FinCEN’s Customer Due Diligence Rule for Financial Institutions (the “CDD Rule”) became effective yesterday. The rule, which was published by FinCEN on May 2016 (and slightly amended on September 29, 2017) is described in this Covington client alert. It requires covered financial institutions to: (i) adopt due diligence procedures to identify and verify a legal entity customer’s beneficial owners at the time a new account is opened and (ii) establish risk-based procedures for conducting ongoing customer due diligence, including developing customer risk profiles and implementing ongoing monitoring to identify and report suspicious activity and, on a risk basis, updating customer information.
In the months leading up to the CDD Rule’s effective date, FinCEN, the FFIEC and other agencies released a number of documents that provide practical guidance on its implementation. Those include:
- Two new sections of the FFIEC’s BSA/AML Examination Manual, which focus on the CDD Rule and were publicly circulated yesterday in the form of an FDIC Financial Institution Letter. This document will be used by federal bank examiners at the Fed, the OCC, the FDIC and the NCUA to guide their examination and supervision of financial institutions for compliance with the CDD Rule.
- A FinCEN FAQ document, which was updated last month. The updated FAQs — which supplement FAQs issued in July 2016 — address questions related to the CDD Rule’s identification and verification requirements and the Rule’s application to legal entity customers with complex ownership structures, among other issues.
- A Regulatory Notice released by FINRA at the end of last year, which provides guidance on the application of the CDD Rule to broker-dealers.
The newest of these resources — the new sections of the BSA/AML Examination Manual — will be of particular interest to regulated institutions because they detail the steps examiners will take in verifying compliance with the CDD Rule. According to the new sections of the manual, one important part of the examination process will involve transaction testing of risk-based samples of customer accounts. Examiners will rely on the results of transaction testing — in addition to their reviews of written policies and procedures — to determine whether a covered institution has an adequate framework in place under the Rule.