs for Broker-Dealers,’’ 68 FR at 25116 n.32. (May 9, 2003). PO 00000 Frm 00016 Fmt 4701 Sfmt 4700 FinCEN noted in the proposal, it is our understanding that where trusts are direct customers of financial institutions, financial institutions generally also identify and verify the identity of trustees, because trustees will necessarily be signatories on trust accounts (which in turn provides a ready source of information for law enforcement in the event of an investigation). Furthermore, under supervisory guidance for banks, ‘‘in certain circumstances involving revocable trusts, the bank may need to gather information about the settlor, grantor, trustee, or other persons with the authority to direct the trustee, and who thus have authority or control over the account, in order to establish the true identity of the customer.’’ 56 We reiterate our understanding that, consistent with existing obligations, financial institutions are already taking a risk-based approach to collecting information with respect to various persons associated with trusts in order to know their customer,57 and that we expect financial institutions to continue these practices as part of their overall efforts to safeguard against money laundering and terrorist financing.58 ‘‘Account’’ Definition FinCEN also notes that a legal entity customer is defined as one that opens an account, but that the NPRM did not define the term ‘‘account.’’ Several commenters requested that FinCEN provide a definition for this term and suggested using the definition from the CIP rules. In order to maintain consistency with the CIP rules, FinCEN is adding to the final rule the definition of the term ‘‘account’’ that is found in the CIP rules,59 which by its terms excludes an account opened for the purpose of participating in an employee benefit plan established under the Employee Retirement Income Security Act of 1974. This added provision is not only consistent with CIP but also appropriate for the final rule, inasmuch as accounts established to enable 56 Federal Financial Institutions Examination Council, Bank Secrecy Act/Anti-Money Laundering Examination Manual 281 (2014) (FFIEC Manual). 57 FinCEN also understands that in order to engage in the business of acting as a trustee, it is necessary for a trust company to be Federally- or State-chartered. Such entities are subject to BSA obligations, which reduces the AML risk of such trusts. 58 Also not covered by the final rule are accounts in the name of a deceased individual opened by a court-appointed representative of the deceased’s estate. 59 See, e.g., 31 CFR 1020.100(a)(2) (for banks); 1023.100(a)(2) (for brokers or dealers in securities); 1024.100(a)(2) (for mutual funds); and 1026.100(a)(2) (for futures commission merchants or introducing brokers in commodities). E:\FR\FM\11MYR3.SGM 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations employees to participate in retirement plans established under ERISA are of extremely low money laundering risk. In this regard, commenters requested that FinCEN broaden the exemption for ERISA plans to include other nonERISA retirement plans, based on their low risk of money laundering, FinCEN notes that in the case of such non-ERISA plans, the customer would generally either be the trust established to maintain the assets, or the employer that contracts with the financial institution to establish the account, and not the underlying participants in or beneficiaries of the account.60 Accordingly, in the case where the customer would be the employer and such employer is a legal entity, the financial institution would be required to obtain the beneficial owners of the legal entity employer (unless such employer is otherwise excluded from the definition of legal entity customer). We address other requests for exemptions from the beneficial ownership requirement in the discussion of § 1010.230(h) below. Paragraph (c) of § 1010.230 of the final rule will accordingly read as set out in the regulatory text at the end of this document. Section 1010.230(e)(2). The NPRM proposed ten exclusions from the legal entity customer definition. The first two categories are also for the most part excluded from the requirements of the CIP rules. The final rule adopts all of those proposed exclusions, except as discussed below under the heading, Charities and Nonprofit Entities. The final rule also adds a number of other exclusions in response to comments. All of the exclusions are a result of an assessment of the risks and determination that beneficial ownership information need not be obtained at account opening, because the information is generally available from other credible sources: mstockstill on DSK3G9T082PROD with RULES3 A financial institution regulated by a Federal functional regulator or a bank regulated by a State bank regulator— 1010.230(e)(2)(i) These entities are excluded because they are subject to Federal or State regulation and information regarding their beneficial ownership and management is available from the relevant Federal or State agencies. 60 See FinCEN et al., Interagency Interpretive Guidance on Customer Identification Program Requirements under Section 326 of the USA PATRIOT Act, FAQs: Final CIP Rule 6 April 28, 2005, page 6, available at https://www.fincen.gov/ statutes_regs/guidance/pdf/faqsfinalciprule.pdf. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 A person described in § 1020.315(b)(2) through (5) of this chapter— § 1010.230(e)(2)(ii) This includes the following: • A department or agency of the United States, of any State, or of any political subdivision of a State. FinCEN has determined that this category is appropriate for exclusion because such entities have no equity owners and information regarding their management is readily available from public sources. • Any entity established under the laws of the United States, of any State, or of any political subdivision of any State, or under an interstate compact between two or more States, that exercises governmental authority on behalf of the United States or of any such State or political subdivision. This category is also appropriate for exclusion due to the amount of ownership and management information that is publicly available about such entities. • Any entity (other than a bank) whose common stock or analogous equity interests are listed on the New York, American,61 or NASDAQ stock exchange. This exclusion is appropriate because such entities are required to publicly disclose the beneficial owners of five percent or more of each class of the issuer’s voting securities in periodic filings with the SEC, to the extent the information is known to the issuer or can be ascertained from public filings.62 In addition, beneficial owners of these issuers’ securities may be subject to additional reporting requirements.63 • Any entity organized under the laws of the United States or of any State at least 51 percent of whose common stock or analogous equity interests are held by a listed entity. Because such subsidiaries of listed entities are controlled by their parent listed entity, information regarding control and management is publicly available. An issuer of a class of securities registered under section 12 of the Securities Exchange Act of 1934 or that is required to file reports under section 15(d) of that Act 64— § 1010.230(e)(2)(iii) These issuers are excluded because they are required to publicly disclose the beneficial owners of five percent or more of each class of the issuer’s voting 61 Currently called NYSE MKT. e.g., Item 12 of Form 10–K and Item 403 of Regulation S–K. 63 See Securities Exchange Act section 13(d) and Rules 13d–1 to 13d–102; Securities Exchange Act § 16(a) and Rules 16a–1 through 16a–13. 29413 securities in periodic filings with the SEC, to the extent the information is known to the issuer or can be ascertained from public filings.65 In addition, beneficial owners of the issuer’s securities may be subject to additional reporting requirements.66 An investment company, as defined in Section 3 of the Investment Company Act of 1940, that is registered with the SEC under that Act— § 1010.230(e)(2)(iv) An investment adviser, as defined in section 202(a)(11) of the Investment Advisers Act of 1940, that is registered with the SEC under that Act—§ 1010.230(e)(2)(v) These entities are excluded because registered investment companies and registered investment advisers already publicly report beneficial ownership in their filings with the SEC.67 An exchange or clearing agency, as defined in section 3 of the Securities Exchange Act of 1934, that is registered under section 6 or 17A of that Act—§ 1010.230(e)(2)(vi) Any other entity registered with the SEC under the Securities and Exchange Act of 1934—§ 1010.230(e)(2)(vii) These entities are excluded because the SEC registration process requires disclosure and regular updating of information about beneficial owners of those entities, as well as senior management and other control persons. A registered entity, commodity pool operator, commodity trading advisor, retail foreign exchange dealer, swap dealer, or major swap participant, each as defined in section 1a of the Commodity Exchange Act, that is registered with the CFTC— § 1010.230(e)(2)(viii) These entities are excluded because the CFTC registration process requires disclosure and regular updating of information about beneficial owners of those entities, as well as senior management and other control persons. A public accounting firm registered under section 102 of the SarbanesOxley Act—§ 1010.230(e)(2)(ix) Such firms are those that audit publicly traded companies and SECregistered broker-dealers. These firms are required to register with the Public Company Accounting Oversight Board 62 See, 64 See Securities Exchange Act section 16(a) and Rules 16a–1 through 16a–13 and Item 403 of Regulation S–K. PO 00000 Frm 00017 Fmt 4701 Sfmt 4700 65 See, e.g., Item 12 of Form 10–K and Item 403 of Regulation S–K. 66 See Securities Exchange Act section 13(d) and Rules 13d–1 to 13d–102; Securities Exchange Act § 16(a) and Rules 16a–1 through 16a–13. 67 See, e.g., Item 17 of Form N–1A and Schedule A to Part 1A of Form ADV. E:\FR\FM\11MYR3.SGM 11MYR3 29414 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations (PCAOB), a nonprofit corporation established by Congress to oversee the audits of publicly traded companies, and are required to file annual and special reports with the PCAOB. In addition, States require public accounting firms to register and to file annual reports identifying their members (e.g., partners, members, or shareholders).68 Such information is often available online. Many commenters also urged that the proposed exclusions from the legal entity customer definition be expanded or clarified in certain respects. These include, among others, exclusions for accounts for employee benefit plans (addressed above), additional entities regulated by the United States or States of the United States, foreign governments and agencies, foreign financial institutions, and nonprofits. Commenters also sought clarity on how certain types of entities and relationships should be treated. mstockstill on DSK3G9T082PROD with RULES3 Additional Regulated Entities A bank holding company, as defined in section 2 of the Bank Holding Company Act of 1956 (12 U.S.C. 1841), or savings and loan holding company, as defined in section 10(n) of the Home Owners’ Loan Act (12 U.S.C. 1467a(n))—§ 1010.230(e)(2)(x) At the suggestion of several commenters, bank holding companies, which include financial holding companies, have been excluded from the beneficial ownership requirement in the final rule because the Federal Reserve Board maintains beneficial ownership information on all of these companies. Savings and loan holding companies are excluded for the same reason. A pooled investment vehicle that is operated or advised by a financial institution excluded under this paragraph—§ 1010.230(e)(2)(xi) In response to several commenters who noted that beneficial ownership information would be available regarding the operator or adviser of such pooled vehicles, FinCEN has determined that the pooled vehicle should also be excluded from this requirement. An insurance company that is regulated by a State—§ 1010.230(e)(2)(xii) A few commenters sought exclusion of insurance companies from the definition of legal entity customer, with the requested exclusions ranging in scope from all insurance companies subject to an AML program requirement 68 See, e.g., New York State Education Law, Article 149, Section 7408.3. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 and all insurance companies regulated by a State of the United States, to those insurance companies that own or control an SEC registered broker-dealer or SEC registered investment adviser. We address these proposals in turn. The commenters who proposed to exclude all insurance companies subject to an AML program requirement and all State-regulated insurance companies did not directly proffer a rationale for their request. We presume that the commenters believe that insurance companies subject to an AML program requirement and to State regulation present a lower risk profile, and should therefore be excluded. As to insurance companies subject to an AML program requirement, such status alone does not require insurance companies to disclose beneficial ownership information to their supervisors. Accordingly, an exclusion on that basis would not be warranted. With respect to insurance companies regulated by a State of the United States, these companies must disclose and regularly update their beneficial owners, as well the identities of senior management and other control persons. For insurance firms that are a part of a publicly traded group, such disclosures would also be found in annual SEC filings. All State-regulated insurance companies are required to file an Annual Statement with their State regulators, identifying senior management, directors, and trustees. Schedule Y of this Statement shows the firm’s corporate structure, including direct and indirect parents and subsidiaries of the insurer. Form B, an annual registration statement filed with state regulators, shows the executive officers, directors, and controlling shareholders of insurance companies. In the case of mutual insurance companies, which do not issue equity and are instead owned as a whole by their policyholders, Form B nevertheless shows their executive officers and directors. For these reasons, we believe an exclusion for State-regulated insurance companies is appropriate, and we have accordingly added to the final rule an exclusion for an insurance company that is regulated by a State as paragraph (e)(2)(xii).69 Some commenters also sought an exclusion for insurance companies that own or control an SEC registered brokerdealer or SEC registered investment adviser, noting that their registration with the SEC results in the disclosure of all individuals and entities in the indirect chain of ownership of the 69 Because ‘‘State’’ is defined in 31 CFR 1010.100(vv), we have not included ‘‘of the United States’’ in the rule text. PO 00000 Frm 00018 Fmt 4701 Sfmt 4700 broker-dealer or adviser with an ownership interest of 25 percent or more. FinCEN understands that in the vast majority of cases, an insurance company that owns or controls a registered broker-dealer or investment advisor would also be regulated by a State. Accordingly, FinCEN believes that this additional exclusion would be redundant. A financial market utility designated by the Financial Stability Oversight Council under Title VIII of the DoddFrank Wall Street Reform and Consumer Protection Act of 2010— § 1010.230(e)(2)(xiii) One commenter requested that FinCEN exclude designated financial market utilities from the definition of legal entity customer, noting that such entities are already subject to extensive regulation. FinCEN understands that entities designated as financial market utilities by the Financial Stability Oversight Council pursuant to Title VIII of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 are subject to extensive supervision and oversight by their Federal functional regulators, including the disclosure of beneficial ownership information. Accordingly, FinCEN believes that it is appropriate to exclude them from the definition. Excluded Foreign Entities A foreign financial institution established in a jurisdiction where the regulator of such institution maintains beneficial ownership information regarding such institution—§ 1010.230(e)(2)(xiv) Numerous commenters urged FinCEN to broaden the proposed exemptions for regulated financial institutions and publicly traded companies in the United States to include their counterparts outside of the United States. With regard to regulated foreign financial institutions, some commenters noted that in the rules implementing section 312 of the USA PATRIOT Act, even in the case of foreign banks subject to enhanced due diligence, a U.S. bank need obtain ownership information only if such foreign banks are not publicly traded,70 and that it would be inconsistent to impose a more burdensome requirement in the case of correspondent accounts for foreign banks (and arguably other foreign financial institutions) that are not subject to enhanced due diligence. FinCEN agrees with this analysis and has broadened the exclusions to the 70 31 E:\FR\FM\11MYR3.SGM CFR 1010.610(b)(3). 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations definition of legal entity customer in the final rule to include foreign financial institutions established in jurisdictions where the regulator of such institution maintains beneficial ownership information regarding such institution. As with other exclusions described above, FinCEN has determined that it is appropriate to exclude these entities, because information regarding their beneficial ownership and management is available from the relevant foreign regulator. A non-U.S. governmental department, agency or political subdivision that engages only in governmental rather than commercial activities— § 1010.230(e)(2)(xv) Commenters also requested that certain departments, agencies, and political subdivisions of non-U.S. governments, as well as State-owned enterprises and supranational organizations, should also be exempt from the beneficial ownership requirement. The commenters pointed out that no such customers would have beneficial owners under the ownership prong, and any individual identified under the control prong would in most cases not be in the United States, which would make verification of identity more difficult. We agree that certain departments, agencies, and political subdivisions of non-U.S. governments— specifically, those that engage only in governmental (and not commercial) activities—should not fall within the definition of legal entity customer, and should therefore be excluded from the requirement. Although this delineation between governmental and commercial activities arises out of well-recognized principles of sovereign immunity, FinCEN does not expect front-line employees of covered financial institutions to engage in any type of legal analysis to determine the applicability of this exclusion. Rather, FinCEN expects covered financial institutions to rely upon the representations of such customers, absent knowledge to the contrary. Some commenters also requested an exclusion for supranational organizations. FinCEN is not aware of a well-established, widely accepted definition of this term that could serve to clearly notify such entities of their eligibility to be excluded from this requirement. Because of the administrative challenges associated with determining such eligibility in the absence of a clear line, FinCEN declines to include such an exclusion in the final rule. We recognize that many such organizations would generally lack equity interests (and accordingly, equity VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 stakes); thus, as in the case of other legal entities lacking such interests, financial institutions would be expected to collect beneficial ownership information under the control prong only. Any legal entity only to the extent that it opens a private banking account subject to 31 CFR 1010.620— § 1010.230(e)(2)(xvi) A number of commenters requested that FinCEN clarify the treatment of beneficial owners of private banking accounts for non-U.S. persons that are subject to FinCEN’s private banking account rule,71 which requires financial institutions maintaining such accounts to ascertain the identity of all beneficial owners of such accounts, but utilizes a different definition.72 Because covered financial institutions have established a process for complying with the private banking account regulation, FinCEN has determined that it is appropriate to exclude such legal entity customers from the beneficial ownership requirement only when they establish such accounts. Nonexcluded Pooled Investment Vehicles In the proposal, FinCEN sought comment on the approach that it should take towards pooled investment vehicles that are operated or advised by financial institutions that are not proposed to be excluded from the definition of legal entity customer, i.e., whether they should also be excluded from this requirement, or, if such vehicles are not excluded, whether covered financial institutions should be required to identify beneficial owners of such vehicles only under the control prong of the beneficial ownership definition. We noted that such entities often have ownership interests that fluctuate, and that identifying beneficial owners of these entities based on a percentage ownership threshold accordingly might create unreasonable operational challenges to collect information that would only be accurate for a limited period of time. Some commenters requested that FinCEN exclude such pooled investment vehicles from the beneficial ownership requirement for several reasons, including the logistical difficulties of maintaining the information and possible limited duration of the accuracy of the information noted above. The commenters requested that, if such vehicles are not excluded, then FinCEN 71 31 72 31 PO 00000 CFR 1010.620. CFR 1010.605(a). Frm 00019 Fmt 4701 Sfmt 4700 29415 should require those financial institutions to collect beneficial ownership information of such entities under the control prong only. FinCEN agrees that, because of the limited utility and difficulty of collecting beneficial ownership information under the ownership prong, in the case of pooled investment vehicles whose operators or advisers are not excluded from this definition, such as non-U.S. managed mutual funds, hedge funds, and private equity funds, financial institutions would be required to collect beneficial ownership information under the control prong only (e.g., an individual with significant responsibility to control, manage, or direct the operator, adviser, or general partner of the vehicle). This treatment of nonexcluded pooled investment vehicles is reflected in the final rule in § 1010.230(e)(3)(i). Intermediated Account Relationships In the NPRM, we proposed that if an intermediary is the customer, and the financial institution has no CIP obligation with respect to the intermediary’s underlying clients pursuant to existing guidance, a financial institution should treat the intermediary, and not the intermediary’s underlying clients, as its legal entity customer. Thus, existing guidance issued jointly by Treasury or FinCEN and any of the Federal functional regulators for broker-dealers, mutual funds, and the futures industry related to intermediated relationships would apply.73 Commenters from the securities, mutual fund, and futures industries strongly supported this approach. FinCEN confirms that this principle will apply in interpreting the final rule, as follows: To the extent that 73 See, e.g., Guidance from the Staffs of the Department of the Treasury and the U.S. Securities and Exchange Commission, Questions and Answers Regarding the Mutual Fund Customer Identification Rule, August 11, 2003, available at https:// www.sec.gov/divisions/investment/guidance/ qamutualfund.htm.; Guidance from the Staffs of the Department of the Treasury and the U.S. Securities and Exchange Commission, Question and Answer Regarding the Broker-Dealer Customer Identification Program Rule (31 CFR 103.122) (October 1, 2003), available at https:// www.fincen.gov/statutes_regs/guidance/html/ 20031001.html; Guidance from the Staffs of the Department of the Treasury and the U.S. Commodity Futures Trading Commission, Frequently Asked Question regarding Customer Identification Programs for Futures Commission Merchants and Introducing Brokers (31 CFR 103.123), available at https://www.fincen.gov/ statutes_regs/guidance/html/futures_omnibus_ account_qa_final.html; FinCEN, Application of the Regulations Requiring Special Due Diligence Programs for Certain Foreign Accounts to the Securities and Futures Industries, FIN–2006–G009 (May 10, 2006), available at https://www.fincen.gov/ statutes_regs/guidance/html/312securities_futures_ guidance.html. E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 29416 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations existing guidance provides that, for purposes of the CIP rules, a financial institution shall treat an intermediary (and not the intermediary’s customers) as its customer, the financial institution should treat the intermediary as its customer for purposes of this final rule. FinCEN also confirms that other guidance issued jointly by FinCEN and one or more Federal functional regulators relating to the application of the CIP rule will apply to this final rule, to the extent relevant.74 One commenter representing the legal profession requested that escrow accounts established by lawyers to keep their clients’ funds in trust be given the same treatment, due to lawyers’ professional obligations to maintain client confidentiality under State law and codes of professional conduct. This commenter proposed that in the case of such accounts, only the lawyers and law firms establishing these accounts would be deemed legal entity customers from which beneficial ownership information would be collected. FinCEN understands that many attorneys maintain client trust or escrow accounts containing funds from multiple clients and other third parties in a single account. Funds flow in and out of these accounts during the normal course of business, and while these movements may not be as frequent as those found in, for example, pooled accounts in the securities and futures industries, they nevertheless create significant operational challenges to collecting this information with reference to the relevant clients and third parties. As in the case of nonexcluded pooled investment vehicles, FinCEN believes that it would be unreasonable to impose such collection obligations for information that would likely be accurate only for a limited period of time. FinCEN also understands that State bar associations impose extensive recordkeeping requirements upon attorneys with respect to such accounts, generally including, among other things, records tracking each deposit and withdrawal, including the source of funds, recipient of funds, and purpose of payment; copies of statements to clients or other persons showing disbursements to them or on their behalf; and bank statements and deposit 74 See, e.g., FinCEN, Application of the Customer Identification Program Rule to Future Commission Merchants Operating as Executing and Clearing Brokers in Give-Up Arrangements, FIN–2007–G001 (April 20, 2007), available at https:// www.fincen.gov/statutes_regs/guidance/html/cftc_ fincen_guidance.html; ‘‘FAQs: Final CIP Rule’’. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 receipts.75 For these reasons, FinCEN believes that attorney escrow and client trust accounts should be treated like other intermediated accounts described above, and we accordingly deem such escrow accounts intermediated accounts for purposes of the beneficial ownership requirement. Charities and Nonprofit Entities In the NPRM, we proposed an exclusion from the definition of ‘‘legal entity customer’’ for charities and nonprofit entities that are described in sections 501(c), 527, or 4947(a)(1) of the Internal Revenue Code of 1986, which have not been denied tax exempt status, and which are required to and have filed the most recently due annual information return with the Internal Revenue Service. Commenters raised a number of issues with this proposed exemption. These include the fact that, in order to qualify for the exemption, the financial institution would effectively need to verify each of the following: 1. That the customer qualifies for an exemption under one of the three listed sections of the Internal Revenue Code, which would likely require that the financial institution review the entity’s IRS documentation; 2. That the exemption has not been revoked; 3. That the entity is required to file an annual information return; and 4. That the entity has in fact filed such return. Commenters expressed concerns that these steps to verify a charitable organization’s eligibility for the exemption would be unduly burdensome and difficult for frontline staff to administer. Several commenters asked whether the financial institution could utilize the IRS’s search tool that enables taxpayers to confirm the tax exempt status of organizations, ‘‘EO Select Check,’’ in order to verify the necessary information; others noted that, while this Web site confirms the tax exempt status of organizations, it does not confirm that the organization has filed its most recently due return. Moreover, up-to-date information, particularly regarding a recently formed organization, may not be available. Commenters noted further that, unless these issues can be addressed in a way that would facilitate the use of the exclusion, it would in many cases be simpler to ignore the exclusion and obtain the beneficial ownership information. 75 See, e.g., 22 N.Y.C.R.R. Part 1200, Rule 1.15; California State Bar Rule of Professional Conduct 4– 100. PO 00000 Frm 00020 Fmt 4701 Sfmt 4700 FinCEN has considered the comments addressing this proposed exclusion and agrees that as proposed the exclusion would in many cases be difficult to administer. Rather than limiting its treatment of this category to entities that are exempt from Federal tax and requiring proof of such exemption, FinCEN has determined that it would be simpler, as well as more efficient and more logical, to exclude all nonprofit entities (whether or not tax-exempt) from the ownership prong of the requirement, particularly considering the fact that nonprofit entities do not have ownership interests, and require only that they identify an individual with significant responsibility to control, manage, or direct the customer. Accordingly, the final rule eliminates this proposed exclusion and instead includes as a type of legal entity customer, subject only to the control prong of the beneficial owner definition, any legal entity that is established as a nonprofit corporation or similar entity and has filed its organizational documents with the appropriate State authority as necessary. For purposes of this provision, a nonprofit corporation or similar entity would include, among others, charitable, nonprofit, not-for-profit, nonstock, public benefit or similar corporations. Such an organization could establish that it is a qualifying entity by providing a certified copy of its certificate of incorporation or a certificate of good standing from the appropriate State authority, which may already be required for a legal entity to open an account with a financial institution under its CIP.76 FinCEN also believes that identifying and verifying an individual under the control prong is not an onerous requirement, and understands from its outreach that in the cases of many nonprofits such an individual is already identified to the financial institution as a signatory. FinCEN also notes that as a general matter, small local community organizations, such as Scout Troops and youth sports leagues, are unincorporated associations rather than legal entities and therefore not subject to the beneficial ownership requirement. Other Proposed Exclusions A few commenters requested that we expand the list of exclusions to include all types of entities currently exempt from CTR reporting requirements. Although some of the exclusions to the definition of legal entity customer correspond to entities exempt from CTR 76 See, E:\FR\FM\11MYR3.SGM e.g., 31 CFR 1020.220(a)(2)(ii)(A)(2). 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations reporting requirements,77 we decline to extend these exclusions to include all of the CTR exemptions. The CTR and beneficial ownership requirements serve different purposes, and the principal underlying justification for many of the CTR exemptions—that the requirement is not feasible or appropriate for cashintensive low-risk businesses—does not apply here. FinCEN has considered all the CTR exemptions and has included those that are logical in the context of the beneficial ownership requirement, for the reasons articulated above. Some commenters also requested that FinCEN exclude other ‘‘low-risk’’ entities from the definition of legal entity customer. We have considered all commenters’ requests for exclusions to the definition and have incorporated only those that we have determined are appropriate in this context. Section 1010.230(f) Covered Financial Institution. As proposed, this paragraph defined covered financial institution through incorporation by reference of the definition set forth in § 1010.605(e)(1), thereby subjecting to this requirement those financial institutions already covered by CIP requirements. FinCEN noted in the proposal that it viewed the exercise of its discretion to limit the initial application of this requirement to these institutions as appropriate, because it is logical to minimize disruption and burden to the extent possible by commencing implementation with institutions already equipped to leverage CIP procedures. There were no significant objections to limiting the scope of this requirement in this manner, and we are accordingly adopting this definition as proposed. We note generally that FinCEN received comments from institutions not subject to CIP (nor therefore to the proposal), urging us to engage in dialogue before determining whether to expand the beneficial ownership and CDD requirements to their industries. FinCEN agrees that thoughtful engagement with all stakeholders is an essential component of the rulemaking process, and will continue to engage in outreach to inform our policy decisions and any future rulemakings. As we noted in the proposal, comments and discussions with these institutions during the course of this rulemaking have led us to believe that extending CDD requirements in the future to these, and potentially other types of financial institutions, may ultimately promote a more consistent, reliable, and effective AML regulatory structure across the financial system. A few commenters requested that FinCEN exclude smaller financial institutions from the scope of coverage, contending principally that such institutions generally presented a lower risk profile and that implementation of the beneficial ownership requirement would be unduly burdensome. We decline to categorically exclude smaller institutions from the definition of covered financial institution. As we have noted, both in the proposal and above, one of the animating purposes of this rulemaking is to promote clear and consistent expectations across and within financial sectors, in order to promote a more level playing field when it comes to AML/CFT compliance. Uniform application of the beneficial ownership requirement would prevent the ‘‘competitive disadvantage’’ (cited by one commenter seeking this exclusion) that would result if prospective customers were not required ‘‘to complete the same form at . . . competitor financial institutions.’’ And even though some smaller institutions might be lower risk, size alone should not be a determinative factor for a risk assessment, making it an inappropriate basis for a categorical exclusion. Indeed, a blanket size-based exclusion would provide a clear roadmap for illicit actors seeking an easy entry point into the financial system. Finally, FinCEN appreciates the concerns raised about the burden of implementation expressed by commenters and, as described at length above, has made numerous changes to the proposal to reduce the burden upon financial institutions. We reiterate that, as with CIP, financial institutions are expected to implement procedures for collecting beneficial ownership information ‘‘appropriate for [their] size and type of business.’’ 78 Section 1010.230(g) New account. See discussion above under ‘‘Identification and Verification.’’ Section 1010.230(h) Exemptions. In the final rule, this paragraph exempts covered financial institutions from the beneficial ownership requirement with respect to opening accounts for legal entity customers for certain specific activities and within certain limitations for the reasons described below. 77 See 31 CFR 1010.230(e)(2)(i), which includes certain persons exempt from CTR reporting. 78 31 CFR 1020.220(a)(1); 31 CFR 1023.220(a)(1); 31 CFR 1024.220(a)(1); 31 CFR 1026.220(a)(1). VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 Private Label Retail Credit Accounts Established at the Point-of-Sale One commenter requested that FinCEN exempt point-of-sale retail credit accounts provided to small to PO 00000 Frm 00021 Fmt 4701 Sfmt 4700 29417 mid-size business customers, including commercial private label and cobranded credit cards and installment loans, from the scope of coverage of the beneficial ownership requirement. This commenter noted that such accounts presented a lower risk of money laundering due in large part to limitations on the use of those cards inherent in these customer relationships. For example, because private label credit cards can be used only to purchase goods or services at the specified retailer at which they are issued, they would not be an attractive vehicle to launder illicit proceeds. That these accounts can only be used for domestic transactions, and generally have lower credit limits, are additional factors that mitigate the risk of these accounts. FinCEN has learned that legal entities without an established and verifiable credit history that seek such accounts are generally required to provide a personal guarantee by a natural person whose identity and credit history are verified. We agree that these characteristics and limitations associated with private label credit card accounts that are used exclusively within issuing retailers’ networks, significantly decrease these accounts’ susceptibility to abuse by money launderers and terrorist financers. Thus, covered financial institutions are exempt from the beneficial ownership requirement with respect to private label credit card accounts to the limited extent that they are established at the point-of-sale to obtain credit products, including commercial private label credit cards, solely for the purchase of retail goods and/or services at the issuing retailer and have a credit limit of no more than $50,000. In contrast, credit cards that are cobranded with major credit card associations do not possess the same limitations and characteristics that would protect them from abuse. For example, co-branded credit cards can be used at any outlet or ATM that accepts those associations’ cards. FinCEN therefore believes that covered financial institutions should obtain and verify beneficial ownership information with respect to opening accounts for legal entities involving such co-branded cards. Additional Exemptions During the comment period to the RIA, several commenters sought to exempt certain limited purpose activities from the scope of the beneficial ownership requirement, principally on the grounds that such accounts had an extremely low risk profile for money laundering because of E:\FR\FM\11MYR3.SGM 11MYR3 29418 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations inherent structural limitations to the accounts and the purposes for which such accounts are established. mstockstill on DSK3G9T082PROD with RULES3 Accounts Established for the Purchase and Financing of Postage One such commenter was a limited purpose banking entity whose primary business is to facilitate the purchase and financing of postage. This commenter noted that all the accounts at its institution exist solely for small businesses, governments, and nonprofit organizations to prepay postage and earn interest (in the form of additional postage), or to finance postage through an unsecured revolving line of credit. Clients of this institution cannot use these accounts to purchase merchandise, deposit or withdraw cash, write checks, or transfer funds. FinCEN agrees that these types of accounts present a low risk of money laundering, both because of the purpose for which such accounts are established, as well as the characteristics of these accounts described above. Accordingly, covered financial institutions are exempt from the beneficial ownership requirement with respect to accounts solely used to finance the purchase of postage and for which payments are remitted directly by the financial institution to the provider of the postage products. Commercial Accounts To Finance Insurance Premiums Several commenters representing the commercial insurance premium finance industry submitted a joint letter outlining the expected impact of the beneficial ownership requirement on their industry, and the structural characteristics of these financial products that make them a low risk of money laundering. They noted that borrowers seeking funds to finance premiums for property and casualty insurance do not receive these proceeds directly; instead, the funds are remitted directly to an insurance company, either directly or through an insurance agent or broker. As with the limited purpose postage accounts described above, customers of premium finance companies cannot use these accounts to purchase merchandise, deposit or withdraw cash, write checks, or transfer funds. FinCEN agrees that these types of accounts present a low risk of money laundering, both because of the purpose for which such accounts are established, as well as the characteristics of these accounts that make them a poor vehicle for money laundering. For these reasons, covered financial institutions are exempt from the beneficial ownership requirement with respect to accounts solely used to finance VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 insurance premiums and for which payments are remitted directly by the financial institution to the insurance provider or broker. Accounts To Finance the Purchase or Lease of Equipment One commenter representing a bank that primarily provides financial products for small business equipment leasing sought to exclude this activity from the beneficial ownership requirement with the same basic rationale put forth by the commenters representing the commercial insurance premium finance industry. Because FinCEN understands that these financial products have similar structural characteristics that limit their utility as vehicles for money laundering, covered financial institutions are exempt from the beneficial ownership requirement with respect to accounts solely used to finance the purchase or leasing of equipment and for which payments are remitted directly by the financial institution to the vendor or lessor of this equipment. Section 1010.230(h)(2) Limitations on Exemptions. These three exemptions are subject to further limitations to mitigate the remaining limited money laundering risks associated with them, as follows: • The exemptions identified in paragraphs (h)(1)(ii) through (iv) do not apply to transaction accounts through which a legal entity customer can make payments to, or receive payments from, third parties. • If there is the possibility of a cash refund on the account activity identified in paragraphs (h)(1)(ii) through (iv), then beneficial ownership of the legal entity customer must be identified and verified by the financial institution as required by this section, either at the time of initial remittance, or at the time such refund occurs. The first limitation reflects the additional structural limitation described in our discussion of these account types that makes them a low risk of money laundering, and therefore a necessary characteristic to qualify for these exclusions. The second limitation serves to mitigate the principal money laundering vulnerability in some of these accounts—to wit, the possibility of a cash refund—by requiring the identification and verification of beneficial ownership information when the initial remittance is made or when a refund actually occurs. Based upon the submissions from commenters, as well as subsequent inquiry into these financial products, FinCEN understands that most of these exempted accounts would not be affected by such limitation. Furthermore, this PO 00000 Frm 00022 Fmt 4701 Sfmt 4700 requirement has been drafted to give covered financial institutions flexibility in implementing this provision. Although this limitation applies broadly to accounts where there is the possibility of a refund, as a practical matter, beneficial ownership information must only be collected when such a refund actually occurs. Thus, covered financial institutions that offer such products do not have to change their onboarding systems, and FinCEN believes that in most cases, they will not have to collect this information. Section 1010.230(i) Recordkeeping. In the NPRM, we proposed a recordkeeping requirement identical to the requirement for CIP, in order to leverage existing standards and processes to facilitate financial institutions’ implementation of this requirement. Thus, under the proposal, a financial institution must have procedures for maintaining a record of all information obtained in connection with identifying and verifying beneficial owners, including retention of the Certification Form and a record of any other related identifying information reviewed or collected, for a period of five years after the date the account is closed. Furthermore, we proposed that a financial institution must also retain records for a period of five years after such record is made, including a description of every document relied on for verification, any non-documentary methods and results of measures undertaken for verification, as well as the resolution of any substantive discrepancies discovered in verifying the identification information. Because collection of the Certification Form is no longer a requirement, we are making a corresponding change to the recordkeeping requirement for the final rule. Section 1010.230(i)(1)(i) now states that at a minimum, the record must include, for identification, any identifying information obtained by the covered financial institution pursuant to paragraph (b), including without limitation the certification (if obtained). Most commenters who addressed this issue agreed with FinCEN’s decision to have recordkeeping requirements identical to CIP. However, two commenters who submitted largely identical letters objected to this approach, asserting that the CIP recordkeeping requirements did not make sense in the context of beneficial ownership information because such information would likely change regularly for some legal entity customers, resulting in the accumulation of multiple iterations of the Certification Form, all of which would have to be retained. Despite this E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations concern, we decline to alter the recordkeeping requirement. First, because the Certification Form is no longer mandatory, financial institutions not using it will not have to retain multiple Certification Forms, but will instead have flexibility to record any changes of beneficial ownership information in a manner that works best for their institution. And we believe the benefit from leveraging existing procedures far outweighs any benefit that might arise from a shorter recordkeeping standard, because creating a separate standard for beneficial ownership information would likely require new processes and necessitate training for employees, as well as require line employees to consistently apply different standards for beneficial ownership and CIP information. Section 1010.230(j) Reliance on Another Financial Institution. In the NPRM, we proposed that financial institutions could rely on the performance by another financial institution of the requirements of this section under the same conditions as set forth in the applicable CIP rules. Commenters raised a few points regarding the reliance provision as proposed. A few requested that we lower the standard for reliance below that articulated in the applicable CIP rules, by permitting reliance without a contract and annual certification, and extending the reliance provisions to regulated money services businesses and foreign affiliates of covered financial institutions subject to a global standard at least as rigorous as U.S. CIP and CDD standards. We decline to make any of these proposed changes to the reliance provision at this time. FinCEN believes that there is significant value to financial institutions in terms of account management in having uniform standards to the greatest extent possible, and that having different reliance standards for CIP and for beneficial ownership information might cause confusion and negatively impact compliance. Thus, to the extent that we would make any of the proposed changes to the reliance provision, we believe it would be important to make the same changes concurrently to the applicable CIP provisions, which would require joint rulemaking. One commenter requested that FinCEN clarify reliance responsibilities in the drafting of selling, clearing, or counterparty agreements, without further elaboration upon the type of clarification sought or the need for such clarification. We have considered this request, and in the absence of any specific and persuasive arguments VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 supporting the need for such clarification, we have found no reason to provide any clarification addressing this issue. Another commenter requested that FinCEN amend the reliance provision to enable covered financial institutions to employ the services of non-financial institution third parties as beneficial ownership pre-check service providers, to conduct beneficial ownership due diligence. This commenter contended that amending the proposal in this way might facilitate compliance by permitting third parties specializing in beneficial ownership due diligence to fulfill the requirements of this section at scale, expediting legal entities’ ability to open accounts. Thus, the commenter proposed adding clauses to the reliance provision permitting such reliance on these third parties if the reliance is reasonable; the third party is voluntarily subject to a rule implementing 31 U.S.C. 5318(h) and certified by Treasury or FinCEN; and the third party certifies to the financial institution that it has implemented an AML program and that it will perform the requirements of section 1010.230. FinCEN declines to make these changes. Currently, FinCEN does not have an appropriate mechanism to permit a third party to voluntarily subject itself to an AML program requirement, nor to assess and certify that party’s compliance. We thus believe that it would make more sense to postpone any consideration of this approach until after FinCEN and the covered financial institutions have gained experience and understanding from implementing section 1010.230. Section 1020.210 Anti-money laundering program requirements for financial institutions regulated only by a Federal functional regulator, including banks, savings associations, and credit unions. In the NPRM, we proposed to amend FinCEN’s existing AML program rules to expressly incorporate both the minimum statutory elements of an AML program prescribed by 31 U.S.C. 5318(h)(1), as well as the elements of the minimum standard of CDD that are not otherwise already accounted for in either the existing AML regulatory scheme (i.e., CIP) or in the proposed beneficial ownership requirement.79 79 In the proposal, we described these elements, which we believe to be fundamental to an effective AML program, as follows: (i) Identifying and verifying the identity of customers; (ii) identifying and verifying the identity of beneficial owners of legal entity customers (i.e., the natural persons who own or control legal entities); (iii) understanding the nature and purpose of customer relationships; and (iv) conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions. See 79 FR at 45152. PO 00000 Frm 00023 Fmt 4701 Sfmt 4700 29419 Paragraphs (b)(1) through (4) correspond to the minimum statutory elements of section 5318(h)(1), while proposed paragraph (b)(5) set forth the remaining elements of CDD by requiring appropriate risk-based procedures for conducting ongoing customer due diligence including, but not limited to, (i) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (ii) conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions. We described our understanding that these third and fourth elements of CDD were necessary and critical steps required to comply with the existing requirement under the BSA to identify and report suspicious transactions. Thus, expressly incorporating the third and fourth elements of CDD into the AML program rules would serve to harmonize these elements with existing AML obligations. Because the proposal sought only to clarify and explicitly state existing expectations and requirements, we emphasized that the proposal was not intended to lower, reduce, or limit the due diligence expectations of the Federal functional regulators or limit their existing regulatory discretion, nor to create any new obligations. With respect to the third element, understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile, we elaborated upon our understanding of the manner in which current expectations satisfied this proposed requirement. We observed that under the existing requirement for financial institutions to report suspicious activity, they must file SARs on a transaction that, among other things, has ‘‘no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage.’’ 80 Banks specifically are expected to ‘‘obtain information at account opening sufficient to develop an understanding of normal and expected activity for the customer’s occupation or business operations.’’ 81 In short, to understand the types of transactions in which a particular customer would normally be expected to engage necessarily requires an understanding of the nature and purpose of the customer relationship, which informs the baseline against which aberrant, suspicious transactions are identified. It was this fundamental 80 31 CFR 1020.320(a)(2)(iii); see also 31 CFR 1023.320(a)(2)(iii), 1024.320(a)(2)(iii), and 1026.320(a)(2)(iii). 81 FFIEC Manual at 57. E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 29420 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations expectation that FinCEN sought to encapsulate in its articulation of the third element. Moreover, as FinCEN stated in the proposal, in some circumstances an understanding of the nature and purpose of a customer relationship can also be developed by inherent or self-evident information about the product or customer type, such as the type of customer, the type of account opened, or the service or product offered, or other basic information about the customer, and such information may be sufficient to understand the nature and purpose of the relationship. We further noted that, depending on the facts and circumstances, other relevant facts could include basic information about the customer, such as annual income, net worth, domicile, or principal occupation or business, as well as, in the case of longstanding customers, the customer’s history of activity. Regarding the fourth element, conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions, we noted our understanding that, as with the third element, current industry practice to comply with existing expectations for SAR reporting should already satisfy this proposed requirement. Banks are expected to have in place internal controls to ‘‘provide sufficient controls and monitoring systems for timely detection and reporting of suspicious activity.’’ 82 In short, the proposal served to codify existing supervisory and regulatory expectations for banks as explicit requirements within FinCEN’s AML program requirement in order to make clear that the minimum standards of CDD, as articulated, include ongoing monitoring of all transactions by, at, or through the financial institution. As proposed, the obligation to update customer information as a result of monitoring would generally only be triggered when the financial institution becomes aware of information about the customer in the course of normal monitoring relevant to assessing the risk posed by a customer; it was not intended to impose a categorical requirement to update customer information on a continuous or ongoing basis using the Certification Form in Appendix A or by another means. Commenters raised a number of points about FinCEN’s proposal to expressly incorporate the third and fourth elements of CDD as a ‘‘fifth pillar’’ into the AML program rules. Some questioned whether FinCEN had the statutory authority to adopt these 82 Id. at 29–30. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 amendments to the program rules. A few commenters expressed general approval of this approach but sought clarification of its application, while other commenters opposed the codification of existing regulatory expectations, questioning the need to do so in light of current regulatory expectations. Some commenters raised concerns about FinCEN’s articulation of the ongoing monitoring requirement, contending that the element as proposed imposed an obligation to continuously update customer information. We address these comments and provide additional clarification for banks below. A few commenters challenged FinCEN’s statutory authority to amend the AML program rules in this fashion. They argued principally that FinCEN’s actions exceeded the scope of its statutory authority because it proposed to incorporate into the regulations implementing the AML program, elements not found in the authorizing statute, 31 U.S.C. 5318(h). This argument is not supported by a plain reading of the statutory text. Section 5318(h)(1) provides in relevant part that ‘‘each financial institution shall establish anti-money laundering programs, including, at a minimum— [the four statutory pillars]. . . .’’ (emphasis added). And section 5318(h)(2) further provides that ‘‘[t]he Secretary of the Treasury, after consultation with the appropriate Federal functional regulator . . . may prescribe minimum standards for programs established under paragraph (1). . . .’’ The first clause by its terms does not limit an AML program exclusively to the four enumerated statutory elements, and the statutory scheme clearly vests the Secretary 83 with discretion to adapt the AML program to changing circumstances as warranted after consultation with the Federal functional regulators. FinCEN’s actions today fall squarely within the scope of its statutory delegation of authority from the Secretary and the plain language of Section 5318(h)(1). One commenter asserted that the creation of this new ‘‘fifth pillar’’ separate from the other elements of CDD that are already incorporated into the ‘‘internal controls’’ pillar, could complicate how existing internal controls are identified and managed, possibly requiring the revision of existing systems and programs, including training and audit functions, thereby needlessly consuming banks’ AML resources. As described at greater 83 As noted above, the Secretary has delegated to the Director of FinCEN the authority to implement the BSA and associated regulations. PO 00000 Frm 00024 Fmt 4701 Sfmt 4700 length above and below, FinCEN views the fifth pillar as nothing more than an explicit codification of existing expectations; as these expectations should already be taken into account in a bank’s internal controls, FinCEN would expect the confusion caused by this codification, if any, to be minimal. Furthermore, FinCEN believes that, in order to bring uniformity and consistency across sectors, it is important that these due diligence elements be made explicit, and that they be part of the AML program of depository institutions (as well as of the other covered financial institutions). We believe that harmonizing these requirements across financial sectors will strengthen the system as a whole, by further limiting opportunities for inconsistent application of unclear or unexpressed expectations. The same commenter also asserted that imposing this requirement unilaterally ‘‘places FinCEN at odds with the prudential regulators.’’ However, FinCEN notes that the proposed CDD rule as well as this final rule, were issued after consultation with the staffs of the prudential regulators. Most bank commenters did not raise objections to the concept of a customer risk profile. The banks that commented on this issue noted generally that they understood the concept as it applied to their industry. One commenter subject to AML requirements for banks, brokerdealers, mutual funds, and insurance companies raised concerns that the concept of a customer risk profile implicated personal privacy interests and that information about personal attributes of customers could be used for inappropriate profiling. We reiterate here that for banks, the term ‘‘customer risk profile’’ is used to refer to the information gathered about a customer to develop the baseline against which customer activity is assessed for suspicious transaction reporting. As such, we would not expect there to be any significant changes to current practice that is consistent with existing expectations and requirements, and certainly not in the form of inappropriate profiling. A few commenters raised objections to the ongoing monitoring element in the proposal, contending that, as articulated, it was inconsistent with current requirements or expectations regarding the monitoring of customers and transactions and appeared to impose a new requirement to monitor, maintain, and update customer information on a continuous basis. Commenters also requested that FinCEN clarify the relationship between ongoing monitoring and updating beneficial E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations ownership information, asserting that the expectation articulated in the proposal that financial institutions should update beneficial ownership information in connection with ongoing monitoring was unclear. As we noted in the proposal and above, the purpose of articulating the requirement regarding updating customer information was to codify existing practice relating to ongoing monitoring, and not to impose a new categorical requirement to continuously update customer information. However, we agree with the commenters that this element as presented in the proposal could be construed in this fashion. Thus, the final rule amends the ongoing monitoring prong to state that ongoing monitoring is conducted to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For these purposes, customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230). We believe that this change to the ongoing monitoring clause better encapsulates current practice in the AML/CFT area, and therefore, the nature of the obligation—that is, financial institutions are presently expected to conduct a monitoringtriggered update of customer information when they detect information during the course of their normal monitoring relevant to assessing or reevaluating the risk of a customer relationship. Such information could include, e.g., a significant and unexplained change in customer activity. It could also include information indicating a possible change in beneficial ownership, when such change might be relevant to assessing the risk posed by the customer. In any such event, it is appropriate to update the customer information accordingly. As we noted in the proposal, including the ongoing monitoring element in the AML program rules serves to reflect existing practices to satisfy SAR reporting obligations. Although the beneficial ownership information collection requirement was not in place at the time of the proposal, this information may be relevant in assessing the risk posed by the customer and in assessing whether a transaction is suspicious. Moreover, FinCEN believes it is also consistent that this updating requirement should apply not only to customers with new accounts, but also to customers with accounts existing on the Applicability Date. That is, should the financial institution learn as a result of its normal VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 monitoring that the beneficial owner of a legal entity customer may have changed, it should identify the beneficial owner of such customer. For example, we can envision a situation where an unexpected transfer of all of the funds in a legal entity’s account to a previously unknown individual would trigger an investigation in which the bank learns that the funds transfer was directly related to a change in the beneficial ownership of the legal entity.84 FinCEN emphasizes that the obligation to update customer information pursuant to this provision, including beneficial ownership information, is triggered only when, in the course of its normal monitoring, the financial institution detects information relevant to assessing the risk posed by the customer; it is not intended to impose a categorical requirement to update customer or beneficial ownership information on a continuous or ongoing basis. One commenter asserted that it would be difficult to conceive of a scenario where the ongoing monitoring of transactions would provide information to a financial institution indicating a potential change in beneficial ownership. Accordingly, the commenter suggested that we link the expectation to update beneficial ownership information only to monitoring of the customer relationship. We generally agree with the notion that it is unlikely that transaction monitoring will uncover information suggestive of a change of beneficial ownership, because such monitoring generally does not tend to provide insight into the transfer of ownership or operational control. Nevertheless, we do not believe that a categorical exclusion of beneficial ownership information from this element would be appropriate. First, FinCEN believes that the revision of the ongoing monitoring element for the final rule as described above largely addresses this concern—as we have noted repeatedly, our requirement is consistent with current practice, and we expect monitoring-triggered updating of beneficial ownership information (as with other customer information) only to occur on a risk basis when material information about a change in beneficial ownership is uncovered during the course of a bank’s normal monitoring (whether of the customer relationship or of transactions). As noted in the preceding paragraph, there may be unusual cases where transaction monitoring might lead to information 84 The same changes are being made to the ongoing monitoring provisions of the AML program rules for the other covered financial institutions. PO 00000 Frm 00025 Fmt 4701 Sfmt 4700 29421 about a possible change in beneficial ownership, and we are therefore unwilling to categorically foreclose this avenue of inquiry. However, there is no expectation that a financial institution obtain updated beneficial ownership information from its customers on a regular basis, whether by using the Certification Form in Appendix A or by any other means. This commenter also expressed concern about subjecting all account relationships to the requirement to monitor to identify and report suspicious transactions, contending that this implied a uniform requirement for monitoring transactions that was inconsistent with the risk-based approach. Therefore, the commenter requested that FinCEN expressly articulate that ongoing monitoring be conducted pursuant to the risk-based approach. We clarify first that our expectation that all accounts be subject to ongoing monitoring does not mean that we expect all accounts to be subject to a uniform level of scrutiny. Rather, we fully expect financial institutions to apply the risk-based approach in determining the level of monitoring to which each account will be subjected. Thus, consistent with current practice, we would expect the level of monitoring to vary across accounts based on the financial institution’s assessment of the risk associated with the customer and the account. We also noted that all account relationships would be subject to this requirement merely to reflect the fact that all accounts must necessarily be monitored in some form in order to comply with existing SAR requirements, and not only those subject to the CIP rule. Section 1023.210 Anti-money laundering program requirements for brokers or dealers in securities. The structural changes to this section, as well as the rationale for these amendments, are identical to those articulated for banks above.85 As in the case of banks described above, FinCEN emphasizes that the incorporation of these elements is 85 As we noted in the proposal, FinCEN’s current AML program rule for broker-dealers differs from the current program rule issued by FINRA, principally because FINRA has included as a pillar within its AML program rule a requirement with respect to suspicious activity reporting. This integrated treatment of the SAR requirement also differs from the practice of the other financial sectors covered by this rulemaking. We reiterate that FinCEN is not proposing to incorporate, as FINRA has done, a SAR reporting requirement as a separate pillar within the AML program rules, as the existing stand-alone SAR obligation within FinCEN’s regulations is sufficient. However, the decision to not include a SAR requirement within the program rules is not meant to affect its treatment in any way within the FINRA rule. E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 29422 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations intended to explicitly articulate current practices consistent with existing regulatory and supervisory expectations. Thus, understanding the nature and purpose of customer relationships encapsulates practices already generally undertaken by securities firms to know and understand their customers. In the proposal, we observed that under the existing requirement for financial institutions to report suspicious activity, they must file SARs on a transaction that, among other things, has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage.86 To understand the types of transactions in which a particular customer would normally be expected to engage necessarily requires an understanding of the nature and purpose of the customer relationship, which informs the baseline against which aberrant, suspicious transactions are identified. As described at greater length below, however, we understand that this type of assessment may not necessarily be contemporaneous. For example, as a part of their due diligence at account opening, brokerdealers are expected to, inter alia, ‘‘inquire about the source of the customer’s assets and income so that the firm can determine if the inflow and outflow of money and securities is consistent with the customer’s financial status,’’ as well as ‘‘gain an understanding of what the customer’s likely trading patterns will be, so that any deviations from the patterns can be detected later on, if they occur.’’ 87 And as FinCEN stated in the proposal, in some circumstances an understanding of the nature and purpose of a customer relationship can also be developed by inherent or self-evident information about the product or customer type, or basic information about the customer, and such information may be sufficient to understand the nature and purpose of the relationship. We further noted that, depending on the facts and circumstances, other relevant facts could include basic information about the customer, such as annual income, net worth, domicile, or principal occupation or business, as well as, in the case of longstanding customers, the customer’s history of activity. For example, FinCEN understands that some securities firms sometimes use suitability information gathered pursuant to FINRA Rule 2111 in 86 31 CFR 1020.320(a)(2)(iii); see also 31 CFR 1023.320(a)(2)(iii), 1024.320(a)(2)(iii), and 1026.320(a)(2)(iii). 87 Nat’l Ass’n of Securities Dealers, Special NASD Notice to Members 02–21 7 (Apr. 2002). VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 determining whether a given transaction is one which would be expected from a particular customer. It is these types of current practices that FinCEN sought to encapsulate in its articulation of the third element. Regarding the fourth element as proposed in the NPRM, conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions, we noted our understanding and expectation that, as with the third element, current industry practice for SAR reporting should already satisfy this proposed requirement. In short, the proposal was intended to codify existing supervisory and regulatory expectations as explicit requirements within FinCEN’s AML program requirement, in order to make clear that the minimum standards of CDD, as articulated, include ongoing monitoring of all transactions by, at, or through the financial institution. Securities industry commenters raised a number of concerns about the proposed fifth pillar as it would apply to their industry. A few commenters sought clarification of the concept of a customer risk profile, as well as of how the nature and purpose of customer relationships were to be understood for customers of broker-dealers. Commenters also requested that FinCEN clarify the extent of the ongoing monitoring requirement for the securities industry. Commenters asked that FinCEN clarify or define what constitutes a customer risk profile, noting that the term is not commonly used in the securities industry. One commenter noted that while some securities firms assign risk scores to customers, the practice is not mandated by regulation and not widely adopted in the industry; thus, this commenter opposed imposing such a categorical requirement. As it does for banks, the term ‘‘customer risk profile’’ is used to refer to the information gathered about a customer to develop the baseline against which customer activity is assessed for suspicious transaction reporting. Depending on the firm and the nature of its business, it may appropriately take the form of individualized risk scoring, placement of customers into risk categories, or some other method of assessing customer risk. We note that neither the Federal securities laws nor FINRA rules explicitly require firms to create a formal risk ‘‘score’’ for all customers. However there is a basic expectation that members of the industry understand the risks posed by their customers and be able to demonstrate this understanding. As PO 00000 Frm 00026 Fmt 4701 Sfmt 4700 with banks, we do not expect the customer risk profile to necessarily be integrated into existing monitoring systems to serve as the baseline for identifying and assessing suspicious transactions on a contemporaneous basis. Rather, we expect broker-dealers to utilize the customer risk profile as necessary or appropriate during the course of complying with their SAR requirements—as we understand is consistent with the general current practice—in order to determine whether a particular transaction is suspicious. On a related note, commenters also requested that FinCEN clarify the manner in which understanding the nature and purpose of customer relationships would apply to brokerdealers, particularly with respect to how such information would relate to existing transaction monitoring practices. They claimed that most existing monitoring systems in the securities industry identify typologies of suspicious activity, such as market manipulation or money movements, in a manner that does not depend on a concurrent understanding of the customer to trigger an alert. Accordingly, commenters stated that because such customer information is not always necessary for the initial recognition of suspicious activity, it is generally not integrated into these monitoring systems. Thus, one commenter asked FinCEN to clarify that nature and purpose information would not be required for use in transaction monitoring. We note that understanding the nature and purpose of customer relationships does not necessarily require broker-dealers to integrate customer information into transaction monitoring systems in all instances. Rather, as it relates to broker-dealers’ SAR requirements, we expect this information to be used at least in some cases in determining whether a particular flagged transaction is suspicious. As a part of broker-dealers’ SAR reporting obligations, they must necessarily have an understanding of the nature and purpose of a customer relationship in order to determine whether a transaction is not the sort in which the particular customer would normally be expected to engage.88 FinCEN understands that many brokerdealers use this information during the course of an investigation into suspicious activity triggered by transaction monitoring, i.e., after and not necessarily concurrent with transaction monitoring; accordingly, based on our understanding of these 88 31 E:\FR\FM\11MYR3.SGM CFR 1023.320(a)(2). 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations practices, we generally do not expect that such firms would need to change these practices in order to be in compliance with this requirement. One commenter questioned the need to incorporate the nature and purpose element into the AML program rules for broker-dealers if it is an inherent part of suspicious activity reporting. This commenter noted its concern that express incorporation of this element into the AML program rules might require changes to broker-dealers’ account opening procedures in order to demonstrate compliance with this provision, and requested that FinCEN clarify its reasons for amending the AML program rules in this way. As we noted above, FinCEN believes that, in order to bring uniformity and consistency across sectors, it is important that these due diligence elements be made explicit, and that they be part of the AML program of brokerdealers in securities (as well as of the other covered financial institutions). We believe that harmonizing these requirements across financial sectors will strengthen the system as a whole, by further limiting opportunities for inconsistent application of unclear or unexpressed expectations. FinCEN further expects that broker-dealers would generally not need to alter their account opening procedures to satisfy this requirement to the extent that broker-dealers are compliant with existing supervisory or regulatory expectations as discussed herein. Commenters also requested that FinCEN clarify the nature of the ongoing monitoring requirement. One commenter urged FinCEN to remove the clause pertaining to maintaining and updating customer information because securities firms do not currently have an obligation to conduct ongoing monitoring to update customer information. Another urged FinCEN to limit the obligation to update customer information to ‘‘negative-event’’ triggers discovered during the course of monitoring. We believe that the clarifying changes made to the ongoing monitoring clause for the final AML program rules for all covered financial institutions and described above in the discussion of banks addresses these concerns. The final rule states that ongoing monitoring is conducted to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For these purposes, customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230). VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 As discussed above for banks, brokerdealers are presently expected to conduct a monitoring-triggered update of customer information when they learn of material information relevant to assessing the risk of a customer relationship during the course of their normal monitoring. Under this rule, financial institutions shall include beneficial ownership information in the customer information to be updated, in cases where a change in such information could affect the risk presented by the customer, since such information could be relevant to assessing customer risk. As we noted in the proposal, including the ongoing monitoring element in the AML program rules served to reflect existing practices to satisfy SAR reporting obligations. Although the beneficial ownership information collection requirement was not in place at the time of the proposal, this information may be relevant in assessing the risk posed by the customer and in assessing whether a transaction is suspicious. Moreover, FinCEN believes it is also consistent that this requirement should apply not only to customers with new accounts, but also to customers with accounts existing on the Applicability Date. That is, should the financial institution detect as a result of its normal monitoring that the beneficial owner of a legal entity customer may have changed, it should identify the beneficial owner of such customer, whether or not it has already done so. For example, we can envision a situation where an unexpected transfer of all of the funds in a legal entity’s account to a previously unknown individual would trigger an investigation in which the financial institution learns that the funds transfer was directly related to a change in the beneficial ownership of the legal entity.89 FinCEN emphasizes that the obligation to update customer information pursuant to this provision, including beneficial ownership information, is triggered only when, in the course of its normal monitoring, the financial institution detects information relevant to assessing the risk posed by the customer; it is not intended to impose a categorical requirement to update customer or beneficial ownership information on a continuous or ongoing basis. Section 1024.210 Anti-money laundering program requirements for mutual funds. The structural changes to this section, as well as the rationale for 89 The same changes are being made to the ongoing monitoring provisions of the AML program rules for the other covered financial institutions. PO 00000 Frm 00027 Fmt 4701 Sfmt 4700 29423 these amendments, are identical to those articulated for banks and brokerdealers above. However, as an initial matter, FinCEN notes that, unlike the situation for other covered financial institutions, a relatively small proportion of a mutual fund’s underlying customers purchase their shares directly from the fund. Rather, the great majority of mutual fund investors purchase shares through an intermediary, such as a securities broker-dealer, and therefore the mutual fund has no direct relationship with them. In addition, of all the legal entity customers of a mutual fund, a significant number are typically financial intermediaries (e.g., securities broker-dealers), most of which are regulated. Such intermediaries are nonetheless subject to a mutual fund’s AML program, which requires the application of risk-based due diligence. Of those legal entity customers that are not financial intermediaries, a substantial number are in many cases corporations that are administering benefit plans for their employees (or administrators doing this on behalf of such employers); these relationships are also subject to risk-based due diligence. Thus, FinCEN understands that any legal entities that are direct customers of a fund, and not any type of intermediary, would comprise a relatively small portion of its direct customers, and FinCEN expects that such non-intermediary legal entity customers would be subject to a different risk assessment than intermediary customers for due diligence purposes. The following discussion of mutual fund customer relationships must be read in this context. As in the case of banks and brokerdealers as described above, FinCEN emphasizes that the incorporation of these elements serves only to articulate current practice consistent with existing regulatory and supervisory expectations. Thus, understanding the nature and purpose of customer relationships encapsulates practices already generally undertaken by mutual funds to know and understand their customers. In the proposal, we observed that under the existing requirement for financial institutions to report suspicious activity, they must file SARs on a transaction that, among other things, has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage.90 To understand the types of transactions in which a particular customer would normally be expected 90 31 E:\FR\FM\11MYR3.SGM CFR 1024.320(a)(2)(iii). 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 29424 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations to engage necessarily requires an understanding of the nature and purpose of the customer relationship, which informs the baseline against which aberrant, suspicious transactions are measured. As FinCEN stated in the proposal, depending on the facts and circumstances, other relevant facts could include basic information about the customer, such as annual income, net worth, domicile, or principal occupation or business, as well as, in the case of longstanding customers, the customer’s history of activity. Furthermore, in some circumstances an understanding of the nature and purpose of a customer relationship can also be developed by inherent or selfevident information about the product or customer type, or basic information about the customer, and such information may be sufficient to understand the nature and purpose of the relationship. This final point is particularly relevant for the mutual fund industry. As commenters from the industry noted, mutual funds are best understood as a form of financial product rather than as an institution providing financial services or investment advice. We understand that much of a mutual fund’s understanding of the nature and purpose of a customer relationship arises predominantly from the customer’s initial decision to invest in a mutual fund, as reflected largely by the customer’s choice of product. As with banks and broker-dealers, such customer information is not necessarily used as a contemporaneous point of comparison in monitoring systems. However, as with banks and brokerdealers, we also understand that many mutual funds use this information during the course of an investigation into suspicious activity triggered by transaction monitoring, i.e., after and not concurrent with transaction monitoring; we would not generally expect such firms to change their practices in order to comply with this requirement. It was this fundamental established practice that FinCEN sought to encapsulate in its articulation of the third element. Accordingly, we expect this element to be construed fully consistently with the SAR rule and associated guidance for mutual funds.91 As with banks and broker-dealers, the term ‘‘customer risk profile’’ means information gathered about a customer to develop the baseline against which customer activity is assessed for 91 See 74 FR 26213, 26216 n.29 (May 4, 2006); Frequently Asked Questions, Suspicious Activity Report Requirements for Mutual Funds, FIN–2006– G013 (Oct. 4, 2006). VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 suspicious transaction reporting. We also do not expect the customer risk profile to necessarily be integrated into existing monitoring systems to serve as the baseline for understanding suspicious transactions on a contemporaneous basis (as described with regard to banks and brokerdealers). Rather, we expect mutual funds to utilize the customer risk profile as necessary or appropriate during the course of complying with their SAR requirements—as we understand is consistent with the general current practice—in order to determine whether a particular transaction is suspicious. Regarding the fourth element as proposed in the NPRM, conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions, we noted our understanding that, as with the third element, current industry expectations for SAR reporting should already satisfy this proposed requirement. In short, we intended the proposal to codify existing supervisory and regulatory expectations as explicit requirements within FinCEN’s AML program requirement in order to make clear that the minimum standards of CDD, as articulated, include ongoing monitoring of all transactions by, at, or through the financial institution. As proposed, the obligation to update customer information in the course of monitoring would generally only be triggered when the financial institution became aware of information as part of its normal monitoring relevant to assessing the risk posed by a customer; it was not intended to impose a categorical requirement to update customer information on a continuous or ongoing basis. Because of the structural ambiguities in the proposal as articulated above, we have also amended the ongoing monitoring prong for the final rule for mutual funds. The final rule states that ongoing monitoring is conducted to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For these purposes, customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230). As described above in the sections addressing banks and broker-dealers, we believe that this change to the ongoing monitoring provision is more consistent with current practice, and therefore, with the nature of the obligation—that is, when mutual funds detect information relevant to assessing the risk of a customer relationship during the course of their normal monitoring, PO 00000 Frm 00028 Fmt 4701 Sfmt 4700 they would then be expected to update customer information. Consistent with the new requirement to collect beneficial ownership information in this rulemaking, such customer information would include beneficial ownership information, and would apply to new customers as well as those existing on the Applicability Date. Section 1026.210 Anti-money laundering program requirements for futures commission merchants and introducing brokers in commodities. The structural changes to this section, as well as the rationale for these amendments, are identical to those articulated for other covered financial institutions described above. As in the case of the other covered financial institutions, FinCEN reiterates that the incorporation of these elements is intended to explicitly articulate current practices consistent with existing regulatory and supervisory expectations. Thus, understanding the nature and purpose of customer relationships encapsulates practices already generally undertaken by futures firms to know and understand their customers. In the proposal, we observed that under the existing requirement for financial institutions to report suspicious activity, they must file SARs on a transaction that, among other things, has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage.92 To understand the types of transactions in which a particular customer would normally be expected to engage necessarily requires the futures commission merchant or introducing broker to have an understanding of the nature and purpose of the customer relationship, which informs the baseline against which aberrant, suspicious transactions are identified. As described at greater length below, we understand that for the futures industry, this may not necessarily be a contemporaneous assessment. For example, under the National Futures Association’s (NFA) AML Interpretive Notice, futures commission merchants and introducing brokers are expected to understand the nature and purpose of their customer relationships to inform their suspicious activity reporting: ‘‘Recognizing suspicious transactions requires familiarity with the firm’s customers, including the customer’s business practices, trading activity and patterns. What constitutes a suspicious transaction will vary 92 31 CFR 1020.320(a)(2)(iii); see also 1023.320(a)(2)(iii), 1024.320(a)(2)(iii), and 1026.320(a)(2)(iii). E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations depending on factors such as the identity of the customer and the nature of the particular transaction.’’ 93 And as FinCEN stated in the proposal, in some circumstances an understanding of the nature and purpose of a customer relationship can also be developed by inherent or self-evident information about the product or customer type, or basic information about the customer, and such information may be sufficient to understand the nature and purpose of the relationship. It also may vary depending on the type of entity opening the account. For example, a clearing futures commission merchant at account opening would be focused on the creditworthiness of the customer, and not necessarily trading patterns, as the trades would be executed through an executing futures commission merchant. The nature and purpose of the relationship for the clearing futures commission merchant would be a clearing account for futures and options transactions. We further noted and understand that, depending on the facts and circumstances, relevant information regarding the customer obtained under NFA Compliance Rule 2–30 and CFTC Rule 1.37(a)(1) could include basic information about the customer such as annual income, net worth, domicile, or principal occupation or business, as well as, in the case of longstanding customers, the customer’s history of activity. Such information could be useful to understand the nature and purpose of the customer relationship, and to determine whether a given transaction is one which would be expected from a particular customer. It is these types of current practices that FinCEN sought to encapsulate in its articulation of the third element. Regarding the fourth element as proposed in the NPRM, conducting ongoing monitoring to maintain and update customer information and to identify and report suspicious transactions, we noted our understanding and expectation that, as with the third element, current industry practice for SAR reporting should already satisfy this proposed requirement. In short, the proposal served to codify existing supervisory and regulatory expectations as explicit requirements within FinCEN’s AML program requirement in order to make clear that the minimum standards of CDD, as articulated, include ongoing monitoring of all transactions by, at, or through the financial institution. As proposed, the obligation to update 93 National Futures Association Compliance Rule 2–9: FCM and IB Anti-Money Laundering Program Interpretive Notice. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 customer information in the course of monitoring would generally only be triggered when the financial institution became aware of information as a result of its normal monitoring relevant to assessing the risk posed by a customer; it was not intended to impose a categorical requirement to update customer information on a continuous or ongoing basis. Because of the structural ambiguities in the proposal as articulated above, we have also amended the ongoing monitoring prong for the final rule for futures commission merchants and introducing brokers. The final rules states that ongoing monitoring is conducted to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For these purposes, customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230). As described in the sections above pertaining to banks, securities brokerdealers, and mutual funds, we believe that this change better articulates current practice and, therefore, the nature of the obligation—that is, when futures firms detect information relevant to assessing the risk of a customer relationship during the course of their normal monitoring, they then would be expected to update customer information. A commenter representing the futures industry raised a number of concerns about the third and fourth elements of CDD as put forth in the proposal. The commenter challenged FinCEN’s authority to amend the AML program rules in this fashion, contending principally that it was outside FinCEN’s authority to incorporate non-BSA regulatory schemes—specifically, suitability and know-your-customer rules that we cited in the proposal when describing current practices at futures firms for understanding customers—into BSA regulations. First, FinCEN reaffirms, as described above, its general statutory authority to amend the AML program rules by adding elements beyond those specifically listed in the statute. We also reject the notion that amending the AML program rules in this way is an incorporation-byreference of other regulatory schemes outside of the scope of FinCEN’s statutory authority. Our citation to CFTC and NFA rules in the proposal served only to reflect that ‘‘this information could be relevant for understanding the nature and purpose of customer relationships,’’ 94 and would also be relevant for compliance 94 79 PO 00000 FR at 45163 n.51. Frm 00029 Fmt 4701 Sfmt 4700 29425 with NFA Compliance Rule 2–9. Recognition of the relevance of this information is not tantamount to mandating the inclusion of these other regulatory schemes into BSA regulations. As we noted above, we understand that as a matter of practice some futures firms use this information to understand the nature and purpose of the customer relationship, but the fifth element does not require that such information be integrated into futures firms’ AML monitoring programs on a contemporaneous basis, as a matter of regulatory compliance or expectation. This commenter also requested that FinCEN clarify what constitutes a customer risk profile, noting that the term is not commonly used in the AML context in the futures industry. The commenter urged FinCEN to remove this term from the final rule or provide additional opportunities for comment because of this lack of understanding. As it does for banks, broker-dealers, and mutual funds, the term ‘‘customer risk profile’’ refers to the information gathered about a customer to develop the baseline against which customer activity is assessed for suspicious transaction reporting. We note that neither the Federal futures laws nor the National Futures Association’s rules explicitly require firms to create a ‘‘customer risk profile’’ or a formal risk ‘‘score’’ for all customers. However, there is a basic expectation that members of the industry understand the risks posed by their customers and be able to demonstrate this understanding. As with banks, broker-dealers, and mutual funds, we do not expect a customer risk profile to necessarily be integrated into existing monitoring systems to serve as the baseline for understanding suspicious transactions on a contemporaneous basis. Rather, we expect futures commission merchants and introducing brokers to utilize the customer risk profile information as necessary or appropriate during the course of complying with their SAR requirements—as we understand is consistent with current practice—in order to determine whether a particular transaction is suspicious. Because of this, we do not believe it is necessary to eliminate the term nor provide additional opportunity for comment. In addition, the commenter also requested that FinCEN clarify the nature of the ongoing monitoring requirement, contending that it would be burdensome if FinCEN intended by this element to require continuous monitoring for the purpose of updating customer information. We believe that the clarifying changes made to the ongoing E:\FR\FM\11MYR3.SGM 11MYR3 29426 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations monitoring clause for the final rule, discussed above, address this concern. Finally, the commenter requested that FinCEN clarify the significance of the distinction between the terms ‘‘account’’ and ‘‘customer’’ with respect to the statement in the proposal that the fifth pillar not be limited only to customers for purpose of the CIP rules, but rather, extend to all accounts established by the institution. This commenter urged FinCEN to clarify this point particularly with respect to guidance for the futures industry, stating that CIP obligations do not apply to executing brokers in giveup arrangements and omnibus relationships, concerned that the fifth pillar might otherwise supersede the guidance. We noted that all account relationships, and not only those which are ‘‘accounts’’ within the CIP rule definition, would be subject to this requirement merely to reflect that all accounts must necessarily be monitored in some form in order to comply with existing SAR requirements.95 IV. Regulatory Analysis A. Executive Orders 13563 and 12866 It has been determined that this regulation is an economically significant regulatory action as defined in section 3(f)(1) of Executive Order (E.O.) 12866, as amended. Accordingly, this final rule has been reviewed by the Office of Management and Budget (OMB). As a result of being an economically significant regulatory action, FinCEN prepared and made public a preliminary RIA, along with an Initial Regulatory Flexibility Analysis (IRFA) pursuant to the Regulatory Flexibility Act, discussed below, on December 24, 2015. We received 38 comments about the RIA and/or the IRFA, which we address below. We have incorporated additional data points, additional sources of costs, and other points raised by commenters, directly into the final RIA itself, which we publish below in its entirety, following our narrative response to the remaining comments not addressed by these changes to the RIA. 1. Discussion of Comments to the RIA mstockstill on DSK3G9T082PROD with RULES3 General Comments A few commenters sought an extension of the comment period for the 95 ‘‘Although a futures commission merchant’s customer identification program will not apply when it is operating solely as an executing broker in a give-up arrangement, the futures commission merchant’s anti-money laundering program should contain risk-based policies, procedures, and controls for assessing the money laundering risk posed by its operations, including its execution brokerage activities; for monitoring and mitigating that risk; and for detecting and reporting suspicious activity.’’ FIN–2007–G001. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 RIA, contending principally that 30 days was an inadequate amount of time to gather additional data to respond to the RIA’s analyses, especially in light of its publication during the winter holidays. FinCEN denied the requests, noting that we believed the time period to be sufficient, ‘‘particularly in light of the extensive comment period provided over the course of the CDD rulemaking, which included industry’s views on the perceived costs and burdens regarding . . . CDD.’’ In the preamble to the final rule, we described the extensive, yearslong outreach conducted during the course of this rulemaking, during which time several commenters provided input regarding costs that they expected to incur implementing the rule. Of these commenters, only a small portion quantified these expected effects in a meaningful way. As described at greater length below in the section addressing cost-related comments, FinCEN and Treasury’s Office of Economic Policy (OEP) conducted substantial follow-up with parties that provided such figures, and determined that it was impracticable to obtain the data necessary to fully quantify the costs associated with implementing the CDD rule. This challenge, combined with the difficulty of quantifying many of the CDD rule’s expected benefits, led us to rely predominantly upon the breakeven analysis 96 to assess the relative benefits and costs of the CDD rule. The cost used in the breakeven analysis includes an order-of-magnitude assessment of information technology (IT) upgrade costs, identified by financial institutions during the comment period and our subsequent outreach as the most substantial driver of implementation costs. Because the RIA is meant to measure the expected costs and benefits of the rule in aggregate, and given the data quality and quantity concerns, we conducted an order-of-magnitude assessment. The conclusion of the order-of-magnitude assessment probably would not be materially changed by gathering additional data unless the current data points are outliers. The conclusions of the primary cost estimation would not be changed and thereby would not materially affect the RIA’s ultimate conclusion. We did not receive any substantive comment on the IT cost during the comment period. The comments and any associated data points that we received, whether pertaining to categories of implementation costs that were already 96 As described at greater length in the RIA, a breakeven analysis asks how large the present value of benefits has to be so that it is just equal to the present value of costs. PO 00000 Frm 00030 Fmt 4701 Sfmt 4700 included in the RIA or costs that we had overlooked and have since added (note that we incorporated all relevant quantifiable data received from the commenters into the updated RIA, which upwardly adjusted its cost calculations), have not significantly impacted our results. Some commenters took issue with the ‘‘academic’’ nature of the analysis set forth in the RIA, asserting that it was based on unfounded assumptions about the impact of the rule upon the behavior of illicit actors and therefore on aggregate levels of crime. For example, a few commenters challenged the notion that the beneficial ownership requirement would result in criminal actors actually providing information to financial institutions that would be valuable to law enforcement agencies; these commenters noted that such actors could simply provide false information, or hire straw men for the sole purpose of opening accounts. We address the specific comments regarding the various assumptions underlying our analysis below. As for the general comment that the approach we took in the RIA was too academic, we note first that OMB guidance recommends that an RIA should be ‘‘based on the best reasonably obtainable . . . economic information available. To achieve this, [agencies] should generally rely on peer-reviewed literature, where available.’’ 97 Unfortunately, there is not a body of direct empirical evidence regarding criminals’ behavior in response to AML/ CFT laws and regulations. In the absence of such analysis, and relatedly, the absence of any data on which to perform our own analysis, FinCEN asserts that it is both reasonable and appropriate to look to the academic literature on the economics of crime for a framework for formally thinking about how the CDD rule would potentially affect criminal outcomes. In this lessthan-ideal situation where empirical estimates of the rule’s effects on crime are lacking, the canonical economic model of crime at least provides useful insights into the mechanisms by which the rule could affect crime, which can in turn be assessed on the grounds of their plausibility. Like any economic model, this one assumes that its actors behave rationally, a premise that some commenters found objectionable and used to justify their protests of our use of any economic model of crime.98 On 97 OMB Circular A–4, available at https:// www.whitehouse.gov/omb/circulars_a004_a-4. 98 More formally, an individual’s preferences are rational if (1) she has a well-defined preference between any two possible alternatives and (2) her E:\FR\FM\11MYR3.SGM 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES3 this point—that criminals are not economic actors and thus do not respond to incentives—we strongly disagree based on empirical evidence appearing in peer-reviewed academic journals.99 Some commenters asserted that FinCEN and OEP took an inconsistent approach towards assessing the expected costs and benefits in the RIA. These commenters contended that we included certain unquantified benefits but excluded certain unquantified costs, rendering the analysis arbitrary. This RIA quantifies some of the cost categories and qualitatively describes the other cost categories and benefits consistent with OMB guidance. OMB Circular A–4 directs agencies to quantify both costs and benefits to the extent possible. Where we were ‘‘not able to quantify the effects,’’ we ‘‘present[ed] any relevant quantitative information along with a description of the unquantified effects.’’ 100 Contrary to these commenters’ assertions, we did not selectively rely upon unquantified benefits while ignoring unquantified costs. In the case of costs that were not initially accounted for in the RIA, but later identified by commenters, we have revised portions of the RIA to incorporate them. As for the largest cost that we were unable to quantify, IT upgrade costs, we fully acknowledge and recognize the importance of assessing this cost in the RIA and describe the difficulties we encountered in trying to obtain meaningful data for these costs. We offer an order-ofmagnitude assessment in the qualitative cost section and carry that analysis into the breakeven analysis. preferences exhibit transitivity—for alternatives x, y, and z, if x is preferred to y and y is preferred to z, then x is preferred to z. See page 6 of MasColell, Andreu, Michael D. Whinston, and Jerry R. Green. Microeconomic Theory. New York: Oxford University Press, 1995. 99 The canonical model of the economics of crime predicts that the CDD rule would reduce illicit activity by causing criminal actors to perceive a higher risk to setting up financial accounts in support of their illegal activities. Analogously, increased police presence deters criminal activity by increasing its perceived risk. A recent survey of empirical research on how different policing strategies deter crime states: ‘‘. . . there is robust evidence that crime responds to increases in police manpower and to many varieties of police redeployments.’’ See Chalfin, Aaron and Justin McCrary, ‘‘Criminal Deterrence: A Review of the Literature,’’ forthcoming, Journal of Economic Literature (2016). Importantly, the authors also discuss their assessment that police tactics characterized by high visibility likely reduce crime more through deterrence than through incapacitation. Therefore, we feel confident in assuming that potential criminal actors are rational in thinking through how they would respond to the imposition of the CDD rule. 100 OMB Circular A–4. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 A few commenters took issue with the general approach of the regulatory scheme, whereby the costs would be incurred almost entirely by financial institutions, while the benefits would accrue to society more broadly rather than to financial institutions and their customers, specifically. In their view, this made the CDD rule an impermissible tax upon financial institutions. But this rule is not a tax. Furthermore, we disagree with the characterization of this regulatory scheme as improper or out of the ordinary. There are numerous Federal regulatory schemes that have similar underlying assumptions, structures, and impacts—for example, the costs of some environmental regulations fall predominantly (if not almost exclusively) on producers of emissions (power plants, automobile manufacturers, etc.), while the benefits accrue to the members of society as a whole. Similar to environmental regulations, the CDD rule is meant to correct for a positive spillover that in this case leads to a less-than-efficient level of investment in AML/CFT security measures. Specifically, reductions in illicit activity from the collection of beneficial ownership information will benefit all members of society, but financial institutions will rationally only account for their own benefits when making their investment decisions. By compelling financial institutions to retrieve beneficial ownership information, the CDD rule’s intent is to increase investment in AML/ CFT measures to a level that results in higher overall wellbeing (even once costs to financial institutions are netted out). Recognizing the costs of implementing the CDD rule, we have made numerous changes to the rule itself, as described in the preamble above, so as to minimize as much as possible the impact of compliance upon covered financial institutions while still furthering the purposes of the rule. One commenter representing a business formation agent reiterated the recommendation proffered during the NPRM comment period to expand the reliance provision of the beneficial ownership requirement to include nonfinancial institutions, contending that such an expansion would reduce the costs of compliance. We decline to do so for the reasons articulated in the preamble to the final rule. During the comment period to the RIA, a few commenters raised substantive concerns about the rule itself that were essentially identical to concerns identified by commenters during the NPRM comment period, such as, among other things, requests to PO 00000 Frm 00031 Fmt 4701 Sfmt 4700 29427 exempt smaller institutions from the rule, and requests to eliminate the verification requirement; these issues have been addressed in the preamble to the final rule. Cost-Related Comments Some commenters objected to our overall approach to evaluating the expected costs associated with implementation of the CDD rule. A few of these commenters took issue with the limited sample size of financial institutions that provided the data supporting our quantitative assessment of the costs, and contended that we were required to undertake a fully quantified analysis using a large and representative sample of financial institutions. One commenter representing mid-sized banks stated that the RIA was deficient because it only accounted for the impact of the CDD rule on covered financial institutions writ large, and did not allow for the rule’s impact to differ based on a variety of categories, such as size, business lines, structure, geography, or customer base. This commenter asserted that we should have given additional consideration in the RIA to the impact of the CDD rule on small and mid-sized banks, provided additional data from mid-sized banks regarding the expected costs of implementing the CDD rule, and identified additional expected sources of costs not included in the RIA. As to the assertion that it was inappropriate to rely upon such a small sample size in developing our cost data, we agree that it might arguably have been preferable to obtain specific, granular data from a large and diverse set of financial institutions. However, based on our outreach to financial institutions and IT firms, we determined that it would be impracticable to do so. To further develop our cost data following the NPRM comment period, we identified and assessed all of the comment letters that raised the cost issue with specificity, and substantiated the assertion that FinCEN underestimated the costs associated with implementing the CDD rule with data or a narrative explanation. From this initial review, FinCEN engaged in outreach to many of these commenters to determine their willingness to engage in a more extensive voluntary discussion regarding the cost issues that they raised. To facilitate these commenters’ participation in this dialogue, FinCEN identified in advance a number of topics to guide the discussion, including: • A description of the commenting institution’s processes for onboarding legal entity customers and how that E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 29428 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations information is used to comply with AML/CFT requirements; • the types of documentation required to onboard legal entity customers; • an estimate of the amount of time it takes to set up legal entity customer accounts; • the approximate number of legal entity accounts established at the commenting institution on an annual basis; • anticipated changes to onboarding procedures that would be necessary to identify and verify beneficial owners, consistent with the requirement as proposed in the NPRM, and the approximate costs of such changes; • the frequency with which the commenting institution updates its computerized onboarding system, as well as the base cost associated with ‘‘opening’’ these systems for updates and the approximate incremental costs associated with each substantive change; • anticipated changes or updates to other systems required to comply with the requirement as proposed in the NPRM, and the approximate costs of such changes; • the expected costs and logistical difficulties associated with integrating the Certification Form into the commenting institution’s operations; • additional employee training required to implement the requirement as proposed in the NPRM, and how those costs compare to total annual BSA training expenditures; and • any additional costs associated with implementing the requirement as proposed in the NPRM that FinCEN did not take into account. Because we understood that it was likely that such a discussion would necessarily require a detailed description of proprietary business information, we noted that institutions’ specific answers would not be made a part of the public record, but informed participants that we might describe responses in general terms without attribution as a part of the rulemaking. During our outreach discussions, we learned that each institution’s onboarding process is different from the others, making it difficult to draw broad conclusions about the types of things covered financial institutions would have to do to implement the rule, from which we could extrapolate generally applicable cost estimates. More importantly, while institutions were generally able to provide estimates of training-related and other expected human resources costs, several of the institutions with which we spoke were VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 unable to provide any estimates about many of the other types of costs they expected to incur to implement the proposed CDD rule, even when pressed to provide rough estimates, or even estimates within a broad range of potential expected costs. Given this lack of usable data, and because FinCEN understands that the majority of financial institutions purchase their systems for entering and storing customer data rather than building the systems internally, we also sought similar information from several of the major vendors that provide these AML/ CFT-compliant IT systems. As with the financial institutions, we provided participating IT vendors the same basic topics to guide the discussion (identified above), with modifications to reflect the different role that these vendors play in the onboarding and screening processes. Although we obtained insight into the manner in which many of the major IT vendors work with financial institutions, none were able to provide meaningful quantified estimates of the expected costs associated with modifying their systems, even when pressed for rough estimates or estimates within a wide range of potential costs. For these reasons, we determined that it would likely be futile to conduct a broader survey of financial institutions and vendors to support our analysis. Thus, consistent with OMB guidance, we instead specified the expected sources of costs, and quantified these costs where possible. In order to assess the proposed rule, we relied upon the breakeven analysis, which used an order-of-magnitude assessment of the IT upgrade costs, resulting in an upper bound of $10 billion (identified by most commenters during the NPRM and RIA as by far the most substantial projected outlay) and the highest cost-scenarios for other significant costs quantified in the RIA. With respect to the concern that we did not adequately account for the impact of the proposed CDD rule upon mid-sized and smaller institutions, we note that throughout this rulemaking process, we have been cognizant of the challenges that such institutions might face when implementing the rule; these concerns contributed to shaping several of the modifications we have made to the rule in order to facilitate its implementation, as described at length in the Section-by-Section Analysis above. For example, in response to comments to the NPRM, we determined that use of the Certification Form would not be mandatory, and financial institutions have the flexibility to utilize PO 00000 Frm 00032 Fmt 4701 Sfmt 4700 their existing onboarding systems to comply with the beneficial ownership certification requirement. During the NPRM comment period, some commenters identified additional categories of entities whose beneficial ownership information is otherwise available, and we excluded these categories from the definition of legal entity customer, further reducing the burden. In response to numerous comments contending that the proposed exclusion for charitable organizations would be difficult to administer, and therefore burdensome, we simplified it. And importantly, in response to many comments regarding the difficulties of implementing the CDD rule within a year of publication of the final rule, we increased the time for financial institutions to comply, to two years. As for the additional sources of cost and additional cost data provided by the commenters, we appreciate this additional information and have incorporated it, where appropriate, into our analysis in the RIA, as described below. Some commenters asserted that we underestimated certain costs, and failed to account for other steps that financial institutions would have to take to comply with the proposed CDD rule in our cost analysis. We address these comments here. Customer Onboarding. A few commenters asserted that our time estimates for onboarding were too low. In response to these comments, we have made adjustments to the calculations in the RIA, as described in greater detail therein. Some of these commenters also asserted that our hourly wage figures for ‘‘new account clerks’’ was too low, noting that the average wage for their clerks was substantially higher. While we certainly recognize that the wages earned by account clerks in large metropolitan areas characterized by elevated cost of living will be higher than the average, those wage levels are not representative of the wages for the entire country (in the same way that wages for account clerks in rural areas of the United States characterized by very low cost of living would not accurately represent wages for the whole country). Given that the average occupational wages produced by the Bureau of Labor Statistics use wage data from throughout the United States— taking into account variation in wages for the same occupation across all of the very different local labor markets—we believe that the national average for account clerks is representative and therefore decline to use a different wage for these calculations. E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations One commenter also asserted that we mischaracterized the manner in which this additional onboarding time would be incorporated into the onboarding process, contending that our view was founded on ‘‘the plainly incorrect assumption that the additional documentation required under the proposed CDD Rules can be collected in one (slightly longer) meeting.’’ Contrary to this notion, our assessment of the additional incremental time for onboarding was not premised on this assumption. Indeed, it has been our understanding that, as this commenter noted, ‘‘[f]inancial institutions typically offer clients a period of time, such as 30 days, to gather the appropriate account opening documentation, and the process routinely takes more than one meeting.’’ This characterization of current practices underscores one of our broader points about our expectation that the additional burden on prospective customers after the final rule is in force will be limited—that is, it is already the case that prospective business customers who seek to open accounts at financial institutions often do not have on hand all the documentation required (including CIP information), and that financial institutions have practices in place to inform these prospective customers of the documentation they need to provide in order to open an account. We would expect these existing practices to be leveraged, and that an institution’s practices for collection of this information for legal entity customers would not deviate substantially from those described above. Developing and Conducting Employee Training. A few commenters noted that we did not account for the costs associated with designing and conducting training of employees on the new obligations in the CDD rule (as distinct from the cost to financial institutions of employees’ time spent in training, for which we did account in the RIA). In response to these comments, we have added a new section incorporating these costs into the RIA, as described in greater detail therein. Revising Policies and Procedures. A few commenters observed that the RIA did not account for costs associated with revisions to policies and procedures that would be necessary as a part of implementing the CDD rule. In response to these comments, we have added a new section incorporating these costs into the RIA, as described in greater detail therein. Additional Costs for Internal Controls. Some commenters noted that the RIA did not account for additional costs for VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 internal controls, including compliance reviews, relating to the collection of beneficial ownership information. As noted in the RIA, because of the lack of actual estimates of such costs, we have not included them in the aggregate quantified costs of the rule. We believe, however, that the actual additional costs for internal controls will be small in comparison to the quantified costs included in the RIA, particularly the upper bound in the order-of-magnitude assessment for IT upgrade costs, and thus that not including these additional internal control costs does not influence the RIA’s conclusion. Costs Associated with Additional SAR Investigation and Filing. A few commenters noted that there would likely be additional costs for financial institutions associated with investigating and reporting SARs that should have been accounted for in the RIA. However, as described in the RIA, given the difficulty of determining whether the final rule would result in additional costs of this nature and if so, their amount, we have not attempted to quantify such costs. Employee Training Costs. One commenter representing banks asserted that respondents to its survey about implementation costs believed that on average, employees would require three times the amount of training identified by the RIA. This commenter did not, however, provide any explanation of the basis for this estimate, the assumptions used to generate this estimate, nor any dollar figure estimates. Nor did the commenter state whether this treble estimate pertained to the low or high end of the range described in the RIA (though we presume this multiplier applies to the high end of the range) or whether it applied to training in the first year or to refresher training. All of the other commenters addressing this issue articulated estimated costs that fell within the range identified in the RIA. For this reason, we decline to alter the estimated costs associated with employee training (except as described above). Information Technology Costs. One commenter representing banks contended that FinCEN did not adequately account for the costs associated with IT upgrades in the RIA. This assertion is an inaccurate characterization of our approach to IT costs. As described at length above, FinCEN unsuccessfully attempted to obtain detailed figures for these upgrade costs, in part necessitating the order-ofmagnitude analysis. This analysis directly accounted for IT upgrade costs by assessing the order-of-magnitude based on limited data, which resulted in PO 00000 Frm 00033 Fmt 4701 Sfmt 4700 29429 an upper bound of $10 billion (derived from the rough estimates provided by some financial institutions).101 Costs Associated with Lost Business/ ‘‘De-Risking.’’ A few commenters took issue with the decision not to include costs associated with lost business attributable to either privacy-minded owners of legal entity customers declining to open accounts or financial institutions refusing to extend accounts to legal entity customers for which they cannot obtain the owners’ personal information. In the views of some commenters, a substantial number of owners of small businesses would flee to unregulated sources of financing because of their aversion to providing personal information to covered financial institutions during the account-opening process. To the same effect, one commenter representing banks asserted that the proposed CDD rule would ‘‘likely contribute to ‘derisking,’ as many financial institutions will find it increasingly difficult to open accounts or extend credit where the risk of correctly identifying the beneficial owners cannot be managed to the satisfaction of regulatory requirements.’’ As for deposit or transaction accounts as well as most credit products, FinCEN is not persuaded that the beneficial ownership requirement would have a meaningful effect on the behavior of the vast majority of owners of legal entities subject to it. Legitimate businesses need transaction accounts within the financial system to conduct their business, and in many cases, it would be extraordinarily difficult (as well as far more risky and costly) to operate solely using cash or through unregulated entities. Furthermore, we do not expect most owners of legal entity customers to be so averse to providing their personal information to covered financial institutions that they refuse to open an account, particularly considering that they have to provide the same type of personal information to open individual accounts at those institutions. In any event, the cost of such aversion—essentially being unbanked—would be high, for the reasons given above. Moreover, irrespective of one’s views on the disclosure of personal information in business relationships, such information 101 Some commenters to the preliminary RIA and IRFA stated that they believed that they would need to install expensive IT upgrades in order to track changes in beneficial ownership information, in order to comply with the requirements of the proposed amendments to the respective AML program rules. FinCEN believes that these comments are based on a misunderstanding of those proposed requirements. As a result, FinCEN has revised this proposed requirement, as explained in the Section-by-Section Analysis. E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 29430 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations is routinely required for a variety of commercial interactions, such as obtaining an insurance policy, or verifying eligibility for employment in the United States via U.S. Customs and Immigration Services Form I–9. We accordingly reject the contention put forth by one commenter that it would be ‘‘virtually impossible . . . to convince some beneficial owners to provide their personal information’’ on the grounds that many people are ‘‘especially sensitive to disclosing personal information’’ (although we recognize and appreciate this concern as a general matter). For these same reasons, we do not believe that the beneficial ownership requirement would produce a significant ‘‘de-risking’’ effect as identified by the commenter above. As we note in the preamble to the final rule, covered financial institutions will generally be allowed to rely upon the representations of the legal entity customer regarding their ownership structure, substantially mitigating what this commenter identified as the principal driver of ‘‘de-risking.’’ With respect to the issue of potential lost business, while FinCEN believes it is the case that legitimate businesses need transaction accounts from banks, this is not necessarily the case with respect to certain specialized types of credit products, which can also be obtained from unregulated competitors. We have given careful consideration to the comments describing the expected impact of imposing this requirement upon specialized types of accounts in markets where the increased burden would likely drive prospective customers into unregulated alternatives. As we describe in greater detail above in the Section-by-Section Analysis, we believe the policy reasons for exempting these types of accounts from the scope of the rule proffered by commenters are compelling, and we have accordingly exempted such accounts from the scope of the beneficial ownership requirement. We therefore do not have to account for this type of possible flight as a cost of the rule. Other Miscellaneous Costs. Several trade association commenters identified a variety of sources of costs that were not widely applicable to the institutions they represented. For example, one of these commenters who surveyed a group of banks noted that a few of these banks identified costs, such as those accruing to one bank’s financial investigative unit, that were not identified by others. However, because such costs cannot be quantified, they are not included in the RIA. Yet because we are confident that the actual VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 miscellaneous costs incurred will likely be very small compared to the included quantified costs in the RIA, in particular the improbably high value for IT upgrade costs, we firmly believe that excluding these miscellaneous costs does not affect the RIA’s conclusion. Benefit-Related Comments Several commenters questioned the assumption that the beneficial ownership requirement would produce useful information, contending, among other things, that criminals would easily avoid the requirement by simply lying on the Certification Form, or by employing an unaffiliated individual for the sole purpose of opening an account. They also questioned the value of the information provided when there are no means of verifying the person’s status as a beneficial owner. One commenter suggested that illicit actors might evade the requirement entirely by simply setting up a complex structure of shell companies. We address these contentions in turn. We first accept the uncontroversial notion that criminal actors will generally seek to evade legal and regulatory requirements as they carry out their illicit schemes but stress that as the probability of detection in carrying out these schemes increases, some criminals would be less likely to engage in these illegal activities (at least through the U.S. financial system). While it is the case that clever illicit actors can and sometimes do evade many such requirements through deceit or trickery, ‘‘criminals will lie’’ is a truism that could be used to justify the elimination of any number of criminal and regulatory prohibitions, and is insufficient justification here. This fundamental practice does not obviate the significant benefits to law enforcement and regulatory authorities associated with identifying and verifying the identity of at least one natural person associated with legal entities later determined to be engaged in illicit activity. Illicit actors may well set up complex webs of shell companies or structure their ownership so as to increase the difficulty of determining the individual who in fact owns the entity; it is because of this vulnerability that legal entities are also required to provide the name of one natural person under the control prong. And while a criminal may well lie regarding a legal entity’s beneficial ownership information, verification of the identity of the natural person(s) identified as a beneficial owner will limit her ability to do so in a meaningful way such that she could avoid scrutiny entirely. Furthermore, as the Department of PO 00000 Frm 00034 Fmt 4701 Sfmt 4700 Justice has noted throughout this rulemaking process, a falsified beneficial ownership identification would be valuable evidence in demonstrating criminal intent. Even the verified identity of a natural person whose status as a beneficial owner has not been verified provides law enforcement and regulatory authorities with an investigatory lead from whom they can develop an understanding of the legal entity. Although we accept that it would be theoretically possible for an illicit actor to hire a random person to set up an account for her shell company at a covered financial institution, we question the wisdom and practicality of effectively giving a stranger access and control, even if only for a limited time, to something as important as a financial institution account. Along the line of these criticisms, some of these commenters contended that we did not demonstrate a sufficiently strong link between the expected law enforcement and regulatory benefits and the reduction in illicit flows that we identified as the principal measure of benefit in our breakeven analysis. As described at length in the RIA, there are myriad complex factors that contribute to whether criminal and regulatory investigations are initiated and pursued, and whether prosecutions are brought and successfully concluded, and it would not be possible to demonstrate the causative effect of any single factor, such as the introduction of the CDD rule, on these outcomes. We believe, for the reasons we describe in the RIA, that the beneficial ownership requirement would reduce annual illicit flows in the U.S. both by deterring their entry into the U.S. financial system, and stemming them entirely through convictions and forfeitures. A few commenters challenged our decision to identify compliance with international standards as a benefit weighed in the RIA. In response, we note that OMB guidance recognizes that ‘‘[h]armonization of U.S. and international rules may require a strong Federal regulatory role.’’ 102 Other Issues A few commenters asserted that FinCEN’s consideration of regulatory alternatives was inadequate. They thought, for example, that FinCEN should consider requiring the collection and verification of this information by states at the time of company formation, or that such information should be collected by the IRS through the tax 102 OMB E:\FR\FM\11MYR3.SGM Circular A–4. 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations filing system. We discuss these additional alternatives in the RIA. As noted above, several commenters requested that FinCEN exclude from the scope of the beneficial ownership requirement certain types of specialized accounts, such as accounts established for the purpose of financing property and casualty insurance premiums; accounts established to finance the leasing of heavy machinery and equipment; and accounts established to finance postage and related items. These requests have been addressed in the Section-by-Section Analysis above. B. Final Regulatory Impact Assessment mstockstill on DSK3G9T082PROD with RULES3 1. Executive Summary The primary purpose of customer due diligence (CDD) requirements is to assist financial investigations by law enforcement, with the goal being to impair criminals’ ability to exploit the anonymity provided by the use of legal entities to engage in financial crimes including fraud and money laundering, and also terrorist financing, corruption, and sanctions evasion. Treasury presents expected cost estimates for some requirements and qualitative assessment of other cost components and the benefits. In addition to the qualitative benefit assessment, we present a breakeven analysis to assess the level of benefits that would justify incurring the quantified costs associated with this rule. Treasury acknowledges that there are uncertainties associated with this assessment and discusses those uncertainties in this Regulatory Impact Assessment (RIA). Although data and modeling limitations prevent us from fully quantifying all costs and benefits attributable to the CDD rule, the U.S. Department of the Treasury believes that the final rule would yield a positive net benefit to society. The RIA employs a breakeven analysis that concludes that the CDD rule would have to induce a modest reduction of between 0.16 and 0.6 percent in annual U.S. real illicit proceeds in each of ten years (2016– 2025) to achieve this positive net benefit. If the definition of illicit proceeds is expanded to include money exchanged in illicit drug sales, which, as described in the RIA, are not always included in such measurements, then the analogous required reduction must be between 0.12 and 0.47 percent. For either set of illicit activities, this would correspond to a reduction in real proceeds ranging from $1.46 billion in 2016 to $1.81 billion in 2025, at the upper bound for IT upgrade costs. The analogous reductions at the lower VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 bound of IT upgrade costs are $0.38 billion and $0.47 billion. This RIA argues, however, that both of the above upper threshold estimates are exceedingly conservative in that they are based on an upper bound for the rule’s costs while not incorporating all of its benefits.103 Specifically, the estimates: D Are based on an order-of-magnitude cost assessment with an upper bound present value for 10-year IT upgrade costs of $10 billion; D incorporate the highest cost scenarios for the costs that are quantified in the RIA—financial institution employee training (including the development of this training), new client onboarding, and the revision of policies and procedures; D are not in relation to, and therefore do not account for, all of the benefits that would be realized in the form of saved costs from crimes that would not occur in the presence of the rule because any reduction in illicit proceeds would only reflect saved costs in the form of funds no longer involuntarily transferred from victims to offenders; the excluded benefits include, for example, time not devoted to handling the aftermath of—for example—fraud victimization, and psychological pain and suffering not experienced due to those fraud victimizations avoided; and D are not in relation to, and therefore do not account for, other effects discussed in the RIA, including increased asset recovery, increased tax revenue due to stronger tools for detecting and remediating under reporting and under payment of Federal taxes, and reputational benefits to the U.S. Government of meeting international standards. Therefore, even though the RIA assumes high IT costs, we find that the final CDD rule would still only need to exhibit a modest level of effectiveness for its benefits to justify its costs as laid out in the RIA. It is the view of the Treasury Department that these reductions in illicit activity would be achieved upon the implementation of the CDD rule. 2. Introduction and Summary a. Overview of the RIA The Financial Crimes Enforcement Network (FinCEN) is publishing rules under the Bank Secrecy Act to clarify 103 The estimated thresholds for the percent reduction in real illicit proceeds are assumed to be constant across each year of the ten-year horizon for the given set of illicit activities, and computed using an upper bound for costs based on estimated and hypothetical values. At the threshold estimates, the present value of the rule’s benefits would just be equal to the present value of its costs. PO 00000 Frm 00035 Fmt 4701 Sfmt 4700 29431 and strengthen customer due diligence (CDD) requirements for the following financial institutions: Banks, brokers or dealers in securities, mutual funds, and futures commission merchants and introducing brokers in commodities. The final rule contains explicit CDD provisions and a new regulatory requirement to identify beneficial owners of legal entity customers. The beneficial owners are defined as each individual who owns, directly or indirectly, 25 percent or more of the equity interests of the entity, and one individual with significant responsibility to control, manage, or direct the entity.104 The final CDD rule is expected to contribute to a reduction in illicit activity by providing easier access to beneficial ownership information to support law enforcement investigations at the expense of additional costs to gather and store the data on the beneficial owners of legal entity accounts. We expect that there will be a meaningful impact on illicit activity and law enforcement investigations, but these effects are notoriously difficult to quantify. Thus, we can only describe the rule’s benefits qualitatively. We later offer a conservative estimate of the required minimum level of the rule’s effectiveness at which its benefits would just offset its costs. We quantify certain costs to financial institutions and their clients of complying with the final rule, specifically the value of additional time spent on these activities: Training financial institution staff, designing and conducting staff trainings, revising compliance policies and procedures, and onboarding new accounts. Throughout this analysis, we use a ‘‘no action’’ baseline, meaning that we compute and discuss costs and benefits of the final rule relative to a situation where the rule is not adopted. We estimate that these first-year costs would range from roughly $370 million to $520 million. Close to half of the costs incurred over 10 years would be borne by customers in additional time spent opening accounts, with the other half due to additional staff time devoted to training, compliance, and account onboarding at the roughly 29,000 covered institutions.105 Training costs 104 Treasury’s Office of Economic Policy worked with FinCEN to prepare this Assessment pursuant to Executive Orders 13563 and 12866 because the proposed rules have been determined by the Office of Management and Budget (OMB) to be an economically significant regulatory action. The Notice of Proposed Rulemaking was published at 79 FR 45151 (August 4, 2014). 105 The Treasury Department computed the number of covered institutions based on E:\FR\FM\11MYR3.SGM Continued 11MYR3 29432 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES3 would fall sharply after the first year as the majority of first-year costs are due to time spent designing training modules for employees, a cost that we assume will not recur after the first year. We estimate that 10-year quantifiable costs range from $1.15 billion to $2.15 billion in present value using a seven-percent discount rate and from $1.3 billion to $2.5 billion using a three-percent discount rate. The annualized costs range from $153 million to $287 million using a seven-percent discount rate; $148 million to $282 million using a three-percent discount rate. As described at greater length below in the breakeven analysis, given even an unrealistically high hypothetical value for the rule’s total costs, the CDD rule would only have to reduce annual real illicit activity by between 0.16 percent (roughly $0.38 billion in 2016, rising to 0.47 billion in 2025) and 0.6 percent (roughly $1.46 billion in 2016, rising to $1.81 billion in 2025), to yield a positive net benefit (the required reduction in illicit proceeds would only be between 0.12 percent and 0.47 percent if proceeds from illicit drug sales are included).106 107 information provided by the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Securities and Exchange Commission, and the Commodity Futures Trading Commission. The Treasury Department did not conduct an incidence analysis as to whether the regulated entities will be able to pass along the costs to their customers ultimately. 106 This calculation uses the $300 billion estimate for annual illicit proceeds generated in the United States on page 2 of U.S. Department of the Treasury. Office of Terrorism and Financial Intelligence. 2015. National Money Laundering Risk Assessment. 107 The distinction between illicit proceeds that include and exclude money exchanged in illicit drug sales matters for the interpretation of proceeds as costs of crime. As discussed later, illicit proceeds that are involuntarily transferred from victims to offenders—for example, via fraud—are naturally counted among ‘‘external’’ costs of crime. On the other hand, illicit proceeds from transactions that are arguably voluntary, like illicit drug sales, do not fit into the set of external costs so readily. To the extent that the size of proceeds from illicit drug sales are indicative of the costs to society of the drugs consumed from those transactions—loss of health and quality of life and lost labor market productivity, among many others—then this justifies using the broader measure of illicit activity (i.e., including drug sales) for estimating the social benefits of reduced crime. Although in this instance we are not accounting for the effects of the proposed rule on other types of illicit activity (e.g., terrorist financing) in the breakeven analysis, the CDD rule would potentially impact the likelihood of low probability, high impact events occurring. Such reductions have the potential to yield significant benefits. For example, the costs of terrorism and financial crime can run into the billions of dollars in terms of property destruction, foregone tax revenues, and loss of life. The American Academy of Actuaries has estimated that a medium-impact scenario involving a chemical, nuclear, biological, or radiological attack in New York City could result in insured losses of over $445 billion, while a truck bomb attack in San Francisco could result in insured losses of nearly VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 To summarize: This cost-benefit analysis provides a qualitative discussion of the rule’s benefits and some costs, and quantitative estimates of those costs for which adequate data are available. Due to the limited availability of data on illicit activity and in the absence of previous changes in beneficial ownership disclosure policy, the final rule’s effects in terms of reducing such crime cannot be estimated with sufficient accuracy to warrant quantitative assessment. In the absence of fully quantified benefits and costs, we rely on a breakeven analysis to determine how large the final rule’s benefits would have to be in order to justify its costs. Given that the breakeven analysis depends on an argument about the final rule’s effectiveness in generating benefits, and that the benefit of a crime prevented is the inverse of that crime’s cost,108 we need a value for the costs of the crimes that the rule would impact. For this specific regulation’s RIA, we choose to utilize the Treasury Department’s estimate of $300 billion in illicit proceeds generated annually in the United States due to financial crimes as the basis for determining the rule’s minimum level of effectiveness in the breakeven analysis, at which benefits would exactly justify costs. The whole of these proceeds must be laundered before they can re-enter the economy under a guise of legitimacy.109 The remainder of this section provides the rationale for the CDD rule, discusses regulatory alternatives, and summarizes the findings of the costbenefit analysis. The second section reports quantitative estimates of certain costs; the third section provides a qualitative discussion of benefits and those costs that we cannot quantify; the fourth and final section employs a breakeven analysis to make the case for the adoption of the final rule. b. Rationale for the CDD Rule Under certain circumstances, markets lead to socially desirable allocations of goods and services. Yet when all the necessary conditions are not met, a market’s allocation of goods may not be efficient, a situation known as a market $9 billion. ‘‘Letter to President’s Working Group on Financial Markets regarding Terrorism Risk Analysis,’’ American Academy of Actuaries, April 21, 2006. 108 The terms ‘‘costs’’ and ‘‘benefits’’ can be interchangeable depending on whether one is examining the effect of crime or the effectiveness of a crime reduction program. See page 276 of Cohen, Mark A., ‘‘Measuring the Costs and Benefits of Crime and Justice,’’ Criminal Justice 4 (2000): 263–315 (‘‘. . . the cost of a crime is the same as the benefit of a crime that was prevented’’). 109 See footnote 106. PO 00000 Frm 00036 Fmt 4701 Sfmt 4700 failure. Economists consider the presence of a market failure to be a justification for policy intervention. The final CDD rule intends to address two related market failures. Both of these are spillovers (also called externalities) in that the wellbeing of parties not buying or selling in a market is impacted by transactions in that market. Spillovers can either be positive or negative. For example, a positive spillover occurs in the market for influenza vaccinations: Those who receive the vaccine reduce the chances of others who do not receive the vaccine from catching the flu. From the perspective of society’s overall wellbeing, the existence of a positive spillover implies that fewer transactions are taking place in the market in question than is socially optimal. Conversely, in the case of a negative spillover, too many transactions occur, resulting in lower societal wellbeing. For example, a paper mill that pollutes a river by releasing wastewater may negatively affect recreational fishermen downstream who may find fewer fish or be unable to eat the fish they catch due to the pollution.110 We discuss the spillovers addressed by the CDD rule in more detail below. Illegal activities are social ‘‘bads’’ rather than social goods. Because financial institutions bear the cost of collecting the beneficial ownership information, they only take into account their own benefit to doing so when selecting their level of investment in crime-reducing security measures.111 The implication is that financial institutions underinvest in such measures from the standpoint of society. If all members of society are potential victims of future criminal activity, then the prevention of financial crimes including money laundering and terrorist financing have the characteristics of public goods, meaning that all citizens benefit from actions to 110 Whether the spillover is positive or negative, the market failure is attributable to the lack of a second market that would allow participants and nonparticipants in the market with the spillover to compensate one another so that the quantity produced and consumed is socially optimal in the market with the spillover. For example, the fishermen have no formal mechanism for paying the owners of the paper mill to produce less wastewater by producing less paper. The implication of this ‘‘missing market’’ is that the overall wellbeing might be lower than what society would be willing to pay for, if it could. 111 Even in the extreme case where financial institutions could pass along the entire cost of collecting this information, it does not follow that the resulting level of investment in crime-reducing security measures would maximize social wellbeing. Realistically, competition among financial institutions for clients will limit the extent to which they can pass these costs along to customers. E:\FR\FM\11MYR3.SGM 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mitigate these activities regardless of who pays for the prevention. Absent this final rule, financial institutions will continue to invest at lower than efficient levels, in accordance with their private interests, neglecting the incremental positive impact of each additional dollar spent on security measures on broader social welfare. This is especially true if financial institutions that are considering collecting beneficial ownership information perceive that they would lose business to competitors that do not require that information. By compelling universal compliance across all covered institutions, implementation of the final rule would increase beneficial ownership disclosure at financial institutions, making illicit activities more costly to commit. Without the final rule, the negative spillover arises because a country with less stringent anti-money laundering and countering the financing of terrorism (AML/CFT) regulations may become a destination for the laundering of proceeds generated by illicit activities committed in other countries. The country with less stringent rules and regulations receives the inflow of capital without bearing the costs of the criminal offenses that created that inflow of capital. International cooperation that harmonizes AML/CFT policies may reduce this market failure. By helping to harmonize U.S. standards with those of the global community, adopting this final rule would make laundering the proceeds in the United States from illicit activities committed in the other countries more costly and thereby mitigate the current negative spillover. mstockstill on DSK3G9T082PROD with RULES3 c. Discussion of Regulatory Alternatives to the Final CDD Rule In this section, we discuss five alternatives to the final CDD rule, which will set a 25 percent beneficial ownership disclosure threshold for new legal entity accounts. The first three alternatives are variants of the CDD rule, while the remaining two are alternative regulatory approaches: Alternative 1: 10 percent beneficial ownership disclosure threshold. Alternative 2: 50 percent beneficial ownership disclosure threshold. Alternative 3: Applying the proposed 25 percent beneficial ownership disclosure threshold to existing legal entity accounts, as well as to new accounts. Alternative 4: Collection and verification of the identities of beneficial owners by State officials at the time of company formation. Alternative 5: Collection and verification of the identities of beneficial owners by the Internal Revenue Service (IRS). Alternative 6: Exempt financial institutions below a certain asset size, or that maintain VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 fewer than a specified minimum number of legal entity accounts. Alternative 1, setting a 10 percent beneficial ownership threshold, would provide more information to potentially identify individuals involved in illicit financial activity. Collecting information for a maximum of 11 people 112 can potentially identify illicit financing through owners of stakes as small as 10 percent. However, as a practical matter, we believe that this threshold would predominantly impact legitimate legal entities, and impose upon them a significant burden that would not be outweighed by the incremental benefit to law enforcement of additional identities of beneficial owners. Such a change would also come at higher costs in terms of more financial institution and client onboarding time (in some instances, up to twice as much, since the maximum number of beneficial owners would be more than doubled from a maximum of five to a maximum of eleven) and additional data storage. In FinCEN’s assessment, the incremental benefit of this approach does not outweigh the burdens associated with having to collect and verify the identities of more than twice as many beneficial owners in some circumstances. Incremental costs to financial institutions for IT updates, staff training, and internal controls, above and beyond those incurred for the final rule, would likely be limited. Alternative 2, setting a 50 percent beneficial ownership threshold, is less stringent, but provides less information to potentially identify those involved in illicit financing. Using a 50 percent threshold would forego information on owners of stakes as high as 49 percent. Furthermore, setting the threshold this high would render the rule more susceptible to evasion, as beneficial owners of legal entities could more easily manage their ownership interests to fall below this level than 25 percent. Requiring personal information for a maximum of three people 113 would somewhat reduce data collection costs to financial institutions and their customers’ costs. But, because major cost elements such as IT updates, staff training, and internal controls would still be incurred by financial institutions, overall savings would probably be limited relative to the final rule. We cannot quantify how much the benefit from the final rule would be 112 Under the two elements of the definition of beneficial owner described earlier, up to 10 individuals under the ownership element and one individual under the control element. 113 Two individuals under the ownership element and one individual under the control element. PO 00000 Frm 00037 Fmt 4701 Sfmt 4700 29433 reduced by this higher threshold for disclosure but are confident that with this threshold illicit actors would have greater ease in using legal entities to mask their financial activities than with the proposed threshold. Alternative 3 would apply the same beneficial ownership disclosure threshold as the final rule to new accounts, but would also require retroactive collection of beneficial ownership information for existing accounts at the time the rule comes into force. The increased costs from complying with Alternative 3 would likely take the form of significant labor costs as financial institutions hired additional workers to gather beneficial ownership data from customers and input it into account databases. Alternative 3 would also impose costs on existing customers of covered financial institutions. We do not foresee additional IT development costs beyond those for the final rule. We expect that the above-described costs would be substantial. In the 2012 ANPRM, FinCEN sought comments on whether to require retroactive collection of beneficial ownership information for existing accounts. Many commenters to the ANPRM viewed a retroactive requirement to obtain beneficial ownership information for all existing accounts as extremely burdensome, and opposed such a requirement. In light of these representations about the burdens associated with such a requirement, FinCEN proposed in the NPRM that the beneficial ownership requirement would apply only with respect to legal entity customers that open new accounts going forward from the Applicability Date. During the NPRM comment period, the vast majority of commenters who addressed this issue reiterated this objection to retroactive application of the beneficial ownership obligation. Alternative 3 may offer substantially larger benefits than the final rule because it would make available beneficial ownership information for far more accounts than the final rule, as the stock of existing accounts covered would greatly exceed the flow of new accounts. The advantage in terms of greater beneficial ownership information would fall over time; the higher requirements of Alternative 3 may also require a later deadline for compliance. As to Alternative 4, many commenters stated that it would be more efficient, as well as more appropriate, to place the obligation to obtain beneficial ownership information on the States that create the entities rather than on financial institutions at the time that accounts are opened. While the E:\FR\FM\11MYR3.SGM 11MYR3 29434 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations existence of such a requirement may reduce some costs that would be borne by financial institutions under the rule, Treasury believes that it would not eliminate the need for an independent obligation of covered financial institutions to collect and verify the beneficial ownership information at the time an account is opened. Additionally, as stated in the NPRM, the Administration supports the collection of this information at both the time of company formation and at the time an account is opened. There are important reasons for this: (i) Company formation and account opening generally take place at different points in time which may result in the information changing; and (ii) there is no requirement for a legal entity formed in the United States to open a bank account in the United States, nor is there a bar on non-U.S. legal entities opening accounts in the United States. Therefore it is important to have requirements that apply to both points of entry. In addition, there are Constitutional impediments on the manner and extent to which the Federal government could impose such a requirement on the States, as there is no Constitutional provision authorizing the Federal government to directly mandate that States collect such information. Furthermore, without concerted action on such a proposal by all 50 States and the District of Columbia, we would expect illicit actors to simply incorporate in those States without such a requirement. Such gaps would obviate the benefit of such a requirement at the State level. With respect to Alternative 5, some commenters also urged that beneficial ownership information could more efficiently be collected by Federal officials at the IRS through the process of obtaining Employer Identification Numbers for legal entities, which would shift the costs from financial institutions to government. For the reasons stated above, Treasury believes that collection and verification of beneficial ownership information is necessary and valuable both at the time of company formation and at the time of account opening. Moreover, FinCEN lacks the authority to impose such an information collection requirement upon the IRS, and because of the sensitive nature of tax information and the many statutory restrictions on the use of such information in order to protect taxpayers’ privacy, legislative changes to the tax code would be required. Regarding Alternative 6, FinCEN also considered exempting small financial institutions below a certain asset size or that have a minimal number of legal entity accounts. In this regard, FinCEN has determined that identifying the beneficial owner of a financial institution’s legal entity customers and verifying that identity is a necessary part of an effective AML program. Were FinCEN to exempt small entities from this requirement, or entities that establish fewer than a limited number of accounts for legal entities, those financial institutions would be at greater risk of abuse by money launderers and other financial criminals, as criminals would identify institutions without this requirement. d. Summary of Findings i. Costs (1) Quantitative Assessment In response to comments that our compliance cost estimates in the proposed rule were unrealistically low, we conducted telephone interviews with financial institutions that submitted comments, as well as with IT vendors which currently supply related AML/CFT software to financial institutions.114 Using information from those interviews, we estimate the cost to financial institutions and their clients of the additional time required to open new legal entity accounts under the CDD rule, and the costs to financial institution costs for employee training and the revision of AML program procedures. For a discount rate of seven percent, Table 1a lists the high-cost and low-cost estimates for each of the quantified categories of costs incurred in the first year alone, in the first ten years in terms of present value, and on annual basis over the first ten years.115 TABLE 1a—QUANTIFIED COSTS FOR 7% DISCOUNT RATE [Millions of USD] Financial institution Training First-Year Costs: Low Estimate ................................................................ High Estimate ............................................................... Present Value of 10-Year Costs: Low Estimate ................................................................ High Estimate ............................................................... Annualized Costs: Low Estimate ................................................................ High Estimate ............................................................... Onboarding Compliance Client Total $211 256 $45 89 $55 55 $61 121 $371 521 264 439 353 705 55 55 477 955 1,149 2,154 35 59 47 94 7 7 64 127 153 287 mstockstill on DSK3G9T082PROD with RULES3 Source: Treasury Department calculations. Note: First year of analysis is 2016. All figures in 2014 dollars. We estimate that first-year costs would range from roughly $370 million to $520 million; training costs would be lower in subsequent years. Furthermore, we estimate that the 10-year costs range from roughly $1.15 billion to $2.15 billion in present value and that annualized costs would range from approximately $150 million to $290 million. Table 1b reports the analogous costs for a three-percent discount rate. For this lower discount rate, first-year costs are unchanged, but we estimate that the 10-year cost range shifts up to roughly $1.3 billion to $2.5 billion while the annualized costs shift down slightly to a range of $150 million to $290 million. 114 Treasury understands that most financial institutions do not build their own systems for entering and storing data regarding their customers, but rather purchase such systems from third parties that specialize in providing such products to financial institutions. 115 The annualized cost value is the undiscounted constant annual cost incurred in each of the ten years that, if it occurred, would yield the value for the corresponding ‘‘present value of 10-year costs’’ entry in the table after the stream of costs were discounted (using the seven-percent rate in Table 1a) and summed. For example, a 10-year stream of $59 million (the ‘‘High Estimate’’ annualized cost for training in Table 1a) has a present value of $439 million using the seven-percent discount rate. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 PO 00000 Frm 00038 Fmt 4701 Sfmt 4700 E:\FR\FM\11MYR3.SGM 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations 29435 TABLE 1b—QUANTIFIED COSTS FOR 3% DISCOUNT RATE [Millions of USD] Financial institution Training First-Year Costs: Low Estimate ................................................................ High Estimate ............................................................... Present Value of 10-Year Costs: Low Estimate ................................................................ High Estimate ............................................................... Annualized Costs: Low Estimate ................................................................ High Estimate ............................................................... Onboarding Compliance Client Total $211 256 $45 89 $55 55 $61 121 $371 521 274 476 414 827 55 55 560 1,120 1,303 2,479 31 54 47 94 6 6 64 128 148 282 Source: Treasury Department calculations. Note: First year of analysis is 2016. All figures in 2014 dollars. (2) Qualitative Assessment Several types of costs associated with the implementation of this rule cannot be reliably quantified due to a lack of data. For example, we provide qualitative discussions of information technology upgrades by covered institutions and incremental costs to U.S. criminal investigations because the data are insufficient for quantitative assessments. mstockstill on DSK3G9T082PROD with RULES3 ii. Benefits The primary purpose of the final CDD rule is to reduce illicit activity, including financial crimes such as money laundering and terrorist financing. Yet, none of the benefits of the final rule, in terms of reducing crime, can be measured with sufficient accuracy at this time to warrant quantitative assessment. Two primary factors impede credible quantitative estimation of the rule’s benefits: Illicit activity is difficult to observe, meaning that reported measures are likely unreliable, and there is no past variation in beneficial ownership requirements in the United States from which to estimate the effects on outcomes. Furthermore, estimation of effects of policy changes using historical data is challenging in this context. Existing AML/CFT regulations under the Bank Secrecy Act and subsequent legislation already help mitigate financial crimes including money laundering and terrorist financing. In addition, extensive changes in the United States and international regulatory regimes following the financial crisis of 2008 further complicate the estimation of potential effects of any change in the CDD rule, as even changes to non-AML/ CFT regulations may alter regulated parties’ behavior in ways that make it difficult to attribute potential effects to the CDD rule alone. Ongoing financial regulatory reforms, including for VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 example, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, add to the challenge of assessing the potential impacts of this final rule. Finally, changing external factors such as evolving AML/CFT policies of foreign governments and management practices of overseas financial institutions may affect the level of illicit activities in the United States, including through crossborder institutions. For all of the above reasons and others, this cost-benefit analysis relies extensively on a qualitative assessment of potential effects, based on relevant literature. Finally, while we believe that a significant increase in, for example, the number of prosecutions for money laundering, following the CDD rule’s possible adoption would signal its effectiveness in diminishing the level of criminal activity, given the time required to build and prosecute cases, that sort of quantitative assessment would not be possible for several years. 3. Quantitative Estimates of Costs a. Costs to Covered Institutions i. Employee Training We generate high- and low-cost estimates of the training costs to covered institutions based on input from the institutions and data from the Bureau of Labor Statistics (BLS). These estimates pertain only to the training costs directly associated with the final rule, not the full set of training activities needed to address the broader set of AML/CFT regulations for financial institutions. Based on the total number of employees and the employeeweighted average hourly wage at covered institutions, we estimate highand low-cost scenarios by varying the share of employees receiving training and the length of that training.116 The 116 To represent the workforce in covered institutions, we use wage data for all employees PO 00000 Frm 00039 Fmt 4701 Sfmt 4700 high-cost estimate assumes two-thirds of covered institution employees receive training, and one-time initial training runs for one hour while subsequent annual refresher trainings last 15 minutes. The low-cost estimates assume one-third of employees are trained, the initial training takes 30 minutes, and the annual refresher trainings run 10 minutes. In both the high-cost and low-cost estimates, we make four main assumptions. First, we assume the opportunity cost of staff time spent in training is equal to the wage rate rather than total compensation (wage rate plus benefits).117 Second, we apply the BLS 2012–22 projected employment growth rate of 0.9 percent per year for Financial Activities to our 10-year time horizon.118 Third, we use the aggregate annual real wage growth rate of 1.2 percent (rounded intermediate assumption) from the 2015 Social Security Trustees Report.119 Finally, we assume that staff turnover rates are consistent with the rates provided in the Finance and Insurance sector in the BLS working in business establishments in sectors having one of the following four-digit North American Industry Classification System (NAICS) codes: 5221 (Depository Credit Intermediation), 5222 (Nondepository Credit Intermediation), 5223 (Activities Related to Credit Intermediation), or 5231 (Securities and Commodity Contracts Intermediation and Brokerage). 117 This assumption results in a higher opportunity cost of training than might be warranted if employees’ brief time in training mostly displaces less-than-fully productive activities. 118 BLS. 2013. ‘‘Industry Employment and Output Projections to 2022,’’ Monthly Labor Review. https:// www.bls.gov/opub/mlr/2013/article/industryemployment-and-output-projections-to-2022.html. 119 The Board of Trustees, Federal Old-Age and Survivors Insurance and Federal Disability Insurance Trust Funds. 2015. The 2015 Annual Report of the Board of Trustees of the Federal OldAge and Survivors Insurance and Federal Disability Insurance Trust Funds. https://www.ssa.gov/oact/tr/ 2015/tr2015.pdf. E:\FR\FM\11MYR3.SGM 11MYR3 29436 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations Job Openings and Turnover Survey.120 We believe this set of assumptions yields estimates that account for the primary factors that may affect costs in the period of analysis. Table 2 summarizes the estimated costs. Estimated first year training costs range from roughly $210 million to $260 million depending on the share of employees trained and the duration of the training sessions. First-year costs are so much greater than the costs in subsequent years for two reasons: All employees who receive training are given the longer initial training in the first year, but take shorter refresher training in the following years, and compliance staff must design the training in the first year.121 We allow for employee turnover by assuming that new hires in positions requiring training would be given the full initial training in their first years, and refresher trainings in each subsequent year. We also assume that turnover rates are equivalent for positions requiring and not requiring training. The present discounted values of our low- and high-cost scenarios over the 10-year period range from roughly $265 million to $440 million and from roughly $275 million to $475 million using the seven-percent and threepercent discount rates, respectively.122 123 TABLE 2—ESTIMATED TRAINING COSTS [Millions of USD, present value] 7% discount rate 3% discount rate Year Low estimate High estimate Low estimate High estimate 1 ....................................................................................................... 2 ....................................................................................................... 3 ....................................................................................................... 4 ....................................................................................................... 5 ....................................................................................................... 6 ....................................................................................................... 7 ....................................................................................................... 8 ....................................................................................................... 9 ....................................................................................................... 10 ..................................................................................................... $211.1 7.0 6.7 6.4 6.1 5.9 5.5 5.3 5.1 4.8 $256.0 24.4 23.3 22.2 21.2 20.2 19.3 18.4 17.6 16.8 $211.1 7.3 7.2 7.2 7.1 7.0 7.0 6.9 6.9 6.8 $256.0 25.3 25.1 24.9 24.7 24.5 24.3 24.1 23.8 23.6 Present Value .................................................................................. $263.8 $439.4 $274.4 $476.3 Source: Treasury Department calculations. Notes: Year 1 is 2016. Includes annual real wage growth rate based on aggregate intermediate rate in 2015 Social Security Annual Trustees Report. Mean industry wage rates are based on BLS Occupational Employment Statistics, May 2014 for NAIC–4 codes 5221, 5222, 5223, and 5231. Job turnover rates are a 5-year average from BLS total separations rates for the Finance and Insurance sector from Job Openings and Labor Turnover Survey, March 2015. Employment growth projections come from BLS Economic News Release, December 2013. Low estimate assumes one-third of employees are trained with a 30-minute initial training and 10-minute annual refreshers. High estimate assumes that twothirds of employees are trained with a 1-hour initial training and 15-minute annual refreshers. ii. Incremental Onboarding mstockstill on DSK3G9T082PROD with RULES3 Financial institutions would primarily satisfy the final CDD rule’s requirement to collect beneficial ownership and control information during the legal entity account opening process. We estimate the incremental onboarding costs to institutions of the CDD rule by multiplying the expected annual number of new legal entity accounts by the value of the expected additional onboarding time due to the final rule.124 We use an estimate of 8 million new accounts per year, which takes into account all financial accounts that will be excluded or exempted from the rule. We consider a range of 20 to 40 minutes of additional time on average to open an account under the CDD rule, based on a series of telephone calls with covered institutions, and on public comments received in response to both the NPRM and the preliminary version of the RIA published in December 2015.125 We base a financial institution’s cost of the additional time spent onboarding a single account on $16.77, the average wage for ‘‘new account clerks’’ in the financial industry according to data furnished by the BLS. For a seven-percent discount rate, the present value of onboarding costs has an approximate range of $350 million to $705 million; for a three-percent discount rate, the present value of onboarding costs is roughly $410 million to $825 million. Table 3 shows the estimated onboarding costs associated with the final rule for the 10-year period of analysis. 120 BLS. 2015. Job Openings and Labor Turnover Survey News Release. https://www.bls.gov/ news.release/archives/ jolts_03102015.htm#jolts_table9.f.2 We use the average of the 2010–14 total annual separations rates for the Finance and Insurance industry, provided in Table 16. 121 Using information provided in a comment by a major trade association, we adopted 200 hours as the necessary amount of time to design training per financial institution. Furthermore, we use wage data from the May 2014 BLS Occupational Employment Statistics for ‘‘compliance officers’’ working in business establishments in sectors having one of the four-digit North American Industry Classification System (NAICS) codes mentioned in footnote 116; the average hourly wage for these compliance officers is $34.03. The total cost of designing trainings is the product of this wage, 200 (hours), and the number of financial institutions. 122 For completeness, as per guidance from OMB, we estimate the 10-year present discounted values using both 7-percent and 3-percent discount rates. The latter is generally appropriate for discounting future consumption flows when a regulation primarily affects private consumption, while the former is more applicable for regulations affecting private-sector financial institutions. (See Office of Management and Budget (OMB), Regulatory Impact Analysis: A Primer, Aug. 15, 2011) 123 One of the financial institutions we interviewed was a large bank whose representatives stated that all of its employees would require training for one-half hour. In the above analysis, if all employees at all covered institutions required one hour of initial training and subsequent annual refresher training of 15 minutes, then the present value of 10-year training costs would be $561 million. Although we think it is unlikely that labor force training would need to be this widespread, this estimate provides an upper bound for total training costs. 124 We expect that the tasks included in this additional onboarding time would include collection and verification of beneficial ownership information, as well as associated recordkeeping. 125 In the preliminary RIA, we used 15 and 30 minutes for the low and high scenario average increases, respectively, in onboarding time per account, but some commenters objected to these values as being too low. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 PO 00000 Frm 00040 Fmt 4701 Sfmt 4700 E:\FR\FM\11MYR3.SGM 11MYR3 29437 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations TABLE 3—ESTIMATED ONBOARDING COSTS FOR FINANCIAL INSTITUTIONS [Millions of USD, present value] 7% discount rate 3% discount rate Low estimate High estimate Low estimate High estimate 20 Minutes additional time Year 40 Minutes additional time 20 Minutes additional time 40 Minutes additional time 1 ....................................................................................................... 2 ....................................................................................................... 3 ....................................................................................................... 4 ....................................................................................................... 5 ....................................................................................................... 6 ....................................................................................................... 7 ....................................................................................................... 8 ....................................................................................................... 9 ....................................................................................................... 10 ..................................................................................................... $44.7 42.3 40.0 37.8 35.8 33.8 32.0 30.3 28.6 27.1 $89.4 84.6 80.0 75.7 71.6 67.7 64.0 60.5 57.3 54.2 $44.7 43.9 43.2 42.4 41.7 40.9 40.2 39.5 38.8 38.2 $89.4 87.9 86.3 84.8 83.3 81.9 80.5 79.1 77.7 76.3 Present Value .................................................................................. $352.5 $705.0 $413.6 $827.2 Source: Treasury Department calculations. Notes: Year 1 is 2016. Includes annual real wage growth rate based on aggregate intermediate rate in 2015 Social Security Annual Trustees Report. Mean wage rates is based on BLS Occupational Employment Statistics, May 2014 for New Account Clerks. Based on expectation of 8 million legal entity accounts opened each year. iii. Revising Policies and Procedures In order to ensure adherence to the final CDD rule, compliance officers will have to revise their financial institution’s AML program procedures— for example, account onboarding—that will be affected by the final rule. In comments submitted regarding the RIA, a major trade association estimated that this process would require an additional 56 hours of work per financial institution. Multiplying this additional hours figure by the average wage of compliance officers working in the relevant industries ($34.03; see footnote 122) by the number of covered institutions yields a total cost of $55 million for updating compliance procedures, which is only incurred in the first year. b. Additional Client Time in New Account Opening Process Covered institution clients would also incur costs due to the additional onboarding time resulting from the final rule (for covered institutions, we gave consideration to this cost above). Based on a series of telephone conversations with covered institutions and public comments we received in response to the NPRM and the preliminary version of the RIA published in December 2015, we estimate client costs. Our estimates assume the incremental time requirements for clients opening new legal entity accounts equal the incremental onboarding time for institutions and are products of the average additional time required to open an account, an estimate of the number of new accounts that would be opened, and an estimate of the value of client time. Also, for the sake of consistency with the computations for additional onboarding costs for financial institutions, we necessarily assume that 8 million new legal entity accounts are opened each year in calculating client costs. We use $22.71 per hour, the weighted average hourly wage for all employees from the May 2014 National Occupational Employment and Wage Estimates report. Using a seven-percent discount rate, the present value of the total additional cost to covered institution clients opening a new account range from $475 million to $955 million; the analogous figures for a three-percent discount rate are $560 million and $1.2 billion. TABLE 4—ESTIMATED CLIENT COSTS [Millions of USD, present value] 7% discount rate 3% discount rate Low estimate mstockstill on DSK3G9T082PROD with RULES3 High estimate Low estimate High estimate 20 Minutes additional time Year 40 Minutes additional time 20 Minutes additional time 40 Minutes additional time 1 ....................................................................................................... 2 ....................................................................................................... 3 ....................................................................................................... 4 ....................................................................................................... 5 ....................................................................................................... 6 ....................................................................................................... 7 ....................................................................................................... 8 ....................................................................................................... 9 ....................................................................................................... 10 ..................................................................................................... $60.6 57.3 54.2 51.2 48.5 45.8 43.3 41.0 38.8 36.7 $121.1 114.6 108.3 102.5 96.9 91.7 86.7 82.0 77.6 73.3 $60.6 59.5 58.5 57.4 56.4 55.5 54.5 53.5 52.6 51.7 $121.1 119.0 116.9 114.9 112.9 110.9 109.0 107.1 105.2 103.3 Present Value .................................................................................. $477.3 $954.7 $560.1 $1,120.3 Source: Treasury Department calculations. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 PO 00000 Frm 00041 Fmt 4701 Sfmt 4700 E:\FR\FM\11MYR3.SGM 11MYR3 29438 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations Notes: Year 1 is 2016. Includes annual real value of time growth rate based on aggregate intermediate real wage growth rate in 2015 Social Security Annual Trustees Report. Real value of time rate is based on U.S. BLS Occupational Employment Statistics (2014) weighted average hourly wage rate for all occupations. Based on expectation of 8 million legal entity accounts opened each year. 4. Qualitative Discussion of Costs a. Incremental Costs to U.S. Criminal Investigations and the Justice System The U.S. Department of the Treasury believes the final rule may increase costs for Federal financial intelligence and criminal justice agencies because of the additional resources needed to handle the potentially increased volume of Suspicious Activity Reports (SARs), investigations, prosecutions, and incarcerations triggered by the final rule when adopted. These activities are part of the process of bringing financial criminals, money launderers, terrorist financiers, and other national security threats to justice, which confers benefits in the forms of reduced crime and terrorist financing. We do not attempt to quantify the scale of changes in these law enforcement activities (and their associated costs) attributable to implementation of the final rule, but we describe them briefly in the following sections. As noted below, even predicting the directions of the changes in law enforcement activity due to the final rule can be difficult, so any attempt at estimating magnitudes would be speculative. i. Suspicious Activity Report Processing We expect that with adoption of the final rule, SARs filed by covered financial institutions will be increasingly likely to include beneficial ownership information for legal entity accounts as, over time, the share of accounts on which beneficial ownership information would be gathered at opening rises. This information would speed the identification of complicit individuals by law enforcement agencies. The potential effects on the number of SARs filed, and the resulting Federal resources used for analysis, however, are ambiguous. Of the SARs currently filed, a significant number involve transactions that financial institutions deem suspicious because they are executed by or involve potential shell companies. Any increase in the number of SARs filed under the final rule would likely be offset by the capacity of newly collected beneficial ownership data to remove some flagged transactions from suspicion. The new information would result in some SARs not being filed that formerly would have been. The number of initial SAR filings grew from 2010 to 2014, as shown in Table 6. Due to the uncertainties associated with attributing future changes in SAR filings to the final CDD rule, we do not estimate the magnitude of this potential effect. TABLE 6—INITITAL SUSPICIOUS ACTIVITY REPORTS (SARS) FILED IN THE UNITED STATES BY COVERED INSTITUTIONS [Sums of all reported types of intial SARs] 2010 2011 2012 2013 2014 5 Year average 690,603 ............................................................ 798,780 842,947 1,000,074 909,371 848,355 Source: FinCEN’s System of Record. Note: Statistics are based on counts of SARs identified as initial filings with filing received dates in the indicated year, as of 10/8/2015. ii. Investigations The collection of beneficial ownership information on legal entities by covered institutions may lead to more Federal investigations of financial crime and greater expense on such investigations. Improved access to beneficial ownership information would facilitate the process of ‘‘following the money trail’’ of affiliated entities and individuals associated with legal entity accountholders, and may lead to the discovery of previously unknown linkages to criminal activity. However, accessible beneficial ownership information would also enable law enforcement agencies to better target their efforts, which could more than offset the higher resource requirements by increasing the rate at which investigations result in prosecutions. iii. Prosecutions The final rule may similarly facilitate the identification and prosecution of the beneficial owners of a legal entity involved in illicit activity, as well as other key individuals associated with the legal entity, possibly resulting in more instances where charges are formally filed (compared to the number of cases brought if the final rule were not adopted). Growth in prosecution activity would increase the hours of Federal staff and contractors engaged in this activity. The availability of beneficial ownership information, had the final rule been in place, could have assisted in prosecution of several categories of crime; Table 7 shows the number of prosecutions in each of those categories for the last five years. Due to the uncertainties associated with attributing future changes in prosecutions to the final CDD rule, we do not estimate the magnitude of this potential effect, but even a hypothetical 1 percent increase on the five-year average of about 46,000 would raise the number of prosecutions by 460. TABLE 7—FEDERAL PROSECUTIONS BY PROGRAM CATEGORY mstockstill on DSK3G9T082PROD with RULES3 Program category Drug Dealing and Possession ............................... Government Regulatory ... National Internal Security/ Terrorism ...................... Official Corruption ............ Organized Crime .............. Weapons .......................... White Collar Crime ........... VerDate Sep<11>2014 18:50 May 10, 2016 2010 2011 2012 2013 2014 5 Year average 26,805 2,974 28,422 2,815 26,858 2,455 25,884 2,728 21,577 2,501 25,909 2,693 365 727 572 7,614 9,722 319 585 582 7,465 10,162 267 633 363 7,774 8,433 269 636 390 7,136 8,373 212 524 316 6,632 7,864 286 621 445 7,324 8,911 Jkt 238001 PO 00000 Frm 00042 Fmt 4701 Sfmt 4700 E:\FR\FM\11MYR3.SGM 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations 29439 TABLE 7—FEDERAL PROSECUTIONS BY PROGRAM CATEGORY—Continued Program category 2010 Total ...................... 2011 48,779 2012 50,350 2013 46,773 2014 45,416 5 Year average 39,626 46,189 Source: TRACFed database. iv. Incarcerations If the number of successful prosecutions increased due to the final rule, we expect that incarceration costs would rise. Increased incarcerations may incur greater variable costs (such as food, clothing, and dwellings), and personnel costs at Federal penitentiaries (guards and other staff, and their workspaces, training, and equipment). In principle, if incremental incarcerations attributable to the final rule are substantial enough that one or more new Federal institutions must be built and put into operation, then costs would likely rise further.126 Table 8 shows the number of prison sentences during 2010–14 for categories of crime where the availability of beneficial ownership information could have aided in prosecution. Due to the uncertainties associated with attributing future changes in incarcerations to the final CDD rule, we do not estimate the magnitude of this potential effect, but even a hypothetical 1 percent increase on the five-year average of roughly 36,000 would raise the number of incarcerations by 360. TABLE 8—SENTENCED TO PRISON TERM FOR FEDERAL CRIME Program category 2010 Drug Dealing and Possession ............................... Government Regulatory ... National Internal Security/ Terrorism ...................... Official Corruption ............ Organized Crime .............. Weapons .......................... White Collar Crime ........... 2011 2012 2013 2014 5 Year average 21,426 1,000 23,449 1,065 21,663 929 20,990 856 21,843 981 198 357 340 6,594 6,211 186 343 367 6,428 6,381 154 358 363 6,553 5,844 177 339 252 6,311 5,444 176 373 248 5,981 5,537 178 354 314 6,373 5,883 36,126 Total ...................... 21,686 1,053 36,444 37,786 35,115 34,161 35,926 Source: TRACFed database. The final CDD rule will require financial institutions to collect, house, and retrieve beneficial ownership data for new accountholders, meaning that the rule would impact financial institutions’ IT systems. Financial institutions either build their IT networks themselves ‘‘in-house’’ or procure these systems from third-party vendors, with which they sign multiyear service contracts for achieving and maintaining regulatory compliance. A single vendor likely sells multiple core platforms, tailored to different types of financial institutions (e.g., credit unions instead of banks), to possibly hundreds of financial institution clients. The vendor will then customize the purchased IT platform for the individual financial institution. If a vendor selling the same platform (with individual customizations) to multiple clients can make all of these IT systems conform to the final rule by just upgrading the core platform’s software once, then there are economies of scale in producing CDD-compliant IT systems. In other words, as the vendor sells the compliant platform to another client, the average cost of achieving compliance falls for all clients purchasing that platform. This is in contrast to a situation where the vendor incurs the same additional cost of upgrading each client’s IT system in response to the final rule. In the presence of economies of scale, the costs incurred in terms of number of hours of programmer labor to conform to the final rule would be lower the smaller the number of core platforms used by covered financial institutions, all else equal. We can think of financial institutions that build and maintain their networks in-house as vendors having a single client. Under standard service contracts with financial institutions, third-party vendors monitor rules and then implement changes to their IT systems so that they maintain regulatory compliance on behalf of the financial institution. During the term of a contract, the vendor normally bears the cost of the necessary changes to maintain compliance. In discussions with the Treasury Department, however, some vendors stated that the CDD rule would be too costly to implement under the terms of these service contracts and would likely result in additional charges to their clients. The magnitude of the increase in IT costs from having to comply with the final rule would also depend in part on how financial institutions are required to use the collected beneficial ownership data. For example, merely electronically storing the information to be turned over to the government upon request would be less costly than requiring that financial institutions integrate that information with data from other databases. Even if we could accurately predict vendors’ additional charges to financial 126 It would be unlikely that prison overpopulation would be attributable to the proposed rule alone, but we mention this point for completeness. Currently, the Federal Bureau of Prisons operates or manages 141 institutions in the United States and the inmate population totals approximately 194,000. By type of offense, those potentially affected by the proposed rule may include (percent of total Federal inmates in parentheses): Banking and insurance, counterfeiting, and embezzlement (0.3 percent); drug offenses (48.4 percent); extortion, fraud, and bribery (6.3 percent); and national security (0.0 percent). (According to the data, 76 people are incarcerated for national security offenses.) Federal Bureau of Prisons, Inmate Statistics—Offenses, available at https://www.bop.gov/about/statistics/ statistics_inmate_offenses.jsp (accessed October 15, 2015). b. Costs to Covered Institutions mstockstill on DSK3G9T082PROD with RULES3 i. Information Technology Upgrades VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 PO 00000 Frm 00043 Fmt 4701 Sfmt 4700 E:\FR\FM\11MYR3.SGM 11MYR3 29440 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations institution clients in response to the CDD rule’s implementation, these values would not necessarily represent the full IT-related costs to society of imposing the CDD rule. In addition to the increased costs in terms of programmers’ hours, vendors also claimed that they would have to delay the development work for other new initiatives (e.g., developing further functionality of existing platforms). In principle, the full IT-related costs of the CDD rule would equal the value of the hours of labor that vendors and financial institutions performing IT service in-house would have to hire in order to both comply with the rule and not delay any of their other development initiatives. During the comment period following the release of the NPRM, financial institutions stated that the IT costs for upgrading existing systems to comply with the final CDD rule would be large, although they generally did not cite specific amounts. We were able, however, to obtain incremental IT cost estimates specific to a few financial institutions during one-on-one calls. Specifically, one large bank, one midsized bank, and one smaller credit union reported expected IT upgrade costs of $20 million, $3 million to $5 million, and $50,000 to $70,000, respectively. Two larger credit unions reported estimated costs of $23,270 and $11,500. Applying these per-firm data points to the estimated number of affected banks and non-bank financial institutions to assess an order-ofmagnitude IT cost, Treasury believes that the actual aggregate IT cost which will likely occur in the first year of the implementation of the rule may be in low to mid billion dollars. The order-of-magnitude assessment of the IT cost should be understood carefully due to the information deficiencies. FinCEN only obtained five self-reported IT upgrade costs estimates with broad ranges. Some of the cost estimates provided seem to be contradictory since we expect larger firms to incur larger costs. Because of the small self-selected sample, coupled with unknown data quality associated with the per-firm cost information, we cannot reasonably extrapolate these perfirm estimates to the industry as a robust estimate of cost. We only present these findings to provide the order-ofmagnitude information and to support the case for a breakeven analysis. Number of banks or institutions Total assets bin >$200 billion ......................................................................................................... $10 billion–$200 billion ........................................................................................ 11 74 $1 billion–$10 billion ............................................................................................ <1 billion ............................................................................................................... Non-bank Institutions (including credit unions) ................................................... Total ..................................................................................................................... ii. Suspicious Activity Report Generation and Transmittal mstockstill on DSK3G9T082PROD with RULES3 Per-firm average IT upgrade costs (based on data received) When a financial institution detects suspected money laundering or fraud, its employees must investigate further to determine whether the activities warrant filing a SAR with FinCEN. In many instances, financial institutions decide that upon closer inspection the actions that were initially seen as suspicious do not necessitate filing a SAR. The presence of these false positives implies that the ultimate number of SARs filed by a financial institution does not directly correspond to the labor resources expended on the filing of SARs. In phone conversations with the Treasury Department, some financial institutions stated they thought they would detect more suspicious activity under the final rule, but that this increased detection would not necessarily lead to more SARs being transmitted. Given the difficulty of determining how the final rule will affect financial institutions’ labor needs with regard to SAR generation and transmittal, we do not attempt to quantify this cost. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 473 4,762 23,496 $20,000,000 3,000,000– 5,000,000 11,500–23,270 50,000–70,000 129,000–176,000 5–11 238–333 3,030–4,140 28,816 ................................ $ Billions iii. Internal Control/Compliance The CDD rule would require additional work for financial institutions’ compliance officers, who ensure that procedures at their organizations adhere to the rule. According to phone conversations between financial institutions and the Treasury Department, the process of ensuring compliance with the CDD rule would take the form of additional procedures and reviews in audits of work performed. One financial institution stated that the addition of more audit functions might eventually necessitate hiring additional compliance staff. Given the uncertainty regarding how financial institutions would adjust compliance officer staffing in response to the final CDD rule, we do not quantify this cost. iv. Potential Capital Loss (Accounts Moving Abroad) and Forgone Capital (Accounts Not Opened) While a prospective study of the European Union’s beneficial ownership disclosure rule 127 posited that its 127 The rule is Directive 2005/60/EC of the European Parliament and of the Council of October PO 00000 Frm 00044 Fmt 4701 Sfmt 4700 Total IT upgrade costs for bin ($ Million except Total) $220 222–370 implementation in 2007 could drive some account holders to relocate their assets to foreign jurisdictions where the policies do not apply,128 that seems unlikely to occur if the United States implements the CDD rule. The CDD rule also appears unlikely to trigger a diversion of legal entity accounts that would have been opened at domestic covered institutions, to be opened instead at uncovered domestic or foreign financial institutions. The Treasury Department supports the perspective that beneficial ownership disclosure is unlikely to trigger legitimate transaction account holder closings or to dissuade legitimate would-be transaction account holders 26, 2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing. It required member states to comply by December 15, 2007. 128 Estimated capital loss is derived based on survey responses. One-third of National Bankers’ Associations respondents agreed that the beneficial disclosure rule could lead to an increase in capital outflow from the national banking sector (p. 215). Transcrime. 