The Financial Crimes Enforcement Network published new proposed rules under the Bank Secrecy Act on Aug. 4. The new rules are a continuation of the current Customer Due Diligence requirements all financial institutions need to follow. They clarify and extend the current due diligence rules so institutions have more information on the accounts they must monitor and report on.
The basics of CDD
The first part of the CDD requirements is the Customer Identification Program, which has been in place since 2003, Credit Union Times reported. The second party requires institutions to know about beneficial owners of businesses - or people who own 25 percent or more of an entity. The reason behind this is that the government has found criminals often hide behind legal entities, according to the Federal Financial Institution Examination Council. Third, institutions will need to know the nature and purpose of their relationships with the customer. Fourth, the new rules adjust the monitoring and reporting requirements financial institutions must perform regarding their members.
The need for information
The purpose of the rule is to increase transparency, the amount of information financial institutions have about customers and for institutions to be able to predict the types of transactions their members will perform. This way, institutions are more in tune with their customers and better able to find suspicious activity.
Credit unions must make changes
According to Deborah Crawford, former banker and current president of Gettechnical, Inc., many of the parts in the new rule are actions financial institutions are already taking, but maybe not to the extent the law will require. Collecting basic customer information is standard now, but credit unions and banks will have to begin gathering more in-depth facts.
"Needing to know this information isn't new to us, but some banks and credit unions only do it for business customers," said Crawford. "I don't want to be the bad-news bear here, but I don't think you can get away with that in the future."
Additionally, if financial institutions use a third party or software program to remain compliant, they must be careful to update these tools.
"Many of you have some kind of watchdog software that spits out any suspicious activity," Crawford stated. "But if the setup of the model is incorrect, then the spit-out of the data is usually incorrect, so all the model's assumptions need to be correct. This should be reviewed annually."
Financial institutions have until Oct. 3 to comment on the proposed rule. The FinCEN hasn't set an implementation date, but once the final rules are set, organizations will probably have a year to comply.