FinCEN is Here- Are You Ready?

Is your business compliant with FinCEN’s Final CDD Rule?

Know who you are doing business with: a simple concept that should be easy in an age when there is so much information at our fingertips.

But the Panama Papers and the more recent Paradise Papers showed us this is far from true. These two data leaks exposed a world of shell companies, offshore accounts, trusts and nominees used to launder vast amounts of money and evade billions in taxes. Although global AML and KYC regulations were in place to help combat money laundering and tax evasion, these two leaks exposed ways in which offshore accounts and beneficial ownership could be used to skirt regulations

Coincidentally, around the same time the Panama Papers were leaked, both Europe and the United States were in the process of adopting proposals to strengthen transparency rules to target tax and sanction evasion, terrorist financing, and money laundering. In its 2015 risk assessment, the US Department of Treasury estimated that over $300 billion dollars of illicit proceeds were generated annually, with criminals using companies both at home and abroad to launder funds.

It has now been almost two years since Financial Crimes Enforcement Network (FinCEN) enacted the final rules under the Bank Secrecy Act to clarify and strengthen customer due diligence requirements. Under the Customer Due Diligence (CDD) Rule, covered financial institutions* (FIs) must identify and verify the ultimate beneficial owners of legal entity customers as well as establish risk-based procedures for conducting ongoing customer due diligence.

May 11, 2018 marks the regulation’s start date, one of five key data regulations coming into play this year. Though the date has loomed large in everyone’s minds, coping with the ramifications will be a longer journey.

Financial institutions have had to make significant changes and enhancements to their onboarding procedures to comply with the strengthened guidelines. Hiding behind legal entity structures will no longer be possible. The primary objective of the CDD Rule is to improve the understanding of risks posed by each customer, thereby helping FIs to avoid illegal transactions.

4 Pillars of Customer Due Diligence

The FinCEN CDD Rule sets out a baseline for customer due diligence checks. This should be supplemented as appropriate based on an FI’s assessment of risks posed.

There are four key elements of the Rule that inform best practices when conducting customer due diligence:

  1. customer identification and verification;
  2. beneficial ownership identification and verification;
  3. understanding the nature and purpose of customer relationships to develop a customer risk profile; and
  4. ongoing monitoring for reporting suspicious transactions and, on a risk adjusted basis, maintaining and updating customer information.


So how do you verify beneficial ownership information? Under the CDD Rule, verification must contain the same elements for beneficial owners as required under the Customer Identification Program (CIP), although they do not need to be identical.

FinCEN reiterated that documentary or non-documentary methods, or a combination, may be used for identity verification. The biggest contrast between CIP and CDD is that the CDD Rule authorizes the use of photocopies for documentary verification, with the caveat that you should take a risk-based approach to what copies will be accepted.

Once you have this identity information, you must start the process of verification. As a minimum measure you should conduct Office of Foreign Assets Control (OFAC) screening on the beneficial owners but once again, you must take a risk-based approach. All information gathered and verified should be searchable and easily accessible, with records kept for 5 years.

Some customers are exempt from beneficial ownership checks. The FinCEN CDD rule faq provides a comprehensive list of entity types that are excluded and partially excluded from the definition. This includes those subject to Federal and State regulation and are deemed to be low-risk including:

  • Any entity (other than a bank) listed on the New York, American, or NASDAQ stock exchange
  • Issuers of securities
  • An exchange or clearing agency
  • A foreign financial institution where the regulator in that jurisdiction maintains beneficial ownership information


Conducting beneficial ownership checks at the point of onboarding alone is not enough. Covered FI’s should not only know who their customers are and the origins of their sources of funding, but they should also develop and utilize accurate risk profiles for their clients on an ongoing basis.

Triggers should be set so that when information relevant to the customer risk profile changes, identity and beneficial ownership checks can be updated. Identifying suspicious activity and updating and maintaining customer information will be a critical part of compliance and making sure your business is protected from risk.


FinCEN CDD Compliance Made Easy

Opus data management tools can help you meet requirements for FinCEN customer due diligence. Our Reference Data facilitates the cross-referencing and mapping of entity data to help verify the identity of customers and beneficial owners.

We can also help with customer segmentation to identify if your customer is in one of the eighteen categories exempt from the beneficial ownership requirements. By monitoring your external data on an ongoing basis, we can detect triggers that require beneficial ownership and FinCEN due diligence to be repeated.

To learn more about our Data Solutions, request a demo.

* For purposes of the CDD Rule, covered financial institutions are federally regulated banks and federally insured credit unions, mutual funds, brokers or dealers in securities, futures commission merchants, and introducing brokers in commodities.

Kelvin Dickenson
Follow Kelvin on Twitter, @kelvindickenson