In May 2018 the document named Customer Due Diligence Requirements for Financial Institutions (CDD Rules) came into force in the USA. It was developed by Financial Crimes Enforcement Network (FinCEN), a division of the US Department of Treasury.
This document is the modernized version of previous CDD Rules and also amends some provisions of US federal legislation on bank secrecy. Like in the most of countries, anti-money laundering legislation (AML) in the USA requires the financial institutions, such as banks, brokers and mutual funds, to organize CDD procedures in relation to their clients. The basis of new CDD Rules is the implementation of risk-based approach in CDD, the distribution of clients on groups according to their AML risk category, enhancing of CDD procedures for high risk clients.
There are four core elements of CDD procedure that are obligatory for all financial institutions:
- identification and verification of the identity of clients;
- identification and verification of the identity of the beneficial owners of companies that open accounts;
- understanding the nature and purpose of client relationships for development of client risk profiles;
- conducting ongoing monitoring to identify and report suspicious transactions and to maintain and update client information.
Beneficial owners of legal entity are all natural persons who directly or indirectly own not less than 25 % of equity interests of such legal entity, or a single natural person with significant responsibility to control, manage, or direct a legal entity, including an executive officer or senior manager or any other individual who regularly performs similar functions.
Client risk profile is deemed to be the classification of clients according to risk categories established by financial institution’s internal regulations. Such classification is required for any client that is subject to CDD, and must be done by the financial institution by itself on the basis of available information. It is recommended to apply complex approach while AML risk assessment, that is to take into account all available criteria instead of only one criterion.
Regarding those clients who were classified as a high risk according to the regulations of certain financial institution, it is necessary to arrange enhanced CDD that usually includes request and obtain of some additional information, such as:
- Source of funds and wealth of client;
- Occupation or type of business (of client or other individuals with ownership or control over the account);
- Financial statements for business clients;
- Location where the business client is organized and where it maintains the principal place of business;
- Proximity of the client’s residence, place of employment, or place of business to the bank;
- Description of the business client’s primary trade area, whether transactions are expected to be domestic or international, and the expected volumes of such transactions;
- Description of the business operations, such as total sales, the volume of currency transactions, and information about major customers and suppliers.
In such manner, all financial institutions have responsibilities in respect of CDD procedures, as well as FinCEN has an authority to assess the compliance of financial institutions with CDD Rules while completing such responsibilities, as:
- Determine whether the financial institution has developed and implemented appropriate written risk-based procedures for conducting ongoing CDD and that they:
– Enable the financial institution to understand the nature and purpose of the client relationship in order to develop a risk profile;
– Enable the financial institution to conduct ongoing monitoring for the purpose of identifying and reporting suspicious transactions;
– Enable the financial institution to maintain and update client information, including information regarding the beneficial owner of legal entity;
– Enable the financial institution to use information and risk profile to understand the types of transactions a particular client is expected to engage in and as a baseline against which suspicious transactions are identified.
- Determine whether the financial institution has effective processes to develop client risk profiles that identify the specific risks of individual clients or categories of clients.
- Determine whether the risk-based CDD procedures are commensurate with the AML risk profile with increased focus on higher risk clients.
- Determine whether there is a clear statement of management’s and staff’s responsibilities in respect of CDD procedures.
- Determine that the financial institution has procedures to identify clients that may pose higher AML risk that include obtain and review of additional client information.
- Determine whether the financial institution provides guidance for documenting analysis associated with the CDD, including guidance for resolving issues when insufficient or inaccurate information is obtained.
- Determine whether the financial institution has defined in its procedures how the information obtained during CDD is used to meet other relevant regulatory requirements, including determining sanctioned parties.
- Select a sample of customer information that can be performed when testing the financial institution’s compliance with its CDD procedures as well as when reviewing transactions or accounts for possible suspicious activity.
- Form a report about the adequacy of CDD procedures.
Despite the fact that CDD Rules do not contain direct formalized reference that they may apply to relationships out of the US territory, it is supposed that in some cases they may have exterritorial effect in practice and apply in other jurisdictions. In particular, in some cases CDD Rules are applicable to high risk clients that have correspondent bank accounts in US banks. It means that any client of any foreign bank who has an account in US dollars may fall within the scope of CDD Rules.
For example, in February 2018 FinCEN published a report on the observation of the activities of the Latvian ABLV Bank in terms of AML, and consequently prohibited it to operate through US correspondent banks in US dollars. This measure was applied based on the results of the FinCEN investigation, during which it was detected that managers, shareholders and employees of this bank were involved in money laundering and encouraging of the activity of high-risked shell companies, and this bank was not compliant with AML rules. As a result, bank ABLV Bank decided to initiate self-liquidation.