2007. Cost Benefit Analysis of Transparency Requirements in the Company/ Corporate Field and Banking Sector Relevant for the Fight Against Money Laundering and Other Financial Crime. A study financed by the European Commission. E:\FR\FM\11MYR3.SGM 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES3 from opening new accounts. This view has a three-part rationale: (1) First, most businesses operating in the United States would have difficulty conducting basic functions (e.g., accepting receivables and paying invoices) without a transaction account at a domestic bank.129 (2) Second, Financial Action Task Force (FATF) recommendations call for all member countries to require domestic financial institutions to conduct customer due diligence, and for their law enforcement agencies to cooperate with other member country enforcement agencies, which includes U.S. law enforcement. Unlike the situation at the time of the 2007 EU study referred to above, the majority of FATF members (as well as many other jurisdictions) are now in compliance with the FATF customer due diligence standards; as a result of which there are few safe havens in the world (not just advanced economies) where financial institutions are not required to obtain beneficial ownership information about legal entities when they open an account. (3) Third, the Financial Account Tax Compliance Act (FATCA) requires foreign financial institutions to report to the IRS identifying and income information on accounts held by U.S. taxpayers.130 FATCA’s requirements apply to all financial institutions worldwide; the United States has negotiated intergovernmental agreements with 112 jurisdictions to implement FATCA, and financial institutions in jurisdictions without intergovernmental agreements are still subject to FATCA’s reporting requirements. Because legal entities opening an account in any of these 112 foreign jurisdictions would be required to disclose U.S. beneficial ownership information, opening a bank account outside the United States would offer no material advantage, in terms of concealing of beneficial ownership 129 Some commenters stated that with regard to certain specialized credit products, the beneficial ownership requirement would be likely to cause businesses to utilize uncovered competitors. Because FinCEN views such products as low risk for money laundering or terrorist financing, they have been exempted from the beneficial ownership requirement, subject to the satisfaction of certain conditions. 130 Or certain foreign entities in which U.S. taxpayers are considered either ‘‘substantial U.S. owners,’’ defined as having a 10 percent or greater ownership stake in the entity, or, for financial institutions in jurisdictions with an intergovernmental agreement, ‘‘controlling persons,’’ defined in accordance with the FATF recommendations as the natural persons who exercise control over the entity. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 information, versus opening an account in the United States. c. Increased Costs Associated With NonCriminal Activities 131 i. Reduced Privacy We expect financial institution clients would experience minimal costs with regard to the loss of privacy. Some costs arise because the disclosure of beneficial ownership information may require the legal entity to reveal previously undisclosed information, which is not required in any State at the time of the legal entity’s formation. As such, it is likely that many entities would report some previously undisclosed beneficial ownership information. While findings of academic research may not strictly apply in the context of this rule because disclosure would be legally required, that research suggests that when individuals self-disclose personal information, they do so after weighing the expected benefits and any negative consequences.132 Individuals tend to readily disclose biographical information in exchange for small (and often non-financial) benefits.133 The willingness of individuals to share information with organizations increases if they trust the organization’s ability to store and use that information responsibly.134 Because the quantity of beneficial ownership information is small and its dissemination would be limited to the financial institution (or law enforcement pursuant to legal process), we expect the cost to lawabiding individuals of disclosing private information to be quite low. By contrast, we expect financial criminals would bear much higher costs of revealing previously private beneficial ownership information, as the consequences of disclosure could include denial of services by the financial institutions, asset forfeiture, or 131 These costs would be over and above any incremental compliance costs of the CDD rule passed on to clients by financial institutions. 132 Varian, Hal. ‘‘Economic Aspects of Personal Privacy,’’ In Internet Policy and Economics, edited by W.H. Lehr and L.M. Pupillo, 101–109. New York: Springer, 2009. See also: Hann, Il-Horn; KaiLung Hui, Tom Lee, and I Png. ‘‘Online Information Privacy: Measuring the Cost-Benefit Trade-Off.’’ ICIS 2002 Proceedings, Paper 1 (2002). 133 Grossklags, Jens, and Alessandro Acquisti. ‘‘What Can Behavioral Economics Teach Us about Privacy?’’ In Digital Privacy: Theory, Technologies, and Practices, edited by Acquisti, Alessandro, Stefanos Gritzalis, Costas Lambrinoudakis, and Sabrina De Capitani di Vimercati, 363–377. Boca Raton: Auerbach Publications, 2008. 134 Dinev, Tamara and Paul Hart. ‘‘An Extended Privacy Calculus Model for E-Commerce Transactions.’’ Information Systems Research 17, no. 1 (2006): 61–80. This study pre-dates the major IT data breaches at large firms and government institutions that have occurred in recent years. PO 00000 Frm 00045 Fmt 4701 Sfmt 4700 29441 prosecution and incarceration. Since the expressed intent of the final rule is to increase the costs of criminal activity, this variation in the cost of privacy loss is consistent with the intended effect of the final rule. We do not attempt to estimate the value of privacy loss. ii. Potential Impact on Clients, Including Access to Banking for the Unbanked The ‘‘unbanked’’ population in the United States stood at 7.7 percent of all households in 2013, according to a Federal Deposit Insurance Corporation (FDIC) survey.135 Unbanked households do not have an account at an insured financial institution. We see value in developing a financial system whereby ‘‘. . . banks effectively serve the broadest possible set of consumers.’’ If compliance costs faced by financial institutions are passed through to their clients (for example, through increased minimum deposit levels and/or higher fees), this theoretically could raise clients’ barriers to entry, and may price some consumers out of participating in the banking system.136 However, we find no literature estimating the potential impact of AML/CFT on the unbanked population in the United States, and we do not attempt to quantify its magnitude. Nonetheless, we reason that since the costs incurred by financial institutions from the final rule appear to be relatively modest, and the passed-through costs would be spread across a broad client base, we expect the marginal effect on unbanked groups would likely be small. 5. Qualitative Discussion of the Benefits a. Reduced Crimes and Terrorist Activity The primary purpose of this final rule is to reduce illicit activity. Yet credible quantitative estimates of how the CDD rule would affect these outcomes, on which the benefit calculation in the cost-benefit analysis would be based, do not exist, for the reasons discussed above. Therefore, this analysis provides a qualitative assessment of potential reductions in illicit activity based on relevant literature. The National Money Laundering Risk Assessment 2015 estimated the annual volume of money laundering in the United States at $300 billion. The same source notes that one of the key vulnerabilities exploited by money 135 Federal Deposit Insurance Corporation. 2014. 2013 FDIC National Survey of Unbanked and Underbanked Households. 136 Reuter, Peter, and Edwin Truman. Chasing Dirty Money: Progress on Anti-Money Laundering. Washington: Peterson Institute, 2004. E:\FR\FM\11MYR3.SGM 11MYR3 29442 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations launderers is ‘‘creating legal entities without accurate information about the identity of the beneficial owner.’’ 137 The report suggests that the ease of concealment plays a primary role in the execution of many financial crimes.138 Therefore, the beneficial ownership disclosure requirement in this final rule would likely have a mitigating effect on a large share of financial crime in the United States. In the absence of direct empirical estimates on the link between AML/CFT policy and illicit activity, we refer to the literature on the economics of crime. This body of work, pioneered by Nobel laureate Gary Becker, assumes criminals make rational decisions based on their expected costs and benefits of committing crime.139 In Becker’s approach, an individual’s decision to commit a criminal offense is a function of the income associated with getting away with the crime, the probability of conviction, the punishment if convicted, and earnings from legitimate work. A rational individual chooses to commit a crime when it yields higher expected wellbeing (accounting for risk of conviction and the associated punishment) than does time spent in legitimate employment. Applying Becker’s model to criminals allows us to evaluate how the new policy would affect the level of illicit activity. By revealing more criminals’ identities and therefore facilitating the linkage of criminal acts to perpetrators by financial intelligence and law enforcement, the CDD rule would increase the probability of conviction. Therefore, in the context of Becker’s model, we expect that the CDD rule would reduce the level of illicit activity. Subsequent incarceration would render these criminals unable to engage in illicit activity while serving their sentences, a phenomenon known as the ‘‘incapacitation effect.’’ Higher rates of apprehension and conviction may also deter potential criminals from committing crime. The large empirical literature on the economics of crime shows convincing evidence that higher probabilities of apprehension and conviction (usually in the form of stronger police presence) tend to reduce mstockstill on DSK3G9T082PROD with RULES3 137 U.S. Department of the Treasury. Office of Terrorism and Financial Intelligence. 2015. National Money Laundering Risk Assessment. 138 U.S. Department of the Treasury concludes that, ‘‘The potential for anonymity in financial transactions underlies most of the vulnerabilities in this risk assessment.’’ See U.S. Department of the Treasury. Office of Terrorism and Financial Intelligence. 2015. National Money Laundering Risk Assessment. 139 See Becker, Gary, ‘‘Crime and Punishment: an Economic Analysis.’’ Journal of Political Economy 78 (1968). 169–217. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 crime rates through some combination of incapacitation and deterrence.140 In principle, criminals could respond by attempting to move their accounts to those countries that still have not adopted beneficial ownership identification and verification, although we consider this to be unlikely, because most of the world’s countries already require financial institutions to collect and verify beneficial ownership of legal entity account holders. Criminals could theoretically also reduce their beneficial ownership shares below the disclosure threshold; we also view this response as unlikely, because of the practical difficulties criminals would face laundering money through a vehicle in which they hold only a minority stake. Those criminals may incur the costs of taking those steps, and perhaps ongoing costs in the form of using less convenient and costlier financial services. Combined, these higher costs would reduce the expected returns to crime, which we anticipate would therefore lower financial crime rates. In order to compute the benefit of reduced crime from the CDD rule, we would need to know both the causal negative effect of the CDD rule on the level of illicit activity (discussed above) and the costs imposed on society by the illicit activity that would not occur in the presence of the rule. Enumerating these costs is not as straightforward as it might appear, so we follow the costof-crime literature in distinguishing between ‘‘social costs’’ and ‘‘external costs’’ of crime in order to be more precise regarding the potential benefits of the final rule.141 External costs are those that are involuntarily imposed on one individual (the victim) by another individual (the offender). In the case of an automobile theft, for example, the external costs could include the resale value of the vehicle, the value of items in the vehicle at the time of theft, the value of the victim’s time spent dealing with the aftermath of the crime, and any psychological pain and suffering experienced by the victim. Yet whether the perpetrator keeps or sells the vehicle and the items therein, these are still available for use by someone in society 140 See, for example, Chalfin, Aaron and Justin McCrary, ‘‘Criminal Deterrence: A Review of the Literature,’’ Paper prepared for the Journal of Economic Literature (2015). See also Nagin, Daniel, ‘‘Deterrence: A Review of the Evidence by a Criminologist for Economists.’’ Annual Review of Economics 5 (2013): 83–105. 141 The descriptions and examples of social and external costs in this section closely follow the discussions in Chalfin, Aaron. ‘‘The Economic Cost of Crime.’’ Working paper, University of Cincinnati (2013). and Cohen, Mark A. ‘‘Measuring the Costs and Benefits of Crime and Justice.’’ Criminal Justice 4 (2000): 263–315. PO 00000 Frm 00046 Fmt 4701 Sfmt 4700 and can be thought of as transfers from one individual to another. Therefore one could reason that, unlike the victim’s pain and suffering and lost time—losses which are not offset by gains to someone else—the value of stolen goods (or money) does not represent a social cost.142 This view is equivalent to the inclusion of perpetrators’ wellbeing in overall social welfare, for example, when evaluating a crime-reducing policy. As a recent survey points out, however, ‘‘[i]n practice, researchers have generally adopted the perspective that an offender’s utility ought not to count as part of society’s social welfare function.’’ 143 We too adopt this approach in the RIA, using external costs as the relevant concept for the cost of crime, meaning that any reduction in funds involuntarily transferred from victim to offender would constitute a benefit of the CDD rule. A complete accounting of the value of reduced crime and terrorist financing would include the full value of harm to victims averted by the reduction in these activities. In addition to tangible costs such as financial losses (which, given the adoption of external costs in our approach, would not be balanced by gains to criminals), research on the costs of crime finds intangible losses, including pain, suffering, and reduced quality of life, associated with criminal activity. Button et al. (2014) interviewed over 700 victims of financial fraud in London. Among the effects reported by victims as important were ‘‘depression or a mental disorder’’ (7 percent), ‘‘psychological/emotional feelings, loss of trust, and so on’’ (37 percent), stress (44 percent), and anger (68 percent).144 A national study of financial fraud in the United States by the National Institute of Justice found that 14 percent of fraud victims reported suffering health or emotional problems related directly to their victimization.145 However, we find no empirical estimates of the psychological costs of crime. Many studies of the costs of 142 Note that the social costs of crime are not a subset of the external costs. Social costs of crime can also include any resources devoted to crime prevention by the public sector or private citizens that could be more productively put to other uses and diminished economic opportunity in high crime areas where businesses choose not to locate. 143 See page 5 of Chalfin, Aaron. ‘‘The Economic Cost of Crime.’’ Working paper, University of Cincinnati (2013). and articles cited within for additional perspectives. 144 Button, Mark, Chris Lewis, and Jacki Tapley. ‘‘Not a Victimless Crime: the Impact of Fraud on Individual Victims and their Families.’’ Security Journal 27, no. 1 (2014): 36–54. 145 Titus, Richard, Fred Heinzelmann, and John Boyle. ‘‘The Anatomy of Fraud: Report of a Nationwide Survey.’’ National Institute of Justice Journal (1995): 28–34. E:\FR\FM\11MYR3.SGM 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations crime do not fully consider the psychological impact on its victims,146 and therefore, the true economic value of averted crime may exceed estimates derived from published studies of the costs of crime. b. Law Enforcement Benefits i. Reduced Cost of Beneficial Ownership Searches A direct benefit of the final rule would be the reduction in the cost to law enforcement agencies of obtaining beneficial ownership information. The current system generally requires Federal investigators to expend resources in search of beneficial ownership information when conditions warrant it. Adoption of the final rule would reduce law enforcement agencies’ search costs because the information would be collected by covered financial institutions for new legal entity accounts and become more readily accessible to law enforcement agency investigators with a subpoena. In addition, SARs filed by the institutions would be increasingly likely to include beneficial ownership information, making it readily available to Federal authorities. We do not attempt to estimate the value of this potential benefit, but we expect it to grow over time, as the share of accounts whose beneficial ownership is disclosed gradually rises.147 6. Transfers In the next two sections, we identify a few potential effects that do not conform to strictly-defined costs or benefits to society, but may have impacts on selected stakeholders. These effects are not included as costs or benefits. a. Lost Tax Revenue Due to Capital Loss (Accounts Moving Abroad) To the extent that financial accounts at covered institutions generate taxable income and that the decision to open these accounts is sensitive to the collection of beneficial ownership information, the final CDD rule has the potential to eliminate tax revenue that would otherwise be collected. However, from our perspective, beneficial ownership disclosure would have a negligible effect on the number of legal entity accounts because legal entities in the United States generally require bank accounts to operate their businesses. In addition, the vast majority of the world’s countries require financial institutions to collect and verify beneficial ownership of legal entity accountholders. As a result, there are 29443 few safe havens in the world that permit financial institutions to open an account for a legal entity and not obtain the entity’s beneficial ownership. (See discussion in section 4.b.iv.) b. Increased Asset Recovery To the extent that the number of successful prosecutions increases due to the final rule, we expect that the recovery of assets by Federal authorities would rise. We would consider any increase in assets recovered due to the final rule as transfers. Table 5 shows that the value of assets forfeited to the U.S. Department of Justice Forfeiture Fund has exceeded $1.5 billion every year from 2010 to 2014 and has exceeded $4 billion in two of those years,148 and that the value of assets forfeited to the U.S. Department of the Treasury Forfeiture Fund has been greater than $500 million in every year over the same period.149 Due to the uncertainties associated with attributing future changes in asset recovery to the final CDD rule, we do not estimate the magnitude of this potential effect, but even a hypothetical 5 percent increase on the five-year average of $2.9 billion for the DOJ forfeitures alone would exceed $145 million in additional assets recovered. TABLE 5—ASSETS OF DEPARTMENT OF JUSTICE FORFEITURE FUND AND SEIZED ASSETS DEPOSITS FUND AND TREASURY FORFEITURE FUND [U.S. Department of Justice, U.S. Department of the Treasury] [Millions of nominal USD] 2010 2011 Forfeited to Department of Justice: $1,947 ......................................................... Forfeited to Treasury: 1,142 ........................................................... 2012 2013 2014 5 Year average $1,617 $4,453 $2,148 $4,551 $2,943 929 523 1,713 784 1,018 Sources: U.S. Department of Justice, Assets Forfeiture Program. Annual Reports to Congress (eds. 2004–2014). Adapted from ‘‘Assets Forfeiture Fund and Seized Assets Deposits Fund—Method of Disposition of Forfeited Property’’ tables. https://www.justice.gov/afp/reports-congress, accessed October 8, 2015. Treasury Executive Office for Asset Forfeiture. Note: Current year revenue includes direct revenue and reverse asset sharing. c. Potential Increased Tax Revenue Through Improved Tax Compliance mstockstill on DSK3G9T082PROD with RULES3 According to the U.S. Department of the Treasury, the collection of beneficial ownership information by covered financial institutions for their domestic 146 McCollister, Kathryn, Michael French, and Hai Fang. ‘‘The Cost of Crime to Society: New CrimeSpecific Estimates for Policy and Program Evaluation.’’ Drug and Alcohol Dependence 108 (2010): 98–109. 147 We expect this gradual increase in the share of accounts with disclosed beneficial ownership because only new legal entity accounts would require this information under the proposed rule. 148 Based on statistics from the DOJ Asset Forfeiture Program. The DOJ Asset Forfeiture Program Web page lists the following participating VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 legal entity accounts would result in new information being available to the IRS during audits and investigations into civil and criminal tax noncompliance. Ready access to account beneficial ownership information from covered financial institutions would help the IRS determine whether beneficial owners are accurately reporting income from entities. Moreover, IRS access to this information would increase incentives institutions. DOJ institutions: The Asset Forfeiture and Money Laundering Section of the Criminal Division; Bureau of Alcohol, Tobacco, Firearms, and Explosives; Drug Enforcement Administration; Federal Bureau of Investigation; U.S. Marshals Service; U.S. Attorneys’ Offices; and Asset Forfeitures Management Staff. Institutions from other U.S. Government agencies include: U.S. Postal Inspection Service; Food and Drug Administration; U.S. Department of Agriculture, Office of the Inspector General; Department of State, Bureau of Diplomatic Security; and Defense Criminal Investigative Service. Source: U.S. Department of Justice. 2015. Participants and Roles. https://www.justice.gov/afp/participants-and-roles (accessed September 14, 2015). 149 Participating agencies include IRS Criminal Investigations Division, U.S. Immigration and Customs Enforcement, U.S. Customs and Border Protection, U.S. Secret Service, and U.S. Coast Guard. Source: U.S. Department of the Treasury. 2015. Terrorism and Financial Intelligence. https:// www.treasury.gov/about/organizational-structure/ offices/Pages/The-Executive-Office-for-AssetForfeiture.aspx (accessed October 8, 2015). PO 00000 Frm 00047 Fmt 4701 Sfmt 4700 E:\FR\FM\11MYR3.SGM 11MYR3 29444 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations for voluntary tax compliance by beneficial owners of the accounts. Any increased tax revenue would be considered a transfer. 7. Reputational Effects clarifying and strengthening customer due diligence standards for U.S. financial institutions.153 In October 2015, the U.S. G–20 Action Plan notes its engagement in developing a customer due diligence rule with required beneficial ownership disclosure for financial institutions.154 Implementing the CDD rule would advance compliance by the United States with the FATF CDD standards and fulfill outstanding public commitments. It would further enable the United States to demonstrate progress at the FATF, and at other international bodies, and bilaterally to encourage other jurisdictions to comply with the FATF standards and avoid accusations of hypocrisy due to its own lack of compliance. We do not attempt to quantify or monetize the magnitude of this potential reputational effect, given the intangible nature of reputational effects, but assess it to be significant. The United States, which is generally considered a global leader in combating money laundering and terrorist financing, is currently one of a very small number of FATF members that are not in compliance with its core standard requiring that financial institutions identify and verify the identity of the beneficial owners of legal entity accounts. We assess that this lack of full compliance with the standard with which the vast majority of the rest of the world complies, undermines U.S. leadership on illicit finance issues. mstockstill on DSK3G9T082PROD with RULES3 a. Reputational Effects of Meeting International Policy Standards FATF has set international standards to enhance the collective effort to combat money laundering and terrorist financing. Widespread adoption of such international standards can raise the cost of crime, by limiting criminals’ choices of where they can obtain accounts, and eliminate ‘‘safe havens’’ for financial criminals seeking jurisdictions with less rigorous laws or enforcement. Recent reviews of U.S. compliance with international AML/CFT standards have criticized the incomplete adoption of the customer due diligence framework. The 2006 FATF Mutual Evaluation Report (MER) found that the United States had implemented an AML/CFT system that was broadly consistent with the international standard. However, the report noted shortcomings related to CDD in the U.S. framework, and rated it only ‘‘partially compliant’’ with the CDD recommendation, a significant reason being the lack of an explicit beneficial ownership identification requirement.150 The International Monetary Fund (IMF) in 2010 found the United States had made ‘‘limited progress’’ since 2006 in strengthening requirements on identifying beneficial owners of accounts.151 In its 2015 Financial Sector Assessment of the United States, the IMF acknowledged U.S. efforts in addressing deficiencies identified in the 2006 FATF MER, but cited a lack of substantive policy progress by the end of its research mission in June 2015.152 The U.S. government responded to the 2006 FATF Report by committing to strengthen customer due diligence standards. In 2013, the U.S. G–8 Action Plan for Transparency of Company Ownership and Control committed to b. Reputational Effects on Financial Institutions We believe the proposed CDD rule is unlikely to provide appreciable reputational effects on covered financial institutions. Our reasoning is as follows. Client confidence in financial institutions is a necessary component of an effective financial system.155 Depositors trust institutions to safeguard deposits, provide fund withdrawals upon request, and meet regulatory and prudential requirements. In principle, financial institutions that maintain full compliance with AML/ CFT regulations, including the final 150 Financial Action Task Force. 2006. Summary of the Third Mutual Evaluation Report on AntiMoney Laundering and Combating the Financing of Terrorism, United States of America. FATF is performing its mutual evaluation of the United States, to be completed in October 2016. 151 International Monetary Fund. IMF Country Report No. 10/253. 2010. United States: Publication of Financial Sector Assessment Program Documentation—Technical Note on Anti-Money Laundering/Combating the Financing of Terrorism. 152 International Monetary Fund. IMF Country Report No. 15/174. 2015. United States Financial Sector Assessment Program: Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT)—Technical Note. 153 The White House. Office of the Press Secretary. 2013. United States G–8 Action Plan for Transparency of Company Ownership and Control. https://www.whitehouse.gov/the-press-office/2013/ 06/18/united-states-g-8-action-plan-transparencycompany-ownership-and-control (accessed October 8, 2015). 154 The White House, The U.S. Action Plan to Implement the G–20 High Level Principles on Beneficial Ownership, https://www.whitehouse.gov/ blog/2015/10/16/us-action-plan-implement-g-20high-level-principles-beneficial-ownership. 155 International Monetary Fund. Departments of Exchange Affairs, Policy Development, and Review. 2001. Financial System Abuse, Financial Crime, and Money Laundering—Background Paper. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 PO 00000 Frm 00048 Fmt 4701 Sfmt 4700 rule, may be viewed as less risky by clients and investors, at least when compared to non-complying institutions. However, compliance with the CDD rule would likely do little to distinguish any particular financial institution from its peers, since all covered institutions would be subject to the same requirement, and compliance is expected to be universal. Therefore, in this context, we believe any potential reputational effect to institutions that comply with the rule would be negligible. 8. Breakeven Analysis and Conclusion Ideally, a cost-benefit analysis quantifies all benefits and costs, converts them to present value, and then assesses whether the present value of benefits exceeds the present value of costs. However, it is not uncommon for a rule to generate benefits and costs that cannot be fully quantified, in which case alternative methods can be used to assess the rule.156 When such unquantifiable benefits and costs are likely to be important, one should carry out a ‘‘threshold,’’ or ‘‘breakeven’’ analysis to evaluate their significance.157 Such an analysis asks how large the present value of benefits has to be so that it is just equal to the present value of costs.158 A credible claim that a rule change would generate a discounted stream of benefits equal to or greater than this breakeven level supports the argument that a rule should be adopted.159 As we described at length above, we expect there to be significant but unquantifiable benefits to this rule, necessitating the use of a breakeven analysis. This analysis presents a range of costs, including the primary quantified costs and the orderof-magnitude IT cost assessment with an upper bound of $10 billion for the cost of implementing the rule, which thus determines the threshold that the benefits would need to meet for the rule to generate a net benefit to society. 156 For a discussion of this situation, along with many examples of proposed Federal regulations affected by it, see Sunstein, Cass. ‘‘The Limits of Quantification.’’ California Law Review 102, no. 6 (2014): 1369–1422. 157 See pages 2 and 10 of OMB Circular A–4. 2003. 158 For examples of regulatory analyses of past rules that relied on breakeven analysis, see Customs and Border Protection, Department of Homeland Security, ‘‘Importer Security Filings and Additional Carrier Requirements,’’ 73 FR 71730 (November 25, 2008), and Customs and Border Protection, Department of Homeland Security, ‘‘Advance Electronic Transmission of Passenger and Crew Member Manifests for Commercial Aircraft and Vessels,’’ 72 FR 48320 (August 23, 2007). 159 In performing the breakeven analysis, we discount future cash flows using the seven-percent discount rate. E:\FR\FM\11MYR3.SGM 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations 29445 large IT upgrade costs. In the breakeven analysis to follow, we present both the primary quantified costs and the orderof-magnitude IT costs, setting aside all other unquantified costs because we believe these other costs are likely to be comparatively small. For example, as noted earlier, it is very unclear whether law enforcement activity (and the associated costs) would increase or decrease because of the rule.163 Similar arguments can be made about financial institutions’ costs for generating and submitting SARs. Regarding the financial institutions’ capital loss from accounts closing or never being opened, the respective sections of the RIA go into some detail on why these costs would likely be negligible. Finally, earlier sections of the RIA also explain why the unquantified costs to clients may be low. with training, onboarding, compliance and entity burdens, the order-ofmagnitude assessment of the IT upgrades as well as other qualitative costs. By including an order-ofmagnitude assessment with the other quantified costs, we can determine the threshold level of the benefit that would voluntarily. See footnote 5 for a discussion of the circumstances under which the inclusion of proceeds from illicit drug sales is justified in computing the benefits to society of reduced crime. 162 For additional discussion of the importance of non-pecuniary costs (including, but not limited to, victims’ pain and suffering, and the cost of risk of death from violent acts that complement illicit activity) in the overall cost of crime to society, see pages 3558–3560 of Freeman, Richard. ‘‘The Economics of Crime,’’ In Handbook of Labor Economics, edited by Orley Ashenfelter and David Card, 3530–3563. New York: Elsevier, 1999. 163 Note that the CDD rule could lead to lower levels of illicit activity without any increase in law enforcement activity (even without a change in incarcerations, meaning the change in illicit activity would occur exclusively via the deterrence effect) if the rule allows the same resources to be deployed more effectively in investigations and prosecutions. 160 See footnote 106. is plausible for proceeds not due to illicit drug sales (representing approximately 22 percent of the total in the United States according to United Nations Office on Drugs and Crime estimates for 2010; we assume that this is also the case for 2015 and subsequent years), which are mostly attributable to fraud. This distinction matters because individuals who buy and sell illicit drugs presumably enter into individual transactions 161 This VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 PO 00000 Frm 00049 Fmt 4701 Sfmt 4700 E:\FR\FM\11MYR3.SGM 11MYR3 ER11MY16.020</GPH> terrorist activity’’ benefit described earlier. Any reduction of the $300 billion figure is a lower bound for the final rule’s actual benefit, given the reliance on saved external costs as the relevant concept (i.e., this does not reflect the value of individuals’ lost time in the aftermath of being victimized by financial crime or their psychological suffering, among many other costs).162 Note that this benefit is also a lower bound because it does not include the other qualitative benefits (besides reduced terrorist activity) discussed in the RIA. In terms of costs, IT upgrades represent the largest of the qualitative costs examined in the RIA. In both public comments on the NPRM and follow-up calls with individual commenters, financial institutions emphasized that the rule would impose In summary, in this RIA, the major benefit that remains unquantified is the reduction in crime and terrorist activity, and the costs include costs associated mstockstill on DSK3G9T082PROD with RULES3 Given that the upper bound for costs used in the breakeven analysis is high, the breakeven analysis is therefore very conservative in specifying how effective the CDD rule would have to be in order to justify its costs. As mentioned in the first section of the RIA, $300 billion in illicit proceeds are generated annually in the United States according to the Treasury Department’s 2015 National Money Laundering Risk Assessment.160 To the extent that this figure represents funds involuntarily transferred from victims to offenders, the $300 billion represents a portion of the total external costs imposed by the illicit activity.161 The final CDD rule intends to diminish the volume of such illegally generated funds, where any reduction represents the ‘‘reduced crime’’ portion of the unquantified ‘‘reduced crime and 29446 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES3 make the rule’s adoption worthwhile. Figure 1 graphs the threshold reduction in annual illicit activity that would be needed to justify different levels of total costs for different definitions of illicit activity (i.e., whether including illicit drug sales or not).164 165 Given the assumed path of illicit activity during 2016–2025, percent reductions in illicit proceeds in each year equal to those in Figure 1 would yield a stream of benefits having present values equal to the present value of costs. The key conclusion from Figure 1 is that a reduction in annual illicit activity (measured by dollars of real proceeds) of just 0.6 percent or 0.47 percent (depending on whether proceeds from drug sales are included or not) or approximately $1.45 billion in 2016, at the upper bound of IT costs, would mean that the CDD rule’s benefits would outweigh its costs.166 We are presenting two cost scenarios in this breakeven analysis. We recognize that the order-ofmagnitude IT cost analysis is not of sufficient quality to be added to the primary cost analysis. However for the purposes of this breakeven analysis, we believe including the IT cost would present a conservative scenario where the CDD rule would only need to generate a very modest relative decrease in real illicit activity to justify the costs it would impose with an upper bound of $10 billion. The Treasury Department thus believes that the final rule will achieve a reduction in illicit activity that would more than offset the burdens it would place on government, financial institutions, clients, and other parts of society. We conclude that illicit activity would only have to decrease by 0.12% to 0.6% to offset the costs of the rule. Because of the modest magnitude of the 164 Quantified costs are assumed to be constant as IT costs change (meaning that a $1 increase in IT costs raises total costs by $1) so the breakeven functions are able to take into account all costs while only being graphed for different levels of IT costs. 165 To generate the profile of illicit proceeds during the 2016–2025 time horizon, we start with the 2015 levels (listed in Figure 1) and then assume that the amount of illicit activity as a proportion of the real economy will remain constant (for the year-over-year real GDP growth rates used, see Table 2–1 of OMB. Fiscal Year 2016 Analytical Perspectives of the U.S. Government. 2015.). This means that illicit proceeds are always equal to the same percent of production in the economy, but given that the real economy is growing, illicit proceeds must grow as well to account for that same proportional amount. For instance, real illicit proceeds (including from illicit drug sales) are assumed to be $309 billion and almost $383 billion in 2016 and 2025, respectively. 166 To be exact, these are real IT costs incurred during the 10-year time horizon, the present value of which implies very little about how these real costs are distributed across the 10 years. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 reduction, we believe that this rule would be beneficial to society at large. C. Final Regulatory Flexibility Act Analysis When an agency issues a rule proposal, the Regulatory Flexibility Act (RFA) requires the agency to either provide an Initial Regulatory Flexibility Analysis or, in lieu of preparing an analysis, to certify that the proposed rule is not expected to have a significant economic impact on a substantial number of small entities.167 When FinCEN issued its NPRM,168 FinCEN believed that the proposed rule would not have a significant economic impact on a substantial number of small entities, and certified that it would not.169 Because numerous commenters to the NPRM asserted that the proposed rule would be more costly to implement than estimated by FinCEN, FinCEN prepared and made available on December 24, 2015 an Initial Regulatory Flexibility Analysis (IRFA), along with a preliminary RIA in which it specifically solicited comment, including from small entities, on whether the proposed rule would have a significant economic impact on a substantial number of small entities. FinCEN received a total of 38 comments, including four from small entities (as well as several from associations representing small entities); a discussion of all the comments is set forth above. The RFA requires each Final Regulatory Flexibility Analysis to contain: • A succinct statement of the need for, and objectives of, the rule; • A summary of the significant issues raised by the public comments in response to the IRFA, a summary of the assessment of the agency of such issues, and a statement of any changes made in the proposed rule as a result of such comments; • A description of and an estimate of the number of small entities to which the proposed rule would apply; • A description of the projected reporting, recordkeeping, and other compliance requirements of the proposed rule, including an estimate of the classes of small entities which will be subject to the requirement and the type of professional skills necessary for the preparation of the report or record; and • A description of the steps the agency has taken to minimize the significant economic impact on small 167 5 U.S.C. 601–612. 168 79 FR 45151 (Aug. 4, 2014). 169 79 FR 45151, 45168–45169. PO 00000 Frm 00050 Fmt 4701 Sfmt 4700 entities consistent with the stated objectives of applicable statutes, including a statement of the factual, policy, and legal reasons for selecting the alternative adopted in the final rule and why each one of the other significant alternatives to the rule considered by the agency which affect the impact on small entities was rejected. 1. Statement of the Reasons For, and Objectives of, the Rule FinCEN is adopting the final rule because it has determined that more explicit rules for covered financial institutions 170 are needed to clarify and strengthen CDD within the BSA regime, in order to enhance transparency and help safeguard the financial system against illicit use. The CDD rule will advance the purposes of the BSA by (i) enhancing the availability of beneficial ownership information to law enforcement, Federal functional regulators, and SROs; (ii) increasing the ability of financial institutions, law enforcement, and the intelligence community to identify the assets and accounts of terrorist organizations, drug kingpins, and financial criminals; (iii) helping financial institutions to assess and mitigate risk and comply with existing BSA and related authorities; (iv) facilitating reporting and investigations in support of tax compliance, and advancing commitments made in connection with the Foreign Account Tax Compliance Act; and (v) promoting consistency in implementing and enforcing CDD regulatory expectations across and within financial sectors. 2. A Summary of the Significant Issues Raised by the Public Comments in Response to the IRFA, a Summary of the Assessment of the Agency of Such Issues, and a Statement of Any Changes Made in the Proposed Rule as a Result of Such Comments FinCEN has carefully considered the comment letters received in response to the NPRM. The preamble above provides a general overview of the comments, and the Section-by-Section Analysis discusses the significant issues raised by comments. In addition, the section above preceding the RIA includes a discussion of the comments received with respect to the preliminary RIA and IRFA, including those with respect to the estimated costs imposed on the industry resulting from the rule. 170 Defined to include federally regulated banks, brokers and dealers in securities, mutual funds, and futures commission merchants and introducing brokers in commodities. E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations FinCEN has considered the comments received from small entities and from associations representing them, whether or not the comments referred to the IRFA. Three of the four small entities that commented stated that the general increase in regulatory burden and costs for the banking industry makes it increasingly difficult for small banks to continue to operate profitably, and requested that FinCEN create an exemption for entities below a certain asset size or number of legal entity accounts. One of these commenters stated that while it has relatively few business accounts, it would cost thousands of dollars to purchase the tracking software that it asserted would be required to comply with the rule. The fourth small bank is a niche lender that provides primarily small business equipment leasing, and explained that because many of its competitors will not be subject to the final rule, it will put them at a significant competitive disadvantage. FinCEN has determined that, because accounts created to provide this product present a low risk for money laundering or terrorist financing, such accounts will be exempt from the beneficial ownership requirement, subject to certain conditions. FinCEN has previously considered and rejected the alternative of exempting small financial institutions from the rule. Were FinCEN to exempt institutions below a certain size from the rule, those seeking access to the financial system to perpetrate crime would have an easier path in order to pursue such activities. As regards the institution that raised the cost of purchasing tracking software in order to comply, FinCEN never intended to impose a requirement that would necessitate such an expense. There is no requirement for covered FIs to have specific systems in place to track and monitor beneficial ownership information. Rather, financial institutions are required to update information about their customers, including beneficial ownership information, when as a result of normal monitoring, the financial institution detects information about the customer that may be relevant to assessing the risk posed by the customer. Such information could include a change in the customer’s beneficial ownership. This issue, including FinCEN’s revision to the proposed rule in order to clarify this in the final rule, is explained more fully in the Section-by-Section Analysis above. More specific information regarding the estimated costs for small entities resulting from the final rule is set forth VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 in section 4 below, and other steps FinCEN has taken to minimize the economic impact of the rule on small entities are set forth in section 5 below. 3. Description and Estimate of the Number of Small Entities to Which the Proposed Rule Would Apply This rule will apply to all Federally regulated banks and all brokers or dealers in securities, mutual funds, and futures commission merchants and introducing brokers in commodities, as each is defined in the BSA. Based upon recent data, for the purposes of the RFA, there are approximately 5,088 small Federally regulated banks out of a total of 6,348 (comprising 80 percent of the total number of banks); 171 6,165 Federally regulated credit unions (of which approximately 93 percent are small credit unions),172 1,349 small brokers or dealers in securities out of a total of 4,269 (comprising 31.5 percent of the total); 173 90 small mutual funds out of a total of 10,711 (comprising 8 percent of the total); 174 no small futures commission merchants; and a total of 1,323 introducing brokers in commodities, the majority of which are small entities.175 Because the rule will apply to all of these small financial institutions, FinCEN concludes that the rule will apply to a substantial number of small entities. 171 The Small Business Administration (‘‘SBA’’) defines a depository institution (including a credit union) as a small business if it has assets of $550 million or less. The information was provided by the FDIC as of June 30, 2015. 172 The information was provided by the NCUA as of June 30, 2015. 173 With regard to the definition of small entity as it applies to broker-dealers in securities and mutual funds, FinCEN is using the SEC’s definitions found at 17 CFR 240.0–10(c), and 17 CFR 270.0–10, respectively. The information was provided by the SEC as of December 31, 2014. 174 The information was provided by the SEC as of December 31, 2014. 175 The CFTC has determined that futures commission merchants are not small entities for purposes of the RFA, and, thus, the requirements of the RFA do not apply to them. The CFTC’s determination was based, in part, upon the obligation of futures commission merchants to meet the minimum financial requirements established by the CFTC to enhance the protection of customers’ segregated funds and protect the financial condition of futures commission merchants generally. Small introducing brokers in commodities are defined by the SBA as those having less than $7 million in gross receipts annually. While the CFTC has no current data regarding the exact number of small entities, we understand that the majority are small. The information was provided by the CFTC as of June 30, 2015. PO 00000 Frm 00051 Fmt 4701 Sfmt 4700 29447 4. Description of the Projected Reporting, Recordkeeping, and Other Compliance Requirements of the Proposed Rule, Including an Estimate of the Classes of Small Entities Which Will Be Subject to the Requirement and the Type of Professional Skills Necessary for the Preparation of the Report or Record a. Beneficial Ownership Requirement The rule imposes on all covered financial institutions (including all those that are small entities) a new requirement to identify and to verify the identity of the beneficial owners of their legal entity customers and to maintain a record of such information. Many of the comments received in response to the NPRM stated that FinCEN had underestimated the burden resulting from the proposal in the following areas: (i) Additional time at account opening, (ii) training, and (iii) information technology (IT), but very few comments contained any specific cost estimates. To obtain more specific cost estimates regarding this requirement, FinCEN conducted telephone interviews with several financial institutions that had submitted comments, including three small financial institutions. FinCEN conducted this outreach to gather information for its preliminary RIA of the proposed rule pursuant to Executive Orders 13563 and 12866 as well for the IRFA. The final RIA is published concurrently with this FRFA. Additional information that FinCEN obtained relevant to its estimate of costs is included in the discussion below. FinCEN also notes that, in addition to the estimates set forth below, the only small bank that estimated the total costs resulting from the rule, estimated that they would be $2,000 initially, and $1,500 per year on an ongoing basis. (i) Additional time at account opening. The proposed rule would require that the beneficial ownership requirement be satisfied by obtaining and maintaining a certification from each legal entity customer that opens a new account. The certification would contain identifying information regarding each listed beneficial owner. The financial institution would also be required to verify such identity by documentary or non-documentary methods and to maintain in its records for five years a description of (i) any document relied on for verification, (ii) any such non-documentary methods and results of such measures undertaken, and (iii) the resolution of any substantive discrepancies discovered in verifying the identification information. FinCEN believes that the financial institution E:\FR\FM\11MYR3.SGM 11MYR3 29448 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES3 employees who open new accounts would have the necessary skills to prepare the record of this information that must be maintained. The burden on a small financial institution at account opening resulting from the final rule would be a function of the number of beneficial owners of each legal entity customer opening a new account,176 the additional time required for each beneficial owner, and the number of new accounts opened for legal entities by the small financial institution during a specified period. At the time of its certification in the NPRM, FinCEN had very little information on which to base its estimate of any of these variables, and believed that it was reasonable to assume that the great majority of legal entity customers that establish accounts at small institutions are more likely to be small businesses with simpler ownership structures (for example, a single legal entity directly owned by two individuals) that will result in one or two beneficial owners. In addition, FinCEN also believed that, since all covered financial institutions have been subject to CIP rules 177 for more than 10 years, and the proposed rule utilizes CIP rule procedures, small institutions would be able to leverage these procedures in complying with this requirement. As a result, in its certification FinCEN estimated that it would require, on average, 20 minutes to fulfill the beneficial ownership identification, verification and recordkeeping requirements in the proposal. Also, for purposes of its certification FinCEN had no direct data on the aggregate number of legal entity accounts opened per year by small financial institutions, and (based in part on an estimate it obtained from one very large financial institution of the legal entity accounts it opens per year) FinCEN estimated that small institutions would open at most 1.5 new accounts for legal entities per day, and probably fewer. However, because statistical data does not exist regarding either the average number of beneficial owners of legal entity customers of small institutions or how many such accounts they establish in any time period, FinCEN sought comment on these questions. As a result of the outreach referred to above, FinCEN obtained some 176 The NPRM proposed to define beneficial owner as (1) each individual who owns, directly or indirectly, 25 percent or more of the equity interests of a legal entity, and (2) one individual with significant responsibility to control, manage, or direct the entity. Thus, it is possible that a legal entity could have up to five beneficial owners. 177 See 31 CFR 1020.220, 1023.220, 1024.220, and 1026.220. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 additional data on which to better estimate the additional costs at account opening. Because financial institutions are not currently required to collect beneficial ownership information, there is no way to estimate the average number of beneficial owners of legal entity customers of financial institutions, although FinCEN continues to believe that it is reasonable to assume that small financial institutions will generally have small businesses as customers, which are likely to have not more than two beneficial owners. Banks we surveyed estimated that it is likely to take an additional 10 to 15 minutes per beneficial owner. Assuming there would typically be two individuals identified as beneficial owners, for purposes of the IRFA FinCEN estimated the additional time to open a legal entity account between a low estimate of an additional 15 minutes and a high estimate of an additional 30 minutes to open a legal entity account. In its outreach FinCEN asked three small financial institutions the number of legal entity accounts they open each year. While financial institutions do not generally maintain information about the number of their legal entity customers, they typically maintain a database for their retail (i.e., individual) customers, and another database for their customers that are businesses or organizations. A significant number of a financial institution’s business or organization customers are sole proprietorships that are not legal entities subject to the proposed rule.178 As a result, it is very difficult to estimate with any degree of precision the number of legal entity customers of a particular small financial institution that would be subject to the proposed rule. However, based on data obtained from FinCEN’s outreach, and utilizing the wage assumptions in the draft RIA, we estimated for purposes of the IRFA that this requirement would result in a cost to a small bank of between approximately $2,000 and $4,000 per year at account opening.179 178 According to data obtained from the IRS regarding tax returns, approximately 75 percent of all businesses filing tax returns are sole proprietorships. 179 One small bank we surveyed reported that it opened 471 accounts for organizations in 2014. This number includes an unknown number of sole proprietorships that would not be subject to the rule, as well as 179 accounts for loan customers, for which the bank would typically identify the beneficial owner(s) in order to obtain personal guarantees. A second small bank we surveyed reported that it opened 333 accounts in 2014 for legal entities, which includes an unknown number of sole proprietorships, as well as 106 loan customers. A small credit union we surveyed opens 24 to 36 accounts for businesses per year, which includes an unknown number of sole PO 00000 Frm 00052 Fmt 4701 Sfmt 4700 None of the small businesses that commented on the IRFA included an estimate of the amount of time to open a legal entity account; only one noted the number of such accounts it opens per year (70). As a result of the comments we received to the draft RIA from other commenters, FinCEN has increased the estimated time for financial institutions to open accounts, from a range of 15 to 30 minutes in the IRFA, to a range of 20 to 40 minutes. Based on opening 471 new accounts for legal entities and an average wage of $16.77 for ‘‘new account clerks,’’ this would result in an annual cost to a small bank of $2,550 to $5,100. FinCEN also notes that, even within the universe of small entities, the costs could be expected to vary substantially. For example, for the small bank that responded to the IRFA and estimated that it opens 70 new accounts for business customers per year, the estimated costs would range from $380 to $760 per year. (ii) Training (Employee time). In its certification FinCEN noted that financial institutions generally conduct periodic training of their employees for BSA compliance and that this new requirement would be included in that periodic training. Many commenters noted that it would be necessary to conduct additional training in order to comply with this requirement, although none gave any specific estimate of the cost. As a result FinCEN sought to determine this more specifically in its outreach. Based on the sampling it conducted it learned that financial institutions expect to train between onethird and two-thirds of their employees regarding this requirement. Assuming that a small financial institution has 125 employees and that the training would take one hour, and applying the wage assumptions used in the RIA, this would result in an estimated cost of between $1,250 and $2,500, depending on the percentage of employees trained, for the first year that the rule would be proprietorships. FinCEN believes its estimated range of costs may be high because the calculation is based on the small bank that opened the greater number of legal entity accounts, assumes that none of the accounts reported were opened for sole proprietorships, and includes loan customers, for which the bank would generally already identify beneficial owners. The estimated cost is based on the bank-reported 471 new accounts per year, additional time at account opening of 15 to 30 minutes, and the average wage of $16.77 for the financial industry ‘‘new account clerks’’ reported by the Bureau of Labor Statistics. FinCEN believes that utilizing this number of new accounts is more appropriate than the 1.5 new accounts per day stated in the NPRM, since it is based on actual data from a small bank. E:\FR\FM\11MYR3.SGM 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES3 in effect.180 The amount of necessary training would decrease thereafter. FinCEN did not receive any comments from small entities regarding the cost of developing and conducting the training. The estimates in the comments received from all financial institutions in response to the draft RIA generally fell within the estimated range in the IRFA, and therefore FinCEN is maintaining this estimate in this FRFA. FinCEN also notes that the estimate is almost certainly much greater than would be the actual case for most small credit unions. This is because FinCEN understands that approximately 3,000 small credit unions have five or fewer employees.181 Training for an institution with five employees, based on the assumptions above, would cost much less than the $1,250 lower estimate above. (iii) Training (Developing and Conducting). In addition, some commenters noted that FinCEN should account for the cost for the institution to develop and design the training. Although no small entities estimated the cost for this, an industry trade association stated that small banks would incur expenses of nearly $13,000 to develop and administer the training. While this seems plausible for institutions at the larger end of the small entity definition, it seems to be substantially greater than the costs that would be incurred for developing and conducting training for the smaller institutions, including those with five or fewer employees. (iv) Information Technology. In its certification FinCEN noted that financial institutions periodically update their IT systems, and that small financial institutions typically outsource their IT requirements to vendors, which would incorporate the required modifications into the programs that they supply to small financial institutions at minimal additional cost. FinCEN discussed with vendors the changes that would result from the adoption of the proposed rule and the likely additional costs that would be charged to customers in order to achieve compliant systems. The 180 FinCEN believes that the estimated range of costs may be high because it is based on the small financial institution interviewed with the greatest number of employees. The cost calculation is based on a weighted average wage of $29.92 for NAICS codes 5221 (Depository Credit Intermediation), 5222 (Nondepository Credit Intermediation), 5223 (Activities Related to Credit Intermediation), and 5231 (Securities and Commodity Contracts Intermediation and Brokerage), reported in the May 2014 Bureau of Labor Statistics National Occupational and Wage Estimates. 181 Comment letter from Credit Union National Association, January 22, 2016, page 4. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 vendors told FinCEN that they normally bear the costs of system upgrades necessary to maintain compliance required during the term of a contract, but some stated that the changes necessitated for compliance with the new requirements would be too costly to implement without increasing the charges to their customer financial institutions. The vendors also informed FinCEN that, until a rule were issued in final form, it would not be possible to determine how their systems would need to be modified, or to estimate the additional charges to their financial institution customers resulting from such changes. In response to the RIA and IRFA, two commenters included estimates of the costs for IT upgrades that would be required to comply with the Rule, although neither were small entities. Given the lack of specific estimates for small entities, FinCEN is not able to include an estimate or range of estimates for this expense for the FRFA. FinCEN notes that one credit union with assets of $2.3 billion estimated the cost of IT enhancements to be $23,270, and another with assets of $2.8 billion estimated such costs at $11,500. Given that these institutions are several times larger than the largest small credit unions, it would seem that the IT upgrade costs for small entities could be expected to generally be less than $10,000.182 (v) Revising Policies and Procedures. In its certification FinCEN noted that covered financial institutions would need to revise their AML programs in order to comply with the proposed rule, but that since financial institutions routinely update this program it was not able to estimate the time or expense for updating AML programs for compliance with the final rule specifically. In response to the NPRM FinCEN did not receive any specific estimates for the cost for this activity, and no estimate was included in the preliminary RIA or IRFA. In response to the preliminary RIA and IRFA several financial institutions estimated the cost for such updates and revisions. Although none were small entities, a trade association stated that it surveyed a number of small banks and that they estimated that this would take, on average, 40 hours to complete. Based on the salary estimates used in the RIA, FinCEN estimates that 182 In the course of FinCEN’s outreach mentioned above following the close of the NPRM comment period, one small credit union that FinCEN contacted estimated IT upgrade costs of $50,000 to $70,000. Based on the estimates referred to above, this estimate appears to be an aberration and not a basis for industry-wide estimates. PO 00000 Frm 00053 Fmt 4701 Sfmt 4700 29449 this would cost, on average, $1,360 for a small entity.183 (vi) Internal Controls. FinCEN understands that the rule would result in additional costs for covered financial institutions for internal controls and audit functions, including for small entities, to determine that the financial institution is complying with the new requirements. However, FinCEN did not obtain sufficient input in response to either the NPRM or to the preliminary RIA and IRFA to enable it to estimate the likely amount of such costs, and therefore is not attempting to estimate this cost for purposes of the FRFA. b. Customer Due Diligence Requirement The final rule will also require that covered financial institutions include in their AML programs customer due diligence procedures, including understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile and conducting ongoing monitoring of these relationships to identify and report suspicious activities and, on a risk basis, to maintain and update customer information. FinCEN maintains that, because these are necessary measures that covered financial institutions must currently take in order to comply with existing requirements to detect and file suspicious activity reports,184 they are implicit requirements and would not impose any new obligations, and therefore would have no material, measurable economic impact, on any small entities. FinCEN believes that proposing clear CDD requirements is the most effective means of clarifying, consolidating, and harmonizing expectations and practices across all covered financial institutions. Expressly stating the requirements facilitates the goal that financial institutions, regulators, and law enforcement all operate under the same set of clearly articulated principles. Some commenters to the preliminary RIA and IRFA, including one small bank, stated that compliance with these requirements would necessitate purchasing tracking software that would cost thousands of dollars. FinCEN’s response to this issue is discussed above under section 2 of this FRFA and in the Section-by-Section Analysis. 183 For estimating this cost we use wage data from the May 2014 BLS Occupational Employment Statistics for ‘‘compliance officers’’ working in business establishments in sectors having one of the four-digit North American Industry Classification System (NAICS) codes mentioned in footnote 116; the average hourly wage for these compliance officers is $34.03. 184 See, e.g., 31 CFR 1020.320. E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 29450 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations 5. A Description of the Steps the Agency Has Taken To Minimize the Significant Economic Impact on Small Entities Consistent With the Stated Objectives of Applicable Statutes, Including a Statement of the Factual, Policy, and Legal Reasons for Selecting the Alternative Adopted in the Final Rule and Why Each One of the Other Significant Alternatives to the Rule Considered by the Agency Which Affect the Impact on the Small Entities Was Rejected FinCEN considered a number of alternatives to the proposed rule. These included exempting small financial institutions below a certain asset or legal entity customer threshold from the requirements, as well as utilizing a lower (e.g., 10 percent) or higher (e.g., 50 percent) threshold for the minimum level of equity ownership for the definition of beneficial owner. As regards exempting financial institutions below a specified amount of assets or of legal entity accounts, FinCEN has determined that identifying the beneficial owner of a financial institution’s legal entity customers and verifying that identity is a necessary part of an effective AML program. Were FinCEN to exempt small entities from this requirement, or entities that establish fewer than a limited number of accounts for legal entities, those financial institutions would be at greater risk of abuse by money launderers and other financial criminals, as criminals would identify institutions without this requirement. FinCEN also has considered as alternatives establishing a different threshold for ownership of equity interests in the definition of beneficial ownership. For example, if the ownership threshold were reduced to include each individual owning 10 percent or more of the equity interests of a legal entity, a financial institution would potentially have to identify more individuals as beneficial owners, which would result in greater onboarding time and expense in such cases, with commensurately greater available information. Alternatively, should the ownership threshold be increased to owners of 50 percent or more of the equity interests, financial institutions would be required to identify and verify the identity of up to three individuals rather than five, thereby reducing marginally the cost of the initial onboarding time. However, this change would not impact the training or IT costs and therefore would not substantially reduce the overall costs of the rule and also would provide less useful information. FinCEN has also considered applying the beneficial VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 ownership requirement retroactively and requiring that financial institutions identify the beneficial owners of all their existing accounts as well as new accounts. While this would produce substantially larger benefits because it would make available beneficial ownership information for far more customers, it would also result in a significantly greater burden for financial institutions. After considering all the alternatives FinCEN has concluded that an ownership threshold of 25 percent is appropriate to maximize the benefits of the requirement while minimizing the burden. While FinCEN did not determine to adopt one of the alternatives it considered, it did take a number of steps in the final rule in response to comments to minimize the economic impact on small entities subject to the rule. These include clarifying the definition of ‘‘legal entity customer,’’ extending the transition period from one year to two years; eliminating the requirement that financial institutions use the Certification Form to obtain the beneficial ownership information; expanding the categories of excluded legal entities not subject to the requirement; simplifying the requirements related to the charity and nonprofit exemption; and as noted above, clarifying that financial institutions are not required to update beneficial ownership information on a periodic or ongoing basis, but only on an event-driven basis, when in the course of their normal monitoring they detect information about the customer that may be relevant to assessing the risk posed by the customer. Such information could include a change in the customer’s beneficial ownership. This is explained more fully in the Section-by-Section Analysis above. D. Paperwork Reduction Act Analysis The new recordkeeping requirement contained in this rule (31 CFR 1010.230) has been approved by the Office of Management and Budget (OMB) in accordance with the Paperwork Reduction Act of 1995 (PRA), 44 U.S.C. 3501 et seq., under control number 1506–0070. The PRA imposes certain requirements on Federal agencies in connection with their conducting or sponsoring any collection of information as defined by the PRA. Under the PRA, an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a valid OMB control number. PO 00000 Frm 00054 Fmt 4701 Sfmt 4700 In summary, the rule would require covered financial institutions 185 to collect, and to maintain records of, the information used to identify and verify the identity of the names of the beneficial owners 186 of their legal entity customers (other than those that are excluded from the definition).187 Under the proposed and final rule, covered financial institutions are required to establish and maintain written procedures that are reasonably designed to identify and verify beneficial owners of new accounts 188 opened by legal entity customers. They also must maintain a record of the identifying information obtained, and a description of any document relied on, of any non-documentary methods and the results of any measures undertaken, and of the resolution of each substantive discrepancy. Under the proposed rule covered financial institutions were required to obtain from each legal entity customer a certification, in a prescribed form, containing the identifying information required. In the final rule the institution may obtain the information either by using the Certification Form or by any other means that it obtains information from the customer. We received 141 comments in response to the proposed rule addressing many issues. Many commenters stated that the rule would be much more costly to implement than as estimated in the proposal for several reasons. The largest cost that commenters stated would be incurred to implement the rule would be those needed to upgrade IT systems. Only one commenter referred specifically to the proposed rule understating the PRA requirements. As a result of the comments addressing the cost of implementing the proposal, Treasury conducted and published a preliminary RIA and issued an IRFA. FinCEN received 38 comments addressing these documents, which are summarized above. As a result of these comments FinCEN revised its RIA and IRFA and 185 Banks, brokers and dealers in securities, mutual funds, and futures commission merchants and introducing brokers. 186 Beneficial owners include any individual who, directly or indirectly, owns 25 percent or more of the equity interests of a legal entity, and one individual with significant responsibility to control, manage, or direct a legal entity customer. 187 This requirement applies to accounts established for legal entities. A legal entity generally includes a corporation, limited liability company, or other entity that is created by a filing of a public document with a Secretary of State or similar office, a general partnership, or any similar entity formed under the laws of a foreign country. 188 New accounts are those opened after the Applicability Date, which is two years after the date of publication. E:\FR\FM\11MYR3.SGM 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES3 issued a final RIA and FRFA, each of which is set forth above. FinCEN has reconsidered the PRA burden estimates published in the proposal, based on the comments received to the proposal and the preliminary RIA and IRFA, and publishes below its revised estimates. The revised estimates are a result of information that FinCEN obtained as a result of the comments received, and particularly as a result of developing the RIA. Specifically, FinCEN increased its estimate of the time to develop and maintain beneficial ownership identification procedures, from one hour to 56 hours (40 for small entities), and its estimate of the time for identification, verification, and review and recordkeeping of the beneficial owners of legal entity customers, from 20 minutes per customer to a range of 20–40 minutes per customer. Affected public: Certain financial institutions, and businesses or other forprofit and not-for-profit entities. OMB Control Number: 1506–0070. Frequency: As required. Estimated Burden: a. Develop and maintain beneficial ownership identification procedures: 56 hours.189 b. Customer identification, verification, and review and recordkeeping of the beneficial ownership information: A range of 20 to 40 minutes per legal entity customer. Estimated Number of Respondents: 28,917.190 Estimated Total Annual Responses: 10,843,875.191 Estimated Recordkeeping Burden: 7,041,289 hours.192 The numbers presented assume that the number of account openings in 2013 is representative for an average yearly establishment of accounts for new legal entities. Records are required to be retained pursuant to the beneficial ownership requirement for five years. Comments concerning the accuracy of 189 A burden of 56 hours to develop the initial procedures is recognized (40 hours for small entities). Once developed, an annual burden of 20 minutes is recognized for maintenance. 190 This includes depository institutions (12,513), broker-dealers in securities (4,269), futures commission merchants (101), introducing brokers in commodities (1,323), and open-end mutual funds (10,711), each as defined under the BSA. These figures represent the total number of entities that would be subject to the requirements in the final rule. 191 Based on initial research, each covered financial institution will open, on average, 1.5 new legal entity accounts per business day. There are 250 business days per year. 192 10,843,875 × 30 minutes per account established ÷ 60 minutes per hour = 5,421,937 hours (plus development time of 1,619,352 hours for a total of 7,041,289 hours in the first year). VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 this burden estimate and suggestions from reducing this burden should be directed to the Desk Officer for the Department of the Treasury, Office of Information and Regulatory Affairs, Office of Management and Budget, Paperwork Reduction Act Project (1506), Washington, DC 20503. E. Unfunded Mandates Act of 1995 Statement Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 104–4 (Unfunded Mandates Act) requires that an agency prepare a budgetary impact statement before promulgating a rule that includes a Federal mandate that may result in expenditure by State, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year. FinCEN believes that the RIA provides the analysis required by the Unfunded Mandates Act. List of Subjects in 31 CFR Parts 1010, 1020, 1023, 1024, and 1026 Administrative practice and procedure, Banks, Banking, Brokers, Currency, Federal home loan banks, Foreign banking, Foreign currencies, Gambling, Investigations, Mortgages, Penalties, Reporting and recordkeeping requirements, Securities, Terrorism. Authority and Issuance For the reasons set forth in the preamble, chapter X of title 31 of the Code of Federal Regulations is amended as follows: PART 1010—GENERAL PROVISIONS 1. The authority citation for part 1010 continues to read as follows: ■ Authority: 12 U.S.C. 1829b and 1951–1959; 31 U.S.C. 5311–5314 and 5316–5332; title III, sec. 314 Pub. L. 107–56, 115 Stat. 307. ■ 2. Add § 1010.230 to read as follows: § 1010.230 Beneficial ownership requirements for legal entity customers. (a) In general. Covered financial institutions are required to establish and maintain written procedures that are reasonably designed to identify and verify beneficial owners of legal entity customers and to include such procedures in their anti-money laundering compliance program required under 31 U.S.C. 5318(h) and its implementing regulations. (b) Identification and verification. With respect to legal entity customers, the covered financial institution’s customer due diligence procedures shall enable the institution to: (1) Identify the beneficial owner(s) of each legal entity customer at the time a PO 00000 Frm 00055 Fmt 4701 Sfmt 4700 29451 new account is opened, unless the customer is otherwise excluded pursuant to paragraph (e) of this section or the account is exempted pursuant to paragraph (h) of this section. A covered financial institution may accomplish this either by obtaining a certification in the form of appendix A of this section from the individual opening the account on behalf of the legal entity customer, or by obtaining from the individual the information required by the form by another means, provided the individual certifies, to the best of the individual’s knowledge, the accuracy of the information; and (2) Verify the identity of each beneficial owner identified to the covered financial institution, according to risk-based procedures to the extent reasonable and practicable. At a minimum, these procedures must contain the elements required for verifying the identity of customers that are individuals under § 1020.220(a)(2) of this chapter (for banks); § 1023.220(a)(2) of this chapter (for brokers or dealers in securities); § 1024.220(a)(2) of this chapter (for mutual funds); or § 1026.220(a)(2) of this chapter (for futures commission merchants or introducing brokers in commodities); provided, that in the case of documentary verification, the financial institution may use photocopies or other reproductions of the documents listed in paragraph (a)(2)(ii)(A)(1) of § 1020.220 of this chapter (for banks); § 1023.220 of this chapter (for brokers or dealers in securities); § 1024.220 of this chapter (for mutual funds); or § 1026.220 of this chapter (for futures commission merchants or introducing brokers in commodities). A covered financial institution may rely on the information supplied by the legal entity customer regarding the identity of its beneficial owner or owners, provided that it has no knowledge of facts that would reasonably call into question the reliability of such information. (c) Account. For purposes of this section, account has the meaning set forth in § 1020.100(a) of this chapter (for banks); § 1023.100(a) of this chapter (for brokers or dealers in securities); § 1024.100(a) of this chapter (for mutual funds); and § 1026.100(a) of this chapter (for futures commission merchants or introducing brokers in commodities). (d) Beneficial owner. For purposes of this section, beneficial owner means each of the following: (1) Each individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25 percent or more of the equity interests of a legal entity customer; and E:\FR\FM\11MYR3.SGM 11MYR3 mstockstill on DSK3G9T082PROD with RULES3 29452 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations (2) A single individual with significant responsibility to control, manage, or direct a legal entity customer, including: (i) An executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or (ii) Any other individual who regularly performs similar functions. (3) If a trust owns directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, the beneficial owner for purposes of paragraph (d)(1) of this section shall mean the trustee. If an entity listed in paragraph (e)(2) of this section owns directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, no individual need be identified for purposes of paragraph (d)(1) of this section with respect to that entity’s interests. Note to paragraph (d). The number of individuals that satisfy the definition of ‘‘beneficial owner,’’ and therefore must be identified and verified pursuant to this section, may vary. Under paragraph (d)(1) of this section, depending on the factual circumstances, up to four individuals may need to be identified. Under paragraph (d)(2) of this section, only one individual must be identified. It is possible that in some circumstances the same person or persons might be identified pursuant to paragraphs (d)(1) and (2) of this section. A covered financial institution may also identify additional individuals as part of its customer due diligence if it deems appropriate on the basis of risk. (e) Legal entity customer. For the purposes of this section: (1) Legal entity customer means a corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account. (2) Legal entity customer does not include: (i) A financial institution regulated by a Federal functional regulator or a bank regulated by a State bank regulator; (ii) A person described in § 1020.315(b)(2) through (5) of this chapter; (iii) An issuer of a class of securities registered under section 12 of the VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 Securities Exchange Act of 1934 or that is required to file reports under section 15(d) of that Act; (iv) An investment company, as defined in section 3 of the Investment Company Act of 1940, that is registered with the Securities and Exchange Commission under that Act; (v) An investment adviser, as defined in section 202(a)(11) of the Investment Advisers Act of 1940, that is registered with the Securities and Exchange Commission under that Act; (vi) An exchange or clearing agency, as defined in section 3 of the Securities Exchange Act of 1934, that is registered under section 6 or 17A of that Act; (vii) Any other entity registered with the Securities and Exchange Commission under the Securities Exchange Act of 1934; (viii) A registered entity, commodity pool operator, commodity trading advisor, retail foreign exchange dealer, swap dealer, or major swap participant, each as defined in section 1a of the Commodity Exchange Act, that is registered with the Commodity Futures Trading Commission; (ix) A public accounting firm registered under section 102 of the Sarbanes–Oxley Act; (x) A bank holding company, as defined in section 2 of the Bank Holding Company Act of 1956 (12 U.S.C. 1841) or savings and loan holding company, as defined in section 10(n) of the Home Owners’ Loan Act (12 U.S.C 1467a(n)); (xi) A pooled investment vehicle that is operated or advised by a financial institution excluded under paragraph (e)(2) of this section; (xii) An insurance company that is regulated by a State; (xiii) A financial market utility designated by the Financial Stability Oversight Council under Title VIII of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010; (xiv) A foreign financial institution established in a jurisdiction where the regulator of such institution maintains beneficial ownership information regarding such institution; (xv) A non-U.S. governmental department, agency or political subdivision that engages only in governmental rather than commercial activities; and (xvi) Any legal entity only to the extent that it opens a private banking account subject to § 1010.620 of this chapter. (3) The following legal entity customers are subject only to the control prong of the beneficial ownership requirement: (i) A pooled investment vehicle that is operated or advised by a financial PO 00000 Frm 00056 Fmt 4701 Sfmt 4700 institution not excluded under paragraph (e)(2) of this section; and (ii) Any legal entity that is established as a nonprofit corporation or similar entity and has filed its organizational documents with the appropriate State authority as necessary. (f) Covered financial institution. For the purposes of this section, covered financial institution has the meaning set forth in § 1010.605(e)(1) of this chapter. (g) New account. For the purposes of this section, new account means each account opened at a covered financial institution by a legal entity customer on or after the applicability date. (h) Exemptions. (1) Covered financial institutions are exempt from the requirements to identify and verify the identity of the beneficial owner(s) set forth in paragraphs (a) and (b)(1) and (2) of this section only to the extent the financial institution opens an account for a legal entity customer that is: (i) At the point-of-sale to provide credit products, including commercial private label credit cards, solely for the purchase of retail goods and/or services at these retailers, up to a limit of $50,000; (ii) To finance the purchase of postage and for which payments are remitted directly by the financial institution to the provider of the postage products; (iii) To finance insurance premiums and for which payments are remitted directly by the financial institution to the insurance provider or broker; (iv) To finance the purchase or leasing of equipment and for which payments are remitted directly by the financial institution to the vendor or lessor of this equipment. (2) Limitations on Exemptions. (i) The exemptions identified in paragraphs (h)(1)(ii) through (iv) of this section do not apply to transaction accounts through which a legal entity customer can make payments to, or receive payments from, third parties. (ii) If there is the possibility of a cash refund on the account activity identified in paragraphs (h)(1)(ii) through (iv) of this section, then beneficial ownership of the legal entity customer must be identified and verified by the financial institution as required by this section, either at the time of initial remittance, or at the time such refund occurs. (i) Recordkeeping. A covered financial institution must establish procedures for making and maintaining a record of all information obtained under the procedures implementing paragraph (b) of this section. (1) Required records. At a minimum the record must include: (i) For identification, any identifying information obtained by the covered E:\FR\FM\11MYR3.SGM 11MYR3 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES3 financial institution pursuant to paragraph (b) of this section, including without limitation the certification (if obtained); and (ii) For verification, a description of any document relied on (noting the type, any identification number, place of issuance and, if any, date of issuance and expiration), of any nondocumentary methods and the results of any measures undertaken, and of the resolution of each substantive discrepancy. (2) Retention of records. A covered financial institution must retain the records made under paragraph (i)(1)(i) of this section for five years after the date the account is closed, and the VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 records made under paragraph (i)(1)(ii) of this section for five years after the record is made. (j) Reliance on another financial institution. A covered financial institution may rely on the performance by another financial institution (including an affiliate) of the requirements of this section with respect to any legal entity customer of the covered financial institution that is opening, or has opened, an account or has established a similar business relationship with the other financial institution to provide or engage in services, dealings, or other financial transactions, provided that: PO 00000 Frm 00057 Fmt 4701 Sfmt 4700 29453 (1) Such reliance is reasonable under the circumstances; (2) The other financial institution is subject to a rule implementing 31 U.S.C. 5318(h) and is regulated by a Federal functional regulator; and (3) The other financial institution enters into a contract requiring it to certify annually to the covered financial institution that it has implemented its anti-money laundering program, and that it will perform (or its agent will perform) the specified requirements of the covered financial institution’s procedures to comply with the requirements of this section. BILLING CODE P E:\FR\FM\11MYR3.SGM 11MYR3 29454 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations APPENDIX A to § 1010.230 -- CERTIFICATION REGARDING BENEFICIAL OWNERS OF LEGAL ENTITY CUSTOMERS I. GENERAL INSTRUCTIONS What is this form? To help the government fight financial crime, Federal regulation requires certain financial institutions to obtain, verify, and record information about the beneficial owners of legal entity customers. Legal entities can be abused to disguise involvement in terrorist financing, money laundering, tax evasion, corruption, fraud, and other financial crimes. Requiring the disclosure of key individuals who own or control a legal entity (i.e., the beneficial owners) helps law enforcement investigate and prosecute these crimes. Who has to complete this form? This form must be completed by the person opening a new account on behalf of a legal entity with any ofthe following U.S. financial institutions: (i) a bank or credit union; (ii) a broker or dealer in securities; (iii) a mutual fund; (iv) a futures commission merchant; or (v) an introducing broker in commodities. For the purposes ofthis form, a legal entity includes a corporation, limited liability company, or other entity that is created by a filing of a public document with a Secretary of State or similar office, a general partnership, and any similar business entity formed in the United States or a foreign country. Legal entity does not include sole proprietorships, unincorporated associations, or natural persons opening accounts on their own behalf. What information do I have to provide? This form requires you to provide the name, address, date of birth and Social Security number (or passport number or other similar information, in the case of foreign persons) for the following individuals (i.e., the beneficial owners): Each individual, if any, who owns, directly or indirectly, 25 percent or more of the equity interests ofthe legal entity customer (e.g., each natural person that owns 25 percent or more of the shares of a corporation); and (ii) An individual with significant responsibility for managing the legal entity customer (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer). The number of individuals that satisfy this definition of"beneficial owner" may vary. Under section (i), depending on the factual circumstances, up to four individuals (but as VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 PO 00000 Frm 00058 Fmt 4701 Sfmt 4725 E:\FR\FM\11MYR3.SGM 11MYR3 ER11MY16.021</GPH> mstockstill on DSK3G9T082PROD with RULES3 (i) Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations 29455 few as zero) may need to be identified. Regardless ofthe number of individuals identified under section (i), you must provide the identifying information of one individual under section (ii). It is possible that in some circumstances the same individual might be identified under both sections (e.g., the President of Acme, Inc. who also holds a 30% equity interest). Thus, a completed form will contain the identifying information of at least one individual (under section (ii)), and up to five individuals (i.e., one individual under section (ii) and four 25 percent equity holders under section (i)). The financial institution may also ask to see a copy of a driver's license or other identifying document for each beneficial owner listed on this form. II. CERTIFICATION OF BENEFICIAL OWNER(S) Persons opening an account on behalf of a legal entity must provide the following information: a. Name and Title ofNatural Person Opening Account: b. Name and Address of Legal Entity for Which the Account is Being Opened: mstockstill on DSK3G9T082PROD with RULES3 Name VerDate Sep<11>2014 The following information for each individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns 25 percent or more of the equity interests of the legal entity listed above: Date of Birth 18:50 May 10, 2016 Jkt 238001 PO 00000 Address (Residential or Business Street Frm 00059 Fmt 4701 Sfmt 4725 For US. Persons: Social Security E:\FR\FM\11MYR3.SGM 11MYR3 For Foreign Persons: Passport Number and ER11MY16.022</GPH> c. 29456 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations Address) Country of Issuance, or other similar identification number 1 Number (If no individual meets this definition, please write "Not Applicable.") d. The following information for one individual with significant responsibility for managing the legal entity listed above, such as: D An executive officer or senior manager (e.g., Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, Treasurer); or D Any other individual who regularly performs similar functions. (If appropriate, an individual listed under section (c) above may also be listed in this section (d)). Date of Birth Address (Residential or Business Street Address) For US. Persons: Social Security Number For Foreign Persons: Passport Number and Country of Issuance, or other similar identification number 1 I, (name of natural person opening account), hereby certify, to the best of my knowledge, that the information provided above is complete and correct. VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 PO 00000 Frm 00060 Fmt 4701 Sfmt 4725 E:\FR\FM\11MYR3.SGM 11MYR3 ER11MY16.023</GPH> mstockstill on DSK3G9T082PROD with RULES3 Name/Title Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations 3. The authority citation for part 1020 continues to read as follows: ■ Authority: 12 U.S.C. 1829b and 1951–1959; 31 U.S.C. 5311–5314 and 5316–5332; title III, sec. 314 Pub. L. 107–56, 115 Stat. 307. 4. Revise § 1020.210 to read as follows: ■ 5. The authority citation for part 1023 continues to read as follows: mstockstill on DSK3G9T082PROD with RULES3 Authority: 12 U.S.C. 1829b and 1951–1959; 31 U.S.C. 5311–5314 and 5316–5332; title III, sec. 314 Pub. L. 107–56, 115 Stat. 307. Jkt 238001 6. Revise § 1023.210 to read as follows: ■ A financial institution regulated by a Federal functional regulator that is not subject to the regulations of a selfregulatory organization shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if the financial institution implements and maintains an antimoney laundering program that: (a) Complies with the requirements of §§ 1010.610 and 1010.620 of this chapter; (b) Includes, at a minimum: (1) A system of internal controls to assure ongoing compliance; (2) Independent testing for compliance to be conducted by bank personnel or by an outside party; (3) Designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance; (4) Training for appropriate personnel; and (5) Appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to: (i) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (ii) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph (b)(5)(ii), customer information shall include information regarding the beneficial owners of legal 18:50 May 10, 2016 PART 1023—RULES FOR BROKERS OR DEALERS IN SECURITIES ■ § 1020.210 Anti-money laundering program requirements for financial institutions regulated only by a Federal functional regulator, including banks, savings associations, and credit unions. VerDate Sep<11>2014 entity customers (as defined in § 1010.230 of this chapter); and (c) Complies with the regulation of its Federal functional regulator governing such programs. § 1023.210 Anti-money laundering program requirements for brokers or dealers in securities. A broker or dealer in securities shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if the broker-dealer implements and maintains a written anti-money laundering program approved by senior management that: (a) Complies with the requirements of §§ 1010.610 and 1010.620 of this chapter and any applicable regulation of its Federal functional regulator governing the establishment and implementation of anti-money laundering programs; (b) Includes, at a minimum: (1) The establishment and implementation of policies, procedures, and internal controls reasonably designed to achieve compliance with the applicable provisions of the Bank Secrecy Act and the implementing regulations thereunder; (2) Independent testing for compliance to be conducted by the broker-dealer’s personnel or by a qualified outside party; (3) Designation of an individual or individuals responsible for implementing and monitoring the operations and internal controls of the program; (4) Ongoing training for appropriate persons; and (5) Appropriate risk-based procedures for conducting ongoing customer due PO 00000 Frm 00061 Fmt 4701 Sfmt 4700 diligence, to include, but not be limited to: (i) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (ii) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph (b)(5)(ii), customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230 of this chapter); and (c) Complies with the rules, regulations, or requirements of its selfregulatory organization governing such programs; provided that the rules, regulations, or requirements of the selfregulatory organization governing such programs have been made effective under the Securities Exchange Act of 1934 by the appropriate Federal functional regulator in consultation with FinCEN. PART 1024—RULES FOR MUTUAL FUNDS 7. The authority citation for part 1024 continues to read as follows: ■ Authority: 12 U.S.C. 1829b and 1951–1959; 31 U.S.C. 5311–5314 and 5316–5332; title III, sec. 314 Pub. L. 107–56, 115 Stat. 307. 8. Revise § 1024.210 to read as follows: ■ § 1024.210 Anti-money laundering program requirements for mutual funds. (a) Effective July 24, 2002, each mutual fund shall develop and implement a written anti-money laundering program reasonably designed to prevent the mutual fund from being used for money laundering or the financing of terrorist activities and to achieve and monitor compliance with the applicable requirements of the Bank Secrecy Act (31 U.S.C. 5311, et seq.), and the implementing regulations promulgated thereunder by the E:\FR\FM\11MYR3.SGM 11MYR3 ER11MY16.024</GPH> PART 1020—RULES FOR BANKS 29457 29458 Federal Register / Vol. 81, No. 91 / Wednesday, May 11, 2016 / Rules and Regulations mstockstill on DSK3G9T082PROD with RULES3 Department of the Treasury. Each mutual fund’s anti-money laundering program must be approved in writing by its board of directors or trustees. A mutual fund shall make its anti-money laundering program available for inspection by the U.S. Securities and Exchange Commission. (b) The anti-money laundering program shall at a minimum: (1) Establish and implement policies, procedures, and internal controls reasonably designed to prevent the mutual fund from being used for money laundering or the financing of terrorist activities and to achieve compliance with the applicable provisions of the Bank Secrecy Act and implementing regulations thereunder; (2) Provide for independent testing for compliance to be conducted by the mutual fund’s personnel or by a qualified outside party; (3) Designate a person or persons responsible for implementing and monitoring the operations and internal controls of the program; (4) Implement appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to: (i) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (ii) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph (b)(4)(ii), customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230 of this chapter). VerDate Sep<11>2014 18:50 May 10, 2016 Jkt 238001 PART 1026—RULES FOR FUTURES COMMISSION MERCHANTS AND INTRODUCING BROKERS IN COMMODITIES 9. The authority citation for part 1026 continues to read as follows: ■ Authority: 12 U.S.C. 1829b and 1951–1959; 31 U.S.C. 5311–5314 and 5316–5332; title III, sec. 314 Pub. L. 107–56, 115 Stat. 307. 10. Revise § 1026.210 to read as follows: ■ § 1026.210 Anti-money laundering program requirements for futures commission merchants and introducing brokers in commodities. A futures commission merchant and an introducing broker in commodities shall be deemed to satisfy the requirements of 31 U.S.C. 5318(h)(1) if the futures commission merchant or introducing broker in commodities implements and maintains a written anti-money laundering program approved by senior management that: (a) Complies with the requirements of §§ 1010.610 and 1010.620 of this chapter and any applicable regulation of its Federal functional regulator governing the establishment and implementation of anti-money laundering programs; (b) Includes, at a minimum: (1) The establishment and implementation of policies, procedures, and internal controls reasonably designed to prevent the financial institution from being used for money laundering or the financing of terrorist activities and to achieve compliance with the applicable provisions of the Bank Secrecy Act and the implementing regulations thereunder; (2) Independent testing for compliance to be conducted by the PO 00000 Frm 00062 Fmt 4701 Sfmt 9990 futures commission merchant or introducing broker in commodities’ personnel or by a qualified outside party; (3) Designation of an individual or individuals responsible for implementing and monitoring the operations and internal controls of the program; (4) Ongoing training for appropriate persons; (5) Appropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to: (i) Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (ii) Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. For purposes of this paragraph (b)(5)(ii), customer information shall include information regarding the beneficial owners of legal entity customers (as defined in § 1010.230 of this chapter); and (c) Complies with the rules, regulations, or requirements of its selfregulatory organization governing such programs, provided that the rules, regulations, or requirements of the selfregulatory organization governing such programs have been made effective under the Commodity Exchange Act by the appropriate Federal functional regulator in consultation with FinCEN. Dated: May 2, 2016. David R. Pearl, Executive Secretary, United States Department of the Treasury. [FR Doc. 2016–10567 Filed 5–6–16; 8:45 am] BILLING CODE C E:\FR\FM\11MYR3.SGM 11MYR3

