The Financial Crimes Enforcement Network (FinCEN) has announced proposed changes that would amend part of the Bank Secrecy Act (BSA). According to the National Law Review, the changes affect customer due diligence (CDD) requirements for certain covered financial institutions. These include mutual funds, brokers or dealers in securities, future commission merchants and introducing brokers in commodities. Comments and feedback on these proposed changes are due by Oct. 3, 2014.

Details of the FinCEN Proposal

The proposed changes to the BSA add more requirements to anti-money-laundering (AML) programs and customer identification programs (CIP) in the form of CDD requirements. These CDD requirements would apply to all covered financial institutions under the USA PATRIOT Act. They force customers to document beneficial ownership for their legal entity (i.e., mutual funds and brokerage accounts) and codify the requirements.

FinCEN’s proposed rules to revise the current AML requirements for CDD address the following:

  • Identify and authenticate a customer’s identity, which is currently a requirement of the existing CIP rules.
  • Identify, authenticate and understand beneficial owners of a legal entity (i.e., an association, partnership, proprietorship, corporation or trust).The rule states that a beneficial owner will be anyone with a 25 percent or more equity interest of the entity or has significant management responsibilities within the entity.

FinCEN is also proposing an update requiring a fifth pillar to AML compliance. This pillar would address CDD and would require covered financial institutions to understand the use and purpose of their customers’ relationship, and implement ongoing monitoring.

Currently, the pillars are:

  1. Designate a compliance officer.
  2. Development of internal policies, procedures and controls.
  3. Ongoing and relevant training of employees.
  4. Independent testing and review.

Analyst Comments

These proposed CDD requirements have been a widely discussed topic for both U.S. and international law enforcement and regulatory agencies for quite some time. Fraudsters, criminal organizations and terrorists are known to abuse legal entities for their advantage. Having the ability to identify individuals who own these legal entities and do business within the U.S. financial system will greatly assist in reducing this type of abuse.

FinCEN’s first publication regarding the proposed CDD requirements was released in March 2012 and set the stage for coding and enhancing these CDD requirements. The current proposal is partly a product of the 2012 regulatory process and collaboration with other interested regulatory agencies (the Office of the Comptroller of the Currency, Federal Reserve Board, Federal Deposit Insurance Corporation, Securities and Exchange Commission, and Commodity Futures Trading Commission).

If approved, this proposal would identify beneficial owners of legal entity customers and add this CDD component as a fifth pillar to BSA/AML programs.

More from Government

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today