Agencies

[Federal Register Volume 81, Number 91 (Wednesday, May 11, 2016)]
[Rules and Regulations]
[Pages 29397-29458]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-10567]



[[Page 29397]]

Vol. 81

Wednesday,

No. 91

May 11, 2016

Part III





 Department of the Treasury





-----------------------------------------------------------------------





 Financial Crimes Enforcement Network





-----------------------------------------------------------------------





31 CFR Parts 1010, 1020, 1023, et al.





Customer Due Diligence Requirements for Financial Institutions; Final 
Rule

Federal Register / Vol. 81 , No. 91 / Wednesday, May 11, 2016 / Rules 
and Regulations

[[Page 29398]]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Financial Crimes Enforcement Network

31 CFR Parts 1010, 1020, 1023, 1024, and 1026

RIN 1506-AB25


Customer Due Diligence Requirements for Financial Institutions

AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury.

ACTION: Final rules.

-----------------------------------------------------------------------

SUMMARY: FinCEN is issuing final rules under the Bank Secrecy Act to 
clarify and strengthen customer due diligence requirements for: Banks; 
brokers or dealers in securities; mutual funds; and futures commission 
merchants and introducing brokers in commodities. The rules contain 
explicit customer due diligence requirements and include a new 
requirement to identify and verify the identity of beneficial owners of 
legal entity customers, subject to certain exclusions and exemptions.

DATES: The final rules are effective July 11, 2016.
    Applicability Date: Covered financial institutions must comply with 
these rules by May 11, 2018.

FOR FURTHER INFORMATION CONTACT: FinCEN Resource Center at 1-800-767-
2825. Email inquiries can be sent to frc@fincen.gov.

SUPPLEMENTARY INFORMATION:

I. Executive Summary

A. Purpose of This Regulatory Action

    Covered financial institutions are not presently required to know 
the identity of the individuals who own or control their legal entity 
customers (also known as beneficial owners). This enables criminals, 
kleptocrats, and others looking to hide ill-gotten proceeds to access 
the financial system anonymously. The beneficial ownership requirement 
will address this weakness and provide information that will assist law 
enforcement in financial investigations, help prevent evasion of 
targeted financial sanctions, improve the ability of financial 
institutions to assess risk, facilitate tax compliance, and advance 
U.S. compliance with international standards and commitments.
    FinCEN believes that there are four core elements of customer due 
diligence (CDD), and that they should be explicit requirements in the 
anti-money laundering (AML) program for all covered financial 
institutions, in order to ensure clarity and consistency across 
sectors: (1) Customer identification and verification, (2) beneficial 
ownership identification and verification, (3) understanding the nature 
and purpose of customer relationships to develop a customer risk 
profile, and (4) ongoing monitoring for reporting suspicious 
transactions and, on a risk-basis, maintaining and updating customer 
information. The first is already an AML program requirement and the 
second will be required by this final rule. The third and fourth 
elements are already implicitly required for covered financial 
institutions to comply with their suspicious activity reporting 
requirements. The AML program rules for all covered financial 
institutions are being amended by the final rule in order to include 
the third and fourth elements as explicit requirements.
    FinCEN has the legal authority for this action in the Bank Secrecy 
Act (BSA), which authorizes FinCEN to impose AML program requirements 
on all financial institutions \1\ and to require financial institutions 
to maintain procedures to ensure compliance with the BSA and its 
implementing regulations or to guard against money laundering.\2\
---------------------------------------------------------------------------

    \1\ 31 U.S.C. 5318(h)(2).
    \2\ 31 U.S.C. 5318(a)(2).
---------------------------------------------------------------------------

B. Summary of the Major Provisions of the Rulemaking

1. Beneficial Ownership
    Beginning on the Applicability Date, covered financial institutions 
\3\ must identify and verify the identity of the beneficial owners of 
all legal entity customers (other than those that are excluded) at the 
time a new account is opened (other than accounts that are exempted). 
The financial institution may comply either by obtaining the required 
information on a standard certification form (Certification Form 
(Appendix A)) or by any other means that comply with the substantive 
requirements of this obligation. The financial institution may rely on 
the beneficial ownership information supplied by the customer, provided 
that it has no knowledge of facts that would reasonably call into 
question the reliability of the information. The identification and 
verification procedures for beneficial owners are very similar to those 
for individual customers under a financial institution's customer 
identification program (CIP),\4\ except that for beneficial owners, the 
institution may rely on copies of identity documents. Financial 
institutions are required to maintain records of the beneficial 
ownership information they obtain, and may rely on another financial 
institution for the performance of these requirements, in each case to 
the same extent as under their CIP rule.
---------------------------------------------------------------------------

    \3\ The term ``covered financial institution'' refers to: (i) 
Banks; (ii) brokers or dealers in securities; (iii) mutual funds; 
and (iv) futures commission merchants and introducing brokers in 
commodities.
    \4\ 31 CFR 1020.220, 1023.220, 1024.220, 1026.220.
---------------------------------------------------------------------------

    The terms used for the purposes of this final rule, including 
account, beneficial ownership, legal entity customer, excluded legal 
entities, new account, and covered financial institution, are set forth 
in the final rule.
    Financial institutions should use beneficial ownership information 
as they use other information they gather regarding customers (e.g., 
through compliance with CIP requirements), including for compliance 
with the Office of Foreign Assets Control (OFAC) regulations, and the 
currency transaction reporting (CTR) aggregation requirements.
2. Anti-Money Laundering Program Rule Amendments
    The AML program requirement for each category of covered financial 
institutions is being amended to explicitly include risk-based 
procedures for conducting ongoing customer due diligence, to include 
understanding the nature and purpose of customer relationships for the 
purpose of developing a customer risk profile.
    A customer risk profile refers to the information gathered about a 
customer at account opening used to develop a baseline against which 
customer activity is assessed for suspicious activity reporting. This 
may include self-evident information such as the type of customer or 
type of account, service, or product. The profile may, but need not, 
include a system of risk ratings or categories of customers.
    In addition, customer due diligence also includes conducting 
ongoing monitoring to identify and report suspicious transactions and, 
on a risk basis, to maintain and update customer information. For these 
purposes, customer information shall include information regarding the 
beneficial owners of legal entity customers (as defined in Sec.  
1010.230). The first clause of paragraph (ii) sets forth the 
requirement that financial institutions conduct monitoring to identify 
and report suspicious transactions. Because this includes transactions 
that are not of the sort the customer would be normally expected to 
engage, the customer risk profile information is used (among other 
sources) to identify such transactions. This information may be 
integrated into the financial institution's automated monitoring 
system, and may be used

[[Page 29399]]

after a potentially suspicious transaction has been identified, as one 
means of determining whether or not the identified activity is 
suspicious.
    When a financial institution detects information (including a 
change in beneficial ownership information) about the customer in the 
course of its normal monitoring that is relevant to assessing or 
reevaluating the risk posed by the customer, it must update the 
customer information, including beneficial ownership information. Such 
information could include, e.g., a significant and unexplained change 
in the customer's activity, such as executing cross-border wire 
transfers for no apparent reason or a significant change in the volume 
of activity without explanation. It could also include information 
indicating a possible change in the customer's beneficial ownership, 
because such information could also be relevant to assessing the risk 
posed by the customer. This applies to all legal entity customers, 
including those existing on the Applicability Date.
    This provision does not impose a categorical requirement that 
financial institutions must update customer information, including 
beneficial ownership information, on a continuous or periodic basis. 
Rather, the updating requirement is event-driven, and occurs as a 
result of normal monitoring.

C. Costs and Benefits

    This is a significant regulatory action pursuant to Executive Order 
12866 (``E.O. 12866'') because it is likely to result in a final rule 
that may have an annual effect on the economy of $100 million or more. 
Accordingly, FinCEN published for comment on December 24, 2015 a 
preliminary Regulatory Impact Assessment (RIA) for the proposed rule 
(80 FR 80308), which provided a quantitative estimate of the costs to 
the private sector for which adequate data are available and a 
qualitative discussion of both the costs and benefits for which data 
are not available. As a result of the comments submitted, FinCEN 
revised the preliminary RIA to include additional cost estimates \5\ 
and is publishing with this final rule a final RIA. The annualized 
quantified costs (under low cost scenarios) are estimated to be $153 
million (at a seven percent discount rate) and $148 million (at a three 
percent discount rate). The annualized quantified costs (under high 
cost scenarios) are estimated to be $287 million (at a seven percent 
discount rate) and $282 million (at a three percent discount rate). 
Because the benefits of the rule cannot be quantified, FinCEN has 
utilized a breakeven analysis to determine how large the final rule's 
benefits would have to be in order to justify its estimated costs. The 
RIA uses Treasury's estimate of $300 billion in illicit proceeds 
generated annually in the United States due to financial crimes, to 
determine the minimum level of effectiveness that the final rule would 
need to achieve for the benefits to equal the costs. Based on this 
analysis, using the upper bound of our cost assessment, FinCEN has 
concluded that the final rule would only have to reduce illicit 
activity by 0.6 percent to yield a positive net benefit. The Treasury 
Department believes that the final rule will reduce illicit activity by 
a greater amount than this.
---------------------------------------------------------------------------

    \5\ In the final RIA, we estimate that 10-year quantifiable 
costs range from $1.15 billion to $2.15 billion in present value 
using a seven percent discount rate, and from $1.3 billion to $2.5 
billion using a three percent discount rate.
---------------------------------------------------------------------------

II. Background

A. The Bank Secrecy Act

    FinCEN exercises regulatory functions primarily under the Currency 
and Foreign Transactions Reporting Act of 1970, as amended by the USA 
PATRIOT Act of 2001 (PATRIOT Act) and other legislation, which 
legislative framework is commonly referred to as the ``Bank Secrecy 
Act'' (BSA).\6\ The BSA authorizes the Secretary of the Treasury 
(Secretary) to require financial institutions to keep records and file 
reports that ``have a high degree of usefulness in criminal, tax, or 
regulatory investigations or proceedings, or in the conduct of 
intelligence or counterintelligence activities, including analysis, to 
protect against international terrorism.'' \7\
---------------------------------------------------------------------------

    \6\ The BSA is codified at 12 U.S.C. 1829b, 12 U.S.C. 1951-1959, 
18 U.S.C. 1956, 1957, and 1960, and 31 U.S.C. 5311-5314 and 5316-
5332 and notes thereto, with implementing regulations at 31 CFR 
chapter X. See 31 CFR 1010.100(e).
    \7\ 31 U.S.C. 5311.
---------------------------------------------------------------------------

    The Secretary has delegated to the Director of FinCEN the authority 
to implement, administer, and enforce compliance with the BSA and 
associated regulations.\8\ FinCEN is authorized to impose anti-money 
laundering (AML) program requirements on financial institutions,\9\ as 
well as to require financial institutions to maintain procedures to 
ensure compliance with the BSA and the regulations promulgated 
thereunder or to guard against money laundering.\10\
---------------------------------------------------------------------------

    \8\ Treasury Order 180-01 (July 1, 2014).
    \9\ 31 U.S.C. 5318(h)(2).
    \10\ 31 U.S.C. 5318(a)(2).
---------------------------------------------------------------------------

B. The Importance of Customer Due Diligence

    FinCEN, after consultation with the staffs of the Federal 
functional regulators and the Department of Justice, has determined 
that more explicit rules for covered financial institutions with 
respect to customer due diligence (CDD) are necessary to clarify and 
strengthen CDD within the BSA regime, which in turn will enhance 
financial transparency and help to safeguard the financial system 
against illicit use. Requiring financial institutions to perform 
effective CDD so that they understand who their customers are and what 
type of transactions they conduct is a critical aspect of combating all 
forms of illicit financial activity, from terrorist financing and 
sanctions evasion to more traditional financial crimes, including money 
laundering, fraud, and tax evasion. For FinCEN, the key elements of CDD 
include: (i) Identifying and verifying the identity of customers; (ii) 
identifying and verifying the identity of beneficial owners of legal 
entity customers (i.e., the natural persons who own or control legal 
entities); (iii) understanding the nature and purpose of customer 
relationships; and (iv) conducting ongoing monitoring. Collectively, 
these elements comprise the minimum standard of CDD, which FinCEN 
believes is fundamental to an effective AML program.
    Clarifying and strengthening CDD requirements for U.S. financial 
institutions, including with respect to the identification of 
beneficial owners, advance the purposes of the BSA by:
    (1) Enhancing the availability to law enforcement, as well as to 
the Federal functional regulators and self-regulatory organizations 
(SROs), of beneficial ownership information about legal entity 
customers obtained by U.S. financial institutions, which assists law 
enforcement financial investigations and a variety of regulatory 
examinations and investigations;
    (2) Increasing the ability of financial institutions, law 
enforcement, and the intelligence community to identify the assets and 
accounts of terrorist organizations, corrupt actors, money launderers, 
drug kingpins, proliferators of weapons of mass destruction, and other 
national security threats, which strengthens compliance with sanctions 
programs designed to undercut financing and support for such persons;
    (3) Helping financial institutions assess and mitigate risk, and 
comply with all existing legal requirements, including the BSA and 
related authorities;

[[Page 29400]]

    (4) Facilitating reporting and investigations in support of tax 
compliance, and advancing commitments made to foreign counterparts in 
connection with the provisions commonly known as the Foreign Account 
Tax Compliance Act (FATCA); \11\
---------------------------------------------------------------------------

    \11\ Officially the Hiring Incentives to Restore Employment Act 
of 2010, Public Law 111-147, 124 Stat. 71, Section 501(a).
---------------------------------------------------------------------------

    (5) Promoting consistency in implementing and enforcing CDD 
regulatory expectations across and within financial sectors; and
    (6) Advancing Treasury's broad strategy to enhance financial 
transparency of legal entities.
1. Assisting Financial Investigations by Law Enforcement
    The abuse of legal entities to disguise involvement in illicit 
financial activity is a longstanding vulnerability that facilitates 
crime, threatens national security, and jeopardizes the integrity of 
the financial system. Criminals have exploited the anonymity that use 
of legal entities can provide to engage in money laundering, 
corruption, fraud, terrorist financing, and sanctions evasion, among 
other financial crimes.
    There are numerous examples that Treasury has tracked as a part of 
its National Money Laundering Risk Assessment and Terrorist Financing 
Risk Assessment.\12\ For example, in 2013, prosecutors in New York 
indicted 34 alleged members of Russian-American organized crime groups, 
charging that they participated in a range of racketeering activities. 
One of the constituent racketeering enterprises was alleged to have 
moved millions of dollars in unlawful gambling proceeds through a 
network of shell companies \13\ in Cyprus and the United States.\14\ In 
2011, Federal prosecutors indicted 13 individuals for their alleged 
unlawful takeover and looting of a publicly-held mortgage company. Some 
of these defendants allegedly used the assets of the company to acquire 
shell companies, while other defendants are alleged to have further 
obscured the ownership of these companies through complex legal 
structures involving other shell companies.\15\ In 2006, prosecutors 
indicted a number of individuals for their roles in supporting a long-
running nationwide drug trafficking organization. The proceeds 
generated by this trafficking organization were laundered through 
numerous shell and shelf \16\ corporations created to provide 
apparently legitimate fronts for this income. These legal entities were 
further used to open accounts at financial institutions and hold title 
to property.\17\ Other examples cited by law enforcement officials 
include major drug trafficking organizations using shell companies to 
launder drug proceeds.\18\ In 2011, a World Bank report highlighted how 
corrupt actors consistently abuse legal entities to conceal the 
proceeds of corruption, which the report estimates to aggregate at 
least $40 billion per year in illicit activity.\19\ Other criminals 
also make aggressive use of front companies,\20\ which may also conduct 
legitimate business activity, to disguise the deposit, withdrawal, or 
transfer of illicit proceeds that are intermingled with legitimate 
funds.
---------------------------------------------------------------------------

    \12\ U.S. Dep't of the Treasury, National Money Laundering Risk 
Assessment (2015), available at https://www.treasury.gov/resource-center/terrorist-illicit-finance/Documents/National%20Money%20Laundering%20Risk%20Assessment%20%E2%80%93%2006-12-2015.pdf; U.S. Dep't of the Treasury, National Terrorist 
Financing Risk Assessment (2015), available at https://www.treasury.gov/resource-center/terrorist-illicit-finance/Documents/National%20Terrorist%20Financing%20Risk%20Assessment%20%E2%80%93%2006-12-2015.pdf.
    \13\ A shell company is a legal entity that has been registered 
with a state but has no physical operations or assets. Shell 
companies can serve legitimate purposes, such as holding financial 
assets or other property, but can also be used to conceal the 
source, ownership, or control of illegal proceeds. U.S. Dep't of the 
Treasury, National Money Laundering Risk Assessment at 43.
    \14\ Id. at 20.
    \15\ Id.
    \16\ A shelf corporation is a legal entity that has been 
registered with a state but not yet used for any purpose; it has 
instead been kept on the ``shelf'' for a buyer who does not want to 
go through the process of creating a new legal entity. Id.
    \17\ Id. at 44.
    \18\ Combating Transnational Organized Crime: International 
Money Laundering as a Threat to Our Financial System, Before the 
Subcommittee on Crime, Terrorism, and Homeland Security, H. Comm. on 
the Judiciary, 112th Cong. (February 8, 2012) (statement of Jennifer 
Shasky Calvery as Chief, Asset Forfeiture and Money Laundering 
Section, Criminal Division of the U.S. Department of Justice).
    \19\ The Puppet Masters: How the Corrupt Use Legal Structures to 
Hide Stolen Assets and What to Do About It, The International Bank 
for Reconstruction and Development/The World Bank (2011).
    \20\ A front company is a legitimate business that combines 
illicit proceeds with earnings from its legitimate operations, 
thereby obscuring the source of the illegitimate funds. See U.S. 
Dep't of the Treasury, National Money Laundering Risk Assessment at 
43.
---------------------------------------------------------------------------

    Strong CDD practices that include identifying and verifying the 
identity of the natural persons who own or control a legal entity--
i.e., the beneficial owners--help defend against these abuses in a 
variety of ways. The collection of beneficial ownership information by 
financial institutions can provide law enforcement with key details 
about suspected criminals who use legal structures to conceal their 
illicit activity and assets. Moreover, requiring legal entities seeking 
access to financial institutions to disclose identifying information, 
such as the name, date of birth, and Social Security number of natural 
persons who own or control them, will make such entities more 
transparent, and thus less attractive to criminals and those who assist 
them. Even if an illicit actor tries to thwart such transparency by 
providing false beneficial ownership information to a financial 
institution, law enforcement has advised FinCEN that such information 
can still be useful in demonstrating unlawful intent and in generating 
leads to identify additional evidence or co-conspirators.
2. Advancing Counterterrorism and Broader National Security Interests
    As noted, criminals often abuse legal entities to evade sanctions 
or other targeted financial measures designed to combat terrorism and 
other national security threats. The success of such targeted financial 
measures depends, in part, on the ability of financial institutions, 
law enforcement, and intelligence agencies to identify a target's 
assets and accounts. These measures are thwarted when legal entities 
are abused to obfuscate ownership interests. Effective CDD helps 
prevent such abuses by requiring the collection of critical 
information, including beneficial ownership information, which may be 
helpful in implementing sanctions or other similar measures.
3. Improving a Financial Institution's Ability To Assess and Mitigate 
Risk
    Explicit CDD requirements would also enable financial institutions 
to assess and mitigate risk more effectively in connection with 
existing legal requirements. It is through CDD that financial 
institutions are able to understand the risks associated with their 
customers, to monitor accounts more effectively, and to evaluate 
activity to determine whether it is unusual or suspicious, as required 
under suspicious activity reporting obligations.\21\ Further, in the 
event that a financial institution files a suspicious activity report 
(SAR), information gathered through CDD in many instances can enhance 
SARs, which in turn can help law enforcement, intelligence, national 
security, and tax authorities investigate and pursue illicit financing 
activity.
---------------------------------------------------------------------------

    \21\ See, e.g., 31 CFR 1020.320.

---------------------------------------------------------------------------

[[Page 29401]]

4. Facilitating Tax Compliance
    Customer due diligence also facilitates tax reporting, 
investigations and compliance. For example, information held by banks 
and other financial institutions about the beneficial ownership of 
companies can be used to assist law enforcement in identifying the true 
owners of assets and their true tax liabilities. The United States has 
long been a global leader in establishing and promoting the adoption of 
international standards for transparency and information exchange to 
combat cross-border tax evasion and other financial crimes. 
Strengthening CDD is an important part of that effort, and it will 
dovetail with other efforts to create greater transparency, some of 
which are longstanding, such as the United States' commitments to 
exchanging information with other jurisdictions under its tax treaties 
and tax information exchange agreements, and others of which are new, 
such as the information reporting requirements under FATCA.\22\ FATCA 
requires foreign financial institutions to identify U.S. account 
holders, including legal entities with substantial U.S. ownership, and 
to report certain information about those accounts to the Internal 
Revenue Service (IRS).\23\ The United States has negotiated with 
foreign governments to enter into intergovernmental agreements that 
facilitate the effective implementation of these requirements. These 
agreements allow foreign financial institutions to rely on existing AML 
practices in a number of circumstances, including, in the case of the 
intergovernmental agreements, for purposes of determining whether 
certain legal entity customers are controlled by U.S. persons. Pursuant 
to many of these agreements, the United States has committed to 
pursuing equivalent levels of reciprocal automatic information exchange 
with respect to collecting and reporting to the authorities of the 
FATCA partner jurisdiction information on the U.S. financial accounts 
of residents of that jurisdiction. A general requirement for U.S. 
financial institutions to obtain beneficial ownership information for 
AML purposes advances this commitment, and puts the United States in a 
better position to work with foreign governments to combat offshore tax 
evasion and other financial crimes.
---------------------------------------------------------------------------

    \22\ Hiring Incentives to Restore Employment Act of 2010, Public 
Law 111-147, Section 501(a).
    \23\ See generally Internal Revenue Service, ``Regulations 
Relating to Information Reporting by Foreign Financial Institutions 
and Withholding on Certain Payments to Foreign Financial 
Institutions and Other Foreign Entities,'' RIN 1545-BK68 (January 
28, 2013), available at https://www.irs.gov/PUP/businesses/corporations/TD9610.pdf. For further updates on FATCA regulations, 
see https://www.irs.gov/Businesses/Corporations/Foreign-Account-Tax-Compliance-Act-(FATCA).
---------------------------------------------------------------------------

5. Promoting Clear and Consistent Expectations and Practices
    Customer due diligence is universally recognized as fundamental to 
mitigating illicit finance risk, even though not all financial 
institutions use the specific term ``customer due diligence'' to 
describe their practices. While Treasury understands from its outreach 
to the private sector that financial institutions broadly accept this 
principle and implement CDD practices in some form under a risk-based 
approach, financial institutions have expressed disparate views about 
what precise activities CDD entails. At public hearings held after the 
closing of the comment period to the Advance Notice of Proposed 
Rulemaking (ANPRM),\24\ discussed below, financial institutions 
described widely divergent CDD practices, especially with respect to 
identifying and verifying the identities of beneficial owners outside 
of limited circumstances prescribed by statute.\25\ For example, during 
one of these hearings, FinCEN learned that some financial institutions 
already obtain beneficial ownership information in all circumstances, 
while others obtain this information only for certain categories of 
customers or following a triggering event. Institutions also identified 
a range of practices, from varied percentage of ownership thresholds, 
to the extent of information collected (e.g., only the name of the 
beneficial owner(s) versus collection of additional information, such 
as addresses, etc.).\26\
---------------------------------------------------------------------------

    \24\ Financial Crimes Enforcement Network (FinCEN), ``Customer 
Due Diligence Requirements for Financial Institutions,'' 77 FR 13046 
(March 5, 2012).
    \25\ See, e.g., FinCEN, Summary of Public Hearing: Advance 
Notice of Proposed Rulemaking on Customer Due Diligence (October 5, 
2012), available at https://www.fincen.gov/whatsnew/html/20121130NYC.html. (``Participants expressed varied views as to 
whether, how and in what circumstances, financial institutions 
obtain beneficial ownership information.'').
    \26\ Id.
---------------------------------------------------------------------------

    FinCEN believes that this disparity adversely affects efforts to 
mitigate risk and can promote an uneven playing field across and within 
financial sectors. Financial institutions have noted that unclear CDD 
expectations can result in inconsistent regulatory examinations, 
potentially causing them to devote their limited resources to managing 
derivative legal risk rather than fundamental illicit finance risk. 
Private sector representatives have also noted that inconsistent 
expectations can effectively discourage best practices, because 
financial institutions with robust compliance procedures may believe 
that they risk losing customers to other institutions with more lax 
procedures. Greater consistency across the financial system addresses 
this competitive inequality.
    Providing a consolidated and clear CDD framework will help address 
these issues. As part of this framework, expressly stating CDD 
requirements in these regulations with respect to (i) understanding the 
nature and purpose of customer relationships and (ii) conducting 
ongoing monitoring will facilitate more consistent implementation, 
examination, supervision and enforcement of these expectations. With 
respect to the beneficial ownership requirement, requiring all covered 
financial institutions to identify and verify the identities of 
beneficial owners in the same manner and pursuant to the same 
definition also promotes consistency across industry. Requiring covered 
financial institutions to operate under one clear CDD framework will 
promote a more level playing field across and within financial sectors.
6. Advancing Treasury's Broad Strategy To Enhance Financial 
Transparency of Legal Entities
    Finally, clarifying and strengthening CDD is an important component 
of Treasury's broader three-part strategy to enhance financial 
transparency of legal entities. Other key elements of this strategy 
include: (i) Increasing the transparency of U.S. legal entities through 
the collection of beneficial ownership information at the time of the 
legal entity's formation and (ii) facilitating global implementation of 
international standards regarding CDD and beneficial ownership of legal 
entities.
    This final rule thus complements the Administration's ongoing work 
with Congress to facilitate adoption of legislation that would require 
the collection of beneficial ownership information at the time that 
legal entities are formed in the United States. This final rule also 
advances Treasury's ongoing work with the Group of Twenty Finance 
Ministers and Central Bank Governors (G-20), the Financial Action Task 
Force (FATF), the Global Forum on Transparency and Exchange of 
Information for Tax Purposes, and other global partners, who have 
emphasized the importance of improving CDD practices and requiring the 
disclosure of beneficial ownership information at the time of company 
formation or transfer. Moreover, this proposal furthers the

[[Page 29402]]

United States' Group of Eight (G-8) commitment as set forth in the 
United States G-8 Action Plan for Transparency of Company Ownership and 
Control, published on June 18, 2013.\27\ This Action Plan is in line 
with principles agreed to by the G-8, which the Administration noted 
``are crucial to preventing the misuse of companies by illicit 
actors.'' \28\ It is also found in the U.S. Action Plan to Implement 
the G-20 High Level Principles on Beneficial Ownership, published on 
October 16, 2015.\29\ While these elements are all proceeding 
independently, together they make up a comprehensive approach to 
promoting financial transparency of legal entities.
---------------------------------------------------------------------------

    \27\ United States G-8 Action Plan for Transparency of Company 
Ownership and Control, available at https://www.whitehouse.gov/the-press-office/2013/06/18/united-states-g-8-action-plan-transparency-company-ownership-and-control.
    \28\ White House Fact Sheet: U.S. National Action Plan on 
Preventing the Misuse of Companies and Legal Arrangements (June 18, 
2013), available at https://www.whitehouse.gov/the-press-office/2013/06/18/fact-sheet-us-national-action-plan-preventing-misuse-companies-and-legal.
    \29\ U.S. Action Plan to Implement the G-20 High Level 
Principles on Beneficial Ownership, available at https://www.whitehouse.gov/blog/2015/10/16/us-action-plan-implement-g-20-high-level-principles-beneficial-ownership.
---------------------------------------------------------------------------

C. The Advance Notice and Notice of Proposed Rulemaking

    FinCEN initiated this rulemaking process in March 2012 by issuing 
an ANPRM that described FinCEN's potential proposal for codifying 
explicit CDD requirements, including customer identification and 
verification, understanding the nature and purpose of accounts, ongoing 
monitoring, and obtaining and verifying beneficial ownership 
information.\30\ FinCEN received 90 comments, mostly from banks, credit 
unions, securities and futures firms, mutual funds, casinos, and money 
services businesses. In general, these commenters raised concerns about 
the potential costs and practical challenges associated with a 
categorical requirement to obtain beneficial ownership information. 
They also expressed concerns with respect to FinCEN's articulation of 
the other components of CDD (understanding the nature and purpose of 
customer relationships and ongoing monitoring), asserting that, 
contrary to FinCEN's stated intention, these would in part be new 
requirements rather than an explicit codification of pre-existing 
obligations. To better understand and address these concerns, Treasury 
held five public hearings from July to December 2012 in Washington, DC, 
Chicago, New York, Los Angeles and Miami.\31\ At these meetings, 
participants expressed their views on the ANPRM and offered specific 
recommendations about how best to balance the benefits with the 
practical burdens associated with obtaining beneficial ownership 
information. These discussions were critical in the development of the 
Notice of Proposed Rulemaking (NPRM) issued on August 4, 2014 (79 FR 
45151).
---------------------------------------------------------------------------

    \30\ Two years prior to that, in March 2010, FinCEN, along with 
several other agencies, published Joint Guidance on Obtaining and 
Retaining Beneficial Ownership Information, FIN-2010-G001 (March 5, 
2010). Industry reaction to this guidance is one reason that FinCEN 
sought to further clarify CDD requirements by making them explicit 
within FinCEN's regulations.
    \31\ Summary of Public Hearing: Advance Notice of Proposed 
Rulemaking on Customer Due Diligence (July 31, 2012), available at 
https://www.regulations.gov/#!documentDetail;D=FINCEN-2012-0001-0094; 
Summary of Public Hearing: Advance Notice of Proposed Rulemaking on 
Customer Due Diligence (September 28, 2012), available at https://www.fincen.gov/whatsnew/html/20121130CHI.html; Summary of Public 
Hearing: Advance Notice of Proposed Rulemaking on Customer Due 
Diligence (October 5, 2012), available at https://www.fincen.gov/whatsnew/html/20121130NYC.html; Summary of Public Hearing: Advance 
Notice of Proposed Rulemaking on Customer Due Diligence (October 29, 
2012), available at https://www.fincen.gov/whatsnew/html/20121130LA.html; Summary of Public Hearing: Advance Notice of 
Proposed Rulemaking on Customer Due Diligence (December 3, 2012), 
available at https://www.fincen.gov/whatsnew/pdf/SummaryofHearing-MiamiDec3.pdf.
---------------------------------------------------------------------------

    The NPRM proposed a new requirement for covered financial 
institutions to identify the natural person or persons who are 
beneficial owners of legal entity customers opening new accounts, 
subject to certain exemptions, and to verify the identity of the 
natural person(s) identified. As proposed, a covered financial 
institution would satisfy this requirement at the time a new account is 
opened by obtaining information on a standard certification form 
directly from the individual opening the new account on behalf of the 
legal entity customer, and by verifying the identity of the natural 
person(s) identified consistent with existing customer identification 
program (CIP) procedures for verifying the identity of customers who 
are natural persons. The NPRM thus sought to facilitate this proposed 
new requirement by leveraging the CIP procedures that have been 
required of all covered financial institutions since 2003. The NPRM 
also proposed that the AML program requirements for all types of 
covered financial institutions be amended to include appropriate risk-
based procedures for conducting ongoing due diligence, to include: (i) 
Understanding the nature and purpose of customer relationships in order 
to develop a customer risk profile; and (ii) conducting ongoing 
monitoring to maintain and update customer information and to identify 
and report suspicious transactions. FinCEN viewed this part of the 
rulemaking as not imposing new requirements, but rather making explicit 
the activities that covered financial institutions are already expected 
to undertake, based on guidance and supervisory expectations, in order 
to satisfy their existing obligations to detect and report suspicious 
activities.

D. Summary of Comments

    In response to the NPRM, FinCEN received 141 comments from 
financial institutions, trade associations, Federal and State agencies, 
non-governmental organizations, members of Congress, and other 
individuals. The great majority of the private sector commenters, which 
were primarily banks, credit unions, and their trade associations, 
asserted that the proposed beneficial ownership requirement would be 
very burdensome to implement and require more than the proposed 12 
months, would be far more expensive than estimated by FinCEN, and would 
not achieve the proposal's expressed goals.
    The commenters addressed many aspects of the proposed beneficial 
ownership requirement, including the use of the proposed certification 
form; the extent to which a covered financial institution may rely on 
the information provided by the customer; the meaning of verification 
and the extent to which it would be required; the application of the 
requirement to existing customers; the extent to which the information 
would need to be updated; and the definitions of beneficial ownership 
and legal entity customer and the proposed exclusions from those 
definitions.
    Commenters raised a number of questions regarding the proposed 
certification form, including whether beneficial owner information must 
be obtained through the certification form or could be obtained by 
other means; whether the certification form should be an official 
government form; and who is authorized to sign the certification form 
on behalf of the customer. Many urged FinCEN to treat the receipt of 
the certification form as a ``safe harbor,'' similar to the treatment 
of the certification used for compliance with the foreign shell bank 
regulation.\32\ Commenters submitted several other comments and 
suggestions regarding the information to be included in the 
certification form.
---------------------------------------------------------------------------

    \32\ 31 CFR 1010.630(b).
---------------------------------------------------------------------------

    Many commenters sought clarification regarding the verification 
requirement

[[Page 29403]]

and the extent to which a financial institution may rely on the 
information submitted by its customer. Financial institutions also 
pointed out that there would be difficulties with adopting 
``identical'' procedures to those used for verifying the identity of 
individual customers as done for CIP. Moreover, many commenters noted 
the practical difficulties resulting from the fact that there is no 
authoritative source for beneficial ownership information of legal 
entities, as there is no requirement for U.S. States to collect this 
information at the time a company is formed. Commenters also sought 
guidance regarding how they should utilize the beneficial ownership 
information once collected and how its availability would impact 
compliance with other obligations.
    While many private sector commenters noted that the proposed 
definition of beneficial owner was an improvement over the definition 
discussed in the ANPRM, some sought greater clarity about the meaning 
of ``indirect'' ownership and guidance regarding how the percentage of 
ownership held indirectly should be measured in specific situations, as 
well as clarification of the meaning of ``equity interest.'' They also 
suggested eliminating any reference to using a 10 percent threshold on 
a risk basis, so as to reduce the likelihood of examiners requiring a 
threshold lower than the 25 percent specified in the proposed rule. On 
the other hand, non-governmental organizations and many individuals 
asserted that the proposed 25 percent ownership threshold is too high 
and that it should be lowered to 10 percent (or eliminated entirely) in 
the final rule.
    A number of commenters urged clarification of the proposed 
definition of ``legal entity customer,'' and many urged expansion of 
the proposed exclusions from the definition to include, for example, 
accounts opened to participate in employee benefit plans subject to the 
Employee Retirement Income Security Act of 1974 (ERISA) and accounts 
for foreign publicly traded companies, regulated financial 
institutions, and governmental entities. Many commenters also noted 
difficulties in applying the proposed exclusion for nonprofits and 
urged FinCEN to simplify it. Commenters also sought clarification 
regarding whether beneficial ownership would need to be obtained each 
time a legal entity customer opens a new account after the rule's 
compliance deadline, and to what extent the information would need to 
be updated. Some commenters also sought to exempt from the beneficial 
ownership requirement certain categories of financial products that 
they contended presented a low risk of money laundering.
    Many comments also addressed the proposed amendments to the AML 
program rules, including urging FinCEN to clarify the proposed 
requirement to understand the nature and purpose of the customer 
relationship and the meaning of ``customer risk profile'' and of the 
proposed requirement to conduct ongoing monitoring to update customer 
information, separate from monitoring to detect and report suspicious 
activity. Some commenters representing the securities and futures 
industries asserted that, contrary to assumptions in the NPRM, these 
are not in fact existing requirements in those industries, and that 
such requirements would be burdensome and of little utility. Some 
commenters also questioned statements in the preamble that the proposed 
requirements would not reduce or limit the due diligence expectations 
of the Federal functional regulators or their regulatory discretion, 
asserting that such an approach would undermine the clarity and 
consistency that FinCEN is seeking to provide by the proposed rules. 
Finally, a great majority of the comments stated that the proposed 12-
month implementation period following issuance of a final rule would 
not be adequate to implement the necessary modifications to their data 
systems, customer on-boarding procedures, employee training, and other 
requirements, and sought a period of at least 18-24 months.
    Based on the comments addressing the potential cost of implementing 
the requirement, FinCEN conducted outreach to a number of the financial 
institution commenters to obtain additional information regarding the 
anticipated costs of implementing the proposed requirements. As a 
result of the limited information received from these discussions, 
Treasury prepared a preliminary Regulatory Impact Assessment (RIA) that 
was made available for comment on December 24, 2015 (80 FR 80308). 
FinCEN received 38 comments on this preliminary assessment; a summary 
of the comments we received and the final RIA is included in the 
Regulatory Analysis section of this preamble.
    All of the substantive comments received on the NPRM, FinCEN's 
response, and resulting modifications to the final rule are discussed 
in detail in the following Section-by-Section Analysis. However, we 
first address certain general comments.

E. General Comments

    Regulatory deference. Commenters raised a number of general 
comments regarding this rulemaking. Several commenters took issue with 
the following statement in the NPRM (which we reiterate here as 
modified for this final rule).\33\
---------------------------------------------------------------------------

    \33\ The original statement can be found at 79 FR 45152 (Aug. 4, 
2014).

    Nothing in this final rule is intended to lower, reduce, or 
limit the due diligence expectations of the Federal functional 
regulators or in any way limit their existing regulatory discretion. 
To clarify this point, the final rule incorporates the CDD elements 
on nature and purpose and ongoing monitoring into FinCEN's existing 
AML program requirements, which generally provide that an AML 
program is adequate if, among other things, the program complies 
with the regulation of its Federal functional regulator (or, where 
applicable, self-regulatory organization (SRO)) governing such 
programs.\34\ In addition, the Treasury Department intends for the 
requirements contained in the customer due diligence and beneficial 
ownership final rules to be consistent with, and not to supersede, 
any regulations, guidance or authority of any Federal banking 
agency, the Securities and Exchange Commission (SEC), the Commodity 
Futures Trading Commission (CFTC), or of any SRO relating to 
customer identification, including with respect to the verification 
of the identities of legal entity customers.
---------------------------------------------------------------------------

    \34\ See, e.g., 31 CFR 1020.210, which currently provides that a 
financial institution regulated by a Federal functional regulator 
that is not subject to the regulations of a self-regulatory 
organization shall be deemed to satisfy the requirements of 31 
U.S.C. 5318(h)(1) if it implements and maintains an anti-money 
laundering program that complies with the regulation of its Federal 
functional regulator governing such programs. (emphasis added).

    These commenters contended, among other things, that these 
statements were unduly deferential to the Federal functional 
regulators, and would serve to undermine rather than promote clear and 
consistent CDD standards across financial sectors. They accordingly 
urged FinCEN to strike this language from the final rulemaking.
    FinCEN appreciates the concerns about uneven and inconsistent 
application of CDD standards that underlie these comments, but 
nevertheless believes that these statements are an important 
articulation of FinCEN's understanding of what it is--and is not--
accomplishing by this rulemaking. At their core, these statements in 
the NPRM and this final rule preamble articulate the nature of the 
relationship of FinCEN's rulemaking authority with that of the Federal 
functional regulators \35\--that is, as with

[[Page 29404]]

all BSA rulemakings, FinCEN determines the appropriate minimum 
regulatory standards that should apply across an industry. From that 
baseline, the Federal functional regulators have authority to establish 
AML program requirements in addition to those established by FinCEN 
that they determine are necessary and appropriate to address risk or 
vulnerabilities specific to the financial institutions they regulate. 
This is particularly true within the context of separate but related 
concerns that exist for these institutions beyond the strict scope of 
AML, such as in the area of safety and soundness. These statements 
simply reflect this basic reality of the existing regulatory framework. 
Furthermore, as we have maintained throughout this rulemaking process, 
one of our overarching goals was to clarify and harmonize expectations 
while at the same time minimizing disruption to the greatest extent 
possible. Accordingly, we believe that it is critical to make clear--
especially with respect to the changes to the AML program rules--that 
these standards simply articulate current practices pursuant to 
existing standards and expectations, in order to facilitate 
implementation and minimize the burden on financial institutions. We 
believe that leveraging the experience accrued from interpretation of 
and compliance with prior regulations and guidance that have already 
been issued in this space will be a net benefit to financial 
institutions. As FinCEN explained in the proposal, these requirements 
represent a floor, not a ceiling, and, consistent with the risk-based 
approach, financial institutions may do more in circumstances of 
heightened risk, as well as to mitigate risks generally.
---------------------------------------------------------------------------

    \35\ Where appropriate, working closely with Federal functional 
regulators may involve consulting with the applicable SROs in the 
securities and futures/commodities industries.
---------------------------------------------------------------------------

    Compliance Deadline. Most commenters strongly opposed FinCEN's 
proposal for a compliance deadline of one year from the date the final 
rule is issued, identifying a wide range of changes to systems and 
processes that would be required in order to implement the rule. Many 
of these commenters requested that FinCEN provide financial 
institutions two years to implement the final rule. Based on the well-
founded, detailed explanations put forth by these commenters of the 
difficulties that would arise from a one-year implementation period, 
FinCEN is extending the period for implementation to two years from the 
date this final rule is issued (the Applicability Date).

III. Section-by-Section Analysis

Section 1010.230 Beneficial Ownership Requirements for Legal Entity 
Customers

    Section 1010.230(a) In general. As proposed, this paragraph 
delineated in broad terms the scope of the beneficial ownership 
obligation--i.e., that covered financial institutions are required to 
establish and maintain written procedures reasonably designed to 
identify and verify the identities of beneficial owners of legal entity 
customers. There were no significant objections to this general 
formulation, and we are adopting it as proposed, with the addition that 
the procedures adopted will be included in the institution's AML 
program.
    Several commenters questioned the efficacy of having financial 
institutions collect beneficial ownership information, contending that 
State government offices responsible for the formation and registration 
of legal entities and/or the IRS would be better suited to collect this 
information due to their roles in the company formation process. 
Although FinCEN supports the collection of beneficial ownership 
information in these other circumstances as well, it does not believe 
that such collection would replace the independent obligation of 
financial institutions to collect this information. As described above, 
we view this rulemaking as but one part of Treasury's comprehensive 
strategy to enhance financial transparency in the U.S. financial system 
and worldwide, and we believe the beneficial ownership requirement for 
financial institutions would be necessary even if these other measures 
were already in place. One of the principal rationales for this new 
requirement is that financial institutions should know who their 
customers are to help them more effectively mitigate risks. This 
requirement is therefore separate from a policy objective of requiring 
States to obtain beneficial ownership information from the legal 
entities they create at the time of formation and upon specified 
circumstances thereafter (although none currently have such 
requirements). Presently, corporate laws and regulations differ from 
State to State, and from FinCEN's regulations, but generally do not 
require information regarding beneficial ownership. Thus, the 
information that will be provided under FinCEN's regulations will 
significantly augment information presently available to law 
enforcement from State authorities, thereby improving the overall 
investigative, regulatory, and prosecutorial processes.
    In the NPRM, FinCEN proposed that the beneficial ownership 
requirement would apply only with respect to legal entity customers 
that open new accounts going forward from the date of implementation, 
noting that many commenters to the ANPRM viewed a retroactive 
requirement to obtain beneficial ownership information for all existing 
accounts as extremely burdensome. We received comments reflecting a 
wide range of views on this subject. The vast majority of commenters 
who addressed this issue reiterated this objection to retroactive 
application of the beneficial ownership obligation. A few commenters, 
however, urged FinCEN to require covered financial institutions to 
collect beneficial ownership information on existing accounts on a 
categorical basis, while some others thought that financial 
institutions should collect this information retroactively for all 
higher risk customers.
    We decline to impose a categorical, retroactive requirement. Based 
on our understanding of the significant changes to processes and 
systems that will be required to implement this requirement simply on a 
prospective basis, we believe that retroactive application would be 
unduly burdensome. As we noted in the proposal, the absence of a 
categorical mandate to apply the requirement retroactively would not 
preclude financial institutions from deciding that collecting 
beneficial ownership information on some customers on a risk basis 
during the course of monitoring may be appropriate for their 
institution. In our assessment, we have concluded that financial 
institutions should obtain beneficial ownership information from 
customers existing on the Applicability Date when, in the course of 
their normal monitoring, the financial institution detects information 
relevant to assessing or reevaluating the risk of such customer (as 
more fully described in the sections below addressing the amended AML 
program requirements).
    Section 1010.230(b) Identification and Verification. In the NPRM, 
FinCEN proposed that covered financial institutions be required to 
develop customer due diligence procedures that enabled institutions to 
(1) identify the beneficial owner(s) of legal entity customers by 
collecting a mandatory certification form provided by the individual 
opening the account on behalf of the legal entity customer; and (2) 
verify the identity of the identified beneficial owner(s) according to 
risk-based procedures that are, at a minimum, identical to the 
institutions' CIP procedures required for verifying

[[Page 29405]]

the identity of customers that are individuals.
    Section 1010.230(b)(1). The NPRM proposed to require the use of a 
standard certification form (Certification Form) in order to, among 
other purposes, promote consistent practices and regulatory 
expectations, reduce compliance burden, and provide a uniform customer 
experience across much of the U.S. financial system. To facilitate 
institutions' abilities to rely upon the Certification Form, the 
proposed Certification Form included a section that required the 
individual opening the account on behalf of a legal entity customer to 
certify that the information provided on the form is true and accurate 
to the best of his or her knowledge. Commenters raised a number of 
issues regarding this proposed requirement. Some commenters asked 
whether the Certification Form must be used to obtain the information, 
whether the Certification Form should be an official government form, 
and what individuals representing the customer would be authorized to 
provide the Certification Form. Several commenters urged a variety of 
changes to the fields on the Certification Form in order to conform it 
more closely to current CIP requirements, to otherwise facilitate use 
of the form, and to promote other regulatory goals. Some commenters 
also urged FinCEN to provide a safe harbor to institutions that use the 
model Certification Form adopted in the final rule akin to, for 
example, the safe harbor provided for foreign bank certifications.\36\
---------------------------------------------------------------------------

    \36\ 31 CFR 1010.630(b).
---------------------------------------------------------------------------

    The comments FinCEN received related to the Certification Form 
varied widely. Some commenters urged FinCEN to make the Certification 
Form an official U.S. Government document, with the certification made 
under the penalty of perjury (rather than only to the best of the 
knowledge of the certifying party), and a few commenters thought that 
the Certification Form should be notarized. However, many commenters 
requested that the proposed Certification Form be permissive rather 
than mandatory, and that financial institutions be permitted to obtain 
the information through their standard account opening process without 
utilizing the Certification Form. A few commenters thought that the 
person opening the account should be required to have actual personal 
knowledge of the information provided on the Certification Form, or 
that the certification should take the form of a resolution ratified or 
adopted by the legal entity's board or governing body. These commenters 
thought that a Certification Form without attestation requirements more 
substantial than those in the proposal would reduce accountability for 
false representations on the Certification Form.
    As noted above, a primary reason that FinCEN proposed the Form was 
to balance the benefits and burdens of this new requirement to the 
financial institution and its customers with the benefits to law 
enforcement and regulatory authorities. We also note that in the case 
of many legal entities that are small businesses, the natural person 
opening the account will often be one of the beneficial owners, who 
would have direct knowledge of the beneficial ownership information of 
the legal entity customer. FinCEN understands that many institutions 
obtain and maintain customer data electronically rather than in paper 
form to the greatest extent possible, and that mandating the use and 
retention of a specific form would require significant technological 
and operational changes that could be costly and challenging to 
implement for some financial institutions. We have therefore amended 
the final rule to permit, but not require, financial institutions to 
use the Certification Form to collect beneficial ownership information. 
Accordingly, in the final rule, Sec.  1010.230(b)(1) is revised to 
state that covered financial institutions must identify the beneficial 
owner(s) of each legal entity customer at the time a new account is 
opened, unless the customer is otherwise excluded or the account is 
exempted. A covered financial institution may accomplish this either by 
obtaining certification in the form of appendix A of the section from 
the individual opening the account on behalf of the legal entity 
customer, or by obtaining from the individual the information required 
by the form by another means, provided the individual certifies, to the 
best of the individual's knowledge, the accuracy of the 
information.\37\
---------------------------------------------------------------------------

    \37\ This revision will also require a corresponding change to 
the Recordkeeping subsection, described in greater detail below.
---------------------------------------------------------------------------

    Thus, covered financial institutions can satisfy this requirement 
through (1) the use of FinCEN's Certification Form; (2) the use of the 
financial institution's own forms, so long as they meet the 
requirements of Sec.  1010.230(b)(1); or (3) any other means that 
satisfy the substantive requirements of Sec.  1010.230(b)(1). These 
records may be retained electronically and incorporated into existing 
databases as a part of financial institutions' overall management of 
customer files, and covered financial institutions will have 
flexibility in integrating the beneficial ownership information 
requirement into existing systems and processes. The certification of 
accuracy by the individual submitting the information may be obtained 
without use of the Certification Form in the same way the financial 
institution obtains other information from its customers in connection 
with its account opening procedures. FinCEN expects that such 
flexibility will facilitate the implementation of the beneficial 
ownership requirement--some commenters noted that giving financial 
institutions flexibility in integrating this requirement would 
substantially reduce resource outlays to change customer onboarding 
processes and to train front-line employees. In addition, to facilitate 
use of the Certification Form by those institutions that choose to 
utilize it, FinCEN will also make an electronic version available, 
although it will not be an official U.S. Government form.
    Some commenters asked that FinCEN clarify who an appropriate 
individual to certify the identity of the beneficial owners to the 
financial institution would be, whether by signing the Certification 
Form or otherwise providing the beneficial ownership information in 
accordance with this paragraph; some commenters also questioned whether 
the individual opening an account could be a low-level employee without 
knowledge of the entity's owners. In this regard, FinCEN declines to 
impose specific account-opening procedures on financial institutions, 
and believes that financial institutions should be able to integrate 
this new requirement into their institution's existing procedures with 
little disruption. FinCEN understands that financial institutions 
generally have long-standing policies and procedures, based on sound 
business practices and prudential considerations, governing the 
documentation required to open an account for a legal entity; these 
typically include resolutions authorizing the entity to open an account 
at the institution and identifying the authorized signatories. Such 
resolutions are typically certified by an appropriate individual, e.g., 
the secretary or other officer of a corporation, a member or manager of 
an LLC, or partner of a partnership. It would be appropriate for the 
same individual to certify the identity of the beneficial owners. Such 
an individual would typically have at least some familiarity with the 
entity's owners and with individuals with responsibility to control or 
manage the

[[Page 29406]]

entity, but may not have personal knowledge of individuals having an 
indirect ownership interest through, for example, intermediate legal 
entities or contractual arrangements with nominal owners, and would 
have to rely on others for any such information. Therefore, while 
FinCEN anticipates that the certifying individual would generally be 
able to provide accurate beneficial ownership information, it is 
appropriate that it be provided to the best of such person's knowledge, 
rather than without qualification. Accordingly, FinCEN declines to 
require a heightened knowledge threshold, or notarization, or board 
approval requirement for the certification requirement, as some 
commenters suggested, as any such requirement would increase the amount 
of time to open an account, without commensurate benefit, and would be 
inconsistent with FinCEN's goal of integrating this requirement into 
existing financial institution onboarding procedures to the greatest 
extent possible.\38\ FinCEN thus believes that the certification 
requirement as described in the final rule provides the appropriate 
level of accountability given the circumstances.\39\
---------------------------------------------------------------------------

    \38\ FinCEN notes that in cases where the individual signing the 
documentation to open the account (and identifying the legal 
entity's beneficial owners) does not deliver such documentation to 
the financial institution, it may be appropriate that the 
individual's signature be notarized.
    \39\ FinCEN also understands that in cases where a newly formed 
legal entity opens a financial institution account in order to 
commence business, the beneficial owner(s) would typically open the 
account in person and be the signatories on the account, and could 
readily certify their status as beneficial owners at that time.
---------------------------------------------------------------------------

    Some commenters urged FinCEN to permit financial institutions to 
rely upon alternative sources, such as previously collected customer 
information in their databases, or the IRS Form W-8BEN, to satisfy the 
certification requirement. FinCEN recognizes that this could facilitate 
financial institutions' ability to obtain this information. However, to 
be of greatest use, FinCEN believes that beneficial ownership 
information must be, at the time of account opening, both (1) current, 
and (2) certified by an individual authorized by the customer to open 
accounts at financial institutions to be accurate to the best of his or 
her knowledge. Furthermore, because FinCEN's definition of beneficial 
ownership does not align precisely with, for example, the IRS's 
definition in its Form W-8BEN, permitting reliance in some 
circumstances upon other agencies' forms would be at odds with FinCEN's 
goal of consistent beneficial ownership standards within and across 
industries for purposes of CDD. Thus, FinCEN declines to permit 
reliance solely upon previously gathered alternate sources of 
beneficial ownership information.
    Several commenters raised specific questions regarding the 
information in the proposed Certification Form. FinCEN agrees with the 
suggestions made by several commenters that the title of the person 
with significant management responsibility, as well as of the person 
submitting the Certification Form or supplying the information, should 
be included and has made these changes to the Form. We have also added 
fields on the Certification Form in which to identify the type of legal 
entity, and to note its address. Other commenters noted that the 
address fields as laid out in the proposed Certification Form, along 
with the description of the address requirement in the general 
instructions section, were not congruent with CIP's address 
requirements, and accordingly asked FinCEN to confirm that the CIP 
rules' address requirements remained applicable. As described in 
greater detail below, covered financial institutions' procedures for 
identifying and verifying beneficial owners must contain all the 
elements of the applicable CIP rule, including the address, date of 
birth, and Taxpayer Identification Number requirements as set forth 
therein. Accordingly, FinCEN has revised the Certification Form to 
clarify this point, and notes that this information will be required 
whether or not the Certification Form is used. We have also amended 
item ``a'' of the Certification Form to clarify that the name of the 
certifying party should be that of a natural person authorized to open 
the account (and not of the legal entity itself). FinCEN also agrees 
with the suggestion made by a number of commenters that the 
Certification Form state that the information in the Certification Form 
is required by Federal regulation in order to explain to customers why 
this new requirement has been put in place; the Form has been edited 
appropriately.
    Several commenters sought clarification as to whether a financial 
institution must identify and verify a legal entity customer's 
beneficial owners each time it opens a new account at the institution 
after the rule's compliance deadline, or whether the requirement 
applies only the first time it opens a new account at such institution. 
FinCEN has concluded that, while it is not requiring periodic updating 
of the beneficial ownership information of all legal entity customers 
at specified intervals, the opening of a new account is a relatively 
convenient and otherwise appropriate occasion to obtain current 
information regarding a customer's beneficial owners. Accordingly, 
FinCEN has added to the final rule as Sec.  1010.230(g) a definition 
for ``new account''.
    One commenter urged FinCEN to mandate the use of the Legal Entity 
Identifier (LEI), a global standardized unique identifier for legal 
entities engaged in financial transactions, on the proposed 
Certification Form. This commenter noted that including such a 
requirement would further the goals of transparency and financial 
stability. FinCEN understands that the LEI was developed principally to 
aggregate data from across markets, products, and regions, giving 
global regulators a means to quickly identify parties to financial 
transactions, in order to enhance regulators' ability to understand 
systemic risks to the financial system and act accordingly. Although 
this is an important and laudable purpose, FinCEN does not believe that 
mandating the LEI's inclusion on the beneficial ownership Certification 
Form would further this goal substantially. We believe that the 
overwhelming majority of legal entities subject to this requirement 
will be smaller or non-financial entities that would not be typical 
applicants for LEIs in the first instance, and that the costs of 
mandating its use solely for the purposes of the Certification Form 
would not be outweighed by the benefit. FinCEN also understands that 
the authorized bodies that assign LEIs do not require the beneficial 
owner to be a natural person, use a 50 (rather than 25) percent 
threshold, and do not verify the identities of beneficial owners of 
legal entities, thereby rendering the LEI's utility as a possible proxy 
or alternative source of verification minimal. For these reasons, 
FinCEN declines to mandate the use of the LEI. We do, however, 
recognize that covered financial institutions may find such information 
useful for enterprise-wide risk management or other purposes, and have 
accordingly included an optional LEI field on the Certification Form.
    Several commenters urged FinCEN to adopt an express safe harbor in 
the final rule deeming those financial institutions that use the 
Certification Form compliant with the beneficial ownership requirement. 
A few commenters recommended that FinCEN model such an express safe 
harbor on the safe harbor for foreign bank certifications found in 
Sec.  1010.630. Other commenters opposed the notion of a safe harbor, 
contending that the Certification Form should serve as the

[[Page 29407]]

starting point for financial institutions' risk-based due diligence 
into a legal entity's beneficial ownership. As discussed in greater 
detail below, we have included in Sec.  1010.230(b)(2) of the final 
rule a description of the extent to which financial institutions can 
rely upon the beneficial ownership information provided by the person 
opening the account. We decline, however, to include in the final rule 
a blanket safe harbor triggered by the use and collection of the 
standard Certification Form.
    FinCEN believes that there are a number of factors present in the 
context of foreign bank certifications (but absent here) that make a 
blanket safe harbor appropriate in that context. The foreign bank 
certification was used to satisfy several obligations arising under 
Sections 313 and 319(b) of the USA PATRIOT Act, including not only for 
the foreign bank to certify facts such as its status and in certain 
cases its owners, but also to set forth its agreement not to provide 
banking services to foreign shell banks and to appoint a U.S. process 
agent. Moreover the foreign bank official was required to certify that 
the information in the document was true and correct, whereas the 
beneficial ownership information is to be provided to the best of the 
knowledge of the customer's agent. In addition, the population of legal 
entities subject to the final rule is exponentially larger than that of 
foreign banks with U.S. correspondent accounts, and the proposed 
certification in the proposed rule does not include affirmative 
obligations. We believe that the provision inserted into Sec.  
1010.230(b)(2) of the final rule describing the extent to which the 
financial institution may rely on the information provided by the 
customer strikes the right balance between the need to minimize burden 
upon covered financial institutions and the risk of abuse of legal 
entities for illicit purposes.
    A few commenters raised concerns that the collection of sensitive 
personal information of beneficial owners would impinge upon their 
privacy and increase their vulnerability to identity theft. FinCEN 
recognizes the critical importance of protecting individuals' privacy 
interests, as well as the serious threat posed by cyberattacks and 
identity theft, particularly with respect to the personal information 
held at financial institutions. These concerns, while valid and 
significant, are insufficient to justify elimination of the 
requirement. From both the privacy and identity-theft perspectives, the 
incremental impact upon the vast majority of beneficial owners will be 
slight, because, pursuant to CIP requirements, they already have to 
provide the same sensitive personal information to financial 
institutions to open individual accounts and access the U.S. financial 
system. We note that financial institutions are expected to protect 
this information just as they do CIP information, as well as comply 
with all applicable Federal and State privacy laws, including, but not 
limited to, the Right to Financial Privacy Act \40\ and the Gramm-
Leach-Bliley Act.\41\
---------------------------------------------------------------------------

    \40\ 12 U.S.C. 3401 et seq.
    \41\ 15 U.S.C. 6801 et seq.
---------------------------------------------------------------------------

    Section 1010.230(b)(2). With respect to verification of identity, 
we proposed that verification meant that financial institutions were 
required to verify the identity of the individual identified as a 
beneficial owner (i.e., to verify the individual's existence), and not 
his or her status as a beneficial owner. We proposed that this 
verification be done via risk-based procedures that are identical to 
the institutions' CIP procedures required for verifying the identity of 
customers that are individuals, to facilitate financial institutions' 
implementation of the requirement through leveraging existing 
procedures and systems.
    Many commenters sought clarification of the meaning of the 
verification requirement in proposed Sec.  1010.230(b)(2) and the means 
by which it may be accomplished. Some pointed out the potential 
confusion between two statements in the NPRM discussing the distinction 
between verifying the identity of the beneficial owner and verifying 
the status.\42\ In order to resolve any potential confusion regarding 
the beneficial ownership identification and verification obligation of 
financial institutions, FinCEN is revising Sec.  1010.230(b)(2) in the 
final rule to clarify that a covered financial institution may rely on 
the information supplied by the legal entity customer regarding the 
identity of its beneficial owner or owners, provided that it has no 
knowledge of facts that would reasonably call into question the 
reliability of such information. FinCEN anticipates that, in the 
overwhelming majority of cases, a covered financial institution should 
be able to rely on the accuracy of the beneficial owner or owners 
identified by the legal entity customer, absent the institution's 
knowledge to the contrary. FinCEN recognizes the necessity for 
permitting reliance on the identification supplied by the legal entity 
customer, considering the fact the customer is generally the best 
source of this information, and that there is generally no other source 
of beneficial ownership information available to covered financial 
institutions, aside from the legal entity itself.
---------------------------------------------------------------------------

    \42\ FinCEN stated that ``[i] n light of these considerations, 
FinCEN is not proposing that financial institutions verify the 
status of a beneficial owner. Financial institutions may rely on the 
beneficial ownership information provided by the customer on the 
standard certification form.'' On the other hand, the proposal also 
states that its procedures for verifying beneficial ownership 
``should enable the financial institution to form a reasonable 
belief that it knows the true identity of the beneficial owner of 
each legal entity customer.'' (79 FR 45162)
---------------------------------------------------------------------------

    Several commenters sought clarification of the requirement as 
described in the NPRM in proposed Sec.  1010.230(b)(2) that beneficial 
ownership information procedures be, at a minimum, ``identical'' to the 
existing CIP procedures for verifying the identity of individual 
customers. Some commenters noted that it would be infeasible to simply 
replicate, without modification, existing CIP procedures for individual 
customers to implement the beneficial ownership verification 
requirement. They noted, for example, that because the beneficial 
owners will in many cases not be physically present at the financial 
institution at account opening, an institution using documentary 
verification may not have access to the documents listed in the 
relevant paragraph of the CIP rule, and therefore may need to rely on a 
photocopy or other reproduction of such document. Commenters also noted 
that some current procedures for non-documentary verification of 
individual customers could not be applied to non-consenting beneficial 
owners, because of limitations on the use of credit reports imposed by 
the Fair Credit Reporting Act.\43\
---------------------------------------------------------------------------

    \43\ 15 U.S.C. 1681 et seq.
---------------------------------------------------------------------------

    FinCEN agrees that it would be impracticable for covered financial 
institutions to implement the beneficial ownership verification 
requirement with procedures that are identical to the institution's 
existing CIP rule procedures for individual customers. Accordingly, 
Sec.  1010.230(b)(2) has been amended to require that at a minimum, 
these procedures must contain the elements \44\ required for verifying 
the identity of customers that are individuals under paragraph (a)(2) 
of

[[Page 29408]]

the applicable CIP rule,\45\ but are not required to be identical. In 
addition, the final rule clarifies that in the case of documentary 
verification, the financial institution may use photocopies or other 
reproductions of the documents listed in paragraph (a)(2)(ii)(A)(1) 
\46\ of the applicable CIP rule.
---------------------------------------------------------------------------

    \44\ The clause ``in the covered financial institution's 
Customer Identification Program procedures'' in the proposed rule 
text have been deleted, because, for the reasons described above, 
the verification procedures for beneficial owners of legal entity 
customers may be different from the procedures in the covered 
financial institution's CIP that apply to individual customers.
    \45\ Paragraph (a)(2) of each of the CIP rules requires that the 
relevant financial institution's CIP includes risk-based procedures 
to verify the identity of each customer, to the extent reasonable 
and practicable. The elements of such program must include 
identifying the customer, verifying the customer's identity (through 
documents or non-documentary methods), and procedures for 
circumstances where the institution cannot form a reasonable belief 
that it knows the true identity of the individual.
    \46\ Relevant documentation may include unexpired government-
issued identification evidencing nationality or residence and 
bearing a photograph or similar safeguard, such as a driver's 
license or passport. See, e.g., 31 CFR 1020.220(a)(2)(ii)(A)(1).
---------------------------------------------------------------------------

    Because the risk-based verification procedures must contain the 
same elements as required by the applicable CIP rule to verify the 
identity of individual customers, verification must be completed within 
a reasonable time after the account is opened. In addition, the 
beneficial ownership identification procedures must address situations 
in which the financial institution cannot form a reasonable belief that 
it knows the true identity of the beneficial owner of a legal entity 
customer after following the required procedures.\47\ It remains the 
case that covered financial institutions may generally rely on 
government-issued identification as verification of an individual's 
identity, absent obvious indications of fraud.\48\ FinCEN notes that 
such reliance is also generally appropriate in the case of photocopies 
or other reproductions obtained pursuant to Sec.  1010.230(b)(2). 
However, given the vulnerabilities inherent in the reproduction 
process, covered financial institutions should conduct their own risk-
based analyses of the types of photocopies or reproductions that they 
will accept in accordance with this section, so that such reliance is 
reasonable. For example, a covered financial institution could 
determine that it will not accept reproductions below a certain optical 
resolution, or that it will not accept reproductions transmitted via 
facsimile, or that it will only accept digital reproductions 
transmitted in certain file formats. As with CIP, covered financial 
institutions are not required to maintain these copies or 
reproductions, but only a description of any document upon which the 
financial institution relied to verify the identity of the beneficial 
owner. We note, however, that although covered financial institutions 
are not required to maintain these reproductions, they are not 
prohibited from keeping them in a manner consistent with all other 
applicable laws or regulations.
---------------------------------------------------------------------------

    \47\ Under the CIP rules, a financial institution's CIP must 
include procedures for responding to circumstances in which the 
financial institution cannot form a reasonable belief that it knows 
the true identity of a customer. These procedures should describe: 
(A) When the institution should not open an account; (B) The terms 
under which a customer may use an account while the institution 
attempts to verify the customer's identity; (C) When it should close 
an account, after attempts to verify a customer's identity have 
failed; and (D) When it should file a Suspicious Activity Report in 
accordance with applicable law and regulation. See, e.g., 31 CFR 
1020.220(a)(2)(iii).
    \48\ See, e.g., Customer Identification Programs for Banks, 
Savings Associations, Credit Unions and Certain Non-Federally 
Regulated Banks, 68 FR 25090, 25099 (May 9, 2003).
---------------------------------------------------------------------------

    Some commenters urged FinCEN to permit covered financial 
institutions to take a risk-based, rather than categorical, approach to 
the identification and verification requirements. Among the objections 
lodged against a categorical requirement were that: Conducting CIP 
procedures on non-present beneficial owners would be too difficult; the 
benefit of a categorical requirement was outweighed by the costs; and 
expanding the number of natural persons subject to CIP procedures would 
increase costs, particularly for institutions that rely upon vendors 
that charge on a per capita basis for CIP. FinCEN believes that 
categorical application of this requirement across covered financial 
institutions will reduce illicit actors' opportunities to slip into the 
financial system by masking their legal entities with markers 
indicative of a low risk profile. As to concerns about costs and 
difficulties, we believe that the above-described changes and 
clarifications made to this paragraph have given financial institutions 
greater flexibility in determining how to implement the identification 
and verification requirements, thereby reducing their impact. As 
described above, because financial institutions will in most instances 
be able to rely upon the information provided by the customer, FinCEN 
believes that financial institutions generally will not expend 
substantially greater resources by collecting and verifying the 
information in all cases (subject to permitted exemptions) than by 
engaging in a risk analysis to determine whether the beneficial 
ownership information should be collected and verified. We recognize 
that financial institutions that pay for systems and technology costs 
associated with CIP procedures on a per capita basis will face 
increased costs from identifying and verifying the identities of 
additional natural persons. However, we believe that the benefits of 
collecting this information, as described at greater length above and 
below, outweigh these additional costs. FinCEN accordingly declines to 
alter the categorical nature of the requirement for the final rule.
    Several commenters questioned the utility of collecting this 
information in the absence of an authoritative centralized resource 
against which to verify beneficial ownership status. They contended 
that the limited benefit of this information would not outweigh the 
costs imposed by the requirement. Law enforcement commenters, however, 
identified significant benefits to the collection of beneficial 
ownership information, regardless of financial institutions' ability to 
verify ownership status. They noted that the identities of verified 
natural persons linked to legal entities of interest had significant 
value in law enforcement investigations, whether or not those natural 
persons are the actual beneficial owners, since at a minimum they may 
have information that can aid law enforcement in identifying the true 
beneficial owner(s). Furthermore, false beneficial ownership 
information is of significant use to prosecutors in demonstrating 
consciousness of guilt, as well as for impeachment purposes at trial. 
And law enforcement also noted the likely deterrent effect that a 
categorical collection and verification requirement would have on 
illicit actors, by making it more difficult for them to maintain 
anonymity while opening accounts. For these reasons, FinCEN rejects the 
notion that this requirement is of limited value.
    A few commenters requested that FinCEN eliminate the verification 
requirement entirely, contending that verification of the identities of 
non-present beneficial owners would be too difficult and burdensome, 
especially for smaller institutions. As described above, we are aware 
of the challenges associated with verifying the identities of non-
present individuals and have accordingly made changes to simplify the 
process for financial institutions, which we expect will reduce the 
burden. Importantly, collecting beneficial ownership information 
without verifying the existence of the named person would substantially 
diminish the value of the information, and we therefore decline to 
eliminate the verification requirement.
    Some commenters asked FinCEN to clarify what we expect financial 
institutions to do with the beneficial ownership information that they 
collect and verify. FinCEN generally expects

[[Page 29409]]

beneficial ownership information to be treated like CIP and related 
information, and accordingly used to ensure that covered financial 
institutions comply with other requirements. For example, the Office of 
Foreign Assets Control (OFAC) requires covered financial institutions 
to block accounts (or other property and interests in property) of, 
among others, persons appearing on the Specially Designated Nationals 
and Blocked Persons List (SDN List), which includes any entity that is 
50 percent or more owned, in the aggregate, by one or more blocked 
persons, regardless of whether the entity is formally listed on the SDN 
List.\49\ Therefore, institutions should use beneficial ownership 
information to help ensure that they do not open or maintain an 
account, or otherwise engage in prohibited transactions or dealings 
involving individuals or entities subject to OFAC-administered 
sanctions. Covered financial institutions should also develop risk-
based procedures to determine whether and/or when additional screening 
of these names through, for example, negative media search programs, 
would be appropriate.
---------------------------------------------------------------------------

    \49\ See generally 31 CFR part 500; see also, e.g., 31 CFR 
590.406 (Ukraine-related sanctions regulations); Office of Foreign 
Assets Control, Frequently Asked Questions, available at https://www.treasury.gov/resource-center/faqs/Sanctions/Pages/faq_general.aspx#50_percent.
---------------------------------------------------------------------------

    With respect to aggregation of transactions for Currency 
Transaction Reporting (CTR) purposes, FinCEN expects covered financial 
institutions to apply existing procedures consistent with CTR 
regulations and applicable FinCEN guidance from 2001 and 2012.\50\ 
Thus, while financial institutions should generally recognize the 
distinctness of the corporate form and not categorically impute the 
activities or transactions of a legal entity customer to a beneficial 
owner, they must aggregate multiple currency transactions if the 
financial institution has knowledge that these transactions are by or 
on behalf of any person and result in either cash in or cash out 
totaling more than $10,000 during any one business day.\51\ While the 
requirement to identify the beneficial owners of legal entity customers 
does not modify this existing CTR aggregation requirement, the 
beneficial ownership identification may provide financial institutions 
with information they did not previously have, in order to determine 
when transactions are ``by or on behalf of'' the same person. Thus, if 
a financial institution determines that a legal entity customer or 
customers are not being operated independently from each other or from 
their primary owner--e.g., the institution determines that legal 
entities under common ownership have common employees and are 
repeatedly used to pay each other's expenses or the personal expenses 
of their primary owner--then the financial institution may determine 
that aggregating the transactions of a legal entity or entities and 
their primary owner would be appropriate.\52\ Under such circumstances, 
if a financial institution were aware that a beneficial owner made a 
$5,000 cash deposit into his personal account, and later the same 
business day, he made a $6,000 cash deposit into the account of a legal 
entity not being operated as an independent entity, the institution 
would be required to aggregate those transactions and file a CTR.\53\ 
And to the extent that the financial institution determined that such 
transactions had no other apparent purpose than to avoid triggering a 
CTR filing, the financial institution would need to consider whether 
filing a SAR about the transactions would be appropriate.
---------------------------------------------------------------------------

    \50\ See 31 CFR 1010.313; FinCEN, Currency Transaction Report 
Aggregation for Businesses with Common Ownership FIN-2012-G001, 
(Mar. 16, 2012) (FIN-2012-G001); FinCEN, Currency Transaction 
Reporting: Aggregation, FinCEN Ruling 2001-2, (Aug. 23, 2001).
    \51\ 31 CFR 1010.313.
    \52\ In general, such aggregation would only be appropriate in 
cases where an individual owns all or substantially all of the legal 
entity's equity interests. It is only in such cases that a 
transaction by a legal entity could be considered ``by or on behalf 
of'' the owner of the entity (or vice versa).
    \53\ See FIN-2012-G001 at 2.
---------------------------------------------------------------------------

    A few commenters asked FinCEN to provide guidance as to how 
beneficial ownership information should be incorporated into processes 
for information sharing pursuant to USA PATRIOT Act Section 314(a); one 
of these commenters asked FinCEN to declare such information per se 
outside of the scope of Section 314(a). FinCEN does not expect the 
information obtained pursuant to the beneficial ownership requirement 
to add additional requirements with respect to Section 314(a) for 
financial institutions. The rule implementing Section 314(a), set forth 
at 31 CFR 1010.520, does not authorize the reporting of beneficial 
ownership information associated with an account or transaction 
matching a named subject. Under that rule, financial institutions need 
only search their records for account or transactions matching a named 
subject, and report to FinCEN whether such a match exists using the 
identifying information that FinCEN provides.
    Section 1010.230(c) Account. See discussion below under ``Legal 
entity customer.''
    Section 1010.230(d) Beneficial Owner. In the NPRM, we proposed two 
prongs for the definition of beneficial owner: Each individual, if any, 
who directly or indirectly owned 25 percent of the equity interests of 
a legal entity customer (the ownership prong); and a single individual 
with significant responsibility to control, manage, or direct a legal 
entity customer, including an executive officer or senior manager or 
any other individual who regularly performs similar functions (the 
control prong). We noted that the number of beneficial owners 
identified would vary from legal entity customer to legal entity 
customer due to the ownership prong--there could be as few as zero and 
as many as four individuals who satisfy this prong. All legal entities, 
however, would be required to identify one beneficial owner under the 
control prong. We further noted that financial institutions had the 
discretion to identify additional beneficial owners as appropriate 
based on risk.
    Thus, in practice, the number of beneficial owners identified will 
vary based on the circumstances. For example:
     Mr. and Mrs. Smith each hold a 50 percent equity interest 
in ``Mom & Pop, LLC.'' Mrs. Smith is President of Mom & Pop, LLC and 
Mr. Smith is its Vice President. Mom & Pop, LLC is required to provide 
the personal information of both Mr. & Mrs. Smith under the ownership 
prong. Under the control prong, Mom & Pop, LLC is also required to 
provide the personal information of one individual with significant 
responsibility to control Mom & Pop, LLC; this individual could be 
either Mr. or Mrs. Smith, or a third person who otherwise satisfies the 
definition. Thus, in this scenario, Mom & Pop, LLC would be required to 
identify at least two, but up to three distinct individuals--both Mr. & 
Mrs. Smith under the ownership prong, and either Mr. or Mrs. Smith 
under the control prong, or both Mr. & Mrs. Smith under the ownership 
prong, and a third person with significant responsibility under the 
control prong.
     Acme, Inc. is a closely-held private corporation. John Roe 
holds a 35 percent equity stake; no other person holds a 25 percent or 
higher equity stake. Jane Doe is the President and Chief Executive 
Officer. Acme, Inc. would be required to provide John Roe's beneficial 
ownership information under the ownership prong, as well as Jane Doe's 
(or that of another control person) under the control prong.
     Quentin, Inc. is owned by the five Quentin siblings, each 
of whom holds a 20 percent equity stake. Its President is Benton 
Quentin, the eldest sibling, who

[[Page 29410]]

is the only individual at Quentin, Inc. with significant management 
responsibility. Quentin, Inc. would be required to provide Benton 
Quentin's beneficial ownership information under the control prong, but 
no other beneficial ownership information under the ownership prong, 
because no sibling has a 25 percent stake or greater.
    One commenter raised a concern that this obligation would 
effectively require financial institutions to monitor the equity 
interests and management team of legal entity customers on an ongoing 
basis and continually update this information. FinCEN notes that it 
would be impracticable for financial institutions to conduct this type 
of inquiry, and emphasizes that this obligation should be considered a 
snapshot, not a continuous obligation. As discussed more fully in the 
Section-by-Section Analysis addressing the amendments to the AML 
program rules, FinCEN does expect financial institutions to update this 
information based on risk, generally triggered by a financial 
institution learning through its normal monitoring of facts relevant to 
assessing the risk posed by the customer.
    The Ownership Prong. Commenters raised a number of points regarding 
the ownership prong. Several commenters speculated on FinCEN's 
intention with respect to this requirement. FinCEN confirms here that 
by the phrase ``directly or indirectly,'' it intends that the financial 
institution's customer identify its ultimate beneficial owner or owners 
as defined in the rule and not their nominees or ``straw men.'' In 
addition, as described in Sec.  1010.230(b)(2), financial institutions 
may rely on information provided by the customer to identify and verify 
the beneficial owner.
    Many commenters supported FinCEN's decision in the proposal to set 
the minimum threshold for equity holdings constituting ownership at 25 
percent. Some of these commenters requested that FinCEN affirm this 
threshold as the regulatory expectation, notwithstanding our remarks in 
the proposal that financial institutions, after their own assessment of 
risk, could determine that a lower threshold percentage might be 
warranted. A few commenters, however, urged FinCEN to lower this 
threshold to 10 percent, contending that the higher threshold would be 
too easy to evade and is inconsistent with international AML norms and 
requirements of FATCA, and that the burden of a lower threshold would 
be minimal because some financial institutions as a matter of practice 
already collect beneficial ownership information at thresholds lower 
than 25 percent.
    FinCEN has considered all of the arguments in favor of lowering the 
ownership threshold to 10 percent, and we decline to make this change 
in the final rule. Although it is true that some financial institutions 
already collect beneficial ownership information at a threshold lower 
than 25 percent in some cases, we do not believe that this practice is 
widely established enough to justify its categorical imposition for all 
legal entity customers across all covered financial institutions. As 
some proponents of the 10 percent threshold noted, this lower threshold 
would make it more difficult for illicit actors to structure ownership 
interests to evade the reporting threshold. However, it would also 
require financial institutions to identify and verify as many as eleven 
beneficial owners (including the control prong). In FinCEN's 
assessment, the incremental benefit of this approach does not outweigh 
the burdens associated with having to collect and verify the identities 
of more than twice as many beneficial owners in some circumstances. 
Furthermore, the proposed 25 percent threshold is consistent with that 
of many foreign jurisdictions (including EU member states) and with the 
FATF standard, which in turn is used to define the controlling persons 
of an entity in the intergovernmental agreements that the United States 
has entered into with more than 110 other jurisdictions in order to 
enforce the requirements of FATCA. FinCEN continues to believe that a 
25 percent threshold strikes the appropriate balance between the 
benefit of identifying key natural persons who have substantial 
ownership interests in the legal entity and the costs associated with 
implementing this information-collection requirement.
    We reiterate that the 25 percent threshold is the baseline 
regulatory benchmark, but that covered financial institutions may 
establish a lower percentage threshold for beneficial ownership (i.e., 
one that regards owners of less than 25 percent of equity interests as 
beneficial owners) based on their own assessment of risk in appropriate 
circumstances. As a general matter, FinCEN does not expect covered 
financial institutions' compliance with this regulatory requirement to 
be assessed against a lower threshold. Nevertheless, consistent with 
the risk-based approach, FinCEN anticipates that some financial 
institutions may determine that they should identify and verify 
beneficial owners at a lower threshold in some circumstances; we 
believe that making this clear in the note accompanying the regulatory 
text will aid them in doing so with respect to their customers.
    Some commenters urged FinCEN to include in the ownership prong a 
``fallback provision'' to require the collection of beneficial 
ownership information for at least one individual with a significant 
equity stake in the legal entity, even if no beneficial owner meets the 
minimum ownership threshold. Such a provision was initially discussed 
in the ANPRM for this rulemaking but not included in the NPRM in 
response to concerns expressed by numerous commenters that the approach 
was impracticable. As we noted in the NPRM, commenters questioned the 
feasibility of engaging in a comparative analysis of every owner to 
determine the individual who ``has at least as great an equity interest 
in the entity as any other individual.'' Agreeing with that assessment, 
we removed this provision, and we do not believe that any benefit from 
its reintroduction would outweigh the difficulties that customers and 
front-line employees would face in implementing it. Although we have 
declined to include this provision in the final rule, financial 
institutions may determine, pursuant to a risk-based approach for their 
institutions, that certain higher risk circumstances may warrant the 
collection of beneficial ownership information for at least one natural 
person under the ownership prong even if no beneficial owner meets the 
25 percent threshold.
    One commenter requested that FinCEN clarify whether covered 
financial institutions had an obligation to determine whether equity 
holders of a legal entity managed or structured their holdings to evade 
the 25 percent threshold for reporting. FinCEN notes that in most cases 
it would be impracticable for front-line employees to conduct this type 
of inquiry. Thus, FinCEN expects that financial institutions will 
generally be able to rely upon information about equity ownership 
provided by the person opening the account, and not to affirmatively 
investigate whether equity holders are attempting to avoid the 
reporting threshold. However, financial institution staff who know, 
suspect, or have reason to suspect that such behavior is occurring may, 
depending on the circumstances, be required to file a SAR.
    A few commenters sought clarification of the definition of ``equity 
interests'' provided in the proposal--to wit, an ownership interest in 
a business entity--contending that although the proposed definition 
provided a great

[[Page 29411]]

deal of latitude and flexibility, it might also cause confusion due to 
its broad sweep. Thus, commenters requested greater clarification and 
guidance in the form of examples or additional commentary, to assist 
customers in understanding and complying with the requirements of the 
regulation as well as employees in their determinations as to which 
types of ownership interests are subject to this prong. FinCEN 
appreciates that some financial institutions may find it challenging in 
some circumstances to determine whether a particular ownership interest 
qualifies as an ``equity interest.'' However, as we noted in the 
proposal, we deliberately avoided the use of more technical terms of 
art associated with the exercise of control through ownership; we did 
so in part based on the preferences expressed by many members of 
industry. The above-mentioned commenters urged FinCEN to avoid creating 
a definition using technical and complex legal terms that would also be 
difficult for customers and front-line employees to understand and 
apply. Beyond the general examples provided in the proposal, however, 
we are reluctant to provide additional narrower examples that could be 
construed to limit a definition that we intend to be broadly 
applicable, particularly in light of the diversity of types of legal 
entities formed within the United States and abroad. By the same token, 
we also decline to provide a formal guidance document listing the types 
of documents that front-line employees should rely upon to demonstrate 
the existence of an equity interest over the triggering threshold. We 
reiterate that it is generally the responsibility of the legal entity 
customer (and its personnel) to make this determination and to identify 
the beneficial owners, and not front-line employees at the financial 
institution, unless the employees have reason to question the accuracy 
of the information presented.
    Some commenters noted that while they approved of FinCEN's general 
approach to determining indirect ownership of legal entity customers--
i.e., that FinCEN does not expect financial institutions or customers 
to undertake analyses to determine whether an individual is a 
beneficial owner under the definition--they nevertheless thought that 
FinCEN should provide additional guidance and examples of how legal 
entity customers should calculate ownership interests when natural 
persons have indirect equity interests. As an initial matter, as 
described above, we emphasize that FinCEN expects that financial 
institutions will generally be able to rely on the representations of 
the customer when it identifies its beneficial owners. We also note 
that it would not be unreasonable to expect that a legal entity that 
has a complex structure would have personnel who necessarily have a 
general understanding of the ownership interests of the natural persons 
behind it for operational, management, accounting, and other purposes.
    Commenters also sought clarification regarding various scenarios 
where 25 percent or greater equity interests of a legal entity customer 
are held in such a manner that the interest is not ultimately owned, 
directly or indirectly, by any individual. This could occur, for 
example, where a 25 percent or greater ownership interest is held by an 
entity excluded from the legal entity customer definition under 
paragraph (e)(2) or by a trust. FinCEN notes that the exclusions in the 
proposed rule include any entity organized under the laws of the United 
States or of any State at least 51 percent of whose common stock or 
analogous equity interests are held by an entity listed on a U.S stock 
exchange. FinCEN believes that this should address the overwhelming 
majority of situations where an excluded entity is a 25 percent or more 
shareholder. In addition, in the relatively unusual situations where an 
excluded entity holds a 25 percent or greater equity interest that is 
not covered by the above-mentioned exclusion, FinCEN notes that covered 
financial institutions are not required under the ownership prong to 
identify and verify the identities of a natural person behind these 
entities; this is because the definition of ``beneficial owner'' under 
the ownership prong refers to ``[e]ach individual, if any, . . .'', and 
in such a case there would not be any individual who is the ultimate 
owner of such interest. On the other hand, where 25 percent or more of 
the equity interests of a legal entity customer are owned by a trust 
(other than a statutory trust), covered financial institutions would 
satisfy the ownership prong of the beneficial ownership requirement by 
collecting and verifying the identity of the trustee, and FinCEN has 
amended the definition consistent with this. For clarity, FinCEN notes 
that in any such case the legal entity customer would nonetheless be 
required to identify an individual under the control prong.
    The Control Prong. Commenters also raised a variety of points 
regarding this element.
    A few commenters requested that we narrow or eliminate the control 
prong, contending that it would be difficult to identify a control 
person under such a wide-ranging definition. We disagree. FinCEN 
proposed a broad definition to give legal entities a wide range of 
options from which to choose. Accordingly, the breadth of the 
definition will facilitate, rather than hinder, financial institutions' 
ability to collect this information--because legal entity customers are 
required to provide information on only one control person who 
satisfies the definition, legal entities should be able to readily 
identify at least one natural person within their management structure 
who has significant management responsibility, consistent with the 
multiple examples of positions provided. Furthermore, there may be 
legal entities for which there are no natural persons who satisfy the 
ownership prong; without the control prong, this would create a 
loophole for legal entities seeking to obscure their beneficial 
ownership information. Requiring the identification and verification 
of, at a minimum, one control person ensures that financial 
institutions will have a record of at least one natural person 
associated with the legal entity, which will benefit law enforcement 
and regulatory investigations for reasons described previously.
    A few commenters requested that FinCEN provide additional 
information about the types of persons who would satisfy the control 
prong, contending that a level of detail similar to the explanations 
provided for the ownership prong would be helpful for implementation. 
We believe that such additional explanation is unnecessary. In contrast 
with the variety of possible complicated scenarios that a financial 
institution might encounter when trying to determine beneficial 
ownership under the ownership prong, the control prong provides for a 
straightforward test: The legal entity customer must provide 
identifying information for one person with significant managerial 
control. It further provides as examples a number of common, well-
understood senior job titles, such as President, Chief Executive 
Officer, and others. Taken together, FinCEN believes that these clauses 
provide ample information for legal entity customers to easily identify 
a natural person that satisfies the definition of control person.
    A few commenters requested that FinCEN expand the reach of the 
control prong by, among other things, including within it the concept 
of ``effective control,'' and proposing a variety of changes to mandate 
the identification of additional natural persons under this

[[Page 29412]]

prong, from all persons who exercise executive management and 
leadership, to all senior officials and all those who exercise 
effective control over a legal entity. FinCEN declines to make any of 
these changes to the control prong. While we recognize that our 
definition does not encapsulate all possible concepts of control, 
including effective control, we believe that our definition strikes the 
appropriate balance between including sufficiently senior leadership 
positions and practicability. As one of the proponents of including 
effective control conceded, effective control can be ``difficult to 
determine.'' We sought in our proposal to provide an easily 
administrable definition to facilitate collection of this information 
for both legal entities and financial institutions. As to the 
identification of additional natural persons, we believe that the 
challenges associated with identifying and verifying additional natural 
persons outweigh any incremental benefit of the information.
    Section 1010.230(e) Legal Entity Customer. As proposed, this 
paragraph defined the term ``legal entity customer'' and delineated a 
series of exclusions from this definition.
    Section 1010.230(e)(1). In the proposed rule, we to defined ``legal 
entity customer'' to mean a corporation, limited liability company, 
partnership or other similar business entity (whether formed under the 
laws of a state or of the United States or a foreign jurisdiction) that 
opens a new account. Many commenters raised questions about what 
entities and other businesses would be covered and requested that the 
proposed definition be clarified, particularly the meaning of ``other 
similar business entity.'' Some commenters urged us to include other 
business forms, such as unincorporated associations and sole 
proprietorships, within the definition of legal entity customer.
    We agree that covered institutions would benefit from a revised 
definition that further clarifies the entities that fall within the 
definition of ``legal entity customer.'' Thus, for the purposes of the 
final rule, we state that a legal entity customer means a corporation, 
limited liability company, or other entity that is created by the 
filing of a public document with a Secretary of State or similar 
office, a general partnership, and any similar entity formed under the 
laws of a foreign jurisdiction, that opens an account. This means that 
``legal entity customer'' would include, in addition to corporations 
and limited liability companies, limited partnerships, business trusts 
that are created by a filing with a state office, any other entity 
created in this manner, and general partnerships. (It would also 
include similar entities formed under the laws of other countries.) It 
would not include, for example, sole proprietorships or unincorporated 
associations even though such businesses may file with the Secretary of 
State in order to, for example, register a trade name or establish a 
tax account. This is because neither a sole proprietorship nor an 
unincorporated association is an entity with legal existence separate 
from the associated individual or individuals that in effect creates a 
shield permitting an individual to obscure his or her identity.\54\ The 
definition of ``legal entity customer'' also does not include natural 
persons opening accounts on their own behalf. In the final rule, we 
remove the reference to a ``new'' account to eliminate redundancies 
with other paragraphs of this provision, and because this account 
status is not a relevant characteristic for defining a legal entity 
customer.
---------------------------------------------------------------------------

    \54\ FinCEN notes that this is consistent with the CIP rules, 
which include as a customer ``an individual who opens a new account 
for . . . (B) an entity that is not a legal person, such as a civic 
club.'' In such a case, the individual opening the account, rather 
than the civic club, is the customer. See, e.g., 31 CFR 
1020.100(c)(1)(ii)(B).
---------------------------------------------------------------------------

Trusts

    The definition would also not include trusts (other than statutory 
trusts created by a filing with a Secretary of State or similar 
office). This is because, unlike the legal entities that are subject to 
the final rule, a trust is a contractual arrangement between the person 
who provides the funds or other assets and specifies the terms (i.e., 
the grantor or settlor) and the person with control over the assets 
(i.e., the trustee), for the benefit of those named in the trust deed 
(i.e., the beneficiaries). Formation of a trust does not generally 
require any action by the state. As FinCEN noted in the NPRM, 
identifying a ``beneficial owner'' from among these parties, based on 
the definition in the proposed or final rule, would not be possible.
    FinCEN emphasizes that this does not and should not supersede 
existing obligations and practices regarding trusts generally. The 
preamble to each of the CIP rules notes that, while financial 
institutions are not required to look through a trust to its 
beneficiaries, they ``may need to take additional steps to verify the 
identity of a customer that is not an individual, such as obtaining 
information about persons with control over the account.'' \55\ 
Moreover, as FinCEN noted in the proposal, it is our understanding that 
where trusts are direct customers of financial institutions, financial 
institutions generally also identify and verify the identity of 
trustees, because trustees will necessarily be signatories on trust 
accounts (which in turn provides a ready source of information for law 
enforcement in the event of an investigation). Furthermore, under 
supervisory guidance for banks, ``in certain circumstances involving 
revocable trusts, the bank may need to gather information about the 
settlor, grantor, trustee, or other persons with the authority to 
direct the trustee, and who thus have authority or control over the 
account, in order to establish the true identity of the customer.'' 
\56\ We reiterate our understanding that, consistent with existing 
obligations, financial institutions are already taking a risk-based 
approach to collecting information with respect to various persons 
associated with trusts in order to know their customer,\57\ and that we 
expect financial institutions to continue these practices as part of 
their overall efforts to safeguard against money laundering and 
terrorist financing.\58\
---------------------------------------------------------------------------

    \55\ See, e.g., ``Customer Identification Programs for Broker-
Dealers,'' 68 FR at 25116 n.32. (May 9, 2003).
    \56\ Federal Financial Institutions Examination Council, Bank 
Secrecy Act/Anti-Money Laundering Examination Manual 281 (2014) 
(FFIEC Manual).
    \57\ FinCEN also understands that in order to engage in the 
business of acting as a trustee, it is necessary for a trust company 
to be Federally- or State-chartered. Such entities are subject to 
BSA obligations, which reduces the AML risk of such trusts.
    \58\ Also not covered by the final rule are accounts in the name 
of a deceased individual opened by a court-appointed representative 
of the deceased's estate.
---------------------------------------------------------------------------

``Account'' Definition

    FinCEN also notes that a legal entity customer is defined as one 
that opens an account, but that the NPRM did not define the term 
``account.'' Several commenters requested that FinCEN provide a 
definition for this term and suggested using the definition from the 
CIP rules. In order to maintain consistency with the CIP rules, FinCEN 
is adding to the final rule the definition of the term ``account'' that 
is found in the CIP rules,\59\ which by its terms excludes an account 
opened for the purpose of participating in an employee benefit plan 
established under the Employee Retirement Income Security Act of 1974. 
This added provision is not only consistent with CIP but also 
appropriate for the final rule, inasmuch as accounts established to 
enable

[[Page 29413]]

employees to participate in retirement plans established under ERISA 
are of extremely low money laundering risk.
---------------------------------------------------------------------------

    \59\ See, e.g., 31 CFR 1020.100(a)(2) (for banks); 
1023.100(a)(2) (for brokers or dealers in securities); 
1024.100(a)(2) (for mutual funds); and 1026.100(a)(2) (for futures 
commission merchants or introducing brokers in commodities).
---------------------------------------------------------------------------

    In this regard, commenters requested that FinCEN broaden the 
exemption for ERISA plans to include other non-ERISA retirement plans, 
based on their low risk of money laundering, FinCEN notes that in the 
case of such non-ERISA plans, the customer would generally either be 
the trust established to maintain the assets, or the employer that 
contracts with the financial institution to establish the account, and 
not the underlying participants in or beneficiaries of the account.\60\ 
Accordingly, in the case where the customer would be the employer and 
such employer is a legal entity, the financial institution would be 
required to obtain the beneficial owners of the legal entity employer 
(unless such employer is otherwise excluded from the definition of 
legal entity customer). We address other requests for exemptions from 
the beneficial ownership requirement in the discussion of Sec.  
1010.230(h) below.
---------------------------------------------------------------------------

    \60\ See FinCEN et al., Interagency Interpretive Guidance on 
Customer Identification Program Requirements under Section 326 of 
the USA PATRIOT Act, FAQs: Final CIP Rule 6 April 28, 2005, page 6, 
available at https://www.fincen.gov/statutes_regs/guidance/pdf/faqsfinalciprule.pdf.
---------------------------------------------------------------------------

    Paragraph (c) of Sec.  1010.230 of the final rule will accordingly 
read as set out in the regulatory text at the end of this document.
    Section 1010.230(e)(2). The NPRM proposed ten exclusions from the 
legal entity customer definition. The first two categories are also for 
the most part excluded from the requirements of the CIP rules. The 
final rule adopts all of those proposed exclusions, except as discussed 
below under the heading, Charities and Nonprofit Entities. The final 
rule also adds a number of other exclusions in response to comments. 
All of the exclusions are a result of an assessment of the risks and 
determination that beneficial ownership information need not be 
obtained at account opening, because the information is generally 
available from other credible sources:

A financial institution regulated by a Federal functional regulator or 
a bank regulated by a State bank regulator--1010.230(e)(2)(i)

    These entities are excluded because they are subject to Federal or 
State regulation and information regarding their beneficial ownership 
and management is available from the relevant Federal or State 
agencies.

A person described in Sec.  1020.315(b)(2) through (5) of this 
chapter-- Sec.  1010.230(e)(2)(ii)

    This includes the following:
     A department or agency of the United States, of any State, 
or of any political subdivision of a State. FinCEN has determined that 
this category is appropriate for exclusion because such entities have 
no equity owners and information regarding their management is readily 
available from public sources.
     Any entity established under the laws of the United 
States, of any State, or of any political subdivision of any State, or 
under an interstate compact between two or more States, that exercises 
governmental authority on behalf of the United States or of any such 
State or political subdivision. This category is also appropriate for 
exclusion due to the amount of ownership and management information 
that is publicly available about such entities.
     Any entity (other than a bank) whose common stock or 
analogous equity interests are listed on the New York, American,\61\ or 
NASDAQ stock exchange. This exclusion is appropriate because such 
entities are required to publicly disclose the beneficial owners of 
five percent or more of each class of the issuer's voting securities in 
periodic filings with the SEC, to the extent the information is known 
to the issuer or can be ascertained from public filings.\62\ In 
addition, beneficial owners of these issuers' securities may be subject 
to additional reporting requirements.\63\
---------------------------------------------------------------------------

    \61\ Currently called NYSE MKT.
    \62\ See, e.g., Item 12 of Form 10-K and Item 403 of Regulation 
S-K.
    \63\ See Securities Exchange Act section 13(d) and Rules 13d-1 
to 13d-102; Securities Exchange Act Sec.  16(a) and Rules 16a-1 
through 16a-13.
---------------------------------------------------------------------------

     Any entity organized under the laws of the United States 
or of any State at least 51 percent of whose common stock or analogous 
equity interests are held by a listed entity. Because such subsidiaries 
of listed entities are controlled by their parent listed entity, 
information regarding control and management is publicly available.

An issuer of a class of securities registered under section 12 of the 
Securities Exchange Act of 1934 or that is required to file reports 
under section 15(d) of that Act \64\--Sec.  1010.230(e)(2)(iii)

    \64\ See Securities Exchange Act section 16(a) and Rules 16a-1 
through 16a-13 and Item 403 of Regulation S-K.
---------------------------------------------------------------------------

    These issuers are excluded because they are required to publicly 
disclose the beneficial owners of five percent or more of each class of 
the issuer's voting securities in periodic filings with the SEC, to the 
extent the information is known to the issuer or can be ascertained 
from public filings.\65\ In addition, beneficial owners of the issuer's 
securities may be subject to additional reporting requirements.\66\
---------------------------------------------------------------------------

    \65\ See, e.g., Item 12 of Form 10-K and Item 403 of Regulation 
S-K.
    \66\ See Securities Exchange Act section 13(d) and Rules 13d-1 
to 13d-102; Securities Exchange Act Sec.  16(a) and Rules 16a-1 
through 16a-13.

An investment company, as defined in Section 3 of the Investment 
Company Act of 1940, that is registered with the SEC under that Act--
Sec.  1010.230(e)(2)(iv)
An investment adviser, as defined in section 202(a)(11) of the 
Investment Advisers Act of 1940, that is registered with the SEC under 
that Act--Sec.  1010.230(e)(2)(v)

    These entities are excluded because registered investment companies 
and registered investment advisers already publicly report beneficial 
ownership in their filings with the SEC.\67\
---------------------------------------------------------------------------

    \67\ See, e.g., Item 17 of Form N-1A and Schedule A to Part 1A 
of Form ADV.

An exchange or clearing agency, as defined in section 3 of the 
Securities Exchange Act of 1934, that is registered under section 6 or 
17A of that Act--Sec.  1010.230(e)(2)(vi)
Any other entity registered with the SEC under the Securities and 
Exchange Act of 1934--Sec.  1010.230(e)(2)(vii)

    These entities are excluded because the SEC registration process 
requires disclosure and regular updating of information about 
beneficial owners of those entities, as well as senior management and 
other control persons.

A registered entity, commodity pool operator, commodity trading 
advisor, retail foreign exchange dealer, swap dealer, or major swap 
participant, each as defined in section 1a of the Commodity Exchange 
Act, that is registered with the CFTC--Sec.  1010.230(e)(2)(viii)

    These entities are excluded because the CFTC registration process 
requires disclosure and regular updating of information about 
beneficial owners of those entities, as well as senior management and 
other control persons.

A public accounting firm registered under section 102 of the Sarbanes-
Oxley Act--Sec.  1010.230(e)(2)(ix)

    Such firms are those that audit publicly traded companies and SEC-
registered broker-dealers. These firms are required to register with 
the Public Company Accounting Oversight Board

[[Page 29414]]

(PCAOB), a nonprofit corporation established by Congress to oversee the 
audits of publicly traded companies, and are required to file annual 
and special reports with the PCAOB. In addition, States require public 
accounting firms to register and to file annual reports identifying 
their members (e.g., partners, members, or shareholders).\68\ Such 
information is often available online.
---------------------------------------------------------------------------

    \68\ See, e.g., New York State Education Law, Article 149, 
Section 7408.3.
---------------------------------------------------------------------------

    Many commenters also urged that the proposed exclusions from the 
legal entity customer definition be expanded or clarified in certain 
respects. These include, among others, exclusions for accounts for 
employee benefit plans (addressed above), additional entities regulated 
by the United States or States of the United States, foreign 
governments and agencies, foreign financial institutions, and 
nonprofits. Commenters also sought clarity on how certain types of 
entities and relationships should be treated.

Additional Regulated Entities

A bank holding company, as defined in section 2 of the Bank Holding 
Company Act of 1956 (12 U.S.C. 1841), or savings and loan holding 
company, as defined in section 10(n) of the Home Owners' Loan Act (12 
U.S.C. 1467a(n))--Sec.  1010.230(e)(2)(x)

    At the suggestion of several commenters, bank holding companies, 
which include financial holding companies, have been excluded from the 
beneficial ownership requirement in the final rule because the Federal 
Reserve Board maintains beneficial ownership information on all of 
these companies. Savings and loan holding companies are excluded for 
the same reason.

A pooled investment vehicle that is operated or advised by a financial 
institution excluded under this paragraph--Sec.  1010.230(e)(2)(xi)

    In response to several commenters who noted that beneficial 
ownership information would be available regarding the operator or 
adviser of such pooled vehicles, FinCEN has determined that the pooled 
vehicle should also be excluded from this requirement.

An insurance company that is regulated by a State--Sec.  
1010.230(e)(2)(xii)

    A few commenters sought exclusion of insurance companies from the 
definition of legal entity customer, with the requested exclusions 
ranging in scope from all insurance companies subject to an AML program 
requirement and all insurance companies regulated by a State of the 
United States, to those insurance companies that own or control an SEC 
registered broker-dealer or SEC registered investment adviser. We 
address these proposals in turn.
    The commenters who proposed to exclude all insurance companies 
subject to an AML program requirement and all State-regulated insurance 
companies did not directly proffer a rationale for their request. We 
presume that the commenters believe that insurance companies subject to 
an AML program requirement and to State regulation present a lower risk 
profile, and should therefore be excluded. As to insurance companies 
subject to an AML program requirement, such status alone does not 
require insurance companies to disclose beneficial ownership 
information to their supervisors. Accordingly, an exclusion on that 
basis would not be warranted. With respect to insurance companies 
regulated by a State of the United States, these companies must 
disclose and regularly update their beneficial owners, as well the 
identities of senior management and other control persons. For 
insurance firms that are a part of a publicly traded group, such 
disclosures would also be found in annual SEC filings. All State-
regulated insurance companies are required to file an Annual Statement 
with their State regulators, identifying senior management, directors, 
and trustees. Schedule Y of this Statement shows the firm's corporate 
structure, including direct and indirect parents and subsidiaries of 
the insurer. Form B, an annual registration statement filed with state 
regulators, shows the executive officers, directors, and controlling 
shareholders of insurance companies. In the case of mutual insurance 
companies, which do not issue equity and are instead owned as a whole 
by their policyholders, Form B nevertheless shows their executive 
officers and directors. For these reasons, we believe an exclusion for 
State-regulated insurance companies is appropriate, and we have 
accordingly added to the final rule an exclusion for an insurance 
company that is regulated by a State as paragraph (e)(2)(xii).\69\
---------------------------------------------------------------------------

    \69\ Because ``State'' is defined in 31 CFR 1010.100(vv), we 
have not included ``of the United States'' in the rule text.
---------------------------------------------------------------------------

    Some commenters also sought an exclusion for insurance companies 
that own or control an SEC registered broker-dealer or SEC registered 
investment adviser, noting that their registration with the SEC results 
in the disclosure of all individuals and entities in the indirect chain 
of ownership of the broker-dealer or adviser with an ownership interest 
of 25 percent or more. FinCEN understands that in the vast majority of 
cases, an insurance company that owns or controls a registered broker-
dealer or investment advisor would also be regulated by a State. 
Accordingly, FinCEN believes that this additional exclusion would be 
redundant.

A financial market utility designated by the Financial Stability 
Oversight Council under Title VIII of the Dodd-Frank Wall Street Reform 
and Consumer Protection Act of 2010--Sec.  1010.230(e)(2)(xiii)

    One commenter requested that FinCEN exclude designated financial 
market utilities from the definition of legal entity customer, noting 
that such entities are already subject to extensive regulation. FinCEN 
understands that entities designated as financial market utilities by 
the Financial Stability Oversight Council pursuant to Title VIII of the 
Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 are 
subject to extensive supervision and oversight by their Federal 
functional regulators, including the disclosure of beneficial ownership 
information. Accordingly, FinCEN believes that it is appropriate to 
exclude them from the definition.

Excluded Foreign Entities

A foreign financial institution established in a jurisdiction where the 
regulator of such institution maintains beneficial ownership 
information regarding such institution--Sec.  1010.230(e)(2)(xiv)

    Numerous commenters urged FinCEN to broaden the proposed exemptions 
for regulated financial institutions and publicly traded companies in 
the United States to include their counterparts outside of the United 
States. With regard to regulated foreign financial institutions, some 
commenters noted that in the rules implementing section 312 of the USA 
PATRIOT Act, even in the case of foreign banks subject to enhanced due 
diligence, a U.S. bank need obtain ownership information only if such 
foreign banks are not publicly traded,\70\ and that it would be 
inconsistent to impose a more burdensome requirement in the case of 
correspondent accounts for foreign banks (and arguably other foreign 
financial institutions) that are not subject to enhanced due diligence. 
FinCEN agrees with this analysis and has broadened the exclusions to 
the

[[Page 29415]]

definition of legal entity customer in the final rule to include 
foreign financial institutions established in jurisdictions where the 
regulator of such institution maintains beneficial ownership 
information regarding such institution. As with other exclusions 
described above, FinCEN has determined that it is appropriate to 
exclude these entities, because information regarding their beneficial 
ownership and management is available from the relevant foreign 
regulator.
---------------------------------------------------------------------------

    \70\ 31 CFR 1010.610(b)(3).

A non-U.S. governmental department, agency or political subdivision 
that engages only in governmental rather than commercial activities--
---------------------------------------------------------------------------
Sec.  1010.230(e)(2)(xv)

    Commenters also requested that certain departments, agencies, and 
political subdivisions of non-U.S. governments, as well as State-owned 
enterprises and supranational organizations, should also be exempt from 
the beneficial ownership requirement. The commenters pointed out that 
no such customers would have beneficial owners under the ownership 
prong, and any individual identified under the control prong would in 
most cases not be in the United States, which would make verification 
of identity more difficult. We agree that certain departments, 
agencies, and political subdivisions of non-U.S. governments--
specifically, those that engage only in governmental (and not 
commercial) activities--should not fall within the definition of legal 
entity customer, and should therefore be excluded from the requirement. 
Although this delineation between governmental and commercial 
activities arises out of well-recognized principles of sovereign 
immunity, FinCEN does not expect front-line employees of covered 
financial institutions to engage in any type of legal analysis to 
determine the applicability of this exclusion. Rather, FinCEN expects 
covered financial institutions to rely upon the representations of such 
customers, absent knowledge to the contrary.
    Some commenters also requested an exclusion for supranational 
organizations. FinCEN is not aware of a well-established, widely 
accepted definition of this term that could serve to clearly notify 
such entities of their eligibility to be excluded from this 
requirement. Because of the administrative challenges associated with 
determining such eligibility in the absence of a clear line, FinCEN 
declines to include such an exclusion in the final rule. We recognize 
that many such organizations would generally lack equity interests (and 
accordingly, equity stakes); thus, as in the case of other legal 
entities lacking such interests, financial institutions would be 
expected to collect beneficial ownership information under the control 
prong only.

Any legal entity only to the extent that it opens a private banking 
account subject to 31 CFR 1010.620--Sec.  1010.230(e)(2)(xvi)

    A number of commenters requested that FinCEN clarify the treatment 
of beneficial owners of private banking accounts for non-U.S. persons 
that are subject to FinCEN's private banking account rule,\71\ which 
requires financial institutions maintaining such accounts to ascertain 
the identity of all beneficial owners of such accounts, but utilizes a 
different definition.\72\ Because covered financial institutions have 
established a process for complying with the private banking account 
regulation, FinCEN has determined that it is appropriate to exclude 
such legal entity customers from the beneficial ownership requirement 
only when they establish such accounts.
---------------------------------------------------------------------------

    \71\ 31 CFR 1010.620.
    \72\ 31 CFR 1010.605(a).
---------------------------------------------------------------------------

Nonexcluded Pooled Investment Vehicles

    In the proposal, FinCEN sought comment on the approach that it 
should take towards pooled investment vehicles that are operated or 
advised by financial institutions that are not proposed to be excluded 
from the definition of legal entity customer, i.e., whether they should 
also be excluded from this requirement, or, if such vehicles are not 
excluded, whether covered financial institutions should be required to 
identify beneficial owners of such vehicles only under the control 
prong of the beneficial ownership definition. We noted that such 
entities often have ownership interests that fluctuate, and that 
identifying beneficial owners of these entities based on a percentage 
ownership threshold accordingly might create unreasonable operational 
challenges to collect information that would only be accurate for a 
limited period of time.
    Some commenters requested that FinCEN exclude such pooled 
investment vehicles from the beneficial ownership requirement for 
several reasons, including the logistical difficulties of maintaining 
the information and possible limited duration of the accuracy of the 
information noted above. The commenters requested that, if such 
vehicles are not excluded, then FinCEN should require those financial 
institutions to collect beneficial ownership information of such 
entities under the control prong only. FinCEN agrees that, because of 
the limited utility and difficulty of collecting beneficial ownership 
information under the ownership prong, in the case of pooled investment 
vehicles whose operators or advisers are not excluded from this 
definition, such as non-U.S. managed mutual funds, hedge funds, and 
private equity funds, financial institutions would be required to 
collect beneficial ownership information under the control prong only 
(e.g., an individual with significant responsibility to control, 
manage, or direct the operator, adviser, or general partner of the 
vehicle). This treatment of nonexcluded pooled investment vehicles is 
reflected in the final rule in Sec.  1010.230(e)(3)(i).

Intermediated Account Relationships

    In the NPRM, we proposed that if an intermediary is the customer, 
and the financial institution has no CIP obligation with respect to the 
intermediary's underlying clients pursuant to existing guidance, a 
financial institution should treat the intermediary, and not the 
intermediary's underlying clients, as its legal entity customer. Thus, 
existing guidance issued jointly by Treasury or FinCEN and any of the 
Federal functional regulators for broker-dealers, mutual funds, and the 
futures industry related to intermediated relationships would 
apply.\73\ Commenters from the securities, mutual fund, and futures 
industries strongly supported this approach. FinCEN confirms that this 
principle will apply in interpreting the final rule, as follows: To the 
extent that

[[Page 29416]]

existing guidance provides that, for purposes of the CIP rules, a 
financial institution shall treat an intermediary (and not the 
intermediary's customers) as its customer, the financial institution 
should treat the intermediary as its customer for purposes of this 
final rule. FinCEN also confirms that other guidance issued jointly by 
FinCEN and one or more Federal functional regulators relating to the 
application of the CIP rule will apply to this final rule, to the 
extent relevant.\74\
---------------------------------------------------------------------------

    \73\ See, e.g., Guidance from the Staffs of the Department of 
the Treasury and the U.S. Securities and Exchange Commission, 
Questions and Answers Regarding the Mutual Fund Customer 
Identification Rule, August 11, 2003, available at https://www.sec.gov/divisions/investment/guidance/qamutualfund.htm.; 
Guidance from the Staffs of the Department of the Treasury and the 
U.S. Securities and Exchange Commission, Question and Answer 
Regarding the Broker-Dealer Customer Identification Program Rule (31 
CFR 103.122) (October 1, 2003), available at https://www.fincen.gov/statutes_regs/guidance/html/20031001.html; Guidance from the Staffs 
of the Department of the Treasury and the U.S. Commodity Futures 
Trading Commission, Frequently Asked Question regarding Customer 
Identification Programs for Futures Commission Merchants and 
Introducing Brokers (31 CFR 103.123), available at https://www.fincen.gov/statutes_regs/guidance/html/futures_omnibus_account_qa_final.html; FinCEN, Application of the 
Regulations Requiring Special Due Diligence Programs for Certain 
Foreign Accounts to the Securities and Futures Industries, FIN-2006-
G009 (May 10, 2006), available at https://www.fincen.gov/statutes_regs/guidance/html/312securities_futures_guidance.html.
    \74\ See, e.g., FinCEN, Application of the Customer 
Identification Program Rule to Future Commission Merchants Operating 
as Executing and Clearing Brokers in Give-Up Arrangements, FIN-2007-
G001 (April 20, 2007), available at https://www.fincen.gov/statutes_regs/guidance/html/cftc_fincen_guidance.html; ``FAQs: Final 
CIP Rule''.
---------------------------------------------------------------------------

    One commenter representing the legal profession requested that 
escrow accounts established by lawyers to keep their clients' funds in 
trust be given the same treatment, due to lawyers' professional 
obligations to maintain client confidentiality under State law and 
codes of professional conduct. This commenter proposed that in the case 
of such accounts, only the lawyers and law firms establishing these 
accounts would be deemed legal entity customers from which beneficial 
ownership information would be collected. FinCEN understands that many 
attorneys maintain client trust or escrow accounts containing funds 
from multiple clients and other third parties in a single account. 
Funds flow in and out of these accounts during the normal course of 
business, and while these movements may not be as frequent as those 
found in, for example, pooled accounts in the securities and futures 
industries, they nevertheless create significant operational challenges 
to collecting this information with reference to the relevant clients 
and third parties. As in the case of nonexcluded pooled investment 
vehicles, FinCEN believes that it would be unreasonable to impose such 
collection obligations for information that would likely be accurate 
only for a limited period of time. FinCEN also understands that State 
bar associations impose extensive recordkeeping requirements upon 
attorneys with respect to such accounts, generally including, among 
other things, records tracking each deposit and withdrawal, including 
the source of funds, recipient of funds, and purpose of payment; copies 
of statements to clients or other persons showing disbursements to them 
or on their behalf; and bank statements and deposit receipts.\75\ For 
these reasons, FinCEN believes that attorney escrow and client trust 
accounts should be treated like other intermediated accounts described 
above, and we accordingly deem such escrow accounts intermediated 
accounts for purposes of the beneficial ownership requirement.
---------------------------------------------------------------------------

    \75\ See, e.g., 22 N.Y.C.R.R. Part 1200, Rule 1.15; California 
State Bar Rule of Professional Conduct 4-100.
---------------------------------------------------------------------------

Charities and Nonprofit Entities

    In the NPRM, we proposed an exclusion from the definition of 
``legal entity customer'' for charities and nonprofit entities that are 
described in sections 501(c), 527, or 4947(a)(1) of the Internal 
Revenue Code of 1986, which have not been denied tax exempt status, and 
which are required to and have filed the most recently due annual 
information return with the Internal Revenue Service.
    Commenters raised a number of issues with this proposed exemption. 
These include the fact that, in order to qualify for the exemption, the 
financial institution would effectively need to verify each of the 
following:
    1. That the customer qualifies for an exemption under one of the 
three listed sections of the Internal Revenue Code, which would likely 
require that the financial institution review the entity's IRS 
documentation;
    2. That the exemption has not been revoked;
    3. That the entity is required to file an annual information 
return; and
    4. That the entity has in fact filed such return.
    Commenters expressed concerns that these steps to verify a 
charitable organization's eligibility for the exemption would be unduly 
burdensome and difficult for frontline staff to administer. Several 
commenters asked whether the financial institution could utilize the 
IRS's search tool that enables taxpayers to confirm the tax exempt 
status of organizations, ``EO Select Check,'' in order to verify the 
necessary information; others noted that, while this Web site confirms 
the tax exempt status of organizations, it does not confirm that the 
organization has filed its most recently due return. Moreover, up-to-
date information, particularly regarding a recently formed 
organization, may not be available. Commenters noted further that, 
unless these issues can be addressed in a way that would facilitate the 
use of the exclusion, it would in many cases be simpler to ignore the 
exclusion and obtain the beneficial ownership information.
    FinCEN has considered the comments addressing this proposed 
exclusion and agrees that as proposed the exclusion would in many cases 
be difficult to administer. Rather than limiting its treatment of this 
category to entities that are exempt from Federal tax and requiring 
proof of such exemption, FinCEN has determined that it would be 
simpler, as well as more efficient and more logical, to exclude all 
nonprofit entities (whether or not tax-exempt) from the ownership prong 
of the requirement, particularly considering the fact that nonprofit 
entities do not have ownership interests, and require only that they 
identify an individual with significant responsibility to control, 
manage, or direct the customer. Accordingly, the final rule eliminates 
this proposed exclusion and instead includes as a type of legal entity 
customer, subject only to the control prong of the beneficial owner 
definition, any legal entity that is established as a nonprofit 
corporation or similar entity and has filed its organizational 
documents with the appropriate State authority as necessary.
    For purposes of this provision, a nonprofit corporation or similar 
entity would include, among others, charitable, nonprofit, not-for-
profit, nonstock, public benefit or similar corporations. Such an 
organization could establish that it is a qualifying entity by 
providing a certified copy of its certificate of incorporation or a 
certificate of good standing from the appropriate State authority, 
which may already be required for a legal entity to open an account 
with a financial institution under its CIP.\76\ FinCEN also believes 
that identifying and verifying an individual under the control prong is 
not an onerous requirement, and understands from its outreach that in 
the cases of many nonprofits such an individual is already identified 
to the financial institution as a signatory. FinCEN also notes that as 
a general matter, small local community organizations, such as Scout 
Troops and youth sports leagues, are unincorporated associations rather 
than legal entities and therefore not subject to the beneficial 
ownership requirement.
---------------------------------------------------------------------------

    \76\ See, e.g., 31 CFR 1020.220(a)(2)(ii)(A)(2).
---------------------------------------------------------------------------

Other Proposed Exclusions

    A few commenters requested that we expand the list of exclusions to 
include all types of entities currently exempt from CTR reporting 
requirements. Although some of the exclusions to the definition of 
legal entity customer correspond to entities exempt from CTR

[[Page 29417]]

reporting requirements,\77\ we decline to extend these exclusions to 
include all of the CTR exemptions. The CTR and beneficial ownership 
requirements serve different purposes, and the principal underlying 
justification for many of the CTR exemptions--that the requirement is 
not feasible or appropriate for cash-intensive low-risk businesses--
does not apply here. FinCEN has considered all the CTR exemptions and 
has included those that are logical in the context of the beneficial 
ownership requirement, for the reasons articulated above.
---------------------------------------------------------------------------

    \77\ See 31 CFR 1010.230(e)(2)(i), which includes certain 
persons exempt from CTR reporting.
---------------------------------------------------------------------------

    Some commenters also requested that FinCEN exclude other ``low-
risk'' entities from the definition of legal entity customer. We have 
considered all commenters' requests for exclusions to the definition 
and have incorporated only those that we have determined are 
appropriate in this context.
    Section 1010.230(f) Covered Financial Institution. As proposed, 
this paragraph defined covered financial institution through 
incorporation by reference of the definition set forth in Sec.  
1010.605(e)(1), thereby subjecting to this requirement those financial 
institutions already covered by CIP requirements. FinCEN noted in the 
proposal that it viewed the exercise of its discretion to limit the 
initial application of this requirement to these institutions as 
appropriate, because it is logical to minimize disruption and burden to 
the extent possible by commencing implementation with institutions 
already equipped to leverage CIP procedures.
    There were no significant objections to limiting the scope of this 
requirement in this manner, and we are accordingly adopting this 
definition as proposed. We note generally that FinCEN received comments 
from institutions not subject to CIP (nor therefore to the proposal), 
urging us to engage in dialogue before determining whether to expand 
the beneficial ownership and CDD requirements to their industries. 
FinCEN agrees that thoughtful engagement with all stakeholders is an 
essential component of the rulemaking process, and will continue to 
engage in outreach to inform our policy decisions and any future 
rulemakings. As we noted in the proposal, comments and discussions with 
these institutions during the course of this rulemaking have led us to 
believe that extending CDD requirements in the future to these, and 
potentially other types of financial institutions, may ultimately 
promote a more consistent, reliable, and effective AML regulatory 
structure across the financial system.
    A few commenters requested that FinCEN exclude smaller financial 
institutions from the scope of coverage, contending principally that 
such institutions generally presented a lower risk profile and that 
implementation of the beneficial ownership requirement would be unduly 
burdensome. We decline to categorically exclude smaller institutions 
from the definition of covered financial institution. As we have noted, 
both in the proposal and above, one of the animating purposes of this 
rulemaking is to promote clear and consistent expectations across and 
within financial sectors, in order to promote a more level playing 
field when it comes to AML/CFT compliance. Uniform application of the 
beneficial ownership requirement would prevent the ``competitive 
disadvantage'' (cited by one commenter seeking this exclusion) that 
would result if prospective customers were not required ``to complete 
the same form at . . . competitor financial institutions.'' And even 
though some smaller institutions might be lower risk, size alone should 
not be a determinative factor for a risk assessment, making it an 
inappropriate basis for a categorical exclusion. Indeed, a blanket 
size-based exclusion would provide a clear roadmap for illicit actors 
seeking an easy entry point into the financial system. Finally, FinCEN 
appreciates the concerns raised about the burden of implementation 
expressed by commenters and, as described at length above, has made 
numerous changes to the proposal to reduce the burden upon financial 
institutions. We reiterate that, as with CIP, financial institutions 
are expected to implement procedures for collecting beneficial 
ownership information ``appropriate for [their] size and type of 
business.'' \78\
---------------------------------------------------------------------------

    \78\ 31 CFR 1020.220(a)(1); 31 CFR 1023.220(a)(1); 31 CFR 
1024.220(a)(1); 31 CFR 1026.220(a)(1).
---------------------------------------------------------------------------

    Section 1010.230(g) New account. See discussion above under 
``Identification and Verification.''
    Section 1010.230(h) Exemptions. In the final rule, this paragraph 
exempts covered financial institutions from the beneficial ownership 
requirement with respect to opening accounts for legal entity customers 
for certain specific activities and within certain limitations for the 
reasons described below.

Private Label Retail Credit Accounts Established at the Point-of-Sale

    One commenter requested that FinCEN exempt point-of-sale retail 
credit accounts provided to small to mid-size business customers, 
including commercial private label and co-branded credit cards and 
installment loans, from the scope of coverage of the beneficial 
ownership requirement. This commenter noted that such accounts 
presented a lower risk of money laundering due in large part to 
limitations on the use of those cards inherent in these customer 
relationships. For example, because private label credit cards can be 
used only to purchase goods or services at the specified retailer at 
which they are issued, they would not be an attractive vehicle to 
launder illicit proceeds. That these accounts can only be used for 
domestic transactions, and generally have lower credit limits, are 
additional factors that mitigate the risk of these accounts. FinCEN has 
learned that legal entities without an established and verifiable 
credit history that seek such accounts are generally required to 
provide a personal guarantee by a natural person whose identity and 
credit history are verified. We agree that these characteristics and 
limitations associated with private label credit card accounts that are 
used exclusively within issuing retailers' networks, significantly 
decrease these accounts' susceptibility to abuse by money launderers 
and terrorist financers. Thus, covered financial institutions are 
exempt from the beneficial ownership requirement with respect to 
private label credit card accounts to the limited extent that they are 
established at the point-of-sale to obtain credit products, including 
commercial private label credit cards, solely for the purchase of 
retail goods and/or services at the issuing retailer and have a credit 
limit of no more than $50,000.
    In contrast, credit cards that are co-branded with major credit 
card associations do not possess the same limitations and 
characteristics that would protect them from abuse. For example, co-
branded credit cards can be used at any outlet or ATM that accepts 
those associations' cards. FinCEN therefore believes that covered 
financial institutions should obtain and verify beneficial ownership 
information with respect to opening accounts for legal entities 
involving such co-branded cards.

Additional Exemptions

    During the comment period to the RIA, several commenters sought to 
exempt certain limited purpose activities from the scope of the 
beneficial ownership requirement, principally on the grounds that such 
accounts had an extremely low risk profile for money laundering because 
of

[[Page 29418]]

inherent structural limitations to the accounts and the purposes for 
which such accounts are established.

Accounts Established for the Purchase and Financing of Postage

    One such commenter was a limited purpose banking entity whose 
primary business is to facilitate the purchase and financing of 
postage. This commenter noted that all the accounts at its institution 
exist solely for small businesses, governments, and nonprofit 
organizations to prepay postage and earn interest (in the form of 
additional postage), or to finance postage through an unsecured 
revolving line of credit. Clients of this institution cannot use these 
accounts to purchase merchandise, deposit or withdraw cash, write 
checks, or transfer funds. FinCEN agrees that these types of accounts 
present a low risk of money laundering, both because of the purpose for 
which such accounts are established, as well as the characteristics of 
these accounts described above. Accordingly, covered financial 
institutions are exempt from the beneficial ownership requirement with 
respect to accounts solely used to finance the purchase of postage and 
for which payments are remitted directly by the financial institution 
to the provider of the postage products.

Commercial Accounts To Finance Insurance Premiums

    Several commenters representing the commercial insurance premium 
finance industry submitted a joint letter outlining the expected impact 
of the beneficial ownership requirement on their industry, and the 
structural characteristics of these financial products that make them a 
low risk of money laundering. They noted that borrowers seeking funds 
to finance premiums for property and casualty insurance do not receive 
these proceeds directly; instead, the funds are remitted directly to an 
insurance company, either directly or through an insurance agent or 
broker. As with the limited purpose postage accounts described above, 
customers of premium finance companies cannot use these accounts to 
purchase merchandise, deposit or withdraw cash, write checks, or 
transfer funds. FinCEN agrees that these types of accounts present a 
low risk of money laundering, both because of the purpose for which 
such accounts are established, as well as the characteristics of these 
accounts that make them a poor vehicle for money laundering. For these 
reasons, covered financial institutions are exempt from the beneficial 
ownership requirement with respect to accounts solely used to finance 
insurance premiums and for which payments are remitted directly by the 
financial institution to the insurance provider or broker.

Accounts To Finance the Purchase or Lease of Equipment

    One commenter representing a bank that primarily provides financial 
products for small business equipment leasing sought to exclude this 
activity from the beneficial ownership requirement with the same basic 
rationale put forth by the commenters representing the commercial 
insurance premium finance industry. Because FinCEN understands that 
these financial products have similar structural characteristics that 
limit their utility as vehicles for money laundering, covered financial 
institutions are exempt from the beneficial ownership requirement with 
respect to accounts solely used to finance the purchase or leasing of 
equipment and for which payments are remitted directly by the financial 
institution to the vendor or lessor of this equipment.
    Section 1010.230(h)(2) Limitations on Exemptions. These three 
exemptions are subject to further limitations to mitigate the remaining 
limited money laundering risks associated with them, as follows:
     The exemptions identified in paragraphs (h)(1)(ii) through 
(iv) do not apply to transaction accounts through which a legal entity 
customer can make payments to, or receive payments from, third parties.
     If there is the possibility of a cash refund on the 
account activity identified in paragraphs (h)(1)(ii) through (iv), then 
beneficial ownership of the legal entity customer must be identified 
and verified by the financial institution as required by this section, 
either at the time of initial remittance, or at the time such refund 
occurs.

The first limitation reflects the additional structural limitation 
described in our discussion of these account types that makes them a 
low risk of money laundering, and therefore a necessary characteristic 
to qualify for these exclusions. The second limitation serves to 
mitigate the principal money laundering vulnerability in some of these 
accounts--to wit, the possibility of a cash refund--by requiring the 
identification and verification of beneficial ownership information 
when the initial remittance is made or when a refund actually occurs. 
Based upon the submissions from commenters, as well as subsequent 
inquiry into these financial products, FinCEN understands that most of 
these exempted accounts would not be affected by such limitation. 
Furthermore, this requirement has been drafted to give covered 
financial institutions flexibility in implementing this provision. 
Although this limitation applies broadly to accounts where there is the 
possibility of a refund, as a practical matter, beneficial ownership 
information must only be collected when such a refund actually occurs. 
Thus, covered financial institutions that offer such products do not 
have to change their onboarding systems, and FinCEN believes that in 
most cases, they will not have to collect this information.
    Section 1010.230(i) Recordkeeping. In the NPRM, we proposed a 
recordkeeping requirement identical to the requirement for CIP, in 
order to leverage existing standards and processes to facilitate 
financial institutions' implementation of this requirement. Thus, under 
the proposal, a financial institution must have procedures for 
maintaining a record of all information obtained in connection with 
identifying and verifying beneficial owners, including retention of the 
Certification Form and a record of any other related identifying 
information reviewed or collected, for a period of five years after the 
date the account is closed. Furthermore, we proposed that a financial 
institution must also retain records for a period of five years after 
such record is made, including a description of every document relied 
on for verification, any non-documentary methods and results of 
measures undertaken for verification, as well as the resolution of any 
substantive discrepancies discovered in verifying the identification 
information.
    Because collection of the Certification Form is no longer a 
requirement, we are making a corresponding change to the recordkeeping 
requirement for the final rule. Section 1010.230(i)(1)(i) now states 
that at a minimum, the record must include, for identification, any 
identifying information obtained by the covered financial institution 
pursuant to paragraph (b), including without limitation the 
certification (if obtained).
    Most commenters who addressed this issue agreed with FinCEN's 
decision to have recordkeeping requirements identical to CIP. However, 
two commenters who submitted largely identical letters objected to this 
approach, asserting that the CIP recordkeeping requirements did not 
make sense in the context of beneficial ownership information because 
such information would likely change regularly for some legal entity 
customers, resulting in the accumulation of multiple iterations of the 
Certification Form, all of which would have to be retained. Despite 
this

[[Page 29419]]

concern, we decline to alter the recordkeeping requirement. First, 
because the Certification Form is no longer mandatory, financial 
institutions not using it will not have to retain multiple 
Certification Forms, but will instead have flexibility to record any 
changes of beneficial ownership information in a manner that works best 
for their institution. And we believe the benefit from leveraging 
existing procedures far outweighs any benefit that might arise from a 
shorter recordkeeping standard, because creating a separate standard 
for beneficial ownership information would likely require new processes 
and necessitate training for employees, as well as require line 
employees to consistently apply different standards for beneficial 
ownership and CIP information.
    Section 1010.230(j) Reliance on Another Financial Institution. In 
the NPRM, we proposed that financial institutions could rely on the 
performance by another financial institution of the requirements of 
this section under the same conditions as set forth in the applicable 
CIP rules.
    Commenters raised a few points regarding the reliance provision as 
proposed. A few requested that we lower the standard for reliance below 
that articulated in the applicable CIP rules, by permitting reliance 
without a contract and annual certification, and extending the reliance 
provisions to regulated money services businesses and foreign 
affiliates of covered financial institutions subject to a global 
standard at least as rigorous as U.S. CIP and CDD standards. We decline 
to make any of these proposed changes to the reliance provision at this 
time. FinCEN believes that there is significant value to financial 
institutions in terms of account management in having uniform standards 
to the greatest extent possible, and that having different reliance 
standards for CIP and for beneficial ownership information might cause 
confusion and negatively impact compliance. Thus, to the extent that we 
would make any of the proposed changes to the reliance provision, we 
believe it would be important to make the same changes concurrently to 
the applicable CIP provisions, which would require joint rulemaking.
    One commenter requested that FinCEN clarify reliance 
responsibilities in the drafting of selling, clearing, or counterparty 
agreements, without further elaboration upon the type of clarification 
sought or the need for such clarification. We have considered this 
request, and in the absence of any specific and persuasive arguments 
supporting the need for such clarification, we have found no reason to 
provide any clarification addressing this issue.
    Another commenter requested that FinCEN amend the reliance 
provision to enable covered financial institutions to employ the 
services of non-financial institution third parties as beneficial 
ownership pre-check service providers, to conduct beneficial ownership 
due diligence. This commenter contended that amending the proposal in 
this way might facilitate compliance by permitting third parties 
specializing in beneficial ownership due diligence to fulfill the 
requirements of this section at scale, expediting legal entities' 
ability to open accounts. Thus, the commenter proposed adding clauses 
to the reliance provision permitting such reliance on these third 
parties if the reliance is reasonable; the third party is voluntarily 
subject to a rule implementing 31 U.S.C. 5318(h) and certified by 
Treasury or FinCEN; and the third party certifies to the financial 
institution that it has implemented an AML program and that it will 
perform the requirements of section 1010.230. FinCEN declines to make 
these changes. Currently, FinCEN does not have an appropriate mechanism 
to permit a third party to voluntarily subject itself to an AML program 
requirement, nor to assess and certify that party's compliance. We thus 
believe that it would make more sense to postpone any consideration of 
this approach until after FinCEN and the covered financial institutions 
have gained experience and understanding from implementing section 
1010.230.
    Section 1020.210 Anti-money laundering program requirements for 
financial institutions regulated only by a Federal functional 
regulator, including banks, savings associations, and credit unions. In 
the NPRM, we proposed to amend FinCEN's existing AML program rules to 
expressly incorporate both the minimum statutory elements of an AML 
program prescribed by 31 U.S.C. 5318(h)(1), as well as the elements of 
the minimum standard of CDD that are not otherwise already accounted 
for in either the existing AML regulatory scheme (i.e., CIP) or in the 
proposed beneficial ownership requirement.\79\ Paragraphs (b)(1) 
through (4) correspond to the minimum statutory elements of section 
5318(h)(1), while proposed paragraph (b)(5) set forth the remaining 
elements of CDD by requiring appropriate risk-based procedures for 
conducting ongoing customer due diligence including, but not limited 
to, (i) understanding the nature and purpose of customer relationships 
for the purpose of developing a customer risk profile, and (ii) 
conducting ongoing monitoring to maintain and update customer 
information and to identify and report suspicious transactions. We 
described our understanding that these third and fourth elements of CDD 
were necessary and critical steps required to comply with the existing 
requirement under the BSA to identify and report suspicious 
transactions. Thus, expressly incorporating the third and fourth 
elements of CDD into the AML program rules would serve to harmonize 
these elements with existing AML obligations. Because the proposal 
sought only to clarify and explicitly state existing expectations and 
requirements, we emphasized that the proposal was not intended to 
lower, reduce, or limit the due diligence expectations of the Federal 
functional regulators or limit their existing regulatory discretion, 
nor to create any new obligations.
---------------------------------------------------------------------------

    \79\ In the proposal, we described these elements, which we 
believe to be fundamental to an effective AML program, as follows: 
(i) Identifying and verifying the identity of customers; (ii) 
identifying and verifying the identity of beneficial owners of legal 
entity customers (i.e., the natural persons who own or control legal 
entities); (iii) understanding the nature and purpose of customer 
relationships; and (iv) conducting ongoing monitoring to maintain 
and update customer information and to identify and report 
suspicious transactions. See 79 FR at 45152.
---------------------------------------------------------------------------

    With respect to the third element, understanding the nature and 
purpose of customer relationships for the purpose of developing a 
customer risk profile, we elaborated upon our understanding of the 
manner in which current expectations satisfied this proposed 
requirement. We observed that under the existing requirement for 
financial institutions to report suspicious activity, they must file 
SARs on a transaction that, among other things, has ``no business or 
apparent lawful purpose or is not the sort in which the particular 
customer would normally be expected to engage.'' \80\ Banks 
specifically are expected to ``obtain information at account opening 
sufficient to develop an understanding of normal and expected activity 
for the customer's occupation or business operations.'' \81\ In short, 
to understand the types of transactions in which a particular customer 
would normally be expected to engage necessarily requires an 
understanding of the nature and purpose of the customer relationship, 
which informs the baseline against which aberrant, suspicious 
transactions are identified. It was this fundamental

[[Page 29420]]

expectation that FinCEN sought to encapsulate in its articulation of 
the third element. Moreover, as FinCEN stated in the proposal, in some 
circumstances an understanding of the nature and purpose of a customer 
relationship can also be developed by inherent or self-evident 
information about the product or customer type, such as the type of 
customer, the type of account opened, or the service or product 
offered, or other basic information about the customer, and such 
information may be sufficient to understand the nature and purpose of 
the relationship. We further noted that, depending on the facts and 
circumstances, other relevant facts could include basic information 
about the customer, such as annual income, net worth, domicile, or 
principal occupation or business, as well as, in the case of 
longstanding customers, the customer's history of activity.
---------------------------------------------------------------------------

    \80\ 31 CFR 1020.320(a)(2)(iii); see also 31 CFR 
1023.320(a)(2)(iii), 1024.320(a)(2)(iii), and 1026.320(a)(2)(iii).
    \81\ FFIEC Manual at 57.
---------------------------------------------------------------------------

    Regarding the fourth element, conducting ongoing monitoring to 
maintain and update customer information and to identify and report 
suspicious transactions, we noted our understanding that, as with the 
third element, current industry practice to comply with existing 
expectations for SAR reporting should already satisfy this proposed 
requirement. Banks are expected to have in place internal controls to 
``provide sufficient controls and monitoring systems for timely 
detection and reporting of suspicious activity.'' \82\ In short, the 
proposal served to codify existing supervisory and regulatory 
expectations for banks as explicit requirements within FinCEN's AML 
program requirement in order to make clear that the minimum standards 
of CDD, as articulated, include ongoing monitoring of all transactions 
by, at, or through the financial institution. As proposed, the 
obligation to update customer information as a result of monitoring 
would generally only be triggered when the financial institution 
becomes aware of information about the customer in the course of normal 
monitoring relevant to assessing the risk posed by a customer; it was 
not intended to impose a categorical requirement to update customer 
information on a continuous or ongoing basis using the Certification 
Form in Appendix A or by another means.
---------------------------------------------------------------------------

    \82\ Id. at 29-30.
---------------------------------------------------------------------------

    Commenters raised a number of points about FinCEN's proposal to 
expressly incorporate the third and fourth elements of CDD as a ``fifth 
pillar'' into the AML program rules. Some questioned whether FinCEN had 
the statutory authority to adopt these amendments to the program rules. 
A few commenters expressed general approval of this approach but sought 
clarification of its application, while other commenters opposed the 
codification of existing regulatory expectations, questioning the need 
to do so in light of current regulatory expectations. Some commenters 
raised concerns about FinCEN's articulation of the ongoing monitoring 
requirement, contending that the element as proposed imposed an 
obligation to continuously update customer information. We address 
these comments and provide additional clarification for banks below.
    A few commenters challenged FinCEN's statutory authority to amend 
the AML program rules in this fashion. They argued principally that 
FinCEN's actions exceeded the scope of its statutory authority because 
it proposed to incorporate into the regulations implementing the AML 
program, elements not found in the authorizing statute, 31 U.S.C. 
5318(h). This argument is not supported by a plain reading of the 
statutory text. Section 5318(h)(1) provides in relevant part that 
``each financial institution shall establish anti-money laundering 
programs, including, at a minimum--[the four statutory pillars]. . . 
.'' (emphasis added). And section 5318(h)(2) further provides that 
``[t]he Secretary of the Treasury, after consultation with the 
appropriate Federal functional regulator . . . may prescribe minimum 
standards for programs established under paragraph (1). . . .'' The 
first clause by its terms does not limit an AML program exclusively to 
the four enumerated statutory elements, and the statutory scheme 
clearly vests the Secretary \83\ with discretion to adapt the AML 
program to changing circumstances as warranted after consultation with 
the Federal functional regulators. FinCEN's actions today fall squarely 
within the scope of its statutory delegation of authority from the 
Secretary and the plain language of Section 5318(h)(1).
---------------------------------------------------------------------------

    \83\ As noted above, the Secretary has delegated to the Director 
of FinCEN the authority to implement the BSA and associated 
regulations.
---------------------------------------------------------------------------

    One commenter asserted that the creation of this new ``fifth 
pillar'' separate from the other elements of CDD that are already 
incorporated into the ``internal controls'' pillar, could complicate 
how existing internal controls are identified and managed, possibly 
requiring the revision of existing systems and programs, including 
training and audit functions, thereby needlessly consuming banks' AML 
resources. As described at greater length above and below, FinCEN views 
the fifth pillar as nothing more than an explicit codification of 
existing expectations; as these expectations should already be taken 
into account in a bank's internal controls, FinCEN would expect the 
confusion caused by this codification, if any, to be minimal. 
Furthermore, FinCEN believes that, in order to bring uniformity and 
consistency across sectors, it is important that these due diligence 
elements be made explicit, and that they be part of the AML program of 
depository institutions (as well as of the other covered financial 
institutions). We believe that harmonizing these requirements across 
financial sectors will strengthen the system as a whole, by further 
limiting opportunities for inconsistent application of unclear or 
unexpressed expectations. The same commenter also asserted that 
imposing this requirement unilaterally ``places FinCEN at odds with the 
prudential regulators.'' However, FinCEN notes that the proposed CDD 
rule as well as this final rule, were issued after consultation with 
the staffs of the prudential regulators.
    Most bank commenters did not raise objections to the concept of a 
customer risk profile. The banks that commented on this issue noted 
generally that they understood the concept as it applied to their 
industry. One commenter subject to AML requirements for banks, broker-
dealers, mutual funds, and insurance companies raised concerns that the 
concept of a customer risk profile implicated personal privacy 
interests and that information about personal attributes of customers 
could be used for inappropriate profiling. We reiterate here that for 
banks, the term ``customer risk profile'' is used to refer to the 
information gathered about a customer to develop the baseline against 
which customer activity is assessed for suspicious transaction 
reporting. As such, we would not expect there to be any significant 
changes to current practice that is consistent with existing 
expectations and requirements, and certainly not in the form of 
inappropriate profiling.
    A few commenters raised objections to the ongoing monitoring 
element in the proposal, contending that, as articulated, it was 
inconsistent with current requirements or expectations regarding the 
monitoring of customers and transactions and appeared to impose a new 
requirement to monitor, maintain, and update customer information on a 
continuous basis. Commenters also requested that FinCEN clarify the 
relationship between ongoing monitoring and updating beneficial

[[Page 29421]]

ownership information, asserting that the expectation articulated in 
the proposal that financial institutions should update beneficial 
ownership information in connection with ongoing monitoring was 
unclear. As we noted in the proposal and above, the purpose of 
articulating the requirement regarding updating customer information 
was to codify existing practice relating to ongoing monitoring, and not 
to impose a new categorical requirement to continuously update customer 
information. However, we agree with the commenters that this element as 
presented in the proposal could be construed in this fashion. Thus, the 
final rule amends the ongoing monitoring prong to state that ongoing 
monitoring is conducted to identify and report suspicious transactions 
and, on a risk basis, to maintain and update customer information. For 
these purposes, customer information shall include information 
regarding the beneficial owners of legal entity customers (as defined 
in Sec.  1010.230).
    We believe that this change to the ongoing monitoring clause better 
encapsulates current practice in the AML/CFT area, and therefore, the 
nature of the obligation--that is, financial institutions are presently 
expected to conduct a monitoring-triggered update of customer 
information when they detect information during the course of their 
normal monitoring relevant to assessing or reevaluating the risk of a 
customer relationship. Such information could include, e.g., a 
significant and unexplained change in customer activity. It could also 
include information indicating a possible change in beneficial 
ownership, when such change might be relevant to assessing the risk 
posed by the customer. In any such event, it is appropriate to update 
the customer information accordingly. As we noted in the proposal, 
including the ongoing monitoring element in the AML program rules 
serves to reflect existing practices to satisfy SAR reporting 
obligations. Although the beneficial ownership information collection 
requirement was not in place at the time of the proposal, this 
information may be relevant in assessing the risk posed by the customer 
and in assessing whether a transaction is suspicious. Moreover, FinCEN 
believes it is also consistent that this updating requirement should 
apply not only to customers with new accounts, but also to customers 
with accounts existing on the Applicability Date. That is, should the 
financial institution learn as a result of its normal monitoring that 
the beneficial owner of a legal entity customer may have changed, it 
should identify the beneficial owner of such customer. For example, we 
can envision a situation where an unexpected transfer of all of the 
funds in a legal entity's account to a previously unknown individual 
would trigger an investigation in which the bank learns that the funds 
transfer was directly related to a change in the beneficial ownership 
of the legal entity.\84\ FinCEN emphasizes that the obligation to 
update customer information pursuant to this provision, including 
beneficial ownership information, is triggered only when, in the course 
of its normal monitoring, the financial institution detects information 
relevant to assessing the risk posed by the customer; it is not 
intended to impose a categorical requirement to update customer or 
beneficial ownership information on a continuous or ongoing basis.
---------------------------------------------------------------------------

    \84\ The same changes are being made to the ongoing monitoring 
provisions of the AML program rules for the other covered financial 
institutions.
---------------------------------------------------------------------------

    One commenter asserted that it would be difficult to conceive of a 
scenario where the ongoing monitoring of transactions would provide 
information to a financial institution indicating a potential change in 
beneficial ownership. Accordingly, the commenter suggested that we link 
the expectation to update beneficial ownership information only to 
monitoring of the customer relationship. We generally agree with the 
notion that it is unlikely that transaction monitoring will uncover 
information suggestive of a change of beneficial ownership, because 
such monitoring generally does not tend to provide insight into the 
transfer of ownership or operational control. Nevertheless, we do not 
believe that a categorical exclusion of beneficial ownership 
information from this element would be appropriate. First, FinCEN 
believes that the revision of the ongoing monitoring element for the 
final rule as described above largely addresses this concern--as we 
have noted repeatedly, our requirement is consistent with current 
practice, and we expect monitoring-triggered updating of beneficial 
ownership information (as with other customer information) only to 
occur on a risk basis when material information about a change in 
beneficial ownership is uncovered during the course of a bank's normal 
monitoring (whether of the customer relationship or of transactions). 
As noted in the preceding paragraph, there may be unusual cases where 
transaction monitoring might lead to information about a possible 
change in beneficial ownership, and we are therefore unwilling to 
categorically foreclose this avenue of inquiry. However, there is no 
expectation that a financial institution obtain updated beneficial 
ownership information from its customers on a regular basis, whether by 
using the Certification Form in Appendix A or by any other means.
    This commenter also expressed concern about subjecting all account 
relationships to the requirement to monitor to identify and report 
suspicious transactions, contending that this implied a uniform 
requirement for monitoring transactions that was inconsistent with the 
risk-based approach. Therefore, the commenter requested that FinCEN 
expressly articulate that ongoing monitoring be conducted pursuant to 
the risk-based approach. We clarify first that our expectation that all 
accounts be subject to ongoing monitoring does not mean that we expect 
all accounts to be subject to a uniform level of scrutiny. Rather, we 
fully expect financial institutions to apply the risk-based approach in 
determining the level of monitoring to which each account will be 
subjected. Thus, consistent with current practice, we would expect the 
level of monitoring to vary across accounts based on the financial 
institution's assessment of the risk associated with the customer and 
the account. We also noted that all account relationships would be 
subject to this requirement merely to reflect the fact that all 
accounts must necessarily be monitored in some form in order to comply 
with existing SAR requirements, and not only those subject to the CIP 
rule.
    Section 1023.210 Anti-money laundering program requirements for 
brokers or dealers in securities. The structural changes to this 
section, as well as the rationale for these amendments, are identical 
to those articulated for banks above.\85\
---------------------------------------------------------------------------

    \85\ As we noted in the proposal, FinCEN's current AML program 
rule for broker-dealers differs from the current program rule issued 
by FINRA, principally because FINRA has included as a pillar within 
its AML program rule a requirement with respect to suspicious 
activity reporting. This integrated treatment of the SAR requirement 
also differs from the practice of the other financial sectors 
covered by this rulemaking. We reiterate that FinCEN is not 
proposing to incorporate, as FINRA has done, a SAR reporting 
requirement as a separate pillar within the AML program rules, as 
the existing stand-alone SAR obligation within FinCEN's regulations 
is sufficient. However, the decision to not include a SAR 
requirement within the program rules is not meant to affect its 
treatment in any way within the FINRA rule.
---------------------------------------------------------------------------

    As in the case of banks described above, FinCEN emphasizes that the 
incorporation of these elements is

[[Page 29422]]

intended to explicitly articulate current practices consistent with 
existing regulatory and supervisory expectations. Thus, understanding 
the nature and purpose of customer relationships encapsulates practices 
already generally undertaken by securities firms to know and understand 
their customers. In the proposal, we observed that under the existing 
requirement for financial institutions to report suspicious activity, 
they must file SARs on a transaction that, among other things, has no 
business or apparent lawful purpose or is not the sort in which the 
particular customer would normally be expected to engage.\86\ To 
understand the types of transactions in which a particular customer 
would normally be expected to engage necessarily requires an 
understanding of the nature and purpose of the customer relationship, 
which informs the baseline against which aberrant, suspicious 
transactions are identified. As described at greater length below, 
however, we understand that this type of assessment may not necessarily 
be contemporaneous.
---------------------------------------------------------------------------

    \86\ 31 CFR 1020.320(a)(2)(iii); see also 31 CFR 
1023.320(a)(2)(iii), 1024.320(a)(2)(iii), and 1026.320(a)(2)(iii).
---------------------------------------------------------------------------

    For example, as a part of their due diligence at account opening, 
broker-dealers are expected to, inter alia, ``inquire about the source 
of the customer's assets and income so that the firm can determine if 
the inflow and outflow of money and securities is consistent with the 
customer's financial status,'' as well as ``gain an understanding of 
what the customer's likely trading patterns will be, so that any 
deviations from the patterns can be detected later on, if they occur.'' 
\87\ And as FinCEN stated in the proposal, in some circumstances an 
understanding of the nature and purpose of a customer relationship can 
also be developed by inherent or self-evident information about the 
product or customer type, or basic information about the customer, and 
such information may be sufficient to understand the nature and purpose 
of the relationship. We further noted that, depending on the facts and 
circumstances, other relevant facts could include basic information 
about the customer, such as annual income, net worth, domicile, or 
principal occupation or business, as well as, in the case of 
longstanding customers, the customer's history of activity. For 
example, FinCEN understands that some securities firms sometimes use 
suitability information gathered pursuant to FINRA Rule 2111 in 
determining whether a given transaction is one which would be expected 
from a particular customer. It is these types of current practices that 
FinCEN sought to encapsulate in its articulation of the third element.
---------------------------------------------------------------------------

    \87\ Nat'l Ass'n of Securities Dealers, Special NASD Notice to 
Members 02-21 7 (Apr. 2002).
---------------------------------------------------------------------------

    Regarding the fourth element as proposed in the NPRM, conducting 
ongoing monitoring to maintain and update customer information and to 
identify and report suspicious transactions, we noted our understanding 
and expectation that, as with the third element, current industry 
practice for SAR reporting should already satisfy this proposed 
requirement. In short, the proposal was intended to codify existing 
supervisory and regulatory expectations as explicit requirements within 
FinCEN's AML program requirement, in order to make clear that the 
minimum standards of CDD, as articulated, include ongoing monitoring of 
all transactions by, at, or through the financial institution.
    Securities industry commenters raised a number of concerns about 
the proposed fifth pillar as it would apply to their industry. A few 
commenters sought clarification of the concept of a customer risk 
profile, as well as of how the nature and purpose of customer 
relationships were to be understood for customers of broker-dealers. 
Commenters also requested that FinCEN clarify the extent of the ongoing 
monitoring requirement for the securities industry.
    Commenters asked that FinCEN clarify or define what constitutes a 
customer risk profile, noting that the term is not commonly used in the 
securities industry. One commenter noted that while some securities 
firms assign risk scores to customers, the practice is not mandated by 
regulation and not widely adopted in the industry; thus, this commenter 
opposed imposing such a categorical requirement. As it does for banks, 
the term ``customer risk profile'' is used to refer to the information 
gathered about a customer to develop the baseline against which 
customer activity is assessed for suspicious transaction reporting. 
Depending on the firm and the nature of its business, it may 
appropriately take the form of individualized risk scoring, placement 
of customers into risk categories, or some other method of assessing 
customer risk. We note that neither the Federal securities laws nor 
FINRA rules explicitly require firms to create a formal risk ``score'' 
for all customers. However there is a basic expectation that members of 
the industry understand the risks posed by their customers and be able 
to demonstrate this understanding. As with banks, we do not expect the 
customer risk profile to necessarily be integrated into existing 
monitoring systems to serve as the baseline for identifying and 
assessing suspicious transactions on a contemporaneous basis. Rather, 
we expect broker-dealers to utilize the customer risk profile as 
necessary or appropriate during the course of complying with their SAR 
requirements--as we understand is consistent with the general current 
practice--in order to determine whether a particular transaction is 
suspicious.
    On a related note, commenters also requested that FinCEN clarify 
the manner in which understanding the nature and purpose of customer 
relationships would apply to broker-dealers, particularly with respect 
to how such information would relate to existing transaction monitoring 
practices. They claimed that most existing monitoring systems in the 
securities industry identify typologies of suspicious activity, such as 
market manipulation or money movements, in a manner that does not 
depend on a concurrent understanding of the customer to trigger an 
alert. Accordingly, commenters stated that because such customer 
information is not always necessary for the initial recognition of 
suspicious activity, it is generally not integrated into these 
monitoring systems. Thus, one commenter asked FinCEN to clarify that 
nature and purpose information would not be required for use in 
transaction monitoring.
    We note that understanding the nature and purpose of customer 
relationships does not necessarily require broker-dealers to integrate 
customer information into transaction monitoring systems in all 
instances. Rather, as it relates to broker-dealers' SAR requirements, 
we expect this information to be used at least in some cases in 
determining whether a particular flagged transaction is suspicious. As 
a part of broker-dealers' SAR reporting obligations, they must 
necessarily have an understanding of the nature and purpose of a 
customer relationship in order to determine whether a transaction is 
not the sort in which the particular customer would normally be 
expected to engage.\88\ FinCEN understands that many broker-dealers use 
this information during the course of an investigation into suspicious 
activity triggered by transaction monitoring, i.e., after and not 
necessarily concurrent with transaction monitoring; accordingly, based 
on our understanding of these

[[Page 29423]]

practices, we generally do not expect that such firms would need to 
change these practices in order to be in compliance with this 
requirement.
---------------------------------------------------------------------------

    \88\ 31 CFR 1023.320(a)(2).
---------------------------------------------------------------------------

    One commenter questioned the need to incorporate the nature and 
purpose element into the AML program rules for broker-dealers if it is 
an inherent part of suspicious activity reporting. This commenter noted 
its concern that express incorporation of this element into the AML 
program rules might require changes to broker-dealers' account opening 
procedures in order to demonstrate compliance with this provision, and 
requested that FinCEN clarify its reasons for amending the AML program 
rules in this way. As we noted above, FinCEN believes that, in order to 
bring uniformity and consistency across sectors, it is important that 
these due diligence elements be made explicit, and that they be part of 
the AML program of broker-dealers in securities (as well as of the 
other covered financial institutions). We believe that harmonizing 
these requirements across financial sectors will strengthen the system 
as a whole, by further limiting opportunities for inconsistent 
application of unclear or unexpressed expectations. FinCEN further 
expects that broker-dealers would generally not need to alter their 
account opening procedures to satisfy this requirement to the extent 
that broker-dealers are compliant with existing supervisory or 
regulatory expectations as discussed herein.
    Commenters also requested that FinCEN clarify the nature of the 
ongoing monitoring requirement. One commenter urged FinCEN to remove 
the clause pertaining to maintaining and updating customer information 
because securities firms do not currently have an obligation to conduct 
ongoing monitoring to update customer information. Another urged FinCEN 
to limit the obligation to update customer information to ``negative-
event'' triggers discovered during the course of monitoring. We believe 
that the clarifying changes made to the ongoing monitoring clause for 
the final AML program rules for all covered financial institutions and 
described above in the discussion of banks addresses these concerns. 
The final rule states that ongoing monitoring is conducted to identify 
and report suspicious transactions and, on a risk basis, to maintain 
and update customer information. For these purposes, customer 
information shall include information regarding the beneficial owners 
of legal entity customers (as defined in Sec.  1010.230).
    As discussed above for banks, broker-dealers are presently expected 
to conduct a monitoring-triggered update of customer information when 
they learn of material information relevant to assessing the risk of a 
customer relationship during the course of their normal monitoring. 
Under this rule, financial institutions shall include beneficial 
ownership information in the customer information to be updated, in 
cases where a change in such information could affect the risk 
presented by the customer, since such information could be relevant to 
assessing customer risk. As we noted in the proposal, including the 
ongoing monitoring element in the AML program rules served to reflect 
existing practices to satisfy SAR reporting obligations. Although the 
beneficial ownership information collection requirement was not in 
place at the time of the proposal, this information may be relevant in 
assessing the risk posed by the customer and in assessing whether a 
transaction is suspicious. Moreover, FinCEN believes it is also 
consistent that this requirement should apply not only to customers 
with new accounts, but also to customers with accounts existing on the 
Applicability Date. That is, should the financial institution detect as 
a result of its normal monitoring that the beneficial owner of a legal 
entity customer may have changed, it should identify the beneficial 
owner of such customer, whether or not it has already done so. For 
example, we can envision a situation where an unexpected transfer of 
all of the funds in a legal entity's account to a previously unknown 
individual would trigger an investigation in which the financial 
institution learns that the funds transfer was directly related to a 
change in the beneficial ownership of the legal entity.\89\ FinCEN 
emphasizes that the obligation to update customer information pursuant 
to this provision, including beneficial ownership information, is 
triggered only when, in the course of its normal monitoring, the 
financial institution detects information relevant to assessing the 
risk posed by the customer; it is not intended to impose a categorical 
requirement to update customer or beneficial ownership information on a 
continuous or ongoing basis.
---------------------------------------------------------------------------

    \89\ The same changes are being made to the ongoing monitoring 
provisions of the AML program rules for the other covered financial 
institutions.
---------------------------------------------------------------------------

    Section 1024.210 Anti-money laundering program requirements for 
mutual funds. The structural changes to this section, as well as the 
rationale for these amendments, are identical to those articulated for 
banks and broker-dealers above. However, as an initial matter, FinCEN 
notes that, unlike the situation for other covered financial 
institutions, a relatively small proportion of a mutual fund's 
underlying customers purchase their shares directly from the fund. 
Rather, the great majority of mutual fund investors purchase shares 
through an intermediary, such as a securities broker-dealer, and 
therefore the mutual fund has no direct relationship with them. In 
addition, of all the legal entity customers of a mutual fund, a 
significant number are typically financial intermediaries (e.g., 
securities broker-dealers), most of which are regulated. Such 
intermediaries are nonetheless subject to a mutual fund's AML program, 
which requires the application of risk-based due diligence. Of those 
legal entity customers that are not financial intermediaries, a 
substantial number are in many cases corporations that are 
administering benefit plans for their employees (or administrators 
doing this on behalf of such employers); these relationships are also 
subject to risk-based due diligence. Thus, FinCEN understands that any 
legal entities that are direct customers of a fund, and not any type of 
intermediary, would comprise a relatively small portion of its direct 
customers, and FinCEN expects that such non-intermediary legal entity 
customers would be subject to a different risk assessment than 
intermediary customers for due diligence purposes. The following 
discussion of mutual fund customer relationships must be read in this 
context.
    As in the case of banks and broker-dealers as described above, 
FinCEN emphasizes that the incorporation of these elements serves only 
to articulate current practice consistent with existing regulatory and 
supervisory expectations. Thus, understanding the nature and purpose of 
customer relationships encapsulates practices already generally 
undertaken by mutual funds to know and understand their customers. In 
the proposal, we observed that under the existing requirement for 
financial institutions to report suspicious activity, they must file 
SARs on a transaction that, among other things, has no business or 
apparent lawful purpose or is not the sort in which the particular 
customer would normally be expected to engage.\90\ To understand the 
types of transactions in which a particular customer would normally be 
expected

[[Page 29424]]

to engage necessarily requires an understanding of the nature and 
purpose of the customer relationship, which informs the baseline 
against which aberrant, suspicious transactions are measured. As FinCEN 
stated in the proposal, depending on the facts and circumstances, other 
relevant facts could include basic information about the customer, such 
as annual income, net worth, domicile, or principal occupation or 
business, as well as, in the case of longstanding customers, the 
customer's history of activity. Furthermore, in some circumstances an 
understanding of the nature and purpose of a customer relationship can 
also be developed by inherent or self-evident information about the 
product or customer type, or basic information about the customer, and 
such information may be sufficient to understand the nature and purpose 
of the relationship.
---------------------------------------------------------------------------

    \90\ 31 CFR 1024.320(a)(2)(iii).
---------------------------------------------------------------------------

    This final point is particularly relevant for the mutual fund 
industry. As commenters from the industry noted, mutual funds are best 
understood as a form of financial product rather than as an institution 
providing financial services or investment advice. We understand that 
much of a mutual fund's understanding of the nature and purpose of a 
customer relationship arises predominantly from the customer's initial 
decision to invest in a mutual fund, as reflected largely by the 
customer's choice of product. As with banks and broker-dealers, such 
customer information is not necessarily used as a contemporaneous point 
of comparison in monitoring systems. However, as with banks and broker-
dealers, we also understand that many mutual funds use this information 
during the course of an investigation into suspicious activity 
triggered by transaction monitoring, i.e., after and not concurrent 
with transaction monitoring; we would not generally expect such firms 
to change their practices in order to comply with this requirement. It 
was this fundamental established practice that FinCEN sought to 
encapsulate in its articulation of the third element. Accordingly, we 
expect this element to be construed fully consistently with the SAR 
rule and associated guidance for mutual funds.\91\ As with banks and 
broker-dealers, the term ``customer risk profile'' means information 
gathered about a customer to develop the baseline against which 
customer activity is assessed for suspicious transaction reporting. We 
also do not expect the customer risk profile to necessarily be 
integrated into existing monitoring systems to serve as the baseline 
for understanding suspicious transactions on a contemporaneous basis 
(as described with regard to banks and broker-dealers). Rather, we 
expect mutual funds to utilize the customer risk profile as necessary 
or appropriate during the course of complying with their SAR 
requirements--as we understand is consistent with the general current 
practice--in order to determine whether a particular transaction is 
suspicious.
---------------------------------------------------------------------------

    \91\ See 74 FR 26213, 26216 n.29 (May 4, 2006); Frequently Asked 
Questions, Suspicious Activity Report Requirements for Mutual Funds, 
FIN-2006-G013 (Oct. 4, 2006).
---------------------------------------------------------------------------

    Regarding the fourth element as proposed in the NPRM, conducting 
ongoing monitoring to maintain and update customer information and to 
identify and report suspicious transactions, we noted our understanding 
that, as with the third element, current industry expectations for SAR 
reporting should already satisfy this proposed requirement. In short, 
we intended the proposal to codify existing supervisory and regulatory 
expectations as explicit requirements within FinCEN's AML program 
requirement in order to make clear that the minimum standards of CDD, 
as articulated, include ongoing monitoring of all transactions by, at, 
or through the financial institution. As proposed, the obligation to 
update customer information in the course of monitoring would generally 
only be triggered when the financial institution became aware of 
information as part of its normal monitoring relevant to assessing the 
risk posed by a customer; it was not intended to impose a categorical 
requirement to update customer information on a continuous or ongoing 
basis. Because of the structural ambiguities in the proposal as 
articulated above, we have also amended the ongoing monitoring prong 
for the final rule for mutual funds. The final rule states that ongoing 
monitoring is conducted to identify and report suspicious transactions 
and, on a risk basis, to maintain and update customer information. For 
these purposes, customer information shall include information 
regarding the beneficial owners of legal entity customers (as defined 
in Sec.  1010.230).
    As described above in the sections addressing banks and broker-
dealers, we believe that this change to the ongoing monitoring 
provision is more consistent with current practice, and therefore, with 
the nature of the obligation--that is, when mutual funds detect 
information relevant to assessing the risk of a customer relationship 
during the course of their normal monitoring, they would then be 
expected to update customer information. Consistent with the new 
requirement to collect beneficial ownership information in this 
rulemaking, such customer information would include beneficial 
ownership information, and would apply to new customers as well as 
those existing on the Applicability Date.
    Section 1026.210 Anti-money laundering program requirements for 
futures commission merchants and introducing brokers in commodities. 
The structural changes to this section, as well as the rationale for 
these amendments, are identical to those articulated for other covered 
financial institutions described above.
    As in the case of the other covered financial institutions, FinCEN 
reiterates that the incorporation of these elements is intended to 
explicitly articulate current practices consistent with existing 
regulatory and supervisory expectations. Thus, understanding the nature 
and purpose of customer relationships encapsulates practices already 
generally undertaken by futures firms to know and understand their 
customers. In the proposal, we observed that under the existing 
requirement for financial institutions to report suspicious activity, 
they must file SARs on a transaction that, among other things, has no 
business or apparent lawful purpose or is not the sort in which the 
particular customer would normally be expected to engage.\92\ To 
understand the types of transactions in which a particular customer 
would normally be expected to engage necessarily requires the futures 
commission merchant or introducing broker to have an understanding of 
the nature and purpose of the customer relationship, which informs the 
baseline against which aberrant, suspicious transactions are 
identified. As described at greater length below, we understand that 
for the futures industry, this may not necessarily be a contemporaneous 
assessment.
---------------------------------------------------------------------------

    \92\ 31 CFR 1020.320(a)(2)(iii); see also 1023.320(a)(2)(iii), 
1024.320(a)(2)(iii), and 1026.320(a)(2)(iii).
---------------------------------------------------------------------------

    For example, under the National Futures Association's (NFA) AML 
Interpretive Notice, futures commission merchants and introducing 
brokers are expected to understand the nature and purpose of their 
customer relationships to inform their suspicious activity reporting: 
``Recognizing suspicious transactions requires familiarity with the 
firm's customers, including the customer's business practices, trading 
activity and patterns. What constitutes a suspicious transaction will 
vary

[[Page 29425]]

depending on factors such as the identity of the customer and the 
nature of the particular transaction.'' \93\ And as FinCEN stated in 
the proposal, in some circumstances an understanding of the nature and 
purpose of a customer relationship can also be developed by inherent or 
self-evident information about the product or customer type, or basic 
information about the customer, and such information may be sufficient 
to understand the nature and purpose of the relationship. It also may 
vary depending on the type of entity opening the account. For example, 
a clearing futures commission merchant at account opening would be 
focused on the creditworthiness of the customer, and not necessarily 
trading patterns, as the trades would be executed through an executing 
futures commission merchant. The nature and purpose of the relationship 
for the clearing futures commission merchant would be a clearing 
account for futures and options transactions. We further noted and 
understand that, depending on the facts and circumstances, relevant 
information regarding the customer obtained under NFA Compliance Rule 
2-30 and CFTC Rule 1.37(a)(1) could include basic information about the 
customer such as annual income, net worth, domicile, or principal 
occupation or business, as well as, in the case of longstanding 
customers, the customer's history of activity. Such information could 
be useful to understand the nature and purpose of the customer 
relationship, and to determine whether a given transaction is one which 
would be expected from a particular customer. It is these types of 
current practices that FinCEN sought to encapsulate in its articulation 
of the third element.
---------------------------------------------------------------------------

    \93\ National Futures Association Compliance Rule 2-9: FCM and 
IB Anti-Money Laundering Program Interpretive Notice.
---------------------------------------------------------------------------

    Regarding the fourth element as proposed in the NPRM, conducting 
ongoing monitoring to maintain and update customer information and to 
identify and report suspicious transactions, we noted our understanding 
and expectation that, as with the third element, current industry 
practice for SAR reporting should already satisfy this proposed 
requirement. In short, the proposal served to codify existing 
supervisory and regulatory expectations as explicit requirements within 
FinCEN's AML program requirement in order to make clear that the 
minimum standards of CDD, as articulated, include ongoing monitoring of 
all transactions by, at, or through the financial institution. As 
proposed, the obligation to update customer information in the course 
of monitoring would generally only be triggered when the financial 
institution became aware of information as a result of its normal 
monitoring relevant to assessing the risk posed by a customer; it was 
not intended to impose a categorical requirement to update customer 
information on a continuous or ongoing basis. Because of the structural 
ambiguities in the proposal as articulated above, we have also amended 
the ongoing monitoring prong for the final rule for futures commission 
merchants and introducing brokers. The final rules states that ongoing 
monitoring is conducted to identify and report suspicious transactions 
and, on a risk basis, to maintain and update customer information. For 
these purposes, customer information shall include information 
regarding the beneficial owners of legal entity customers (as defined 
in Sec.  1010.230).
    As described in the sections above pertaining to banks, securities 
broker-dealers, and mutual funds, we believe that this change better 
articulates current practice and, therefore, the nature of the 
obligation--that is, when futures firms detect information relevant to 
assessing the risk of a customer relationship during the course of 
their normal monitoring, they then would be expected to update customer 
information.
    A commenter representing the futures industry raised a number of 
concerns about the third and fourth elements of CDD as put forth in the 
proposal.
    The commenter challenged FinCEN's authority to amend the AML 
program rules in this fashion, contending principally that it was 
outside FinCEN's authority to incorporate non-BSA regulatory schemes--
specifically, suitability and know-your-customer rules that we cited in 
the proposal when describing current practices at futures firms for 
understanding customers--into BSA regulations. First, FinCEN reaffirms, 
as described above, its general statutory authority to amend the AML 
program rules by adding elements beyond those specifically listed in 
the statute. We also reject the notion that amending the AML program 
rules in this way is an incorporation-by-reference of other regulatory 
schemes outside of the scope of FinCEN's statutory authority. Our 
citation to CFTC and NFA rules in the proposal served only to reflect 
that ``this information could be relevant for understanding the nature 
and purpose of customer relationships,'' \94\ and would also be 
relevant for compliance with NFA Compliance Rule 2-9. Recognition of 
the relevance of this information is not tantamount to mandating the 
inclusion of these other regulatory schemes into BSA regulations. As we 
noted above, we understand that as a matter of practice some futures 
firms use this information to understand the nature and purpose of the 
customer relationship, but the fifth element does not require that such 
information be integrated into futures firms' AML monitoring programs 
on a contemporaneous basis, as a matter of regulatory compliance or 
expectation.
---------------------------------------------------------------------------

    \94\ 79 FR at 45163 n.51.
---------------------------------------------------------------------------

    This commenter also requested that FinCEN clarify what constitutes 
a customer risk profile, noting that the term is not commonly used in 
the AML context in the futures industry. The commenter urged FinCEN to 
remove this term from the final rule or provide additional 
opportunities for comment because of this lack of understanding. As it 
does for banks, broker-dealers, and mutual funds, the term ``customer 
risk profile'' refers to the information gathered about a customer to 
develop the baseline against which customer activity is assessed for 
suspicious transaction reporting. We note that neither the Federal 
futures laws nor the National Futures Association's rules explicitly 
require firms to create a ``customer risk profile'' or a formal risk 
``score'' for all customers. However, there is a basic expectation that 
members of the industry understand the risks posed by their customers 
and be able to demonstrate this understanding. As with banks, broker-
dealers, and mutual funds, we do not expect a customer risk profile to 
necessarily be integrated into existing monitoring systems to serve as 
the baseline for understanding suspicious transactions on a 
contemporaneous basis. Rather, we expect futures commission merchants 
and introducing brokers to utilize the customer risk profile 
information as necessary or appropriate during the course of complying 
with their SAR requirements--as we understand is consistent with 
current practice--in order to determine whether a particular 
transaction is suspicious. Because of this, we do not believe it is 
necessary to eliminate the term nor provide additional opportunity for 
comment.
    In addition, the commenter also requested that FinCEN clarify the 
nature of the ongoing monitoring requirement, contending that it would 
be burdensome if FinCEN intended by this element to require continuous 
monitoring for the purpose of updating customer information. We believe 
that the clarifying changes made to the ongoing

[[Page 29426]]

monitoring clause for the final rule, discussed above, address this 
concern.
    Finally, the commenter requested that FinCEN clarify the 
significance of the distinction between the terms ``account'' and 
``customer'' with respect to the statement in the proposal that the 
fifth pillar not be limited only to customers for purpose of the CIP 
rules, but rather, extend to all accounts established by the 
institution. This commenter urged FinCEN to clarify this point 
particularly with respect to guidance for the futures industry, stating 
that CIP obligations do not apply to executing brokers in give-up 
arrangements and omnibus relationships, concerned that the fifth pillar 
might otherwise supersede the guidance. We noted that all account 
relationships, and not only those which are ``accounts'' within the CIP 
rule definition, would be subject to this requirement merely to reflect 
that all accounts must necessarily be monitored in some form in order 
to comply with existing SAR requirements.\95\
---------------------------------------------------------------------------

    \95\ ``Although a futures commission merchant's customer 
identification program will not apply when it is operating solely as 
an executing broker in a give-up arrangement, the futures commission 
merchant's anti-money laundering program should contain risk-based 
policies, procedures, and controls for assessing the money 
laundering risk posed by its operations, including its execution 
brokerage activities; for monitoring and mitigating that risk; and 
for detecting and reporting suspicious activity.'' FIN-2007-G001.
---------------------------------------------------------------------------

IV. Regulatory Analysis

A. Executive Orders 13563 and 12866

    It has been determined that this regulation is an economically 
significant regulatory action as defined in section 3(f)(1) of 
Executive Order (E.O.) 12866, as amended. Accordingly, this final rule 
has been reviewed by the Office of Management and Budget (OMB). As a 
result of being an economically significant regulatory action, FinCEN 
prepared and made public a preliminary RIA, along with an Initial 
Regulatory Flexibility Analysis (IRFA) pursuant to the Regulatory 
Flexibility Act, discussed below, on December 24, 2015. We received 38 
comments about the RIA and/or the IRFA, which we address below. We have 
incorporated additional data points, additional sources of costs, and 
other points raised by commenters, directly into the final RIA itself, 
which we publish below in its entirety, following our narrative 
response to the remaining comments not addressed by these changes to 
the RIA.
1. Discussion of Comments to the RIA
General Comments
    A few commenters sought an extension of the comment period for the 
RIA, contending principally that 30 days was an inadequate amount of 
time to gather additional data to respond to the RIA's analyses, 
especially in light of its publication during the winter holidays. 
FinCEN denied the requests, noting that we believed the time period to 
be sufficient, ``particularly in light of the extensive comment period 
provided over the course of the CDD rulemaking, which included 
industry's views on the perceived costs and burdens regarding . . . 
CDD.'' In the preamble to the final rule, we described the extensive, 
years-long outreach conducted during the course of this rulemaking, 
during which time several commenters provided input regarding costs 
that they expected to incur implementing the rule. Of these commenters, 
only a small portion quantified these expected effects in a meaningful 
way. As described at greater length below in the section addressing 
cost-related comments, FinCEN and Treasury's Office of Economic Policy 
(OEP) conducted substantial follow-up with parties that provided such 
figures, and determined that it was impracticable to obtain the data 
necessary to fully quantify the costs associated with implementing the 
CDD rule. This challenge, combined with the difficulty of quantifying 
many of the CDD rule's expected benefits, led us to rely predominantly 
upon the breakeven analysis \96\ to assess the relative benefits and 
costs of the CDD rule. The cost used in the breakeven analysis includes 
an order-of-magnitude assessment of information technology (IT) upgrade 
costs, identified by financial institutions during the comment period 
and our subsequent outreach as the most substantial driver of 
implementation costs. Because the RIA is meant to measure the expected 
costs and benefits of the rule in aggregate, and given the data quality 
and quantity concerns, we conducted an order-of-magnitude assessment. 
The conclusion of the order-of-magnitude assessment probably would not 
be materially changed by gathering additional data unless the current 
data points are outliers. The conclusions of the primary cost 
estimation would not be changed and thereby would not materially affect 
the RIA's ultimate conclusion. We did not receive any substantive 
comment on the IT cost during the comment period. The comments and any 
associated data points that we received, whether pertaining to 
categories of implementation costs that were already included in the 
RIA or costs that we had overlooked and have since added (note that we 
incorporated all relevant quantifiable data received from the 
commenters into the updated RIA, which upwardly adjusted its cost 
calculations), have not significantly impacted our results.
---------------------------------------------------------------------------

    \96\ As described at greater length in the RIA, a breakeven 
analysis asks how large the present value of benefits has to be so 
that it is just equal to the present value of costs.
---------------------------------------------------------------------------

    Some commenters took issue with the ``academic'' nature of the 
analysis set forth in the RIA, asserting that it was based on unfounded 
assumptions about the impact of the rule upon the behavior of illicit 
actors and therefore on aggregate levels of crime. For example, a few 
commenters challenged the notion that the beneficial ownership 
requirement would result in criminal actors actually providing 
information to financial institutions that would be valuable to law 
enforcement agencies; these commenters noted that such actors could 
simply provide false information, or hire straw men for the sole 
purpose of opening accounts. We address the specific comments regarding 
the various assumptions underlying our analysis below.
    As for the general comment that the approach we took in the RIA was 
too academic, we note first that OMB guidance recommends that an RIA 
should be ``based on the best reasonably obtainable . . . economic 
information available. To achieve this, [agencies] should generally 
rely on peer-reviewed literature, where available.'' \97\ 
Unfortunately, there is not a body of direct empirical evidence 
regarding criminals' behavior in response to AML/CFT laws and 
regulations. In the absence of such analysis, and relatedly, the 
absence of any data on which to perform our own analysis, FinCEN 
asserts that it is both reasonable and appropriate to look to the 
academic literature on the economics of crime for a framework for 
formally thinking about how the CDD rule would potentially affect 
criminal outcomes. In this less-than-ideal situation where empirical 
estimates of the rule's effects on crime are lacking, the canonical 
economic model of crime at least provides useful insights into the 
mechanisms by which the rule could affect crime, which can in turn be 
assessed on the grounds of their plausibility. Like any economic model, 
this one assumes that its actors behave rationally, a premise that some 
commenters found objectionable and used to justify their protests of 
our use of any economic model of crime.\98\ On

[[Page 29427]]

this point--that criminals are not economic actors and thus do not 
respond to incentives--we strongly disagree based on empirical evidence 
appearing in peer-reviewed academic journals.\99\
---------------------------------------------------------------------------

    \97\ OMB Circular A-4, available at https://www.whitehouse.gov/omb/circulars_a004_a-4.
    \98\ More formally, an individual's preferences are rational if 
(1) she has a well-defined preference between any two possible 
alternatives and (2) her preferences exhibit transitivity--for 
alternatives x, y, and z, if x is preferred to y and y is preferred 
to z, then x is preferred to z. See page 6 of Mas-Colell, Andreu, 
Michael D. Whinston, and Jerry R. Green. Microeconomic Theory. New 
York: Oxford University Press, 1995.
    \99\ The canonical model of the economics of crime predicts that 
the CDD rule would reduce illicit activity by causing criminal 
actors to perceive a higher risk to setting up financial accounts in 
support of their illegal activities. Analogously, increased police 
presence deters criminal activity by increasing its perceived risk. 
A recent survey of empirical research on how different policing 
strategies deter crime states: ``. . . there is robust evidence that 
crime responds to increases in police manpower and to many varieties 
of police redeployments.'' See Chalfin, Aaron and Justin McCrary, 
``Criminal Deterrence: A Review of the Literature,'' forthcoming, 
Journal of Economic Literature (2016). Importantly, the authors also 
discuss their assessment that police tactics characterized by high 
visibility likely reduce crime more through deterrence than through 
incapacitation. Therefore, we feel confident in assuming that 
potential criminal actors are rational in thinking through how they 
would respond to the imposition of the CDD rule.
---------------------------------------------------------------------------

    Some commenters asserted that FinCEN and OEP took an inconsistent 
approach towards assessing the expected costs and benefits in the RIA. 
These commenters contended that we included certain unquantified 
benefits but excluded certain unquantified costs, rendering the 
analysis arbitrary. This RIA quantifies some of the cost categories and 
qualitatively describes the other cost categories and benefits 
consistent with OMB guidance. OMB Circular A-4 directs agencies to 
quantify both costs and benefits to the extent possible. Where we were 
``not able to quantify the effects,'' we ``present[ed] any relevant 
quantitative information along with a description of the unquantified 
effects.'' \100\ Contrary to these commenters' assertions, we did not 
selectively rely upon unquantified benefits while ignoring unquantified 
costs. In the case of costs that were not initially accounted for in 
the RIA, but later identified by commenters, we have revised portions 
of the RIA to incorporate them. As for the largest cost that we were 
unable to quantify, IT upgrade costs, we fully acknowledge and 
recognize the importance of assessing this cost in the RIA and describe 
the difficulties we encountered in trying to obtain meaningful data for 
these costs. We offer an order-of-magnitude assessment in the 
qualitative cost section and carry that analysis into the breakeven 
analysis.
---------------------------------------------------------------------------

    \100\ OMB Circular A-4.
---------------------------------------------------------------------------

    A few commenters took issue with the general approach of the 
regulatory scheme, whereby the costs would be incurred almost entirely 
by financial institutions, while the benefits would accrue to society 
more broadly rather than to financial institutions and their customers, 
specifically. In their view, this made the CDD rule an impermissible 
tax upon financial institutions. But this rule is not a tax. 
Furthermore, we disagree with the characterization of this regulatory 
scheme as improper or out of the ordinary. There are numerous Federal 
regulatory schemes that have similar underlying assumptions, 
structures, and impacts--for example, the costs of some environmental 
regulations fall predominantly (if not almost exclusively) on producers 
of emissions (power plants, automobile manufacturers, etc.), while the 
benefits accrue to the members of society as a whole. Similar to 
environmental regulations, the CDD rule is meant to correct for a 
positive spillover that in this case leads to a less-than-efficient 
level of investment in AML/CFT security measures. Specifically, 
reductions in illicit activity from the collection of beneficial 
ownership information will benefit all members of society, but 
financial institutions will rationally only account for their own 
benefits when making their investment decisions. By compelling 
financial institutions to retrieve beneficial ownership information, 
the CDD rule's intent is to increase investment in AML/CFT measures to 
a level that results in higher overall wellbeing (even once costs to 
financial institutions are netted out). Recognizing the costs of 
implementing the CDD rule, we have made numerous changes to the rule 
itself, as described in the preamble above, so as to minimize as much 
as possible the impact of compliance upon covered financial 
institutions while still furthering the purposes of the rule.
    One commenter representing a business formation agent reiterated 
the recommendation proffered during the NPRM comment period to expand 
the reliance provision of the beneficial ownership requirement to 
include non-financial institutions, contending that such an expansion 
would reduce the costs of compliance. We decline to do so for the 
reasons articulated in the preamble to the final rule.
    During the comment period to the RIA, a few commenters raised 
substantive concerns about the rule itself that were essentially 
identical to concerns identified by commenters during the NPRM comment 
period, such as, among other things, requests to exempt smaller 
institutions from the rule, and requests to eliminate the verification 
requirement; these issues have been addressed in the preamble to the 
final rule.
Cost-Related Comments
    Some commenters objected to our overall approach to evaluating the 
expected costs associated with implementation of the CDD rule. A few of 
these commenters took issue with the limited sample size of financial 
institutions that provided the data supporting our quantitative 
assessment of the costs, and contended that we were required to 
undertake a fully quantified analysis using a large and representative 
sample of financial institutions. One commenter representing mid-sized 
banks stated that the RIA was deficient because it only accounted for 
the impact of the CDD rule on covered financial institutions writ 
large, and did not allow for the rule's impact to differ based on a 
variety of categories, such as size, business lines, structure, 
geography, or customer base. This commenter asserted that we should 
have given additional consideration in the RIA to the impact of the CDD 
rule on small and mid-sized banks, provided additional data from mid-
sized banks regarding the expected costs of implementing the CDD rule, 
and identified additional expected sources of costs not included in the 
RIA.
    As to the assertion that it was inappropriate to rely upon such a 
small sample size in developing our cost data, we agree that it might 
arguably have been preferable to obtain specific, granular data from a 
large and diverse set of financial institutions. However, based on our 
outreach to financial institutions and IT firms, we determined that it 
would be impracticable to do so. To further develop our cost data 
following the NPRM comment period, we identified and assessed all of 
the comment letters that raised the cost issue with specificity, and 
substantiated the assertion that FinCEN underestimated the costs 
associated with implementing the CDD rule with data or a narrative 
explanation. From this initial review, FinCEN engaged in outreach to 
many of these commenters to determine their willingness to engage in a 
more extensive voluntary discussion regarding the cost issues that they 
raised. To facilitate these commenters' participation in this dialogue, 
FinCEN identified in advance a number of topics to guide the 
discussion, including:
     A description of the commenting institution's processes 
for onboarding legal entity customers and how that

[[Page 29428]]

information is used to comply with AML/CFT requirements;
     the types of documentation required to onboard legal 
entity customers;
     an estimate of the amount of time it takes to set up legal 
entity customer accounts;
     the approximate number of legal entity accounts 
established at the commenting institution on an annual basis;
     anticipated changes to onboarding procedures that would be 
necessary to identify and verify beneficial owners, consistent with the 
requirement as proposed in the NPRM, and the approximate costs of such 
changes;
     the frequency with which the commenting institution 
updates its computerized onboarding system, as well as the base cost 
associated with ``opening'' these systems for updates and the 
approximate incremental costs associated with each substantive change;
     anticipated changes or updates to other systems required 
to comply with the requirement as proposed in the NPRM, and the 
approximate costs of such changes;
     the expected costs and logistical difficulties associated 
with integrating the Certification Form into the commenting 
institution's operations;
     additional employee training required to implement the 
requirement as proposed in the NPRM, and how those costs compare to 
total annual BSA training expenditures; and
     any additional costs associated with implementing the 
requirement as proposed in the NPRM that FinCEN did not take into 
account.

Because we understood that it was likely that such a discussion would 
necessarily require a detailed description of proprietary business 
information, we noted that institutions' specific answers would not be 
made a part of the public record, but informed participants that we 
might describe responses in general terms without attribution as a part 
of the rulemaking.

    During our outreach discussions, we learned that each institution's 
onboarding process is different from the others, making it difficult to 
draw broad conclusions about the types of things covered financial 
institutions would have to do to implement the rule, from which we 
could extrapolate generally applicable cost estimates. More 
importantly, while institutions were generally able to provide 
estimates of training-related and other expected human resources costs, 
several of the institutions with which we spoke were unable to provide 
any estimates about many of the other types of costs they expected to 
incur to implement the proposed CDD rule, even when pressed to provide 
rough estimates, or even estimates within a broad range of potential 
expected costs. Given this lack of usable data, and because FinCEN 
understands that the majority of financial institutions purchase their 
systems for entering and storing customer data rather than building the 
systems internally, we also sought similar information from several of 
the major vendors that provide these AML/CFT-compliant IT systems. As 
with the financial institutions, we provided participating IT vendors 
the same basic topics to guide the discussion (identified above), with 
modifications to reflect the different role that these vendors play in 
the onboarding and screening processes. Although we obtained insight 
into the manner in which many of the major IT vendors work with 
financial institutions, none were able to provide meaningful quantified 
estimates of the expected costs associated with modifying their 
systems, even when pressed for rough estimates or estimates within a 
wide range of potential costs. For these reasons, we determined that it 
would likely be futile to conduct a broader survey of financial 
institutions and vendors to support our analysis. Thus, consistent with 
OMB guidance, we instead specified the expected sources of costs, and 
quantified these costs where possible. In order to assess the proposed 
rule, we relied upon the breakeven analysis, which used an order-of-
magnitude assessment of the IT upgrade costs, resulting in an upper 
bound of $10 billion (identified by most commenters during the NPRM and 
RIA as by far the most substantial projected outlay) and the highest 
cost-scenarios for other significant costs quantified in the RIA.
    With respect to the concern that we did not adequately account for 
the impact of the proposed CDD rule upon mid-sized and smaller 
institutions, we note that throughout this rulemaking process, we have 
been cognizant of the challenges that such institutions might face when 
implementing the rule; these concerns contributed to shaping several of 
the modifications we have made to the rule in order to facilitate its 
implementation, as described at length in the Section-by-Section 
Analysis above. For example, in response to comments to the NPRM, we 
determined that use of the Certification Form would not be mandatory, 
and financial institutions have the flexibility to utilize their 
existing onboarding systems to comply with the beneficial ownership 
certification requirement. During the NPRM comment period, some 
commenters identified additional categories of entities whose 
beneficial ownership information is otherwise available, and we 
excluded these categories from the definition of legal entity customer, 
further reducing the burden. In response to numerous comments 
contending that the proposed exclusion for charitable organizations 
would be difficult to administer, and therefore burdensome, we 
simplified it. And importantly, in response to many comments regarding 
the difficulties of implementing the CDD rule within a year of 
publication of the final rule, we increased the time for financial 
institutions to comply, to two years. As for the additional sources of 
cost and additional cost data provided by the commenters, we appreciate 
this additional information and have incorporated it, where 
appropriate, into our analysis in the RIA, as described below.
    Some commenters asserted that we underestimated certain costs, and 
failed to account for other steps that financial institutions would 
have to take to comply with the proposed CDD rule in our cost analysis. 
We address these comments here.
    Customer Onboarding. A few commenters asserted that our time 
estimates for onboarding were too low. In response to these comments, 
we have made adjustments to the calculations in the RIA, as described 
in greater detail therein. Some of these commenters also asserted that 
our hourly wage figures for ``new account clerks'' was too low, noting 
that the average wage for their clerks was substantially higher. While 
we certainly recognize that the wages earned by account clerks in large 
metropolitan areas characterized by elevated cost of living will be 
higher than the average, those wage levels are not representative of 
the wages for the entire country (in the same way that wages for 
account clerks in rural areas of the United States characterized by 
very low cost of living would not accurately represent wages for the 
whole country). Given that the average occupational wages produced by 
the Bureau of Labor Statistics use wage data from throughout the United 
States--taking into account variation in wages for the same occupation 
across all of the very different local labor markets--we believe that 
the national average for account clerks is representative and therefore 
decline to use a different wage for these calculations.

[[Page 29429]]

    One commenter also asserted that we mischaracterized the manner in 
which this additional onboarding time would be incorporated into the 
onboarding process, contending that our view was founded on ``the 
plainly incorrect assumption that the additional documentation required 
under the proposed CDD Rules can be collected in one (slightly longer) 
meeting.'' Contrary to this notion, our assessment of the additional 
incremental time for onboarding was not premised on this assumption. 
Indeed, it has been our understanding that, as this commenter noted, 
``[f]inancial institutions typically offer clients a period of time, 
such as 30 days, to gather the appropriate account opening 
documentation, and the process routinely takes more than one meeting.'' 
This characterization of current practices underscores one of our 
broader points about our expectation that the additional burden on 
prospective customers after the final rule is in force will be 
limited--that is, it is already the case that prospective business 
customers who seek to open accounts at financial institutions often do 
not have on hand all the documentation required (including CIP 
information), and that financial institutions have practices in place 
to inform these prospective customers of the documentation they need to 
provide in order to open an account. We would expect these existing 
practices to be leveraged, and that an institution's practices for 
collection of this information for legal entity customers would not 
deviate substantially from those described above.
    Developing and Conducting Employee Training. A few commenters noted 
that we did not account for the costs associated with designing and 
conducting training of employees on the new obligations in the CDD rule 
(as distinct from the cost to financial institutions of employees' time 
spent in training, for which we did account in the RIA). In response to 
these comments, we have added a new section incorporating these costs 
into the RIA, as described in greater detail therein.
    Revising Policies and Procedures. A few commenters observed that 
the RIA did not account for costs associated with revisions to policies 
and procedures that would be necessary as a part of implementing the 
CDD rule. In response to these comments, we have added a new section 
incorporating these costs into the RIA, as described in greater detail 
therein.
    Additional Costs for Internal Controls. Some commenters noted that 
the RIA did not account for additional costs for internal controls, 
including compliance reviews, relating to the collection of beneficial 
ownership information. As noted in the RIA, because of the lack of 
actual estimates of such costs, we have not included them in the 
aggregate quantified costs of the rule. We believe, however, that the 
actual additional costs for internal controls will be small in 
comparison to the quantified costs included in the RIA, particularly 
the upper bound in the order-of-magnitude assessment for IT upgrade 
costs, and thus that not including these additional internal control 
costs does not influence the RIA's conclusion.
    Costs Associated with Additional SAR Investigation and Filing. A 
few commenters noted that there would likely be additional costs for 
financial institutions associated with investigating and reporting SARs 
that should have been accounted for in the RIA. However, as described 
in the RIA, given the difficulty of determining whether the final rule 
would result in additional costs of this nature and if so, their 
amount, we have not attempted to quantify such costs.
    Employee Training Costs. One commenter representing banks asserted 
that respondents to its survey about implementation costs believed that 
on average, employees would require three times the amount of training 
identified by the RIA. This commenter did not, however, provide any 
explanation of the basis for this estimate, the assumptions used to 
generate this estimate, nor any dollar figure estimates. Nor did the 
commenter state whether this treble estimate pertained to the low or 
high end of the range described in the RIA (though we presume this 
multiplier applies to the high end of the range) or whether it applied 
to training in the first year or to refresher training. All of the 
other commenters addressing this issue articulated estimated costs that 
fell within the range identified in the RIA. For this reason, we 
decline to alter the estimated costs associated with employee training 
(except as described above).
    Information Technology Costs. One commenter representing banks 
contended that FinCEN did not adequately account for the costs 
associated with IT upgrades in the RIA. This assertion is an inaccurate 
characterization of our approach to IT costs. As described at length 
above, FinCEN unsuccessfully attempted to obtain detailed figures for 
these upgrade costs, in part necessitating the order-of-magnitude 
analysis. This analysis directly accounted for IT upgrade costs by 
assessing the order-of-magnitude based on limited data, which resulted 
in an upper bound of $10 billion (derived from the rough estimates 
provided by some financial institutions).\101\
---------------------------------------------------------------------------

    \101\ Some commenters to the preliminary RIA and IRFA stated 
that they believed that they would need to install expensive IT 
upgrades in order to track changes in beneficial ownership 
information, in order to comply with the requirements of the 
proposed amendments to the respective AML program rules. FinCEN 
believes that these comments are based on a misunderstanding of 
those proposed requirements. As a result, FinCEN has revised this 
proposed requirement, as explained in the Section-by-Section 
Analysis.
---------------------------------------------------------------------------

    Costs Associated with Lost Business/``De-Risking.'' A few 
commenters took issue with the decision not to include costs associated 
with lost business attributable to either privacy-minded owners of 
legal entity customers declining to open accounts or financial 
institutions refusing to extend accounts to legal entity customers for 
which they cannot obtain the owners' personal information. In the views 
of some commenters, a substantial number of owners of small businesses 
would flee to unregulated sources of financing because of their 
aversion to providing personal information to covered financial 
institutions during the account-opening process. To the same effect, 
one commenter representing banks asserted that the proposed CDD rule 
would ``likely contribute to `de-risking,' as many financial 
institutions will find it increasingly difficult to open accounts or 
extend credit where the risk of correctly identifying the beneficial 
owners cannot be managed to the satisfaction of regulatory 
requirements.''
    As for deposit or transaction accounts as well as most credit 
products, FinCEN is not persuaded that the beneficial ownership 
requirement would have a meaningful effect on the behavior of the vast 
majority of owners of legal entities subject to it. Legitimate 
businesses need transaction accounts within the financial system to 
conduct their business, and in many cases, it would be extraordinarily 
difficult (as well as far more risky and costly) to operate solely 
using cash or through unregulated entities. Furthermore, we do not 
expect most owners of legal entity customers to be so averse to 
providing their personal information to covered financial institutions 
that they refuse to open an account, particularly considering that they 
have to provide the same type of personal information to open 
individual accounts at those institutions. In any event, the cost of 
such aversion--essentially being unbanked--would be high, for the 
reasons given above. Moreover, irrespective of one's views on the 
disclosure of personal information in business relationships, such 
information

[[Page 29430]]

is routinely required for a variety of commercial interactions, such as 
obtaining an insurance policy, or verifying eligibility for employment 
in the United States via U.S. Customs and Immigration Services Form I-
9. We accordingly reject the contention put forth by one commenter that 
it would be ``virtually impossible . . . to convince some beneficial 
owners to provide their personal information'' on the grounds that many 
people are ``especially sensitive to disclosing personal information'' 
(although we recognize and appreciate this concern as a general 
matter).
    For these same reasons, we do not believe that the beneficial 
ownership requirement would produce a significant ``de-risking'' effect 
as identified by the commenter above. As we note in the preamble to the 
final rule, covered financial institutions will generally be allowed to 
rely upon the representations of the legal entity customer regarding 
their ownership structure, substantially mitigating what this commenter 
identified as the principal driver of ``de-risking.''
    With respect to the issue of potential lost business, while FinCEN 
believes it is the case that legitimate businesses need transaction 
accounts from banks, this is not necessarily the case with respect to 
certain specialized types of credit products, which can also be 
obtained from unregulated competitors. We have given careful 
consideration to the comments describing the expected impact of 
imposing this requirement upon specialized types of accounts in markets 
where the increased burden would likely drive prospective customers 
into unregulated alternatives. As we describe in greater detail above 
in the Section-by-Section Analysis, we believe the policy reasons for 
exempting these types of accounts from the scope of the rule proffered 
by commenters are compelling, and we have accordingly exempted such 
accounts from the scope of the beneficial ownership requirement. We 
therefore do not have to account for this type of possible flight as a 
cost of the rule.
    Other Miscellaneous Costs. Several trade association commenters 
identified a variety of sources of costs that were not widely 
applicable to the institutions they represented. For example, one of 
these commenters who surveyed a group of banks noted that a few of 
these banks identified costs, such as those accruing to one bank's 
financial investigative unit, that were not identified by others. 
However, because such costs cannot be quantified, they are not included 
in the RIA. Yet because we are confident that the actual miscellaneous 
costs incurred will likely be very small compared to the included 
quantified costs in the RIA, in particular the improbably high value 
for IT upgrade costs, we firmly believe that excluding these 
miscellaneous costs does not affect the RIA's conclusion.
Benefit-Related Comments
    Several commenters questioned the assumption that the beneficial 
ownership requirement would produce useful information, contending, 
among other things, that criminals would easily avoid the requirement 
by simply lying on the Certification Form, or by employing an 
unaffiliated individual for the sole purpose of opening an account. 
They also questioned the value of the information provided when there 
are no means of verifying the person's status as a beneficial owner. 
One commenter suggested that illicit actors might evade the requirement 
entirely by simply setting up a complex structure of shell companies. 
We address these contentions in turn.
    We first accept the uncontroversial notion that criminal actors 
will generally seek to evade legal and regulatory requirements as they 
carry out their illicit schemes but stress that as the probability of 
detection in carrying out these schemes increases, some criminals would 
be less likely to engage in these illegal activities (at least through 
the U.S. financial system). While it is the case that clever illicit 
actors can and sometimes do evade many such requirements through deceit 
or trickery, ``criminals will lie'' is a truism that could be used to 
justify the elimination of any number of criminal and regulatory 
prohibitions, and is insufficient justification here. This fundamental 
practice does not obviate the significant benefits to law enforcement 
and regulatory authorities associated with identifying and verifying 
the identity of at least one natural person associated with legal 
entities later determined to be engaged in illicit activity. Illicit 
actors may well set up complex webs of shell companies or structure 
their ownership so as to increase the difficulty of determining the 
individual who in fact owns the entity; it is because of this 
vulnerability that legal entities are also required to provide the name 
of one natural person under the control prong. And while a criminal may 
well lie regarding a legal entity's beneficial ownership information, 
verification of the identity of the natural person(s) identified as a 
beneficial owner will limit her ability to do so in a meaningful way 
such that she could avoid scrutiny entirely. Furthermore, as the 
Department of Justice has noted throughout this rulemaking process, a 
falsified beneficial ownership identification would be valuable 
evidence in demonstrating criminal intent. Even the verified identity 
of a natural person whose status as a beneficial owner has not been 
verified provides law enforcement and regulatory authorities with an 
investigatory lead from whom they can develop an understanding of the 
legal entity. Although we accept that it would be theoretically 
possible for an illicit actor to hire a random person to set up an 
account for her shell company at a covered financial institution, we 
question the wisdom and practicality of effectively giving a stranger 
access and control, even if only for a limited time, to something as 
important as a financial institution account.
    Along the line of these criticisms, some of these commenters 
contended that we did not demonstrate a sufficiently strong link 
between the expected law enforcement and regulatory benefits and the 
reduction in illicit flows that we identified as the principal measure 
of benefit in our breakeven analysis. As described at length in the 
RIA, there are myriad complex factors that contribute to whether 
criminal and regulatory investigations are initiated and pursued, and 
whether prosecutions are brought and successfully concluded, and it 
would not be possible to demonstrate the causative effect of any single 
factor, such as the introduction of the CDD rule, on these outcomes. We 
believe, for the reasons we describe in the RIA, that the beneficial 
ownership requirement would reduce annual illicit flows in the U.S. 
both by deterring their entry into the U.S. financial system, and 
stemming them entirely through convictions and forfeitures.
    A few commenters challenged our decision to identify compliance 
with international standards as a benefit weighed in the RIA. In 
response, we note that OMB guidance recognizes that ``[h]armonization 
of U.S. and international rules may require a strong Federal regulatory 
role.'' \102\
---------------------------------------------------------------------------

    \102\ OMB Circular A-4.
---------------------------------------------------------------------------

Other Issues
    A few commenters asserted that FinCEN's consideration of regulatory 
alternatives was inadequate. They thought, for example, that FinCEN 
should consider requiring the collection and verification of this 
information by states at the time of company formation, or that such 
information should be collected by the IRS through the tax

[[Page 29431]]

filing system. We discuss these additional alternatives in the RIA.
    As noted above, several commenters requested that FinCEN exclude 
from the scope of the beneficial ownership requirement certain types of 
specialized accounts, such as accounts established for the purpose of 
financing property and casualty insurance premiums; accounts 
established to finance the leasing of heavy machinery and equipment; 
and accounts established to finance postage and related items. These 
requests have been addressed in the Section-by-Section Analysis above.

B. Final Regulatory Impact Assessment

1. Executive Summary
    The primary purpose of customer due diligence (CDD) requirements is 
to assist financial investigations by law enforcement, with the goal 
being to impair criminals' ability to exploit the anonymity provided by 
the use of legal entities to engage in financial crimes including fraud 
and money laundering, and also terrorist financing, corruption, and 
sanctions evasion. Treasury presents expected cost estimates for some 
requirements and qualitative assessment of other cost components and 
the benefits. In addition to the qualitative benefit assessment, we 
present a breakeven analysis to assess the level of benefits that would 
justify incurring the quantified costs associated with this rule. 
Treasury acknowledges that there are uncertainties associated with this 
assessment and discusses those uncertainties in this Regulatory Impact 
Assessment (RIA). Although data and modeling limitations prevent us 
from fully quantifying all costs and benefits attributable to the CDD 
rule, the U.S. Department of the Treasury believes that the final rule 
would yield a positive net benefit to society.
    The RIA employs a breakeven analysis that concludes that the CDD 
rule would have to induce a modest reduction of between 0.16 and 0.6 
percent in annual U.S. real illicit proceeds in each of ten years 
(2016-2025) to achieve this positive net benefit. If the definition of 
illicit proceeds is expanded to include money exchanged in illicit drug 
sales, which, as described in the RIA, are not always included in such 
measurements, then the analogous required reduction must be between 
0.12 and 0.47 percent. For either set of illicit activities, this would 
correspond to a reduction in real proceeds ranging from $1.46 billion 
in 2016 to $1.81 billion in 2025, at the upper bound for IT upgrade 
costs. The analogous reductions at the lower bound of IT upgrade costs 
are $0.38 billion and $0.47 billion.
    This RIA argues, however, that both of the above upper threshold 
estimates are exceedingly conservative in that they are based on an 
upper bound for the rule's costs while not incorporating all of its 
benefits.\103\ Specifically, the estimates:
---------------------------------------------------------------------------

    \103\ The estimated thresholds for the percent reduction in real 
illicit proceeds are assumed to be constant across each year of the 
ten-year horizon for the given set of illicit activities, and 
computed using an upper bound for costs based on estimated and 
hypothetical values. At the threshold estimates, the present value 
of the rule's benefits would just be equal to the present value of 
its costs.
---------------------------------------------------------------------------

    [ssquf] Are based on an order-of-magnitude cost assessment with an 
upper bound present value for 10-year IT upgrade costs of $10 billion;
    [ssquf] incorporate the highest cost scenarios for the costs that 
are quantified in the RIA--financial institution employee training 
(including the development of this training), new client onboarding, 
and the revision of policies and procedures;
    [ssquf] are not in relation to, and therefore do not account for, 
all of the benefits that would be realized in the form of saved costs 
from crimes that would not occur in the presence of the rule because 
any reduction in illicit proceeds would only reflect saved costs in the 
form of funds no longer involuntarily transferred from victims to 
offenders; the excluded benefits include, for example, time not devoted 
to handling the aftermath of--for example--fraud victimization, and 
psychological pain and suffering not experienced due to those fraud 
victimizations avoided; and
    [ssquf] are not in relation to, and therefore do not account for, 
other effects discussed in the RIA, including increased asset recovery, 
increased tax revenue due to stronger tools for detecting and 
remediating under reporting and under payment of Federal taxes, and 
reputational benefits to the U.S. Government of meeting international 
standards.
    Therefore, even though the RIA assumes high IT costs, we find that 
the final CDD rule would still only need to exhibit a modest level of 
effectiveness for its benefits to justify its costs as laid out in the 
RIA. It is the view of the Treasury Department that these reductions in 
illicit activity would be achieved upon the implementation of the CDD 
rule.
2. Introduction and Summary
a. Overview of the RIA
    The Financial Crimes Enforcement Network (FinCEN) is publishing 
rules under the Bank Secrecy Act to clarify and strengthen customer due 
diligence (CDD) requirements for the following financial institutions: 
Banks, brokers or dealers in securities, mutual funds, and futures 
commission merchants and introducing brokers in commodities. The final 
rule contains explicit CDD provisions and a new regulatory requirement 
to identify beneficial owners of legal entity customers. The beneficial 
owners are defined as each individual who owns, directly or indirectly, 
25 percent or more of the equity interests of the entity, and one 
individual with significant responsibility to control, manage, or 
direct the entity.\104\
---------------------------------------------------------------------------

    \104\ Treasury's Office of Economic Policy worked with FinCEN to 
prepare this Assessment pursuant to Executive Orders 13563 and 12866 
because the proposed rules have been determined by the Office of 
Management and Budget (OMB) to be an economically significant 
regulatory action. The Notice of Proposed Rulemaking was published 
at 79 FR 45151 (August 4, 2014).
---------------------------------------------------------------------------

    The final CDD rule is expected to contribute to a reduction in 
illicit activity by providing easier access to beneficial ownership 
information to support law enforcement investigations at the expense of 
additional costs to gather and store the data on the beneficial owners 
of legal entity accounts. We expect that there will be a meaningful 
impact on illicit activity and law enforcement investigations, but 
these effects are notoriously difficult to quantify. Thus, we can only 
describe the rule's benefits qualitatively. We later offer a 
conservative estimate of the required minimum level of the rule's 
effectiveness at which its benefits would just offset its costs.
    We quantify certain costs to financial institutions and their 
clients of complying with the final rule, specifically the value of 
additional time spent on these activities: Training financial 
institution staff, designing and conducting staff trainings, revising 
compliance policies and procedures, and onboarding new accounts. 
Throughout this analysis, we use a ``no action'' baseline, meaning that 
we compute and discuss costs and benefits of the final rule relative to 
a situation where the rule is not adopted. We estimate that these 
first-year costs would range from roughly $370 million to $520 million. 
Close to half of the costs incurred over 10 years would be borne by 
customers in additional time spent opening accounts, with the other 
half due to additional staff time devoted to training, compliance, and 
account onboarding at the roughly 29,000 covered institutions.\105\ 
Training costs

[[Page 29432]]

would fall sharply after the first year as the majority of first-year 
costs are due to time spent designing training modules for employees, a 
cost that we assume will not recur after the first year. We estimate 
that 10-year quantifiable costs range from $1.15 billion to $2.15 
billion in present value using a seven-percent discount rate and from 
$1.3 billion to $2.5 billion using a three-percent discount rate. The 
annualized costs range from $153 million to $287 million using a seven-
percent discount rate; $148 million to $282 million using a three-
percent discount rate.
---------------------------------------------------------------------------

    \105\ The Treasury Department computed the number of covered 
institutions based on information provided by the Federal Deposit 
Insurance Corporation, the National Credit Union Administration, the 
Securities and Exchange Commission, and the Commodity Futures 
Trading Commission. The Treasury Department did not conduct an 
incidence analysis as to whether the regulated entities will be able 
to pass along the costs to their customers ultimately.
---------------------------------------------------------------------------

    As described at greater length below in the breakeven analysis, 
given even an unrealistically high hypothetical value for the rule's 
total costs, the CDD rule would only have to reduce annual real illicit 
activity by between 0.16 percent (roughly $0.38 billion in 2016, rising 
to 0.47 billion in 2025) and 0.6 percent (roughly $1.46 billion in 
2016, rising to $1.81 billion in 2025), to yield a positive net benefit 
(the required reduction in illicit proceeds would only be between 0.12 
percent and 0.47 percent if proceeds from illicit drug sales are 
included).106 107
---------------------------------------------------------------------------

    \106\ This calculation uses the $300 billion estimate for annual 
illicit proceeds generated in the United States on page 2 of U.S. 
Department of the Treasury. Office of Terrorism and Financial 
Intelligence. 2015. National Money Laundering Risk Assessment.
    \107\ The distinction between illicit proceeds that include and 
exclude money exchanged in illicit drug sales matters for the 
interpretation of proceeds as costs of crime. As discussed later, 
illicit proceeds that are involuntarily transferred from victims to 
offenders--for example, via fraud--are naturally counted among 
``external'' costs of crime. On the other hand, illicit proceeds 
from transactions that are arguably voluntary, like illicit drug 
sales, do not fit into the set of external costs so readily. To the 
extent that the size of proceeds from illicit drug sales are 
indicative of the costs to society of the drugs consumed from those 
transactions--loss of health and quality of life and lost labor 
market productivity, among many others--then this justifies using 
the broader measure of illicit activity (i.e., including drug sales) 
for estimating the social benefits of reduced crime. Although in 
this instance we are not accounting for the effects of the proposed 
rule on other types of illicit activity (e.g., terrorist financing) 
in the breakeven analysis, the CDD rule would potentially impact the 
likelihood of low probability, high impact events occurring. Such 
reductions have the potential to yield significant benefits. For 
example, the costs of terrorism and financial crime can run into the 
billions of dollars in terms of property destruction, foregone tax 
revenues, and loss of life. The American Academy of Actuaries has 
estimated that a medium-impact scenario involving a chemical, 
nuclear, biological, or radiological attack in New York City could 
result in insured losses of over $445 billion, while a truck bomb 
attack in San Francisco could result in insured losses of nearly $9 
billion. ``Letter to President's Working Group on Financial Markets 
regarding Terrorism Risk Analysis,'' American Academy of Actuaries, 
April 21, 2006.
---------------------------------------------------------------------------

    To summarize: This cost-benefit analysis provides a qualitative 
discussion of the rule's benefits and some costs, and quantitative 
estimates of those costs for which adequate data are available. Due to 
the limited availability of data on illicit activity and in the absence 
of previous changes in beneficial ownership disclosure policy, the 
final rule's effects in terms of reducing such crime cannot be 
estimated with sufficient accuracy to warrant quantitative assessment. 
In the absence of fully quantified benefits and costs, we rely on a 
breakeven analysis to determine how large the final rule's benefits 
would have to be in order to justify its costs. Given that the 
breakeven analysis depends on an argument about the final rule's 
effectiveness in generating benefits, and that the benefit of a crime 
prevented is the inverse of that crime's cost,\108\ we need a value for 
the costs of the crimes that the rule would impact. For this specific 
regulation's RIA, we choose to utilize the Treasury Department's 
estimate of $300 billion in illicit proceeds generated annually in the 
United States due to financial crimes as the basis for determining the 
rule's minimum level of effectiveness in the breakeven analysis, at 
which benefits would exactly justify costs. The whole of these proceeds 
must be laundered before they can re-enter the economy under a guise of 
legitimacy.\109\
---------------------------------------------------------------------------

    \108\ The terms ``costs'' and ``benefits'' can be 
interchangeable depending on whether one is examining the effect of 
crime or the effectiveness of a crime reduction program. See page 
276 of Cohen, Mark A., ``Measuring the Costs and Benefits of Crime 
and Justice,'' Criminal Justice 4 (2000): 263-315 (``. . . the cost 
of a crime is the same as the benefit of a crime that was 
prevented'').
    \109\ See footnote 106.
---------------------------------------------------------------------------

    The remainder of this section provides the rationale for the CDD 
rule, discusses regulatory alternatives, and summarizes the findings of 
the cost-benefit analysis. The second section reports quantitative 
estimates of certain costs; the third section provides a qualitative 
discussion of benefits and those costs that we cannot quantify; the 
fourth and final section employs a breakeven analysis to make the case 
for the adoption of the final rule.
b. Rationale for the CDD Rule
    Under certain circumstances, markets lead to socially desirable 
allocations of goods and services. Yet when all the necessary 
conditions are not met, a market's allocation of goods may not be 
efficient, a situation known as a market failure. Economists consider 
the presence of a market failure to be a justification for policy 
intervention. The final CDD rule intends to address two related market 
failures. Both of these are spillovers (also called externalities) in 
that the wellbeing of parties not buying or selling in a market is 
impacted by transactions in that market. Spillovers can either be 
positive or negative. For example, a positive spillover occurs in the 
market for influenza vaccinations: Those who receive the vaccine reduce 
the chances of others who do not receive the vaccine from catching the 
flu. From the perspective of society's overall wellbeing, the existence 
of a positive spillover implies that fewer transactions are taking 
place in the market in question than is socially optimal. Conversely, 
in the case of a negative spillover, too many transactions occur, 
resulting in lower societal wellbeing. For example, a paper mill that 
pollutes a river by releasing wastewater may negatively affect 
recreational fishermen downstream who may find fewer fish or be unable 
to eat the fish they catch due to the pollution.\110\ We discuss the 
spillovers addressed by the CDD rule in more detail below.
---------------------------------------------------------------------------

    \110\ Whether the spillover is positive or negative, the market 
failure is attributable to the lack of a second market that would 
allow participants and nonparticipants in the market with the 
spillover to compensate one another so that the quantity produced 
and consumed is socially optimal in the market with the spillover. 
For example, the fishermen have no formal mechanism for paying the 
owners of the paper mill to produce less wastewater by producing 
less paper. The implication of this ``missing market'' is that the 
overall wellbeing might be lower than what society would be willing 
to pay for, if it could.
---------------------------------------------------------------------------

    Illegal activities are social ``bads'' rather than social goods. 
Because financial institutions bear the cost of collecting the 
beneficial ownership information, they only take into account their own 
benefit to doing so when selecting their level of investment in crime-
reducing security measures.\111\ The implication is that financial 
institutions underinvest in such measures from the standpoint of 
society. If all members of society are potential victims of future 
criminal activity, then the prevention of financial crimes including 
money laundering and terrorist financing have the characteristics of 
public goods, meaning that all citizens benefit from actions to

[[Page 29433]]

mitigate these activities regardless of who pays for the prevention.
---------------------------------------------------------------------------

    \111\ Even in the extreme case where financial institutions 
could pass along the entire cost of collecting this information, it 
does not follow that the resulting level of investment in crime-
reducing security measures would maximize social wellbeing. 
Realistically, competition among financial institutions for clients 
will limit the extent to which they can pass these costs along to 
customers.
---------------------------------------------------------------------------

    Absent this final rule, financial institutions will continue to 
invest at lower than efficient levels, in accordance with their private 
interests, neglecting the incremental positive impact of each 
additional dollar spent on security measures on broader social welfare. 
This is especially true if financial institutions that are considering 
collecting beneficial ownership information perceive that they would 
lose business to competitors that do not require that information. By 
compelling universal compliance across all covered institutions, 
implementation of the final rule would increase beneficial ownership 
disclosure at financial institutions, making illicit activities more 
costly to commit.
    Without the final rule, the negative spillover arises because a 
country with less stringent anti-money laundering and countering the 
financing of terrorism (AML/CFT) regulations may become a destination 
for the laundering of proceeds generated by illicit activities 
committed in other countries. The country with less stringent rules and 
regulations receives the inflow of capital without bearing the costs of 
the criminal offenses that created that inflow of capital. 
International cooperation that harmonizes AML/CFT policies may reduce 
this market failure. By helping to harmonize U.S. standards with those 
of the global community, adopting this final rule would make laundering 
the proceeds in the United States from illicit activities committed in 
the other countries more costly and thereby mitigate the current 
negative spillover.
c. Discussion of Regulatory Alternatives to the Final CDD Rule
    In this section, we discuss five alternatives to the final CDD 
rule, which will set a 25 percent beneficial ownership disclosure 
threshold for new legal entity accounts. The first three alternatives 
are variants of the CDD rule, while the remaining two are alternative 
regulatory approaches:

    Alternative 1: 10 percent beneficial ownership disclosure 
threshold.
    Alternative 2: 50 percent beneficial ownership disclosure 
threshold.
    Alternative 3: Applying the proposed 25 percent beneficial 
ownership disclosure threshold to existing legal entity accounts, as 
well as to new accounts.
    Alternative 4: Collection and verification of the identities of 
beneficial owners by State officials at the time of company 
formation.
    Alternative 5: Collection and verification of the identities of 
beneficial owners by the Internal Revenue Service (IRS).
    Alternative 6: Exempt financial institutions below a certain 
asset size, or that maintain fewer than a specified minimum number 
of legal entity accounts.

    Alternative 1, setting a 10 percent beneficial ownership threshold, 
would provide more information to potentially identify individuals 
involved in illicit financial activity. Collecting information for a 
maximum of 11 people \112\ can potentially identify illicit financing 
through owners of stakes as small as 10 percent. However, as a 
practical matter, we believe that this threshold would predominantly 
impact legitimate legal entities, and impose upon them a significant 
burden that would not be outweighed by the incremental benefit to law 
enforcement of additional identities of beneficial owners. Such a 
change would also come at higher costs in terms of more financial 
institution and client onboarding time (in some instances, up to twice 
as much, since the maximum number of beneficial owners would be more 
than doubled from a maximum of five to a maximum of eleven) and 
additional data storage. In FinCEN's assessment, the incremental 
benefit of this approach does not outweigh the burdens associated with 
having to collect and verify the identities of more than twice as many 
beneficial owners in some circumstances. Incremental costs to financial 
institutions for IT updates, staff training, and internal controls, 
above and beyond those incurred for the final rule, would likely be 
limited.
---------------------------------------------------------------------------

    \112\ Under the two elements of the definition of beneficial 
owner described earlier, up to 10 individuals under the ownership 
element and one individual under the control element.
---------------------------------------------------------------------------

    Alternative 2, setting a 50 percent beneficial ownership threshold, 
is less stringent, but provides less information to potentially 
identify those involved in illicit financing. Using a 50 percent 
threshold would forego information on owners of stakes as high as 49 
percent. Furthermore, setting the threshold this high would render the 
rule more susceptible to evasion, as beneficial owners of legal 
entities could more easily manage their ownership interests to fall 
below this level than 25 percent. Requiring personal information for a 
maximum of three people \113\ would somewhat reduce data collection 
costs to financial institutions and their customers' costs. But, 
because major cost elements such as IT updates, staff training, and 
internal controls would still be incurred by financial institutions, 
overall savings would probably be limited relative to the final rule. 
We cannot quantify how much the benefit from the final rule would be 
reduced by this higher threshold for disclosure but are confident that 
with this threshold illicit actors would have greater ease in using 
legal entities to mask their financial activities than with the 
proposed threshold.
---------------------------------------------------------------------------

    \113\ Two individuals under the ownership element and one 
individual under the control element.
---------------------------------------------------------------------------

    Alternative 3 would apply the same beneficial ownership disclosure 
threshold as the final rule to new accounts, but would also require 
retroactive collection of beneficial ownership information for existing 
accounts at the time the rule comes into force. The increased costs 
from complying with Alternative 3 would likely take the form of 
significant labor costs as financial institutions hired additional 
workers to gather beneficial ownership data from customers and input it 
into account databases. Alternative 3 would also impose costs on 
existing customers of covered financial institutions. We do not foresee 
additional IT development costs beyond those for the final rule. We 
expect that the above-described costs would be substantial. In the 2012 
ANPRM, FinCEN sought comments on whether to require retroactive 
collection of beneficial ownership information for existing accounts. 
Many commenters to the ANPRM viewed a retroactive requirement to obtain 
beneficial ownership information for all existing accounts as extremely 
burdensome, and opposed such a requirement. In light of these 
representations about the burdens associated with such a requirement, 
FinCEN proposed in the NPRM that the beneficial ownership requirement 
would apply only with respect to legal entity customers that open new 
accounts going forward from the Applicability Date. During the NPRM 
comment period, the vast majority of commenters who addressed this 
issue reiterated this objection to retroactive application of the 
beneficial ownership obligation. Alternative 3 may offer substantially 
larger benefits than the final rule because it would make available 
beneficial ownership information for far more accounts than the final 
rule, as the stock of existing accounts covered would greatly exceed 
the flow of new accounts. The advantage in terms of greater beneficial 
ownership information would fall over time; the higher requirements of 
Alternative 3 may also require a later deadline for compliance.
    As to Alternative 4, many commenters stated that it would be more 
efficient, as well as more appropriate, to place the obligation to 
obtain beneficial ownership information on the States that create the 
entities rather than on financial institutions at the time that 
accounts are opened. While the

[[Page 29434]]

existence of such a requirement may reduce some costs that would be 
borne by financial institutions under the rule, Treasury believes that 
it would not eliminate the need for an independent obligation of 
covered financial institutions to collect and verify the beneficial 
ownership information at the time an account is opened. Additionally, 
as stated in the NPRM, the Administration supports the collection of 
this information at both the time of company formation and at the time 
an account is opened. There are important reasons for this: (i) Company 
formation and account opening generally take place at different points 
in time which may result in the information changing; and (ii) there is 
no requirement for a legal entity formed in the United States to open a 
bank account in the United States, nor is there a bar on non-U.S. legal 
entities opening accounts in the United States. Therefore it is 
important to have requirements that apply to both points of entry. In 
addition, there are Constitutional impediments on the manner and extent 
to which the Federal government could impose such a requirement on the 
States, as there is no Constitutional provision authorizing the Federal 
government to directly mandate that States collect such information. 
Furthermore, without concerted action on such a proposal by all 50 
States and the District of Columbia, we would expect illicit actors to 
simply incorporate in those States without such a requirement. Such 
gaps would obviate the benefit of such a requirement at the State 
level.
    With respect to Alternative 5, some commenters also urged that 
beneficial ownership information could more efficiently be collected by 
Federal officials at the IRS through the process of obtaining Employer 
Identification Numbers for legal entities, which would shift the costs 
from financial institutions to government. For the reasons stated 
above, Treasury believes that collection and verification of beneficial 
ownership information is necessary and valuable both at the time of 
company formation and at the time of account opening. Moreover, FinCEN 
lacks the authority to impose such an information collection 
requirement upon the IRS, and because of the sensitive nature of tax 
information and the many statutory restrictions on the use of such 
information in order to protect taxpayers' privacy, legislative changes 
to the tax code would be required.
    Regarding Alternative 6, FinCEN also considered exempting small 
financial institutions below a certain asset size or that have a 
minimal number of legal entity accounts. In this regard, FinCEN has 
determined that identifying the beneficial owner of a financial 
institution's legal entity customers and verifying that identity is a 
necessary part of an effective AML program. Were FinCEN to exempt small 
entities from this requirement, or entities that establish fewer than a 
limited number of accounts for legal entities, those financial 
institutions would be at greater risk of abuse by money launderers and 
other financial criminals, as criminals would identify institutions 
without this requirement.
d. Summary of Findings
i. Costs
(1) Quantitative Assessment
    In response to comments that our compliance cost estimates in the 
proposed rule were unrealistically low, we conducted telephone 
interviews with financial institutions that submitted comments, as well 
as with IT vendors which currently supply related AML/CFT software to 
financial institutions.\114\ Using information from those interviews, 
we estimate the cost to financial institutions and their clients of the 
additional time required to open new legal entity accounts under the 
CDD rule, and the costs to financial institution costs for employee 
training and the revision of AML program procedures. For a discount 
rate of seven percent, Table 1a lists the high-cost and low-cost 
estimates for each of the quantified categories of costs incurred in 
the first year alone, in the first ten years in terms of present value, 
and on annual basis over the first ten years.\115\
---------------------------------------------------------------------------

    \114\ Treasury understands that most financial institutions do 
not build their own systems for entering and storing data regarding 
their customers, but rather purchase such systems from third parties 
that specialize in providing such products to financial 
institutions.
    \115\ The annualized cost value is the undiscounted constant 
annual cost incurred in each of the ten years that, if it occurred, 
would yield the value for the corresponding ``present value of 10-
year costs'' entry in the table after the stream of costs were 
discounted (using the seven-percent rate in Table 1a) and summed. 
For example, a 10-year stream of $59 million (the ``High Estimate'' 
annualized cost for training in Table 1a) has a present value of 
$439 million using the seven-percent discount rate.

                                 Table 1a--Quantified Costs for 7% Discount Rate
                                                [Millions of USD]
----------------------------------------------------------------------------------------------------------------
                                                               Financial institution
                                 -------------------------------------------------------------------------------
                                     Training       Onboarding      Compliance        Client           Total
----------------------------------------------------------------------------------------------------------------
First-Year Costs:
    Low Estimate................            $211             $45             $55             $61            $371
    High Estimate...............             256              89              55             121             521
Present Value of 10-Year Costs:
    Low Estimate................             264             353              55             477           1,149
    High Estimate...............             439             705              55             955           2,154
Annualized Costs:
    Low Estimate................              35              47               7              64             153
    High Estimate...............              59              94               7             127             287
----------------------------------------------------------------------------------------------------------------
Source: Treasury Department calculations.
Note: First year of analysis is 2016. All figures in 2014 dollars.

    We estimate that first-year costs would range from roughly $370 
million to $520 million; training costs would be lower in subsequent 
years. Furthermore, we estimate that the 10-year costs range from 
roughly $1.15 billion to $2.15 billion in present value and that 
annualized costs would range from approximately $150 million to $290 
million. Table 1b reports the analogous costs for a three-percent 
discount rate. For this lower discount rate, first-year costs are 
unchanged, but we estimate that the 10-year cost range shifts up to 
roughly $1.3 billion to $2.5 billion while the annualized costs shift 
down slightly to a range of $150 million to $290 million.

[[Page 29435]]



                                 Table 1b--Quantified Costs for 3% Discount Rate
                                                [Millions of USD]
----------------------------------------------------------------------------------------------------------------
                                                               Financial institution
                                 -------------------------------------------------------------------------------
                                     Training       Onboarding      Compliance        Client           Total
----------------------------------------------------------------------------------------------------------------
First-Year Costs:
    Low Estimate................            $211             $45             $55             $61            $371
    High Estimate...............             256              89              55             121             521
Present Value of 10-Year Costs:
    Low Estimate................             274             414              55             560           1,303
    High Estimate...............             476             827              55           1,120           2,479
Annualized Costs:
    Low Estimate................              31              47               6              64             148
    High Estimate...............              54              94               6             128             282
----------------------------------------------------------------------------------------------------------------
Source: Treasury Department calculations.
Note: First year of analysis is 2016. All figures in 2014 dollars.

(2) Qualitative Assessment
    Several types of costs associated with the implementation of this 
rule cannot be reliably quantified due to a lack of data. For example, 
we provide qualitative discussions of information technology upgrades 
by covered institutions and incremental costs to U.S. criminal 
investigations because the data are insufficient for quantitative 
assessments.
ii. Benefits
    The primary purpose of the final CDD rule is to reduce illicit 
activity, including financial crimes such as money laundering and 
terrorist financing. Yet, none of the benefits of the final rule, in 
terms of reducing crime, can be measured with sufficient accuracy at 
this time to warrant quantitative assessment. Two primary factors 
impede credible quantitative estimation of the rule's benefits: Illicit 
activity is difficult to observe, meaning that reported measures are 
likely unreliable, and there is no past variation in beneficial 
ownership requirements in the United States from which to estimate the 
effects on outcomes.
    Furthermore, estimation of effects of policy changes using 
historical data is challenging in this context. Existing AML/CFT 
regulations under the Bank Secrecy Act and subsequent legislation 
already help mitigate financial crimes including money laundering and 
terrorist financing. In addition, extensive changes in the United 
States and international regulatory regimes following the financial 
crisis of 2008 further complicate the estimation of potential effects 
of any change in the CDD rule, as even changes to non-AML/CFT 
regulations may alter regulated parties' behavior in ways that make it 
difficult to attribute potential effects to the CDD rule alone. Ongoing 
financial regulatory reforms, including for example, the Dodd-Frank 
Wall Street Reform and Consumer Protection Act of 2010, add to the 
challenge of assessing the potential impacts of this final rule. 
Finally, changing external factors such as evolving AML/CFT policies of 
foreign governments and management practices of overseas financial 
institutions may affect the level of illicit activities in the United 
States, including through cross-border institutions.
    For all of the above reasons and others, this cost-benefit analysis 
relies extensively on a qualitative assessment of potential effects, 
based on relevant literature. Finally, while we believe that a 
significant increase in, for example, the number of prosecutions for 
money laundering, following the CDD rule's possible adoption would 
signal its effectiveness in diminishing the level of criminal activity, 
given the time required to build and prosecute cases, that sort of 
quantitative assessment would not be possible for several years.
3. Quantitative Estimates of Costs
a. Costs to Covered Institutions
i. Employee Training
    We generate high- and low-cost estimates of the training costs to 
covered institutions based on input from the institutions and data from 
the Bureau of Labor Statistics (BLS). These estimates pertain only to 
the training costs directly associated with the final rule, not the 
full set of training activities needed to address the broader set of 
AML/CFT regulations for financial institutions. Based on the total 
number of employees and the employee-weighted average hourly wage at 
covered institutions, we estimate high- and low-cost scenarios by 
varying the share of employees receiving training and the length of 
that training.\116\ The high-cost estimate assumes two-thirds of 
covered institution employees receive training, and one-time initial 
training runs for one hour while subsequent annual refresher trainings 
last 15 minutes. The low-cost estimates assume one-third of employees 
are trained, the initial training takes 30 minutes, and the annual 
refresher trainings run 10 minutes.
---------------------------------------------------------------------------

    \116\ To represent the workforce in covered institutions, we use 
wage data for all employees working in business establishments in 
sectors having one of the following four-digit North American 
Industry Classification System (NAICS) codes: 5221 (Depository 
Credit Intermediation), 5222 (Nondepository Credit Intermediation), 
5223 (Activities Related to Credit Intermediation), or 5231 
(Securities and Commodity Contracts Intermediation and Brokerage).
---------------------------------------------------------------------------

    In both the high-cost and low-cost estimates, we make four main 
assumptions. First, we assume the opportunity cost of staff time spent 
in training is equal to the wage rate rather than total compensation 
(wage rate plus benefits).\117\ Second, we apply the BLS 2012-22 
projected employment growth rate of 0.9 percent per year for Financial 
Activities to our 10-year time horizon.\118\ Third, we use the 
aggregate annual real wage growth rate of 1.2 percent (rounded 
intermediate assumption) from the 2015 Social Security Trustees 
Report.\119\ Finally, we assume that staff turnover rates are 
consistent with the rates provided in the Finance and Insurance sector 
in the BLS

[[Page 29436]]

Job Openings and Turnover Survey.\120\ We believe this set of 
assumptions yields estimates that account for the primary factors that 
may affect costs in the period of analysis.
---------------------------------------------------------------------------

    \117\ This assumption results in a higher opportunity cost of 
training than might be warranted if employees' brief time in 
training mostly displaces less-than-fully productive activities.
    \118\ BLS. 2013. ``Industry Employment and Output Projections to 
2022,'' Monthly Labor Review. https://www.bls.gov/opub/mlr/2013/article/industry-employment-and-output-projections-to-2022.html.
    \119\ The Board of Trustees, Federal Old-Age and Survivors 
Insurance and Federal Disability Insurance Trust Funds. 2015. The 
2015 Annual Report of the Board of Trustees of the Federal Old-Age 
and Survivors Insurance and Federal Disability Insurance Trust 
Funds. https://www.ssa.gov/oact/tr/2015/tr2015.pdf.
    \120\ BLS. 2015. Job Openings and Labor Turnover Survey News 
Release. https://www.bls.gov/news.release/archives/jolts_03102015.htm#jolts_table9.f.2
    We use the average of the 2010-14 total annual separations rates 
for the Finance and Insurance industry, provided in Table 16.
---------------------------------------------------------------------------

    Table 2 summarizes the estimated costs. Estimated first year 
training costs range from roughly $210 million to $260 million 
depending on the share of employees trained and the duration of the 
training sessions. First-year costs are so much greater than the costs 
in subsequent years for two reasons: All employees who receive training 
are given the longer initial training in the first year, but take 
shorter refresher training in the following years, and compliance staff 
must design the training in the first year.\121\ We allow for employee 
turnover by assuming that new hires in positions requiring training 
would be given the full initial training in their first years, and 
refresher trainings in each subsequent year. We also assume that 
turnover rates are equivalent for positions requiring and not requiring 
training.
---------------------------------------------------------------------------

    \121\ Using information provided in a comment by a major trade 
association, we adopted 200 hours as the necessary amount of time to 
design training per financial institution. Furthermore, we use wage 
data from the May 2014 BLS Occupational Employment Statistics for 
``compliance officers'' working in business establishments in 
sectors having one of the four-digit North American Industry 
Classification System (NAICS) codes mentioned in footnote 116; the 
average hourly wage for these compliance officers is $34.03. The 
total cost of designing trainings is the product of this wage, 200 
(hours), and the number of financial institutions.
---------------------------------------------------------------------------

    The present discounted values of our low- and high-cost scenarios 
over the 10-year period range from roughly $265 million to $440 million 
and from roughly $275 million to $475 million using the seven-percent 
and three-percent discount rates, respectively.122 123
---------------------------------------------------------------------------

    \122\ For completeness, as per guidance from OMB, we estimate 
the 10-year present discounted values using both 7-percent and 3-
percent discount rates. The latter is generally appropriate for 
discounting future consumption flows when a regulation primarily 
affects private consumption, while the former is more applicable for 
regulations affecting private-sector financial institutions. (See 
Office of Management and Budget (OMB), Regulatory Impact Analysis: A 
Primer, Aug. 15, 2011)
    \123\ One of the financial institutions we interviewed was a 
large bank whose representatives stated that all of its employees 
would require training for one-half hour. In the above analysis, if 
all employees at all covered institutions required one hour of 
initial training and subsequent annual refresher training of 15 
minutes, then the present value of 10-year training costs would be 
$561 million. Although we think it is unlikely that labor force 
training would need to be this widespread, this estimate provides an 
upper bound for total training costs.

                                        Table 2--Estimated Training Costs
                                        [Millions of USD, present value]
----------------------------------------------------------------------------------------------------------------
                                                   7% discount rate                    3% discount rate
                  Year                   -----------------------------------------------------------------------
                                            Low estimate      High estimate     Low estimate      High estimate
----------------------------------------------------------------------------------------------------------------
1.......................................            $211.1            $256.0            $211.1            $256.0
2.......................................               7.0              24.4               7.3              25.3
3.......................................               6.7              23.3               7.2              25.1
4.......................................               6.4              22.2               7.2              24.9
5.......................................               6.1              21.2               7.1              24.7
6.......................................               5.9              20.2               7.0              24.5
7.......................................               5.5              19.3               7.0              24.3
8.......................................               5.3              18.4               6.9              24.1
9.......................................               5.1              17.6               6.9              23.8
10......................................               4.8              16.8               6.8              23.6
                                         -----------------------------------------------------------------------
Present Value...........................            $263.8            $439.4            $274.4            $476.3
----------------------------------------------------------------------------------------------------------------
Source: Treasury Department calculations.
Notes: Year 1 is 2016. Includes annual real wage growth rate based on aggregate intermediate rate in 2015 Social
  Security Annual Trustees Report. Mean industry wage rates are based on BLS Occupational Employment Statistics,
  May 2014 for NAIC-4 codes 5221, 5222, 5223, and 5231. Job turnover rates are a 5-year average from BLS total
  separations rates for the Finance and Insurance sector from Job Openings and Labor Turnover Survey, March
  2015. Employment growth projections come from BLS Economic News Release, December 2013. Low estimate assumes
  one-third of employees are trained with a 30-minute initial training and 10-minute annual refreshers. High
  estimate assumes that two-thirds of employees are trained with a 1-hour initial training and 15-minute annual
  refreshers.

ii. Incremental Onboarding
    Financial institutions would primarily satisfy the final CDD rule's 
requirement to collect beneficial ownership and control information 
during the legal entity account opening process. We estimate the 
incremental onboarding costs to institutions of the CDD rule by 
multiplying the expected annual number of new legal entity accounts by 
the value of the expected additional onboarding time due to the final 
rule.\124\ We use an estimate of 8 million new accounts per year, which 
takes into account all financial accounts that will be excluded or 
exempted from the rule. We consider a range of 20 to 40 minutes of 
additional time on average to open an account under the CDD rule, based 
on a series of telephone calls with covered institutions, and on public 
comments received in response to both the NPRM and the preliminary 
version of the RIA published in December 2015.\125\ We base a financial 
institution's cost of the additional time spent onboarding a single 
account on $16.77, the average wage for ``new account clerks'' in the 
financial industry according to data furnished by the BLS. For a seven-
percent discount rate, the present value of onboarding costs has an 
approximate range of $350 million to $705 million; for a three-percent 
discount rate, the present value of onboarding costs is roughly $410 
million to $825 million.
---------------------------------------------------------------------------

    \124\ We expect that the tasks included in this additional 
onboarding time would include collection and verification of 
beneficial ownership information, as well as associated 
recordkeeping.
    \125\ In the preliminary RIA, we used 15 and 30 minutes for the 
low and high scenario average increases, respectively, in onboarding 
time per account, but some commenters objected to these values as 
being too low.
---------------------------------------------------------------------------

    Table 3 shows the estimated onboarding costs associated with the 
final rule for the 10-year period of analysis.

[[Page 29437]]



                         Table 3--Estimated Onboarding Costs for Financial Institutions
                                        [Millions of USD, present value]
----------------------------------------------------------------------------------------------------------------
                                                   7% discount rate                    3% discount rate
                                         -----------------------------------------------------------------------
                                            Low estimate      High estimate     Low estimate      High estimate
                  Year                   -----------------------------------------------------------------------
                                             20 Minutes        40 Minutes        20 Minutes        40 Minutes
                                           additional time   additional time   additional time   additional time
----------------------------------------------------------------------------------------------------------------
1.......................................             $44.7             $89.4             $44.7             $89.4
2.......................................              42.3              84.6              43.9              87.9
3.......................................              40.0              80.0              43.2              86.3
4.......................................              37.8              75.7              42.4              84.8
5.......................................              35.8              71.6              41.7              83.3
6.......................................              33.8              67.7              40.9              81.9
7.......................................              32.0              64.0              40.2              80.5
8.......................................              30.3              60.5              39.5              79.1
9.......................................              28.6              57.3              38.8              77.7
10......................................              27.1              54.2              38.2              76.3
                                         -----------------------------------------------------------------------
Present Value...........................            $352.5            $705.0            $413.6            $827.2
----------------------------------------------------------------------------------------------------------------
Source: Treasury Department calculations.
Notes: Year 1 is 2016. Includes annual real wage growth rate based on aggregate intermediate rate in 2015 Social
  Security Annual Trustees Report. Mean wage rates is based on BLS Occupational Employment Statistics, May 2014
  for New Account Clerks. Based on expectation of 8 million legal entity accounts opened each year.

    iii. Revising Policies and Procedures
    In order to ensure adherence to the final CDD rule, compliance 
officers will have to revise their financial institution's AML program 
procedures--for example, account onboarding--that will be affected by 
the final rule. In comments submitted regarding the RIA, a major trade 
association estimated that this process would require an additional 56 
hours of work per financial institution. Multiplying this additional 
hours figure by the average wage of compliance officers working in the 
relevant industries ($34.03; see footnote 122) by the number of covered 
institutions yields a total cost of $55 million for updating compliance 
procedures, which is only incurred in the first year.
b. Additional Client Time in New Account Opening Process
    Covered institution clients would also incur costs due to the 
additional onboarding time resulting from the final rule (for covered 
institutions, we gave consideration to this cost above). Based on a 
series of telephone conversations with covered institutions and public 
comments we received in response to the NPRM and the preliminary 
version of the RIA published in December 2015, we estimate client 
costs. Our estimates assume the incremental time requirements for 
clients opening new legal entity accounts equal the incremental 
onboarding time for institutions and are products of the average 
additional time required to open an account, an estimate of the number 
of new accounts that would be opened, and an estimate of the value of 
client time. Also, for the sake of consistency with the computations 
for additional onboarding costs for financial institutions, we 
necessarily assume that 8 million new legal entity accounts are opened 
each year in calculating client costs. We use $22.71 per hour, the 
weighted average hourly wage for all employees from the May 2014 
National Occupational Employment and Wage Estimates report. Using a 
seven-percent discount rate, the present value of the total additional 
cost to covered institution clients opening a new account range from 
$475 million to $955 million; the analogous figures for a three-percent 
discount rate are $560 million and $1.2 billion.

                                         Table 4--Estimated Client Costs
                                        [Millions of USD, present value]
----------------------------------------------------------------------------------------------------------------
                                                   7% discount rate                    3% discount rate
                                         -----------------------------------------------------------------------
                                            Low estimate      High estimate     Low estimate      High estimate
                  Year                   -----------------------------------------------------------------------
                                             20 Minutes        40 Minutes        20 Minutes        40 Minutes
                                           additional time   additional time   additional time   additional time
----------------------------------------------------------------------------------------------------------------
1.......................................             $60.6            $121.1             $60.6            $121.1
2.......................................              57.3             114.6              59.5             119.0
3.......................................              54.2             108.3              58.5             116.9
4.......................................              51.2             102.5              57.4             114.9
5.......................................              48.5              96.9              56.4             112.9
6.......................................              45.8              91.7              55.5             110.9
7.......................................              43.3              86.7              54.5             109.0
8.......................................              41.0              82.0              53.5             107.1
9.......................................              38.8              77.6              52.6             105.2
10......................................              36.7              73.3              51.7             103.3
                                         -----------------------------------------------------------------------
Present Value...........................            $477.3            $954.7            $560.1          $1,120.3
----------------------------------------------------------------------------------------------------------------
Source: Treasury Department calculations.

[[Page 29438]]

 
Notes: Year 1 is 2016. Includes annual real value of time growth rate based on aggregate intermediate real wage
  growth rate in 2015 Social Security Annual Trustees Report. Real value of time rate is based on U.S. BLS
  Occupational Employment Statistics (2014) weighted average hourly wage rate for all occupations. Based on
  expectation of 8 million legal entity accounts opened each year.

4. Qualitative Discussion of Costs
a. Incremental Costs to U.S. Criminal Investigations and the Justice 
System
    The U.S. Department of the Treasury believes the final rule may 
increase costs for Federal financial intelligence and criminal justice 
agencies because of the additional resources needed to handle the 
potentially increased volume of Suspicious Activity Reports (SARs), 
investigations, prosecutions, and incarcerations triggered by the final 
rule when adopted. These activities are part of the process of bringing 
financial criminals, money launderers, terrorist financiers, and other 
national security threats to justice, which confers benefits in the 
forms of reduced crime and terrorist financing. We do not attempt to 
quantify the scale of changes in these law enforcement activities (and 
their associated costs) attributable to implementation of the final 
rule, but we describe them briefly in the following sections. As noted 
below, even predicting the directions of the changes in law enforcement 
activity due to the final rule can be difficult, so any attempt at 
estimating magnitudes would be speculative.
i. Suspicious Activity Report Processing
    We expect that with adoption of the final rule, SARs filed by 
covered financial institutions will be increasingly likely to include 
beneficial ownership information for legal entity accounts as, over 
time, the share of accounts on which beneficial ownership information 
would be gathered at opening rises. This information would speed the 
identification of complicit individuals by law enforcement agencies. 
The potential effects on the number of SARs filed, and the resulting 
Federal resources used for analysis, however, are ambiguous. Of the 
SARs currently filed, a significant number involve transactions that 
financial institutions deem suspicious because they are executed by or 
involve potential shell companies. Any increase in the number of SARs 
filed under the final rule would likely be offset by the capacity of 
newly collected beneficial ownership data to remove some flagged 
transactions from suspicion. The new information would result in some 
SARs not being filed that formerly would have been. The number of 
initial SAR filings grew from 2010 to 2014, as shown in Table 6. Due to 
the uncertainties associated with attributing future changes in SAR 
filings to the final CDD rule, we do not estimate the magnitude of this 
potential effect.

                         Table 6--Initital Suspicious Activity Reports (SARs) Filed in the United States by Covered Institutions
                                                       [Sums of all reported types of intial SARs]
--------------------------------------------------------------------------------------------------------------------------------------------------------
                           2010                                   2011               2012               2013               2014          5 Year average
--------------------------------------------------------------------------------------------------------------------------------------------------------
690,603..................................................           798,780            842,947          1,000,074            909,371            848,355
--------------------------------------------------------------------------------------------------------------------------------------------------------
Source: FinCEN's System of Record.
Note: Statistics are based on counts of SARs identified as initial filings with filing received dates in the indicated year, as of 10/8/2015.

ii. Investigations
    The collection of beneficial ownership information on legal 
entities by covered institutions may lead to more Federal 
investigations of financial crime and greater expense on such 
investigations. Improved access to beneficial ownership information 
would facilitate the process of ``following the money trail'' of 
affiliated entities and individuals associated with legal entity 
accountholders, and may lead to the discovery of previously unknown 
linkages to criminal activity. However, accessible beneficial ownership 
information would also enable law enforcement agencies to better target 
their efforts, which could more than offset the higher resource 
requirements by increasing the rate at which investigations result in 
prosecutions.
iii. Prosecutions
    The final rule may similarly facilitate the identification and 
prosecution of the beneficial owners of a legal entity involved in 
illicit activity, as well as other key individuals associated with the 
legal entity, possibly resulting in more instances where charges are 
formally filed (compared to the number of cases brought if the final 
rule were not adopted). Growth in prosecution activity would increase 
the hours of Federal staff and contractors engaged in this activity. 
The availability of beneficial ownership information, had the final 
rule been in place, could have assisted in prosecution of several 
categories of crime; Table 7 shows the number of prosecutions in each 
of those categories for the last five years. Due to the uncertainties 
associated with attributing future changes in prosecutions to the final 
CDD rule, we do not estimate the magnitude of this potential effect, 
but even a hypothetical 1 percent increase on the five-year average of 
about 46,000 would raise the number of prosecutions by 460.

                                                    Table 7--Federal Prosecutions by Program Category
--------------------------------------------------------------------------------------------------------------------------------------------------------
              Program category                      2010              2011              2012              2013              2014         5 Year average
--------------------------------------------------------------------------------------------------------------------------------------------------------
Drug Dealing and Possession.................            26,805            28,422            26,858            25,884            21,577            25,909
Government Regulatory.......................             2,974             2,815             2,455             2,728             2,501             2,693
National Internal Security/Terrorism........               365               319               267               269               212               286
Official Corruption.........................               727               585               633               636               524               621
Organized Crime.............................               572               582               363               390               316               445
Weapons.....................................             7,614             7,465             7,774             7,136             6,632             7,324
White Collar Crime..........................             9,722            10,162             8,433             8,373             7,864             8,911
                                             -----------------------------------------------------------------------------------------------------------

[[Page 29439]]

 
      Total.................................            48,779            50,350            46,773            45,416            39,626            46,189
--------------------------------------------------------------------------------------------------------------------------------------------------------
Source: TRACFed database.

iv. Incarcerations
    If the number of successful prosecutions increased due to the final 
rule, we expect that incarceration costs would rise. Increased 
incarcerations may incur greater variable costs (such as food, 
clothing, and dwellings), and personnel costs at Federal penitentiaries 
(guards and other staff, and their workspaces, training, and 
equipment). In principle, if incremental incarcerations attributable to 
the final rule are substantial enough that one or more new Federal 
institutions must be built and put into operation, then costs would 
likely rise further.\126\ Table 8 shows the number of prison sentences 
during 2010-14 for categories of crime where the availability of 
beneficial ownership information could have aided in prosecution. Due 
to the uncertainties associated with attributing future changes in 
incarcerations to the final CDD rule, we do not estimate the magnitude 
of this potential effect, but even a hypothetical 1 percent increase on 
the five-year average of roughly 36,000 would raise the number of 
incarcerations by 360.
---------------------------------------------------------------------------

    \126\ It would be unlikely that prison overpopulation would be 
attributable to the proposed rule alone, but we mention this point 
for completeness. Currently, the Federal Bureau of Prisons operates 
or manages 141 institutions in the United States and the inmate 
population totals approximately 194,000. By type of offense, those 
potentially affected by the proposed rule may include (percent of 
total Federal inmates in parentheses): Banking and insurance, 
counterfeiting, and embezzlement (0.3 percent); drug offenses (48.4 
percent); extortion, fraud, and bribery (6.3 percent); and national 
security (0.0 percent). (According to the data, 76 people are 
incarcerated for national security offenses.) Federal Bureau of 
Prisons, Inmate Statistics--Offenses, available at https://www.bop.gov/about/statistics/statistics_inmate_offenses.jsp 
(accessed October 15, 2015).

                                                   Table 8--Sentenced to Prison Term for Federal Crime
--------------------------------------------------------------------------------------------------------------------------------------------------------
              Program category                      2010              2011              2012              2013              2014         5 Year average
--------------------------------------------------------------------------------------------------------------------------------------------------------
Drug Dealing and Possession.................            21,426            21,686            23,449            21,663            20,990            21,843
Government Regulatory.......................             1,000             1,053             1,065               929               856               981
National Internal Security/Terrorism........               198               186               154               177               176               178
Official Corruption.........................               357               343               358               339               373               354
Organized Crime.............................               340               367               363               252               248               314
Weapons.....................................             6,594             6,428             6,553             6,311             5,981             6,373
White Collar Crime..........................             6,211             6,381             5,844             5,444             5,537             5,883
                                             -----------------------------------------------------------------------------------------------------------
      Total.................................            36,126            36,444            37,786            35,115            34,161            35,926
--------------------------------------------------------------------------------------------------------------------------------------------------------
Source: TRACFed database.

b. Costs to Covered Institutions
i. Information Technology Upgrades
    The final CDD rule will require financial institutions to collect, 
house, and retrieve beneficial ownership data for new accountholders, 
meaning that the rule would impact financial institutions' IT systems. 
Financial institutions either build their IT networks themselves ``in-
house'' or procure these systems from third-party vendors, with which 
they sign multiyear service contracts for achieving and maintaining 
regulatory compliance. A single vendor likely sells multiple core 
platforms, tailored to different types of financial institutions (e.g., 
credit unions instead of banks), to possibly hundreds of financial 
institution clients. The vendor will then customize the purchased IT 
platform for the individual financial institution.
    If a vendor selling the same platform (with individual 
customizations) to multiple clients can make all of these IT systems 
conform to the final rule by just upgrading the core platform's 
software once, then there are economies of scale in producing CDD-
compliant IT systems. In other words, as the vendor sells the compliant 
platform to another client, the average cost of achieving compliance 
falls for all clients purchasing that platform. This is in contrast to 
a situation where the vendor incurs the same additional cost of 
upgrading each client's IT system in response to the final rule. In the 
presence of economies of scale, the costs incurred in terms of number 
of hours of programmer labor to conform to the final rule would be 
lower the smaller the number of core platforms used by covered 
financial institutions, all else equal. We can think of financial 
institutions that build and maintain their networks in-house as vendors 
having a single client.
    Under standard service contracts with financial institutions, 
third-party vendors monitor rules and then implement changes to their 
IT systems so that they maintain regulatory compliance on behalf of the 
financial institution. During the term of a contract, the vendor 
normally bears the cost of the necessary changes to maintain 
compliance. In discussions with the Treasury Department, however, some 
vendors stated that the CDD rule would be too costly to implement under 
the terms of these service contracts and would likely result in 
additional charges to their clients. The magnitude of the increase in 
IT costs from having to comply with the final rule would also depend in 
part on how financial institutions are required to use the collected 
beneficial ownership data. For example, merely electronically storing 
the information to be turned over to the government upon request would 
be less costly than requiring that financial institutions integrate 
that information with data from other databases.
    Even if we could accurately predict vendors' additional charges to 
financial

[[Page 29440]]

institution clients in response to the CDD rule's implementation, these 
values would not necessarily represent the full IT-related costs to 
society of imposing the CDD rule. In addition to the increased costs in 
terms of programmers' hours, vendors also claimed that they would have 
to delay the development work for other new initiatives (e.g., 
developing further functionality of existing platforms). In principle, 
the full IT-related costs of the CDD rule would equal the value of the 
hours of labor that vendors and financial institutions performing IT 
service in-house would have to hire in order to both comply with the 
rule and not delay any of their other development initiatives.
    During the comment period following the release of the NPRM, 
financial institutions stated that the IT costs for upgrading existing 
systems to comply with the final CDD rule would be large, although they 
generally did not cite specific amounts. We were able, however, to 
obtain incremental IT cost estimates specific to a few financial 
institutions during one-on-one calls. Specifically, one large bank, one 
mid-sized bank, and one smaller credit union reported expected IT 
upgrade costs of $20 million, $3 million to $5 million, and $50,000 to 
$70,000, respectively. Two larger credit unions reported estimated 
costs of $23,270 and $11,500. Applying these per-firm data points to 
the estimated number of affected banks and non-bank financial 
institutions to assess an order-of-magnitude IT cost, Treasury believes 
that the actual aggregate IT cost which will likely occur in the first 
year of the implementation of the rule may be in low to mid billion 
dollars.
    The order-of-magnitude assessment of the IT cost should be 
understood carefully due to the information deficiencies. FinCEN only 
obtained five self-reported IT upgrade costs estimates with broad 
ranges. Some of the cost estimates provided seem to be contradictory 
since we expect larger firms to incur larger costs. Because of the 
small self-selected sample, coupled with unknown data quality 
associated with the per-firm cost information, we cannot reasonably 
extrapolate these per-firm estimates to the industry as a robust 
estimate of cost. We only present these findings to provide the order-
of-magnitude information and to support the case for a breakeven 
analysis.

 
----------------------------------------------------------------------------------------------------------------
                                                                           Per-firm average    Total IT upgrade
                                                        Number of banks    IT upgrade costs    costs for bin  ($
                  Total assets bin                      or institutions     (based on data      Million except
                                                                               received)            Total)
----------------------------------------------------------------------------------------------------------------
>$200 billion.......................................                  11         $20,000,000                $220
$10 billion-$200 billion............................                  74  3,000,000-5,000,00             222-370
                                                                                           0
$1 billion-$10 billion..............................                 473       11,500-23,270                5-11
<1 billion..........................................               4,762       50,000-70,000             238-333
Non-bank Institutions (including credit unions).....              23,496     129,000-176,000         3,030-4,140
                                                     -----------------------------------------------------------
Total...............................................              28,816  ..................          $ Billions
----------------------------------------------------------------------------------------------------------------

ii. Suspicious Activity Report Generation and Transmittal
    When a financial institution detects suspected money laundering or 
fraud, its employees must investigate further to determine whether the 
activities warrant filing a SAR with FinCEN. In many instances, 
financial institutions decide that upon closer inspection the actions 
that were initially seen as suspicious do not necessitate filing a SAR. 
The presence of these false positives implies that the ultimate number 
of SARs filed by a financial institution does not directly correspond 
to the labor resources expended on the filing of SARs. In phone 
conversations with the Treasury Department, some financial institutions 
stated they thought they would detect more suspicious activity under 
the final rule, but that this increased detection would not necessarily 
lead to more SARs being transmitted. Given the difficulty of 
determining how the final rule will affect financial institutions' 
labor needs with regard to SAR generation and transmittal, we do not 
attempt to quantify this cost.
iii. Internal Control/Compliance
    The CDD rule would require additional work for financial 
institutions' compliance officers, who ensure that procedures at their 
organizations adhere to the rule. According to phone conversations 
between financial institutions and the Treasury Department, the process 
of ensuring compliance with the CDD rule would take the form of 
additional procedures and reviews in audits of work performed. One 
financial institution stated that the addition of more audit functions 
might eventually necessitate hiring additional compliance staff. Given 
the uncertainty regarding how financial institutions would adjust 
compliance officer staffing in response to the final CDD rule, we do 
not quantify this cost.
iv. Potential Capital Loss (Accounts Moving Abroad) and Forgone Capital 
(Accounts Not Opened)
    While a prospective study of the European Union's beneficial 
ownership disclosure rule \127\ posited that its implementation in 2007 
could drive some account holders to relocate their assets to foreign 
jurisdictions where the policies do not apply,\128\ that seems unlikely 
to occur if the United States implements the CDD rule. The CDD rule 
also appears unlikely to trigger a diversion of legal entity accounts 
that would have been opened at domestic covered institutions, to be 
opened instead at uncovered domestic or foreign financial institutions.
---------------------------------------------------------------------------

    \127\ The rule is Directive 2005/60/EC of the European 
Parliament and of the Council of October 26, 2005 on the prevention 
of the use of the financial system for the purpose of money 
laundering and terrorist financing. It required member states to 
comply by December 15, 2007.
    \128\ Estimated capital loss is derived based on survey 
responses. One-third of National Bankers' Associations respondents 
agreed that the beneficial disclosure rule could lead to an increase 
in capital outflow from the national banking sector (p. 215). 
Transcrime. 2007. Cost Benefit Analysis of Transparency Requirements 
in the Company/Corporate Field and Banking Sector Relevant for the 
Fight Against Money Laundering and Other Financial Crime. A study 
financed by the European Commission.
---------------------------------------------------------------------------

    The Treasury Department supports the perspective that beneficial 
ownership disclosure is unlikely to trigger legitimate transaction 
account holder closings or to dissuade legitimate would-be transaction 
account holders

[[Page 29441]]

from opening new accounts. This view has a three-part rationale:
    (1) First, most businesses operating in the United States would 
have difficulty conducting basic functions (e.g., accepting receivables 
and paying invoices) without a transaction account at a domestic 
bank.\129\
---------------------------------------------------------------------------

    \129\ Some commenters stated that with regard to certain 
specialized credit products, the beneficial ownership requirement 
would be likely to cause businesses to utilize uncovered 
competitors. Because FinCEN views such products as low risk for 
money laundering or terrorist financing, they have been exempted 
from the beneficial ownership requirement, subject to the 
satisfaction of certain conditions.
---------------------------------------------------------------------------

    (2) Second, Financial Action Task Force (FATF) recommendations call 
for all member countries to require domestic financial institutions to 
conduct customer due diligence, and for their law enforcement agencies 
to cooperate with other member country enforcement agencies, which 
includes U.S. law enforcement. Unlike the situation at the time of the 
2007 EU study referred to above, the majority of FATF members (as well 
as many other jurisdictions) are now in compliance with the FATF 
customer due diligence standards; as a result of which there are few 
safe havens in the world (not just advanced economies) where financial 
institutions are not required to obtain beneficial ownership 
information about legal entities when they open an account.
    (3) Third, the Financial Account Tax Compliance Act (FATCA) 
requires foreign financial institutions to report to the IRS 
identifying and income information on accounts held by U.S. 
taxpayers.\130\ FATCA's requirements apply to all financial 
institutions worldwide; the United States has negotiated 
intergovernmental agreements with 112 jurisdictions to implement FATCA, 
and financial institutions in jurisdictions without intergovernmental 
agreements are still subject to FATCA's reporting requirements. Because 
legal entities opening an account in any of these 112 foreign 
jurisdictions would be required to disclose U.S. beneficial ownership 
information, opening a bank account outside the United States would 
offer no material advantage, in terms of concealing of beneficial 
ownership information, versus opening an account in the United States.
---------------------------------------------------------------------------

    \130\ Or certain foreign entities in which U.S. taxpayers are 
considered either ``substantial U.S. owners,'' defined as having a 
10 percent or greater ownership stake in the entity, or, for 
financial institutions in jurisdictions with an intergovernmental 
agreement, ``controlling persons,'' defined in accordance with the 
FATF recommendations as the natural persons who exercise control 
over the entity.
---------------------------------------------------------------------------

c. Increased Costs Associated With Non-Criminal Activities \131\
---------------------------------------------------------------------------

    \131\ These costs would be over and above any incremental 
compliance costs of the CDD rule passed on to clients by financial 
institutions.
---------------------------------------------------------------------------

i. Reduced Privacy
    We expect financial institution clients would experience minimal 
costs with regard to the loss of privacy. Some costs arise because the 
disclosure of beneficial ownership information may require the legal 
entity to reveal previously undisclosed information, which is not 
required in any State at the time of the legal entity's formation. As 
such, it is likely that many entities would report some previously 
undisclosed beneficial ownership information.
    While findings of academic research may not strictly apply in the 
context of this rule because disclosure would be legally required, that 
research suggests that when individuals self-disclose personal 
information, they do so after weighing the expected benefits and any 
negative consequences.\132\ Individuals tend to readily disclose 
biographical information in exchange for small (and often non-
financial) benefits.\133\ The willingness of individuals to share 
information with organizations increases if they trust the 
organization's ability to store and use that information 
responsibly.\134\ Because the quantity of beneficial ownership 
information is small and its dissemination would be limited to the 
financial institution (or law enforcement pursuant to legal process), 
we expect the cost to law-abiding individuals of disclosing private 
information to be quite low.
---------------------------------------------------------------------------

    \132\ Varian, Hal. ``Economic Aspects of Personal Privacy,'' In 
Internet Policy and Economics, edited by W.H. Lehr and L.M. Pupillo, 
101-109. New York: Springer, 2009. See also: Hann, Il-Horn; Kai-Lung 
Hui, Tom Lee, and I Png. ``Online Information Privacy: Measuring the 
Cost-Benefit Trade-Off.'' ICIS 2002 Proceedings, Paper 1 (2002).
    \133\ Grossklags, Jens, and Alessandro Acquisti. ``What Can 
Behavioral Economics Teach Us about Privacy?'' In Digital Privacy: 
Theory, Technologies, and Practices, edited by Acquisti, Alessandro, 
Stefanos Gritzalis, Costas Lambrinoudakis, and Sabrina De Capitani 
di Vimercati, 363-377. Boca Raton: Auerbach Publications, 2008.
    \134\ Dinev, Tamara and Paul Hart. ``An Extended Privacy 
Calculus Model for E-Commerce Transactions.'' Information Systems 
Research 17, no. 1 (2006): 61-80. This study pre-dates the major IT 
data breaches at large firms and government institutions that have 
occurred in recent years.
---------------------------------------------------------------------------

    By contrast, we expect financial criminals would bear much higher 
costs of revealing previously private beneficial ownership information, 
as the consequences of disclosure could include denial of services by 
the financial institutions, asset forfeiture, or prosecution and 
incarceration. Since the expressed intent of the final rule is to 
increase the costs of criminal activity, this variation in the cost of 
privacy loss is consistent with the intended effect of the final rule. 
We do not attempt to estimate the value of privacy loss.
ii. Potential Impact on Clients, Including Access to Banking for the 
Unbanked
    The ``unbanked'' population in the United States stood at 7.7 
percent of all households in 2013, according to a Federal Deposit 
Insurance Corporation (FDIC) survey.\135\ Unbanked households do not 
have an account at an insured financial institution. We see value in 
developing a financial system whereby ``. . . banks effectively serve 
the broadest possible set of consumers.''
---------------------------------------------------------------------------

    \135\ Federal Deposit Insurance Corporation. 2014. 2013 FDIC 
National Survey of Unbanked and Underbanked Households.
---------------------------------------------------------------------------

    If compliance costs faced by financial institutions are passed 
through to their clients (for example, through increased minimum 
deposit levels and/or higher fees), this theoretically could raise 
clients' barriers to entry, and may price some consumers out of 
participating in the banking system.\136\ However, we find no 
literature estimating the potential impact of AML/CFT on the unbanked 
population in the United States, and we do not attempt to quantify its 
magnitude. Nonetheless, we reason that since the costs incurred by 
financial institutions from the final rule appear to be relatively 
modest, and the passed-through costs would be spread across a broad 
client base, we expect the marginal effect on unbanked groups would 
likely be small.
---------------------------------------------------------------------------

    \136\ Reuter, Peter, and Edwin Truman. Chasing Dirty Money: 
Progress on Anti-Money Laundering. Washington: Peterson Institute, 
2004.
---------------------------------------------------------------------------

5. Qualitative Discussion of the Benefits
a. Reduced Crimes and Terrorist Activity
    The primary purpose of this final rule is to reduce illicit 
activity. Yet credible quantitative estimates of how the CDD rule would 
affect these outcomes, on which the benefit calculation in the cost-
benefit analysis would be based, do not exist, for the reasons 
discussed above. Therefore, this analysis provides a qualitative 
assessment of potential reductions in illicit activity based on 
relevant literature.
    The National Money Laundering Risk Assessment 2015 estimated the 
annual volume of money laundering in the United States at $300 billion. 
The same source notes that one of the key vulnerabilities exploited by 
money

[[Page 29442]]

launderers is ``creating legal entities without accurate information 
about the identity of the beneficial owner.'' \137\ The report suggests 
that the ease of concealment plays a primary role in the execution of 
many financial crimes.\138\ Therefore, the beneficial ownership 
disclosure requirement in this final rule would likely have a 
mitigating effect on a large share of financial crime in the United 
States.
---------------------------------------------------------------------------

    \137\ U.S. Department of the Treasury. Office of Terrorism and 
Financial Intelligence. 2015. National Money Laundering Risk 
Assessment.
    \138\ U.S. Department of the Treasury concludes that, ``The 
potential for anonymity in financial transactions underlies most of 
the vulnerabilities in this risk assessment.'' See U.S. Department 
of the Treasury. Office of Terrorism and Financial Intelligence. 
2015. National Money Laundering Risk Assessment.
---------------------------------------------------------------------------

    In the absence of direct empirical estimates on the link between 
AML/CFT policy and illicit activity, we refer to the literature on the 
economics of crime. This body of work, pioneered by Nobel laureate Gary 
Becker, assumes criminals make rational decisions based on their 
expected costs and benefits of committing crime.\139\ In Becker's 
approach, an individual's decision to commit a criminal offense is a 
function of the income associated with getting away with the crime, the 
probability of conviction, the punishment if convicted, and earnings 
from legitimate work. A rational individual chooses to commit a crime 
when it yields higher expected wellbeing (accounting for risk of 
conviction and the associated punishment) than does time spent in 
legitimate employment.
---------------------------------------------------------------------------

    \139\ See Becker, Gary, ``Crime and Punishment: an Economic 
Analysis.'' Journal of Political Economy 78 (1968). 169-217.
---------------------------------------------------------------------------

    Applying Becker's model to criminals allows us to evaluate how the 
new policy would affect the level of illicit activity. By revealing 
more criminals' identities and therefore facilitating the linkage of 
criminal acts to perpetrators by financial intelligence and law 
enforcement, the CDD rule would increase the probability of conviction. 
Therefore, in the context of Becker's model, we expect that the CDD 
rule would reduce the level of illicit activity. Subsequent 
incarceration would render these criminals unable to engage in illicit 
activity while serving their sentences, a phenomenon known as the 
``incapacitation effect.'' Higher rates of apprehension and conviction 
may also deter potential criminals from committing crime. The large 
empirical literature on the economics of crime shows convincing 
evidence that higher probabilities of apprehension and conviction 
(usually in the form of stronger police presence) tend to reduce crime 
rates through some combination of incapacitation and deterrence.\140\
---------------------------------------------------------------------------

    \140\ See, for example, Chalfin, Aaron and Justin McCrary, 
``Criminal Deterrence: A Review of the Literature,'' Paper prepared 
for the Journal of Economic Literature (2015). See also Nagin, 
Daniel, ``Deterrence: A Review of the Evidence by a Criminologist 
for Economists.'' Annual Review of Economics 5 (2013): 83-105.
---------------------------------------------------------------------------

    In principle, criminals could respond by attempting to move their 
accounts to those countries that still have not adopted beneficial 
ownership identification and verification, although we consider this to 
be unlikely, because most of the world's countries already require 
financial institutions to collect and verify beneficial ownership of 
legal entity account holders. Criminals could theoretically also reduce 
their beneficial ownership shares below the disclosure threshold; we 
also view this response as unlikely, because of the practical 
difficulties criminals would face laundering money through a vehicle in 
which they hold only a minority stake. Those criminals may incur the 
costs of taking those steps, and perhaps ongoing costs in the form of 
using less convenient and costlier financial services. Combined, these 
higher costs would reduce the expected returns to crime, which we 
anticipate would therefore lower financial crime rates.
    In order to compute the benefit of reduced crime from the CDD rule, 
we would need to know both the causal negative effect of the CDD rule 
on the level of illicit activity (discussed above) and the costs 
imposed on society by the illicit activity that would not occur in the 
presence of the rule. Enumerating these costs is not as straightforward 
as it might appear, so we follow the cost-of-crime literature in 
distinguishing between ``social costs'' and ``external costs'' of crime 
in order to be more precise regarding the potential benefits of the 
final rule.\141\ External costs are those that are involuntarily 
imposed on one individual (the victim) by another individual (the 
offender). In the case of an automobile theft, for example, the 
external costs could include the resale value of the vehicle, the value 
of items in the vehicle at the time of theft, the value of the victim's 
time spent dealing with the aftermath of the crime, and any 
psychological pain and suffering experienced by the victim. Yet whether 
the perpetrator keeps or sells the vehicle and the items therein, these 
are still available for use by someone in society and can be thought of 
as transfers from one individual to another. Therefore one could reason 
that, unlike the victim's pain and suffering and lost time--losses 
which are not offset by gains to someone else--the value of stolen 
goods (or money) does not represent a social cost.\142\ This view is 
equivalent to the inclusion of perpetrators' wellbeing in overall 
social welfare, for example, when evaluating a crime-reducing policy. 
As a recent survey points out, however, ``[i]n practice, researchers 
have generally adopted the perspective that an offender's utility ought 
not to count as part of society's social welfare function.'' \143\ We 
too adopt this approach in the RIA, using external costs as the 
relevant concept for the cost of crime, meaning that any reduction in 
funds involuntarily transferred from victim to offender would 
constitute a benefit of the CDD rule.
---------------------------------------------------------------------------

    \141\ The descriptions and examples of social and external costs 
in this section closely follow the discussions in Chalfin, Aaron. 
``The Economic Cost of Crime.'' Working paper, University of 
Cincinnati (2013). and Cohen, Mark A. ``Measuring the Costs and 
Benefits of Crime and Justice.'' Criminal Justice 4 (2000): 263-315.
    \142\ Note that the social costs of crime are not a subset of 
the external costs. Social costs of crime can also include any 
resources devoted to crime prevention by the public sector or 
private citizens that could be more productively put to other uses 
and diminished economic opportunity in high crime areas where 
businesses choose not to locate.
    \143\ See page 5 of Chalfin, Aaron. ``The Economic Cost of 
Crime.'' Working paper, University of Cincinnati (2013). and 
articles cited within for additional perspectives.
---------------------------------------------------------------------------

    A complete accounting of the value of reduced crime and terrorist 
financing would include the full value of harm to victims averted by 
the reduction in these activities. In addition to tangible costs such 
as financial losses (which, given the adoption of external costs in our 
approach, would not be balanced by gains to criminals), research on the 
costs of crime finds intangible losses, including pain, suffering, and 
reduced quality of life, associated with criminal activity. Button et 
al. (2014) interviewed over 700 victims of financial fraud in London. 
Among the effects reported by victims as important were ``depression or 
a mental disorder'' (7 percent), ``psychological/emotional feelings, 
loss of trust, and so on'' (37 percent), stress (44 percent), and anger 
(68 percent).\144\ A national study of financial fraud in the United 
States by the National Institute of Justice found that 14 percent of 
fraud victims reported suffering health or emotional problems related 
directly to their victimization.\145\ However, we find no empirical 
estimates of the psychological costs of crime. Many studies of the 
costs of

[[Page 29443]]

crime do not fully consider the psychological impact on its 
victims,\146\ and therefore, the true economic value of averted crime 
may exceed estimates derived from published studies of the costs of 
crime.
---------------------------------------------------------------------------

    \144\ Button, Mark, Chris Lewis, and Jacki Tapley. ``Not a 
Victimless Crime: the Impact of Fraud on Individual Victims and 
their Families.'' Security Journal 27, no. 1 (2014): 36-54.
    \145\ Titus, Richard, Fred Heinzelmann, and John Boyle. ``The 
Anatomy of Fraud: Report of a Nationwide Survey.'' National 
Institute of Justice Journal (1995): 28-34.
    \146\ McCollister, Kathryn, Michael French, and Hai Fang. ``The 
Cost of Crime to Society: New Crime-Specific Estimates for Policy 
and Program Evaluation.'' Drug and Alcohol Dependence 108 (2010): 
98-109.
---------------------------------------------------------------------------

b. Law Enforcement Benefits
i. Reduced Cost of Beneficial Ownership Searches
    A direct benefit of the final rule would be the reduction in the 
cost to law enforcement agencies of obtaining beneficial ownership 
information. The current system generally requires Federal 
investigators to expend resources in search of beneficial ownership 
information when conditions warrant it. Adoption of the final rule 
would reduce law enforcement agencies' search costs because the 
information would be collected by covered financial institutions for 
new legal entity accounts and become more readily accessible to law 
enforcement agency investigators with a subpoena. In addition, SARs 
filed by the institutions would be increasingly likely to include 
beneficial ownership information, making it readily available to 
Federal authorities. We do not attempt to estimate the value of this 
potential benefit, but we expect it to grow over time, as the share of 
accounts whose beneficial ownership is disclosed gradually rises.\147\
---------------------------------------------------------------------------

    \147\ We expect this gradual increase in the share of accounts 
with disclosed beneficial ownership because only new legal entity 
accounts would require this information under the proposed rule.
---------------------------------------------------------------------------

6. Transfers
    In the next two sections, we identify a few potential effects that 
do not conform to strictly-defined costs or benefits to society, but 
may have impacts on selected stakeholders. These effects are not 
included as costs or benefits.
a. Lost Tax Revenue Due to Capital Loss (Accounts Moving Abroad)
    To the extent that financial accounts at covered institutions 
generate taxable income and that the decision to open these accounts is 
sensitive to the collection of beneficial ownership information, the 
final CDD rule has the potential to eliminate tax revenue that would 
otherwise be collected. However, from our perspective, beneficial 
ownership disclosure would have a negligible effect on the number of 
legal entity accounts because legal entities in the United States 
generally require bank accounts to operate their businesses. In 
addition, the vast majority of the world's countries require financial 
institutions to collect and verify beneficial ownership of legal entity 
accountholders. As a result, there are few safe havens in the world 
that permit financial institutions to open an account for a legal 
entity and not obtain the entity's beneficial ownership. (See 
discussion in section 4.b.iv.)
b. Increased Asset Recovery
    To the extent that the number of successful prosecutions increases 
due to the final rule, we expect that the recovery of assets by Federal 
authorities would rise. We would consider any increase in assets 
recovered due to the final rule as transfers. Table 5 shows that the 
value of assets forfeited to the U.S. Department of Justice Forfeiture 
Fund has exceeded $1.5 billion every year from 2010 to 2014 and has 
exceeded $4 billion in two of those years,\148\ and that the value of 
assets forfeited to the U.S. Department of the Treasury Forfeiture Fund 
has been greater than $500 million in every year over the same 
period.\149\ Due to the uncertainties associated with attributing 
future changes in asset recovery to the final CDD rule, we do not 
estimate the magnitude of this potential effect, but even a 
hypothetical 5 percent increase on the five-year average of $2.9 
billion for the DOJ forfeitures alone would exceed $145 million in 
additional assets recovered.
---------------------------------------------------------------------------

    \148\ Based on statistics from the DOJ Asset Forfeiture Program. 
The DOJ Asset Forfeiture Program Web page lists the following 
participating institutions. DOJ institutions: The Asset Forfeiture 
and Money Laundering Section of the Criminal Division; Bureau of 
Alcohol, Tobacco, Firearms, and Explosives; Drug Enforcement 
Administration; Federal Bureau of Investigation; U.S. Marshals 
Service; U.S. Attorneys' Offices; and Asset Forfeitures Management 
Staff. Institutions from other U.S. Government agencies include: 
U.S. Postal Inspection Service; Food and Drug Administration; U.S. 
Department of Agriculture, Office of the Inspector General; 
Department of State, Bureau of Diplomatic Security; and Defense 
Criminal Investigative Service. Source: U.S. Department of Justice. 
2015. Participants and Roles. https://www.justice.gov/afp/participants-and-roles (accessed September 14, 2015).
    \149\ Participating agencies include IRS Criminal Investigations 
Division, U.S. Immigration and Customs Enforcement, U.S. Customs and 
Border Protection, U.S. Secret Service, and U.S. Coast Guard. 
Source: U.S. Department of the Treasury. 2015. Terrorism and 
Financial Intelligence. https://www.treasury.gov/about/organizational-structure/offices/Pages/The-Executive-Office-for-Asset-Forfeiture.aspx (accessed October 8, 2015).

                  Table 5--Assets of Department of Justice Forfeiture Fund and Seized Assets Deposits Fund and Treasury Forfeiture Fund
                                              [U.S. Department of Justice, U.S. Department of the Treasury]
                                                                [Millions of nominal USD]
--------------------------------------------------------------------------------------------------------------------------------------------------------
                             2010                                    2011            2012            2013            2014            5 Year average
--------------------------------------------------------------------------------------------------------------------------------------------------------
Forfeited to Department of Justice:
    $1,947....................................................          $1,617          $4,453          $2,148          $4,551                    $2,943
Forfeited to Treasury:
    1,142.....................................................             929             523           1,713             784                     1,018
--------------------------------------------------------------------------------------------------------------------------------------------------------
Sources: U.S. Department of Justice, Assets Forfeiture Program. Annual Reports to Congress (eds. 2004-2014). Adapted from ``Assets Forfeiture Fund and
  Seized Assets Deposits Fund--Method of Disposition of Forfeited Property'' tables. https://www.justice.gov/afp/reports-congress, accessed October 8,
  2015. Treasury Executive Office for Asset Forfeiture.
Note: Current year revenue includes direct revenue and reverse asset sharing.

c. Potential Increased Tax Revenue Through Improved Tax Compliance
    According to the U.S. Department of the Treasury, the collection of 
beneficial ownership information by covered financial institutions for 
their domestic legal entity accounts would result in new information 
being available to the IRS during audits and investigations into civil 
and criminal tax noncompliance. Ready access to account beneficial 
ownership information from covered financial institutions would help 
the IRS determine whether beneficial owners are accurately reporting 
income from entities. Moreover, IRS access to this information would 
increase incentives

[[Page 29444]]

for voluntary tax compliance by beneficial owners of the accounts. Any 
increased tax revenue would be considered a transfer.
7. Reputational Effects
a. Reputational Effects of Meeting International Policy Standards
    FATF has set international standards to enhance the collective 
effort to combat money laundering and terrorist financing. Widespread 
adoption of such international standards can raise the cost of crime, 
by limiting criminals' choices of where they can obtain accounts, and 
eliminate ``safe havens'' for financial criminals seeking jurisdictions 
with less rigorous laws or enforcement.
    Recent reviews of U.S. compliance with international AML/CFT 
standards have criticized the incomplete adoption of the customer due 
diligence framework. The 2006 FATF Mutual Evaluation Report (MER) found 
that the United States had implemented an AML/CFT system that was 
broadly consistent with the international standard. However, the report 
noted shortcomings related to CDD in the U.S. framework, and rated it 
only ``partially compliant'' with the CDD recommendation, a significant 
reason being the lack of an explicit beneficial ownership 
identification requirement.\150\ The International Monetary Fund (IMF) 
in 2010 found the United States had made ``limited progress'' since 
2006 in strengthening requirements on identifying beneficial owners of 
accounts.\151\ In its 2015 Financial Sector Assessment of the United 
States, the IMF acknowledged U.S. efforts in addressing deficiencies 
identified in the 2006 FATF MER, but cited a lack of substantive policy 
progress by the end of its research mission in June 2015.\152\
---------------------------------------------------------------------------

    \150\ Financial Action Task Force. 2006. Summary of the Third 
Mutual Evaluation Report on Anti-Money Laundering and Combating the 
Financing of Terrorism, United States of America. FATF is performing 
its mutual evaluation of the United States, to be completed in 
October 2016.
    \151\ International Monetary Fund. IMF Country Report No. 10/
253. 2010. United States: Publication of Financial Sector Assessment 
Program Documentation--Technical Note on Anti-Money Laundering/
Combating the Financing of Terrorism.
    \152\ International Monetary Fund. IMF Country Report No. 15/
174. 2015. United States Financial Sector Assessment Program: Anti-
Money Laundering and Combating the Financing of Terrorism (AML/
CFT)--Technical Note.
---------------------------------------------------------------------------

    The U.S. government responded to the 2006 FATF Report by committing 
to strengthen customer due diligence standards. In 2013, the U.S. G-8 
Action Plan for Transparency of Company Ownership and Control committed 
to clarifying and strengthening customer due diligence standards for 
U.S. financial institutions.\153\ In October 2015, the U.S. G-20 Action 
Plan notes its engagement in developing a customer due diligence rule 
with required beneficial ownership disclosure for financial 
institutions.\154\
---------------------------------------------------------------------------

    \153\ The White House. Office of the Press Secretary. 2013. 
United States G-8 Action Plan for Transparency of Company Ownership 
and Control. https://www.whitehouse.gov/the-press-office/2013/06/18/united-states-g-8-action-plan-transparency-company-ownership-and-control (accessed October 8, 2015).
    \154\ The White House, The U.S. Action Plan to Implement the G-
20 High Level Principles on Beneficial Ownership, https://www.whitehouse.gov/blog/2015/10/16/us-action-plan-implement-g-20-high-level-principles-beneficial-ownership.
---------------------------------------------------------------------------

    Implementing the CDD rule would advance compliance by the United 
States with the FATF CDD standards and fulfill outstanding public 
commitments. It would further enable the United States to demonstrate 
progress at the FATF, and at other international bodies, and 
bilaterally to encourage other jurisdictions to comply with the FATF 
standards and avoid accusations of hypocrisy due to its own lack of 
compliance. We do not attempt to quantify or monetize the magnitude of 
this potential reputational effect, given the intangible nature of 
reputational effects, but assess it to be significant. The United 
States, which is generally considered a global leader in combating 
money laundering and terrorist financing, is currently one of a very 
small number of FATF members that are not in compliance with its core 
standard requiring that financial institutions identify and verify the 
identity of the beneficial owners of legal entity accounts. We assess 
that this lack of full compliance with the standard with which the vast 
majority of the rest of the world complies, undermines U.S. leadership 
on illicit finance issues.
b. Reputational Effects on Financial Institutions
    We believe the proposed CDD rule is unlikely to provide appreciable 
reputational effects on covered financial institutions. Our reasoning 
is as follows. Client confidence in financial institutions is a 
necessary component of an effective financial system.\155\ Depositors 
trust institutions to safeguard deposits, provide fund withdrawals upon 
request, and meet regulatory and prudential requirements.
---------------------------------------------------------------------------

    \155\ International Monetary Fund. Departments of Exchange 
Affairs, Policy Development, and Review. 2001. Financial System 
Abuse, Financial Crime, and Money Laundering--Background Paper.
---------------------------------------------------------------------------

    In principle, financial institutions that maintain full compliance 
with AML/CFT regulations, including the final rule, may be viewed as 
less risky by clients and investors, at least when compared to non-
complying institutions. However, compliance with the CDD rule would 
likely do little to distinguish any particular financial institution 
from its peers, since all covered institutions would be subject to the 
same requirement, and compliance is expected to be universal. 
Therefore, in this context, we believe any potential reputational 
effect to institutions that comply with the rule would be negligible.
8. Breakeven Analysis and Conclusion
    Ideally, a cost-benefit analysis quantifies all benefits and costs, 
converts them to present value, and then assesses whether the present 
value of benefits exceeds the present value of costs. However, it is 
not uncommon for a rule to generate benefits and costs that cannot be 
fully quantified, in which case alternative methods can be used to 
assess the rule.\156\ When such unquantifiable benefits and costs are 
likely to be important, one should carry out a ``threshold,'' or 
``breakeven'' analysis to evaluate their significance.\157\ Such an 
analysis asks how large the present value of benefits has to be so that 
it is just equal to the present value of costs.\158\ A credible claim 
that a rule change would generate a discounted stream of benefits equal 
to or greater than this breakeven level supports the argument that a 
rule should be adopted.\159\ As we described at length above, we expect 
there to be significant but unquantifiable benefits to this rule, 
necessitating the use of a breakeven analysis. This analysis presents a 
range of costs, including the primary quantified costs and the order-
of-magnitude IT cost assessment with an upper bound of $10 billion for 
the cost of implementing the rule, which thus determines the threshold 
that the benefits would need to meet for the rule to generate a net 
benefit to society.

[[Page 29445]]

Given that the upper bound for costs used in the breakeven analysis is 
high, the breakeven analysis is therefore very conservative in 
specifying how effective the CDD rule would have to be in order to 
justify its costs.
---------------------------------------------------------------------------

    \156\ For a discussion of this situation, along with many 
examples of proposed Federal regulations affected by it, see 
Sunstein, Cass. ``The Limits of Quantification.'' California Law 
Review 102, no. 6 (2014): 1369-1422.
    \157\ See pages 2 and 10 of OMB Circular A-4. 2003.
    \158\ For examples of regulatory analyses of past rules that 
relied on breakeven analysis, see Customs and Border Protection, 
Department of Homeland Security, ``Importer Security Filings and 
Additional Carrier Requirements,'' 73 FR 71730 (November 25, 2008), 
and Customs and Border Protection, Department of Homeland Security, 
``Advance Electronic Transmission of Passenger and Crew Member 
Manifests for Commercial Aircraft and Vessels,'' 72 FR 48320 (August 
23, 2007).
    \159\ In performing the breakeven analysis, we discount future 
cash flows using the seven-percent discount rate.
---------------------------------------------------------------------------

    As mentioned in the first section of the RIA, $300 billion in 
illicit proceeds are generated annually in the United States according 
to the Treasury Department's 2015 National Money Laundering Risk 
Assessment.\160\ To the extent that this figure represents funds 
involuntarily transferred from victims to offenders, the $300 billion 
represents a portion of the total external costs imposed by the illicit 
activity.\161\ The final CDD rule intends to diminish the volume of 
such illegally generated funds, where any reduction represents the 
``reduced crime'' portion of the unquantified ``reduced crime and 
terrorist activity'' benefit described earlier. Any reduction of the 
$300 billion figure is a lower bound for the final rule's actual 
benefit, given the reliance on saved external costs as the relevant 
concept (i.e., this does not reflect the value of individuals' lost 
time in the aftermath of being victimized by financial crime or their 
psychological suffering, among many other costs).\162\ Note that this 
benefit is also a lower bound because it does not include the other 
qualitative benefits (besides reduced terrorist activity) discussed in 
the RIA.
---------------------------------------------------------------------------

    \160\ See footnote 106.
    \161\ This is plausible for proceeds not due to illicit drug 
sales (representing approximately 22 percent of the total in the 
United States according to United Nations Office on Drugs and Crime 
estimates for 2010; we assume that this is also the case for 2015 
and subsequent years), which are mostly attributable to fraud. This 
distinction matters because individuals who buy and sell illicit 
drugs presumably enter into individual transactions voluntarily. See 
footnote 5 for a discussion of the circumstances under which the 
inclusion of proceeds from illicit drug sales is justified in 
computing the benefits to society of reduced crime.
    \162\ For additional discussion of the importance of non-
pecuniary costs (including, but not limited to, victims' pain and 
suffering, and the cost of risk of death from violent acts that 
complement illicit activity) in the overall cost of crime to 
society, see pages 3558-3560 of Freeman, Richard. ``The Economics of 
Crime,'' In Handbook of Labor Economics, edited by Orley Ashenfelter 
and David Card, 3530-3563. New York: Elsevier, 1999.
---------------------------------------------------------------------------

    In terms of costs, IT upgrades represent the largest of the 
qualitative costs examined in the RIA. In both public comments on the 
NPRM and follow-up calls with individual commenters, financial 
institutions emphasized that the rule would impose large IT upgrade 
costs. In the breakeven analysis to follow, we present both the primary 
quantified costs and the order-of-magnitude IT costs, setting aside all 
other unquantified costs because we believe these other costs are 
likely to be comparatively small. For example, as noted earlier, it is 
very unclear whether law enforcement activity (and the associated 
costs) would increase or decrease because of the rule.\163\ Similar 
arguments can be made about financial institutions' costs for 
generating and submitting SARs. Regarding the financial institutions' 
capital loss from accounts closing or never being opened, the 
respective sections of the RIA go into some detail on why these costs 
would likely be negligible. Finally, earlier sections of the RIA also 
explain why the unquantified costs to clients may be low.
---------------------------------------------------------------------------

    \163\ Note that the CDD rule could lead to lower levels of 
illicit activity without any increase in law enforcement activity 
(even without a change in incarcerations, meaning the change in 
illicit activity would occur exclusively via the deterrence effect) 
if the rule allows the same resources to be deployed more 
effectively in investigations and prosecutions.
[GRAPHIC] [TIFF OMITTED] TR11MY16.020

    In summary, in this RIA, the major benefit that remains 
unquantified is the reduction in crime and terrorist activity, and the 
costs include costs associated with training, onboarding, compliance 
and entity burdens, the order-of-magnitude assessment of the IT 
upgrades as well as other qualitative costs. By including an order-of-
magnitude assessment with the other quantified costs, we can determine 
the threshold level of the benefit that would

[[Page 29446]]

make the rule's adoption worthwhile. Figure 1 graphs the threshold 
reduction in annual illicit activity that would be needed to justify 
different levels of total costs for different definitions of illicit 
activity (i.e., whether including illicit drug sales or 
not).164 165 Given the assumed path of illicit activity 
during 2016-2025, percent reductions in illicit proceeds in each year 
equal to those in Figure 1 would yield a stream of benefits having 
present values equal to the present value of costs.
---------------------------------------------------------------------------

    \164\ Quantified costs are assumed to be constant as IT costs 
change (meaning that a $1 increase in IT costs raises total costs by 
$1) so the breakeven functions are able to take into account all 
costs while only being graphed for different levels of IT costs.
    \165\ To generate the profile of illicit proceeds during the 
2016-2025 time horizon, we start with the 2015 levels (listed in 
Figure 1) and then assume that the amount of illicit activity as a 
proportion of the real economy will remain constant (for the year-
over-year real GDP growth rates used, see Table 2-1 of OMB. Fiscal 
Year 2016 Analytical Perspectives of the U.S. Government. 2015.). 
This means that illicit proceeds are always equal to the same 
percent of production in the economy, but given that the real 
economy is growing, illicit proceeds must grow as well to account 
for that same proportional amount. For instance, real illicit 
proceeds (including from illicit drug sales) are assumed to be $309 
billion and almost $383 billion in 2016 and 2025, respectively.
---------------------------------------------------------------------------

    The key conclusion from Figure 1 is that a reduction in annual 
illicit activity (measured by dollars of real proceeds) of just 0.6 
percent or 0.47 percent (depending on whether proceeds from drug sales 
are included or not) or approximately $1.45 billion in 2016, at the 
upper bound of IT costs, would mean that the CDD rule's benefits would 
outweigh its costs.\166\ We are presenting two cost scenarios in this 
breakeven analysis. We recognize that the order-of-magnitude IT cost 
analysis is not of sufficient quality to be added to the primary cost 
analysis. However for the purposes of this breakeven analysis, we 
believe including the IT cost would present a conservative scenario 
where the CDD rule would only need to generate a very modest relative 
decrease in real illicit activity to justify the costs it would impose 
with an upper bound of $10 billion. The Treasury Department thus 
believes that the final rule will achieve a reduction in illicit 
activity that would more than offset the burdens it would place on 
government, financial institutions, clients, and other parts of 
society.
---------------------------------------------------------------------------

    \166\ To be exact, these are real IT costs incurred during the 
10-year time horizon, the present value of which implies very little 
about how these real costs are distributed across the 10 years.
---------------------------------------------------------------------------

    We conclude that illicit activity would only have to decrease by 
0.12% to 0.6% to offset the costs of the rule. Because of the modest 
magnitude of the reduction, we believe that this rule would be 
beneficial to society at large.

C. Final Regulatory Flexibility Act Analysis

    When an agency issues a rule proposal, the Regulatory Flexibility 
Act (RFA) requires the agency to either provide an Initial Regulatory 
Flexibility Analysis or, in lieu of preparing an analysis, to certify 
that the proposed rule is not expected to have a significant economic 
impact on a substantial number of small entities.\167\ When FinCEN 
issued its NPRM,\168\ FinCEN believed that the proposed rule would not 
have a significant economic impact on a substantial number of small 
entities, and certified that it would not.\169\ Because numerous 
commenters to the NPRM asserted that the proposed rule would be more 
costly to implement than estimated by FinCEN, FinCEN prepared and made 
available on December 24, 2015 an Initial Regulatory Flexibility 
Analysis (IRFA), along with a preliminary RIA in which it specifically 
solicited comment, including from small entities, on whether the 
proposed rule would have a significant economic impact on a substantial 
number of small entities. FinCEN received a total of 38 comments, 
including four from small entities (as well as several from 
associations representing small entities); a discussion of all the 
comments is set forth above.
---------------------------------------------------------------------------

    \167\ 5 U.S.C. 601-612.
    \168\ 79 FR 45151 (Aug. 4, 2014).
    \169\ 79 FR 45151, 45168-45169.
---------------------------------------------------------------------------

    The RFA requires each Final Regulatory Flexibility Analysis to 
contain:
     A succinct statement of the need for, and objectives of, 
the rule;
     A summary of the significant issues raised by the public 
comments in response to the IRFA, a summary of the assessment of the 
agency of such issues, and a statement of any changes made in the 
proposed rule as a result of such comments;
     A description of and an estimate of the number of small 
entities to which the proposed rule would apply;
     A description of the projected reporting, recordkeeping, 
and other compliance requirements of the proposed rule, including an 
estimate of the classes of small entities which will be subject to the 
requirement and the type of professional skills necessary for the 
preparation of the report or record; and
     A description of the steps the agency has taken to 
minimize the significant economic impact on small entities consistent 
with the stated objectives of applicable statutes, including a 
statement of the factual, policy, and legal reasons for selecting the 
alternative adopted in the final rule and why each one of the other 
significant alternatives to the rule considered by the agency which 
affect the impact on small entities was rejected.
1. Statement of the Reasons For, and Objectives of, the Rule
    FinCEN is adopting the final rule because it has determined that 
more explicit rules for covered financial institutions \170\ are needed 
to clarify and strengthen CDD within the BSA regime, in order to 
enhance transparency and help safeguard the financial system against 
illicit use. The CDD rule will advance the purposes of the BSA by (i) 
enhancing the availability of beneficial ownership information to law 
enforcement, Federal functional regulators, and SROs; (ii) increasing 
the ability of financial institutions, law enforcement, and the 
intelligence community to identify the assets and accounts of terrorist 
organizations, drug kingpins, and financial criminals; (iii) helping 
financial institutions to assess and mitigate risk and comply with 
existing BSA and related authorities; (iv) facilitating reporting and 
investigations in support of tax compliance, and advancing commitments 
made in connection with the Foreign Account Tax Compliance Act; and (v) 
promoting consistency in implementing and enforcing CDD regulatory 
expectations across and within financial sectors.
---------------------------------------------------------------------------

    \170\ Defined to include federally regulated banks, brokers and 
dealers in securities, mutual funds, and futures commission 
merchants and introducing brokers in commodities.
---------------------------------------------------------------------------

2. A Summary of the Significant Issues Raised by the Public Comments in 
Response to the IRFA, a Summary of the Assessment of the Agency of Such 
Issues, and a Statement of Any Changes Made in the Proposed Rule as a 
Result of Such Comments
    FinCEN has carefully considered the comment letters received in 
response to the NPRM. The preamble above provides a general overview of 
the comments, and the Section-by-Section Analysis discusses the 
significant issues raised by comments. In addition, the section above 
preceding the RIA includes a discussion of the comments received with 
respect to the preliminary RIA and IRFA, including those with respect 
to the estimated costs imposed on the industry resulting from the rule.

[[Page 29447]]

FinCEN has considered the comments received from small entities and 
from associations representing them, whether or not the comments 
referred to the IRFA. Three of the four small entities that commented 
stated that the general increase in regulatory burden and costs for the 
banking industry makes it increasingly difficult for small banks to 
continue to operate profitably, and requested that FinCEN create an 
exemption for entities below a certain asset size or number of legal 
entity accounts. One of these commenters stated that while it has 
relatively few business accounts, it would cost thousands of dollars to 
purchase the tracking software that it asserted would be required to 
comply with the rule. The fourth small bank is a niche lender that 
provides primarily small business equipment leasing, and explained that 
because many of its competitors will not be subject to the final rule, 
it will put them at a significant competitive disadvantage. FinCEN has 
determined that, because accounts created to provide this product 
present a low risk for money laundering or terrorist financing, such 
accounts will be exempt from the beneficial ownership requirement, 
subject to certain conditions.
    FinCEN has previously considered and rejected the alternative of 
exempting small financial institutions from the rule. Were FinCEN to 
exempt institutions below a certain size from the rule, those seeking 
access to the financial system to perpetrate crime would have an easier 
path in order to pursue such activities. As regards the institution 
that raised the cost of purchasing tracking software in order to 
comply, FinCEN never intended to impose a requirement that would 
necessitate such an expense. There is no requirement for covered FIs to 
have specific systems in place to track and monitor beneficial 
ownership information. Rather, financial institutions are required to 
update information about their customers, including beneficial 
ownership information, when as a result of normal monitoring, the 
financial institution detects information about the customer that may 
be relevant to assessing the risk posed by the customer. Such 
information could include a change in the customer's beneficial 
ownership. This issue, including FinCEN's revision to the proposed rule 
in order to clarify this in the final rule, is explained more fully in 
the Section-by-Section Analysis above.
    More specific information regarding the estimated costs for small 
entities resulting from the final rule is set forth in section 4 below, 
and other steps FinCEN has taken to minimize the economic impact of the 
rule on small entities are set forth in section 5 below.
3. Description and Estimate of the Number of Small Entities to Which 
the Proposed Rule Would Apply
    This rule will apply to all Federally regulated banks and all 
brokers or dealers in securities, mutual funds, and futures commission 
merchants and introducing brokers in commodities, as each is defined in 
the BSA. Based upon recent data, for the purposes of the RFA, there are 
approximately 5,088 small Federally regulated banks out of a total of 
6,348 (comprising 80 percent of the total number of banks); \171\ 6,165 
Federally regulated credit unions (of which approximately 93 percent 
are small credit unions),\172\ 1,349 small brokers or dealers in 
securities out of a total of 4,269 (comprising 31.5 percent of the 
total); \173\ 90 small mutual funds out of a total of 10,711 
(comprising 8 percent of the total); \174\ no small futures commission 
merchants; and a total of 1,323 introducing brokers in commodities, the 
majority of which are small entities.\175\ Because the rule will apply 
to all of these small financial institutions, FinCEN concludes that the 
rule will apply to a substantial number of small entities.
---------------------------------------------------------------------------

    \171\ The Small Business Administration (``SBA'') defines a 
depository institution (including a credit union) as a small 
business if it has assets of $550 million or less. The information 
was provided by the FDIC as of June 30, 2015.
    \172\ The information was provided by the NCUA as of June 30, 
2015.
    \173\ With regard to the definition of small entity as it 
applies to broker-dealers in securities and mutual funds, FinCEN is 
using the SEC's definitions found at 17 CFR 240.0-10(c), and 17 CFR 
270.0-10, respectively. The information was provided by the SEC as 
of December 31, 2014.
    \174\ The information was provided by the SEC as of December 31, 
2014.
    \175\ The CFTC has determined that futures commission merchants 
are not small entities for purposes of the RFA, and, thus, the 
requirements of the RFA do not apply to them. The CFTC's 
determination was based, in part, upon the obligation of futures 
commission merchants to meet the minimum financial requirements 
established by the CFTC to enhance the protection of customers' 
segregated funds and protect the financial condition of futures 
commission merchants generally. Small introducing brokers in 
commodities are defined by the SBA as those having less than $7 
million in gross receipts annually. While the CFTC has no current 
data regarding the exact number of small entities, we understand 
that the majority are small. The information was provided by the 
CFTC as of June 30, 2015.
---------------------------------------------------------------------------

4. Description of the Projected Reporting, Recordkeeping, and Other 
Compliance Requirements of the Proposed Rule, Including an Estimate of 
the Classes of Small Entities Which Will Be Subject to the Requirement 
and the Type of Professional Skills Necessary for the Preparation of 
the Report or Record
a. Beneficial Ownership Requirement
    The rule imposes on all covered financial institutions (including 
all those that are small entities) a new requirement to identify and to 
verify the identity of the beneficial owners of their legal entity 
customers and to maintain a record of such information. Many of the 
comments received in response to the NPRM stated that FinCEN had 
underestimated the burden resulting from the proposal in the following 
areas: (i) Additional time at account opening, (ii) training, and (iii) 
information technology (IT), but very few comments contained any 
specific cost estimates. To obtain more specific cost estimates 
regarding this requirement, FinCEN conducted telephone interviews with 
several financial institutions that had submitted comments, including 
three small financial institutions. FinCEN conducted this outreach to 
gather information for its preliminary RIA of the proposed rule 
pursuant to Executive Orders 13563 and 12866 as well for the IRFA. The 
final RIA is published concurrently with this FRFA. Additional 
information that FinCEN obtained relevant to its estimate of costs is 
included in the discussion below. FinCEN also notes that, in addition 
to the estimates set forth below, the only small bank that estimated 
the total costs resulting from the rule, estimated that they would be 
$2,000 initially, and $1,500 per year on an ongoing basis.
    (i) Additional time at account opening. The proposed rule would 
require that the beneficial ownership requirement be satisfied by 
obtaining and maintaining a certification from each legal entity 
customer that opens a new account. The certification would contain 
identifying information regarding each listed beneficial owner. The 
financial institution would also be required to verify such identity by 
documentary or non-documentary methods and to maintain in its records 
for five years a description of (i) any document relied on for 
verification, (ii) any such non-documentary methods and results of such 
measures undertaken, and (iii) the resolution of any substantive 
discrepancies discovered in verifying the identification information. 
FinCEN believes that the financial institution

[[Page 29448]]

employees who open new accounts would have the necessary skills to 
prepare the record of this information that must be maintained.
    The burden on a small financial institution at account opening 
resulting from the final rule would be a function of the number of 
beneficial owners of each legal entity customer opening a new 
account,\176\ the additional time required for each beneficial owner, 
and the number of new accounts opened for legal entities by the small 
financial institution during a specified period. At the time of its 
certification in the NPRM, FinCEN had very little information on which 
to base its estimate of any of these variables, and believed that it 
was reasonable to assume that the great majority of legal entity 
customers that establish accounts at small institutions are more likely 
to be small businesses with simpler ownership structures (for example, 
a single legal entity directly owned by two individuals) that will 
result in one or two beneficial owners. In addition, FinCEN also 
believed that, since all covered financial institutions have been 
subject to CIP rules \177\ for more than 10 years, and the proposed 
rule utilizes CIP rule procedures, small institutions would be able to 
leverage these procedures in complying with this requirement. As a 
result, in its certification FinCEN estimated that it would require, on 
average, 20 minutes to fulfill the beneficial ownership identification, 
verification and recordkeeping requirements in the proposal. Also, for 
purposes of its certification FinCEN had no direct data on the 
aggregate number of legal entity accounts opened per year by small 
financial institutions, and (based in part on an estimate it obtained 
from one very large financial institution of the legal entity accounts 
it opens per year) FinCEN estimated that small institutions would open 
at most 1.5 new accounts for legal entities per day, and probably 
fewer. However, because statistical data does not exist regarding 
either the average number of beneficial owners of legal entity 
customers of small institutions or how many such accounts they 
establish in any time period, FinCEN sought comment on these questions.
---------------------------------------------------------------------------

    \176\ The NPRM proposed to define beneficial owner as (1) each 
individual who owns, directly or indirectly, 25 percent or more of 
the equity interests of a legal entity, and (2) one individual with 
significant responsibility to control, manage, or direct the entity. 
Thus, it is possible that a legal entity could have up to five 
beneficial owners.
    \177\ See 31 CFR 1020.220, 1023.220, 1024.220, and 1026.220.
---------------------------------------------------------------------------

    As a result of the outreach referred to above, FinCEN obtained some 
additional data on which to better estimate the additional costs at 
account opening. Because financial institutions are not currently 
required to collect beneficial ownership information, there is no way 
to estimate the average number of beneficial owners of legal entity 
customers of financial institutions, although FinCEN continues to 
believe that it is reasonable to assume that small financial 
institutions will generally have small businesses as customers, which 
are likely to have not more than two beneficial owners. Banks we 
surveyed estimated that it is likely to take an additional 10 to 15 
minutes per beneficial owner. Assuming there would typically be two 
individuals identified as beneficial owners, for purposes of the IRFA 
FinCEN estimated the additional time to open a legal entity account 
between a low estimate of an additional 15 minutes and a high estimate 
of an additional 30 minutes to open a legal entity account. In its 
outreach FinCEN asked three small financial institutions the number of 
legal entity accounts they open each year. While financial institutions 
do not generally maintain information about the number of their legal 
entity customers, they typically maintain a database for their retail 
(i.e., individual) customers, and another database for their customers 
that are businesses or organizations. A significant number of a 
financial institution's business or organization customers are sole 
proprietorships that are not legal entities subject to the proposed 
rule.\178\ As a result, it is very difficult to estimate with any 
degree of precision the number of legal entity customers of a 
particular small financial institution that would be subject to the 
proposed rule. However, based on data obtained from FinCEN's outreach, 
and utilizing the wage assumptions in the draft RIA, we estimated for 
purposes of the IRFA that this requirement would result in a cost to a 
small bank of between approximately $2,000 and $4,000 per year at 
account opening.\179\
---------------------------------------------------------------------------

    \178\ According to data obtained from the IRS regarding tax 
returns, approximately 75 percent of all businesses filing tax 
returns are sole proprietorships.
    \179\ One small bank we surveyed reported that it opened 471 
accounts for organizations in 2014. This number includes an unknown 
number of sole proprietorships that would not be subject to the 
rule, as well as 179 accounts for loan customers, for which the bank 
would typically identify the beneficial owner(s) in order to obtain 
personal guarantees. A second small bank we surveyed reported that 
it opened 333 accounts in 2014 for legal entities, which includes an 
unknown number of sole proprietorships, as well as 106 loan 
customers. A small credit union we surveyed opens 24 to 36 accounts 
for businesses per year, which includes an unknown number of sole 
proprietorships. FinCEN believes its estimated range of costs may be 
high because the calculation is based on the small bank that opened 
the greater number of legal entity accounts, assumes that none of 
the accounts reported were opened for sole proprietorships, and 
includes loan customers, for which the bank would generally already 
identify beneficial owners. The estimated cost is based on the bank-
reported 471 new accounts per year, additional time at account 
opening of 15 to 30 minutes, and the average wage of $16.77 for the 
financial industry ``new account clerks'' reported by the Bureau of 
Labor Statistics. FinCEN believes that utilizing this number of new 
accounts is more appropriate than the 1.5 new accounts per day 
stated in the NPRM, since it is based on actual data from a small 
bank.
---------------------------------------------------------------------------

    None of the small businesses that commented on the IRFA included an 
estimate of the amount of time to open a legal entity account; only one 
noted the number of such accounts it opens per year (70). As a result 
of the comments we received to the draft RIA from other commenters, 
FinCEN has increased the estimated time for financial institutions to 
open accounts, from a range of 15 to 30 minutes in the IRFA, to a range 
of 20 to 40 minutes. Based on opening 471 new accounts for legal 
entities and an average wage of $16.77 for ``new account clerks,'' this 
would result in an annual cost to a small bank of $2,550 to $5,100. 
FinCEN also notes that, even within the universe of small entities, the 
costs could be expected to vary substantially. For example, for the 
small bank that responded to the IRFA and estimated that it opens 70 
new accounts for business customers per year, the estimated costs would 
range from $380 to $760 per year.
    (ii) Training (Employee time). In its certification FinCEN noted 
that financial institutions generally conduct periodic training of 
their employees for BSA compliance and that this new requirement would 
be included in that periodic training. Many commenters noted that it 
would be necessary to conduct additional training in order to comply 
with this requirement, although none gave any specific estimate of the 
cost. As a result FinCEN sought to determine this more specifically in 
its outreach. Based on the sampling it conducted it learned that 
financial institutions expect to train between one-third and two-thirds 
of their employees regarding this requirement. Assuming that a small 
financial institution has 125 employees and that the training would 
take one hour, and applying the wage assumptions used in the RIA, this 
would result in an estimated cost of between $1,250 and $2,500, 
depending on the percentage of employees trained, for the first year 
that the rule would be

[[Page 29449]]

in effect.\180\ The amount of necessary training would decrease 
thereafter.
---------------------------------------------------------------------------

    \180\ FinCEN believes that the estimated range of costs may be 
high because it is based on the small financial institution 
interviewed with the greatest number of employees. The cost 
calculation is based on a weighted average wage of $29.92 for NAICS 
codes 5221 (Depository Credit Intermediation), 5222 (Nondepository 
Credit Intermediation), 5223 (Activities Related to Credit 
Intermediation), and 5231 (Securities and Commodity Contracts 
Intermediation and Brokerage), reported in the May 2014 Bureau of 
Labor Statistics National Occupational and Wage Estimates.
---------------------------------------------------------------------------

    FinCEN did not receive any comments from small entities regarding 
the cost of developing and conducting the training. The estimates in 
the comments received from all financial institutions in response to 
the draft RIA generally fell within the estimated range in the IRFA, 
and therefore FinCEN is maintaining this estimate in this FRFA. FinCEN 
also notes that the estimate is almost certainly much greater than 
would be the actual case for most small credit unions. This is because 
FinCEN understands that approximately 3,000 small credit unions have 
five or fewer employees.\181\ Training for an institution with five 
employees, based on the assumptions above, would cost much less than 
the $1,250 lower estimate above.
---------------------------------------------------------------------------

    \181\ Comment letter from Credit Union National Association, 
January 22, 2016, page 4.
---------------------------------------------------------------------------

    (iii) Training (Developing and Conducting). In addition, some 
commenters noted that FinCEN should account for the cost for the 
institution to develop and design the training. Although no small 
entities estimated the cost for this, an industry trade association 
stated that small banks would incur expenses of nearly $13,000 to 
develop and administer the training. While this seems plausible for 
institutions at the larger end of the small entity definition, it seems 
to be substantially greater than the costs that would be incurred for 
developing and conducting training for the smaller institutions, 
including those with five or fewer employees.
    (iv) Information Technology. In its certification FinCEN noted that 
financial institutions periodically update their IT systems, and that 
small financial institutions typically outsource their IT requirements 
to vendors, which would incorporate the required modifications into the 
programs that they supply to small financial institutions at minimal 
additional cost. FinCEN discussed with vendors the changes that would 
result from the adoption of the proposed rule and the likely additional 
costs that would be charged to customers in order to achieve compliant 
systems. The vendors told FinCEN that they normally bear the costs of 
system upgrades necessary to maintain compliance required during the 
term of a contract, but some stated that the changes necessitated for 
compliance with the new requirements would be too costly to implement 
without increasing the charges to their customer financial 
institutions. The vendors also informed FinCEN that, until a rule were 
issued in final form, it would not be possible to determine how their 
systems would need to be modified, or to estimate the additional 
charges to their financial institution customers resulting from such 
changes.
    In response to the RIA and IRFA, two commenters included estimates 
of the costs for IT upgrades that would be required to comply with the 
Rule, although neither were small entities. Given the lack of specific 
estimates for small entities, FinCEN is not able to include an estimate 
or range of estimates for this expense for the FRFA. FinCEN notes that 
one credit union with assets of $2.3 billion estimated the cost of IT 
enhancements to be $23,270, and another with assets of $2.8 billion 
estimated such costs at $11,500. Given that these institutions are 
several times larger than the largest small credit unions, it would 
seem that the IT upgrade costs for small entities could be expected to 
generally be less than $10,000.\182\
---------------------------------------------------------------------------

    \182\ In the course of FinCEN's outreach mentioned above 
following the close of the NPRM comment period, one small credit 
union that FinCEN contacted estimated IT upgrade costs of $50,000 to 
$70,000. Based on the estimates referred to above, this estimate 
appears to be an aberration and not a basis for industry-wide 
estimates.
---------------------------------------------------------------------------

    (v) Revising Policies and Procedures. In its certification FinCEN 
noted that covered financial institutions would need to revise their 
AML programs in order to comply with the proposed rule, but that since 
financial institutions routinely update this program it was not able to 
estimate the time or expense for updating AML programs for compliance 
with the final rule specifically. In response to the NPRM FinCEN did 
not receive any specific estimates for the cost for this activity, and 
no estimate was included in the preliminary RIA or IRFA. In response to 
the preliminary RIA and IRFA several financial institutions estimated 
the cost for such updates and revisions. Although none were small 
entities, a trade association stated that it surveyed a number of small 
banks and that they estimated that this would take, on average, 40 
hours to complete. Based on the salary estimates used in the RIA, 
FinCEN estimates that this would cost, on average, $1,360 for a small 
entity.\183\
---------------------------------------------------------------------------

    \183\ For estimating this cost we use wage data from the May 
2014 BLS Occupational Employment Statistics for ``compliance 
officers'' working in business establishments in sectors having one 
of the four-digit North American Industry Classification System 
(NAICS) codes mentioned in footnote 116; the average hourly wage for 
these compliance officers is $34.03.
---------------------------------------------------------------------------

    (vi) Internal Controls. FinCEN understands that the rule would 
result in additional costs for covered financial institutions for 
internal controls and audit functions, including for small entities, to 
determine that the financial institution is complying with the new 
requirements. However, FinCEN did not obtain sufficient input in 
response to either the NPRM or to the preliminary RIA and IRFA to 
enable it to estimate the likely amount of such costs, and therefore is 
not attempting to estimate this cost for purposes of the FRFA.
b. Customer Due Diligence Requirement
    The final rule will also require that covered financial 
institutions include in their AML programs customer due diligence 
procedures, including understanding the nature and purpose of customer 
relationships for the purpose of developing a customer risk profile and 
conducting ongoing monitoring of these relationships to identify and 
report suspicious activities and, on a risk basis, to maintain and 
update customer information. FinCEN maintains that, because these are 
necessary measures that covered financial institutions must currently 
take in order to comply with existing requirements to detect and file 
suspicious activity reports,\184\ they are implicit requirements and 
would not impose any new obligations, and therefore would have no 
material, measurable economic impact, on any small entities. FinCEN 
believes that proposing clear CDD requirements is the most effective 
means of clarifying, consolidating, and harmonizing expectations and 
practices across all covered financial institutions. Expressly stating 
the requirements facilitates the goal that financial institutions, 
regulators, and law enforcement all operate under the same set of 
clearly articulated principles.
---------------------------------------------------------------------------

    \184\ See, e.g., 31 CFR 1020.320.
---------------------------------------------------------------------------

    Some commenters to the preliminary RIA and IRFA, including one 
small bank, stated that compliance with these requirements would 
necessitate purchasing tracking software that would cost thousands of 
dollars. FinCEN's response to this issue is discussed above under 
section 2 of this FRFA and in the Section-by-Section Analysis.

[[Page 29450]]

5. A Description of the Steps the Agency Has Taken To Minimize the 
Significant Economic Impact on Small Entities Consistent With the 
Stated Objectives of Applicable Statutes, Including a Statement of the 
Factual, Policy, and Legal Reasons for Selecting the Alternative 
Adopted in the Final Rule and Why Each One of the Other Significant 
Alternatives to the Rule Considered by the Agency Which Affect the 
Impact on the Small Entities Was Rejected
    FinCEN considered a number of alternatives to the proposed rule. 
These included exempting small financial institutions below a certain 
asset or legal entity customer threshold from the requirements, as well 
as utilizing a lower (e.g., 10 percent) or higher (e.g., 50 percent) 
threshold for the minimum level of equity ownership for the definition 
of beneficial owner. As regards exempting financial institutions below 
a specified amount of assets or of legal entity accounts, FinCEN has 
determined that identifying the beneficial owner of a financial 
institution's legal entity customers and verifying that identity is a 
necessary part of an effective AML program. Were FinCEN to exempt small 
entities from this requirement, or entities that establish fewer than a 
limited number of accounts for legal entities, those financial 
institutions would be at greater risk of abuse by money launderers and 
other financial criminals, as criminals would identify institutions 
without this requirement. FinCEN also has considered as alternatives 
establishing a different threshold for ownership of equity interests in 
the definition of beneficial ownership. For example, if the ownership 
threshold were reduced to include each individual owning 10 percent or 
more of the equity interests of a legal entity, a financial institution 
would potentially have to identify more individuals as beneficial 
owners, which would result in greater onboarding time and expense in 
such cases, with commensurately greater available information. 
Alternatively, should the ownership threshold be increased to owners of 
50 percent or more of the equity interests, financial institutions 
would be required to identify and verify the identity of up to three 
individuals rather than five, thereby reducing marginally the cost of 
the initial onboarding time. However, this change would not impact the 
training or IT costs and therefore would not substantially reduce the 
overall costs of the rule and also would provide less useful 
information. FinCEN has also considered applying the beneficial 
ownership requirement retroactively and requiring that financial 
institutions identify the beneficial owners of all their existing 
accounts as well as new accounts. While this would produce 
substantially larger benefits because it would make available 
beneficial ownership information for far more customers, it would also 
result in a significantly greater burden for financial institutions. 
After considering all the alternatives FinCEN has concluded that an 
ownership threshold of 25 percent is appropriate to maximize the 
benefits of the requirement while minimizing the burden.
    While FinCEN did not determine to adopt one of the alternatives it 
considered, it did take a number of steps in the final rule in response 
to comments to minimize the economic impact on small entities subject 
to the rule. These include clarifying the definition of ``legal entity 
customer,'' extending the transition period from one year to two years; 
eliminating the requirement that financial institutions use the 
Certification Form to obtain the beneficial ownership information; 
expanding the categories of excluded legal entities not subject to the 
requirement; simplifying the requirements related to the charity and 
nonprofit exemption; and as noted above, clarifying that financial 
institutions are not required to update beneficial ownership 
information on a periodic or ongoing basis, but only on an event-driven 
basis, when in the course of their normal monitoring they detect 
information about the customer that may be relevant to assessing the 
risk posed by the customer. Such information could include a change in 
the customer's beneficial ownership. This is explained more fully in 
the Section-by-Section Analysis above.

D. Paperwork Reduction Act Analysis

    The new recordkeeping requirement contained in this rule (31 CFR 
1010.230) has been approved by the Office of Management and Budget 
(OMB) in accordance with the Paperwork Reduction Act of 1995 (PRA), 44 
U.S.C. 3501 et seq., under control number 1506-0070. The PRA imposes 
certain requirements on Federal agencies in connection with their 
conducting or sponsoring any collection of information as defined by 
the PRA. Under the PRA, an agency may not conduct or sponsor, and a 
person is not required to respond to, a collection of information 
unless it displays a valid OMB control number.
    In summary, the rule would require covered financial institutions 
\185\ to collect, and to maintain records of, the information used to 
identify and verify the identity of the names of the beneficial owners 
\186\ of their legal entity customers (other than those that are 
excluded from the definition).\187\
---------------------------------------------------------------------------

    \185\ Banks, brokers and dealers in securities, mutual funds, 
and futures commission merchants and introducing brokers.
    \186\ Beneficial owners include any individual who, directly or 
indirectly, owns 25 percent or more of the equity interests of a 
legal entity, and one individual with significant responsibility to 
control, manage, or direct a legal entity customer.
    \187\ This requirement applies to accounts established for legal 
entities. A legal entity generally includes a corporation, limited 
liability company, or other entity that is created by a filing of a 
public document with a Secretary of State or similar office, a 
general partnership, or any similar entity formed under the laws of 
a foreign country.
---------------------------------------------------------------------------

    Under the proposed and final rule, covered financial institutions 
are required to establish and maintain written procedures that are 
reasonably designed to identify and verify beneficial owners of new 
accounts \188\ opened by legal entity customers. They also must 
maintain a record of the identifying information obtained, and a 
description of any document relied on, of any non-documentary methods 
and the results of any measures undertaken, and of the resolution of 
each substantive discrepancy. Under the proposed rule covered financial 
institutions were required to obtain from each legal entity customer a 
certification, in a prescribed form, containing the identifying 
information required. In the final rule the institution may obtain the 
information either by using the Certification Form or by any other 
means that it obtains information from the customer.
---------------------------------------------------------------------------

    \188\ New accounts are those opened after the Applicability 
Date, which is two years after the date of publication.
---------------------------------------------------------------------------

    We received 141 comments in response to the proposed rule 
addressing many issues. Many commenters stated that the rule would be 
much more costly to implement than as estimated in the proposal for 
several reasons. The largest cost that commenters stated would be 
incurred to implement the rule would be those needed to upgrade IT 
systems. Only one commenter referred specifically to the proposed rule 
understating the PRA requirements. As a result of the comments 
addressing the cost of implementing the proposal, Treasury conducted 
and published a preliminary RIA and issued an IRFA. FinCEN received 38 
comments addressing these documents, which are summarized above. As a 
result of these comments FinCEN revised its RIA and IRFA and

[[Page 29451]]

issued a final RIA and FRFA, each of which is set forth above.
    FinCEN has reconsidered the PRA burden estimates published in the 
proposal, based on the comments received to the proposal and the 
preliminary RIA and IRFA, and publishes below its revised estimates. 
The revised estimates are a result of information that FinCEN obtained 
as a result of the comments received, and particularly as a result of 
developing the RIA. Specifically, FinCEN increased its estimate of the 
time to develop and maintain beneficial ownership identification 
procedures, from one hour to 56 hours (40 for small entities), and its 
estimate of the time for identification, verification, and review and 
recordkeeping of the beneficial owners of legal entity customers, from 
20 minutes per customer to a range of 20-40 minutes per customer.
    Affected public: Certain financial institutions, and businesses or 
other for-profit and not-for-profit entities.
    OMB Control Number: 1506-0070.
    Frequency: As required.
    Estimated Burden:
    a. Develop and maintain beneficial ownership identification 
procedures: 56 hours.\189\
---------------------------------------------------------------------------

    \189\ A burden of 56 hours to develop the initial procedures is 
recognized (40 hours for small entities). Once developed, an annual 
burden of 20 minutes is recognized for maintenance.
---------------------------------------------------------------------------

    b. Customer identification, verification, and review and 
recordkeeping of the beneficial ownership information: A range of 20 to 
40 minutes per legal entity customer.
    Estimated Number of Respondents: 28,917.\190\
---------------------------------------------------------------------------

    \190\ This includes depository institutions (12,513), broker-
dealers in securities (4,269), futures commission merchants (101), 
introducing brokers in commodities (1,323), and open-end mutual 
funds (10,711), each as defined under the BSA. These figures 
represent the total number of entities that would be subject to the 
requirements in the final rule.
---------------------------------------------------------------------------

    Estimated Total Annual Responses: 10,843,875.\191\
---------------------------------------------------------------------------

    \191\ Based on initial research, each covered financial 
institution will open, on average, 1.5 new legal entity accounts per 
business day. There are 250 business days per year.
---------------------------------------------------------------------------

    Estimated Recordkeeping Burden: 7,041,289 hours.\192\
---------------------------------------------------------------------------

    \192\ 10,843,875 x 30 minutes per account established / 60 
minutes per hour = 5,421,937 hours (plus development time of 
1,619,352 hours for a total of 7,041,289 hours in the first year).
---------------------------------------------------------------------------

    The numbers presented assume that the number of account openings in 
2013 is representative for an average yearly establishment of accounts 
for new legal entities. Records are required to be retained pursuant to 
the beneficial ownership requirement for five years. Comments 
concerning the accuracy of this burden estimate and suggestions from 
reducing this burden should be directed to the Desk Officer for the 
Department of the Treasury, Office of Information and Regulatory 
Affairs, Office of Management and Budget, Paperwork Reduction Act 
Project (1506), Washington, DC 20503.

E. Unfunded Mandates Act of 1995 Statement

    Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 
104-4 (Unfunded Mandates Act) requires that an agency prepare a 
budgetary impact statement before promulgating a rule that includes a 
Federal mandate that may result in expenditure by State, local, and 
tribal governments, in the aggregate, or by the private sector, of $100 
million or more in any one year. FinCEN believes that the RIA provides 
the analysis required by the Unfunded Mandates Act.

List of Subjects in 31 CFR Parts 1010, 1020, 1023, 1024, and 1026

    Administrative practice and procedure, Banks, Banking, Brokers, 
Currency, Federal home loan banks, Foreign banking, Foreign currencies, 
Gambling, Investigations, Mortgages, Penalties, Reporting and 
recordkeeping requirements, Securities, Terrorism.

Authority and Issuance

    For the reasons set forth in the preamble, chapter X of title 31 of 
the Code of Federal Regulations is amended as follows:

PART 1010--GENERAL PROVISIONS

0
1. The authority citation for part 1010 continues to read as follows:

    Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 
and 5316-5332; title III, sec. 314 Pub. L. 107-56, 115 Stat. 307.


0
2. Add Sec.  1010.230 to read as follows:


Sec.  1010.230  Beneficial ownership requirements for legal entity 
customers.

    (a) In general. Covered financial institutions are required to 
establish and maintain written procedures that are reasonably designed 
to identify and verify beneficial owners of legal entity customers and 
to include such procedures in their anti-money laundering compliance 
program required under 31 U.S.C. 5318(h) and its implementing 
regulations.
    (b) Identification and verification. With respect to legal entity 
customers, the covered financial institution's customer due diligence 
procedures shall enable the institution to:
    (1) Identify the beneficial owner(s) of each legal entity customer 
at the time a new account is opened, unless the customer is otherwise 
excluded pursuant to paragraph (e) of this section or the account is 
exempted pursuant to paragraph (h) of this section. A covered financial 
institution may accomplish this either by obtaining a certification in 
the form of appendix A of this section from the individual opening the 
account on behalf of the legal entity customer, or by obtaining from 
the individual the information required by the form by another means, 
provided the individual certifies, to the best of the individual's 
knowledge, the accuracy of the information; and
    (2) Verify the identity of each beneficial owner identified to the 
covered financial institution, according to risk-based procedures to 
the extent reasonable and practicable. At a minimum, these procedures 
must contain the elements required for verifying the identity of 
customers that are individuals under Sec.  1020.220(a)(2) of this 
chapter (for banks); Sec.  1023.220(a)(2) of this chapter (for brokers 
or dealers in securities); Sec.  1024.220(a)(2) of this chapter (for 
mutual funds); or Sec.  1026.220(a)(2) of this chapter (for futures 
commission merchants or introducing brokers in commodities); provided, 
that in the case of documentary verification, the financial institution 
may use photocopies or other reproductions of the documents listed in 
paragraph (a)(2)(ii)(A)(1) of Sec.  1020.220 of this chapter (for 
banks); Sec.  1023.220 of this chapter (for brokers or dealers in 
securities); Sec.  1024.220 of this chapter (for mutual funds); or 
Sec.  1026.220 of this chapter (for futures commission merchants or 
introducing brokers in commodities). A covered financial institution 
may rely on the information supplied by the legal entity customer 
regarding the identity of its beneficial owner or owners, provided that 
it has no knowledge of facts that would reasonably call into question 
the reliability of such information.
    (c) Account. For purposes of this section, account has the meaning 
set forth in Sec.  1020.100(a) of this chapter (for banks); Sec.  
1023.100(a) of this chapter (for brokers or dealers in securities); 
Sec.  1024.100(a) of this chapter (for mutual funds); and Sec.  
1026.100(a) of this chapter (for futures commission merchants or 
introducing brokers in commodities).
    (d) Beneficial owner. For purposes of this section, beneficial 
owner means each of the following:
    (1) Each individual, if any, who, directly or indirectly, through 
any contract, arrangement, understanding, relationship or otherwise, 
owns 25 percent or more of the equity interests of a legal entity 
customer; and

[[Page 29452]]

    (2) A single individual with significant responsibility to control, 
manage, or direct a legal entity customer, including:
    (i) An executive officer or senior manager (e.g., a Chief Executive 
Officer, Chief Financial Officer, Chief Operating Officer, Managing 
Member, General Partner, President, Vice President, or Treasurer); or
    (ii) Any other individual who regularly performs similar functions.
    (3) If a trust owns directly or indirectly, through any contract, 
arrangement, understanding, relationship or otherwise, 25 percent or 
more of the equity interests of a legal entity customer, the beneficial 
owner for purposes of paragraph (d)(1) of this section shall mean the 
trustee. If an entity listed in paragraph (e)(2) of this section owns 
directly or indirectly, through any contract, arrangement, 
understanding, relationship or otherwise, 25 percent or more of the 
equity interests of a legal entity customer, no individual need be 
identified for purposes of paragraph (d)(1) of this section with 
respect to that entity's interests.
    Note to paragraph (d). The number of individuals that satisfy the 
definition of ``beneficial owner,'' and therefore must be identified 
and verified pursuant to this section, may vary. Under paragraph (d)(1) 
of this section, depending on the factual circumstances, up to four 
individuals may need to be identified. Under paragraph (d)(2) of this 
section, only one individual must be identified. It is possible that in 
some circumstances the same person or persons might be identified 
pursuant to paragraphs (d)(1) and (2) of this section. A covered 
financial institution may also identify additional individuals as part 
of its customer due diligence if it deems appropriate on the basis of 
risk.
    (e) Legal entity customer. For the purposes of this section:
    (1) Legal entity customer means a corporation, limited liability 
company, or other entity that is created by the filing of a public 
document with a Secretary of State or similar office, a general 
partnership, and any similar entity formed under the laws of a foreign 
jurisdiction that opens an account.
    (2) Legal entity customer does not include:
    (i) A financial institution regulated by a Federal functional 
regulator or a bank regulated by a State bank regulator;
    (ii) A person described in Sec.  1020.315(b)(2) through (5) of this 
chapter;
    (iii) An issuer of a class of securities registered under section 
12 of the Securities Exchange Act of 1934 or that is required to file 
reports under section 15(d) of that Act;
    (iv) An investment company, as defined in section 3 of the 
Investment Company Act of 1940, that is registered with the Securities 
and Exchange Commission under that Act;
    (v) An investment adviser, as defined in section 202(a)(11) of the 
Investment Advisers Act of 1940, that is registered with the Securities 
and Exchange Commission under that Act;
    (vi) An exchange or clearing agency, as defined in section 3 of the 
Securities Exchange Act of 1934, that is registered under section 6 or 
17A of that Act;
    (vii) Any other entity registered with the Securities and Exchange 
Commission under the Securities Exchange Act of 1934;
    (viii) A registered entity, commodity pool operator, commodity 
trading advisor, retail foreign exchange dealer, swap dealer, or major 
swap participant, each as defined in section 1a of the Commodity 
Exchange Act, that is registered with the Commodity Futures Trading 
Commission;
    (ix) A public accounting firm registered under section 102 of the 
Sarbanes-Oxley Act;
    (x) A bank holding company, as defined in section 2 of the Bank 
Holding Company Act of 1956 (12 U.S.C. 1841) or savings and loan 
holding company, as defined in section 10(n) of the Home Owners' Loan 
Act (12 U.S.C 1467a(n));
    (xi) A pooled investment vehicle that is operated or advised by a 
financial institution excluded under paragraph (e)(2) of this section;
    (xii) An insurance company that is regulated by a State;
    (xiii) A financial market utility designated by the Financial 
Stability Oversight Council under Title VIII of the Dodd-Frank Wall 
Street Reform and Consumer Protection Act of 2010;
    (xiv) A foreign financial institution established in a jurisdiction 
where the regulator of such institution maintains beneficial ownership 
information regarding such institution;
    (xv) A non-U.S. governmental department, agency or political 
subdivision that engages only in governmental rather than commercial 
activities; and
    (xvi) Any legal entity only to the extent that it opens a private 
banking account subject to Sec.  1010.620 of this chapter.
    (3) The following legal entity customers are subject only to the 
control prong of the beneficial ownership requirement:
    (i) A pooled investment vehicle that is operated or advised by a 
financial institution not excluded under paragraph (e)(2) of this 
section; and
    (ii) Any legal entity that is established as a nonprofit 
corporation or similar entity and has filed its organizational 
documents with the appropriate State authority as necessary.
    (f) Covered financial institution. For the purposes of this 
section, covered financial institution has the meaning set forth in 
Sec.  1010.605(e)(1) of this chapter.
    (g) New account. For the purposes of this section, new account 
means each account opened at a covered financial institution by a legal 
entity customer on or after the applicability date.
    (h) Exemptions. (1) Covered financial institutions are exempt from 
the requirements to identify and verify the identity of the beneficial 
owner(s) set forth in paragraphs (a) and (b)(1) and (2) of this section 
only to the extent the financial institution opens an account for a 
legal entity customer that is:
    (i) At the point-of-sale to provide credit products, including 
commercial private label credit cards, solely for the purchase of 
retail goods and/or services at these retailers, up to a limit of 
$50,000;
    (ii) To finance the purchase of postage and for which payments are 
remitted directly by the financial institution to the provider of the 
postage products;
    (iii) To finance insurance premiums and for which payments are 
remitted directly by the financial institution to the insurance 
provider or broker;
    (iv) To finance the purchase or leasing of equipment and for which 
payments are remitted directly by the financial institution to the 
vendor or lessor of this equipment.
    (2) Limitations on Exemptions. (i) The exemptions identified in 
paragraphs (h)(1)(ii) through (iv) of this section do not apply to 
transaction accounts through which a legal entity customer can make 
payments to, or receive payments from, third parties.
    (ii) If there is the possibility of a cash refund on the account 
activity identified in paragraphs (h)(1)(ii) through (iv) of this 
section, then beneficial ownership of the legal entity customer must be 
identified and verified by the financial institution as required by 
this section, either at the time of initial remittance, or at the time 
such refund occurs.
    (i) Recordkeeping. A covered financial institution must establish 
procedures for making and maintaining a record of all information 
obtained under the procedures implementing paragraph (b) of this 
section.
    (1) Required records. At a minimum the record must include:
    (i) For identification, any identifying information obtained by the 
covered

[[Page 29453]]

financial institution pursuant to paragraph (b) of this section, 
including without limitation the certification (if obtained); and
    (ii) For verification, a description of any document relied on 
(noting the type, any identification number, place of issuance and, if 
any, date of issuance and expiration), of any non-documentary methods 
and the results of any measures undertaken, and of the resolution of 
each substantive discrepancy.
    (2) Retention of records. A covered financial institution must 
retain the records made under paragraph (i)(1)(i) of this section for 
five years after the date the account is closed, and the records made 
under paragraph (i)(1)(ii) of this section for five years after the 
record is made.
    (j) Reliance on another financial institution. A covered financial 
institution may rely on the performance by another financial 
institution (including an affiliate) of the requirements of this 
section with respect to any legal entity customer of the covered 
financial institution that is opening, or has opened, an account or has 
established a similar business relationship with the other financial 
institution to provide or engage in services, dealings, or other 
financial transactions, provided that:
    (1) Such reliance is reasonable under the circumstances;
    (2) The other financial institution is subject to a rule 
implementing 31 U.S.C. 5318(h) and is regulated by a Federal functional 
regulator; and
    (3) The other financial institution enters into a contract 
requiring it to certify annually to the covered financial institution 
that it has implemented its anti-money laundering program, and that it 
will perform (or its agent will perform) the specified requirements of 
the covered financial institution's procedures to comply with the 
requirements of this section.
BILLING CODE P

[[Page 29454]]

[GRAPHIC] [TIFF OMITTED] TR11MY16.021


[[Page 29455]]


[GRAPHIC] [TIFF OMITTED] TR11MY16.022


[[Page 29456]]


[GRAPHIC] [TIFF OMITTED] TR11MY16.023


[[Page 29457]]


[GRAPHIC] [TIFF OMITTED] TR11MY16.024

PART 1020--RULES FOR BANKS

0
3. The authority citation for part 1020 continues to read as follows:

    Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 
and 5316-5332; title III, sec. 314 Pub. L. 107-56, 115 Stat. 307.


0
4. Revise Sec.  1020.210 to read as follows:


Sec.  1020.210  Anti-money laundering program requirements for 
financial institutions regulated only by a Federal functional 
regulator, including banks, savings associations, and credit unions.

    A financial institution regulated by a Federal functional regulator 
that is not subject to the regulations of a self-regulatory 
organization shall be deemed to satisfy the requirements of 31 U.S.C. 
5318(h)(1) if the financial institution implements and maintains an 
anti-money laundering program that:
    (a) Complies with the requirements of Sec. Sec.  1010.610 and 
1010.620 of this chapter;
    (b) Includes, at a minimum:
    (1) A system of internal controls to assure ongoing compliance;
    (2) Independent testing for compliance to be conducted by bank 
personnel or by an outside party;
    (3) Designation of an individual or individuals responsible for 
coordinating and monitoring day-to-day compliance;
    (4) Training for appropriate personnel; and
    (5) Appropriate risk-based procedures for conducting ongoing 
customer due diligence, to include, but not be limited to:
    (i) Understanding the nature and purpose of customer relationships 
for the purpose of developing a customer risk profile; and
    (ii) Conducting ongoing monitoring to identify and report 
suspicious transactions and, on a risk basis, to maintain and update 
customer information. For purposes of this paragraph (b)(5)(ii), 
customer information shall include information regarding the beneficial 
owners of legal entity customers (as defined in Sec.  1010.230 of this 
chapter); and
    (c) Complies with the regulation of its Federal functional 
regulator governing such programs.

PART 1023--RULES FOR BROKERS OR DEALERS IN SECURITIES

0
5. The authority citation for part 1023 continues to read as follows:

    Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 
and 5316-5332; title III, sec. 314 Pub. L. 107-56, 115 Stat. 307.


0
6. Revise Sec.  1023.210 to read as follows:


Sec.  1023.210  Anti-money laundering program requirements for brokers 
or dealers in securities.

    A broker or dealer in securities shall be deemed to satisfy the 
requirements of 31 U.S.C. 5318(h)(1) if the broker-dealer implements 
and maintains a written anti-money laundering program approved by 
senior management that:
    (a) Complies with the requirements of Sec. Sec.  1010.610 and 
1010.620 of this chapter and any applicable regulation of its Federal 
functional regulator governing the establishment and implementation of 
anti-money laundering programs;
    (b) Includes, at a minimum:
    (1) The establishment and implementation of policies, procedures, 
and internal controls reasonably designed to achieve compliance with 
the applicable provisions of the Bank Secrecy Act and the implementing 
regulations thereunder;
    (2) Independent testing for compliance to be conducted by the 
broker-dealer's personnel or by a qualified outside party;
    (3) Designation of an individual or individuals responsible for 
implementing and monitoring the operations and internal controls of the 
program;
    (4) Ongoing training for appropriate persons; and
    (5) Appropriate risk-based procedures for conducting ongoing 
customer due diligence, to include, but not be limited to:
    (i) Understanding the nature and purpose of customer relationships 
for the purpose of developing a customer risk profile; and
    (ii) Conducting ongoing monitoring to identify and report 
suspicious transactions and, on a risk basis, to maintain and update 
customer information. For purposes of this paragraph (b)(5)(ii), 
customer information shall include information regarding the beneficial 
owners of legal entity customers (as defined in Sec.  1010.230 of this 
chapter); and
    (c) Complies with the rules, regulations, or requirements of its 
self-regulatory organization governing such programs; provided that the 
rules, regulations, or requirements of the self-regulatory organization 
governing such programs have been made effective under the Securities 
Exchange Act of 1934 by the appropriate Federal functional regulator in 
consultation with FinCEN.

PART 1024--RULES FOR MUTUAL FUNDS

0
7. The authority citation for part 1024 continues to read as follows:

    Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 
and 5316-5332; title III, sec. 314 Pub. L. 107-56, 115 Stat. 307.


0
8. Revise Sec.  1024.210 to read as follows:


Sec.  1024.210  Anti-money laundering program requirements for mutual 
funds.

    (a) Effective July 24, 2002, each mutual fund shall develop and 
implement a written anti-money laundering program reasonably designed 
to prevent the mutual fund from being used for money laundering or the 
financing of terrorist activities and to achieve and monitor compliance 
with the applicable requirements of the Bank Secrecy Act (31 U.S.C. 
5311, et seq.), and the implementing regulations promulgated thereunder 
by the

[[Page 29458]]

Department of the Treasury. Each mutual fund's anti-money laundering 
program must be approved in writing by its board of directors or 
trustees. A mutual fund shall make its anti-money laundering program 
available for inspection by the U.S. Securities and Exchange 
Commission.
    (b) The anti-money laundering program shall at a minimum:
    (1) Establish and implement policies, procedures, and internal 
controls reasonably designed to prevent the mutual fund from being used 
for money laundering or the financing of terrorist activities and to 
achieve compliance with the applicable provisions of the Bank Secrecy 
Act and implementing regulations thereunder;
    (2) Provide for independent testing for compliance to be conducted 
by the mutual fund's personnel or by a qualified outside party;
    (3) Designate a person or persons responsible for implementing and 
monitoring the operations and internal controls of the program;
    (4) Implement appropriate risk-based procedures for conducting 
ongoing customer due diligence, to include, but not be limited to:
    (i) Understanding the nature and purpose of customer relationships 
for the purpose of developing a customer risk profile; and
    (ii) Conducting ongoing monitoring to identify and report 
suspicious transactions and, on a risk basis, to maintain and update 
customer information. For purposes of this paragraph (b)(4)(ii), 
customer information shall include information regarding the beneficial 
owners of legal entity customers (as defined in Sec.  1010.230 of this 
chapter).

PART 1026--RULES FOR FUTURES COMMISSION MERCHANTS AND INTRODUCING 
BROKERS IN COMMODITIES

0
9. The authority citation for part 1026 continues to read as follows:

    Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 
and 5316-5332; title III, sec. 314 Pub. L. 107-56, 115 Stat. 307.


0
10. Revise Sec.  1026.210 to read as follows:


Sec.  1026.210  Anti-money laundering program requirements for futures 
commission merchants and introducing brokers in commodities.

    A futures commission merchant and an introducing broker in 
commodities shall be deemed to satisfy the requirements of 31 U.S.C. 
5318(h)(1) if the futures commission merchant or introducing broker in 
commodities implements and maintains a written anti-money laundering 
program approved by senior management that:
    (a) Complies with the requirements of Sec. Sec.  1010.610 and 
1010.620 of this chapter and any applicable regulation of its Federal 
functional regulator governing the establishment and implementation of 
anti-money laundering programs;
    (b) Includes, at a minimum:
    (1) The establishment and implementation of policies, procedures, 
and internal controls reasonably designed to prevent the financial 
institution from being used for money laundering or the financing of 
terrorist activities and to achieve compliance with the applicable 
provisions of the Bank Secrecy Act and the implementing regulations 
thereunder;
    (2) Independent testing for compliance to be conducted by the 
futures commission merchant or introducing broker in commodities' 
personnel or by a qualified outside party;
    (3) Designation of an individual or individuals responsible for 
implementing and monitoring the operations and internal controls of the 
program;
    (4) Ongoing training for appropriate persons;
    (5) Appropriate risk-based procedures for conducting ongoing 
customer due diligence, to include, but not be limited to:
    (i) Understanding the nature and purpose of customer relationships 
for the purpose of developing a customer risk profile; and
    (ii) Conducting ongoing monitoring to identify and report 
suspicious transactions and, on a risk basis, to maintain and update 
customer information. For purposes of this paragraph (b)(5)(ii), 
customer information shall include information regarding the beneficial 
owners of legal entity customers (as defined in Sec.  1010.230 of this 
chapter); and
    (c) Complies with the rules, regulations, or requirements of its 
self-regulatory organization governing such programs, provided that the 
rules, regulations, or requirements of the self-regulatory organization 
governing such programs have been made effective under the Commodity 
Exchange Act by the appropriate Federal functional regulator in 
consultation with FinCEN.

    Dated: May 2, 2016.
David R. Pearl,
Executive Secretary, United States Department of the Treasury.
[FR Doc. 2016-10567 Filed 5-6-16; 8:45 am]
 BILLING CODE C
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.