Search

Editors

Richard L. Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Elizabeth K. Spahn Editor Emeritus

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor


FCPA Blog Daily News

« Rupert Evill on business partner risks: Stress-test your business | Main | The top 15 countries named in FCPA-related disclosures »
Monday
Oct092017

John Arvanitis: A compliance plan for FinCEN’s new customer due diligence rule

The Financial Crimes Enforcement Network's Final Rule regarding customer due diligence will soon be in force. With implementation required by May 11, 2018, covered financial institutions must ensure their due diligence programs are in line with FinCEN’s guidance on core elements of a customer due diligence program.

The four core elements include:

  • Customer identification and validation Beneficial ownership identification and verification
  • Understanding the nature and purpose of customer relationships to develop a customer risk profile
  • Ongoing monitoring for reporting suspicious transactions and, 
  • On a risk-basis, maintaining and updating customer information.

As organizations work toward restructuring or enhancing their customer due diligence or CCD program ahead of the FinCEN deadline, certain short-term goals are necessary for immediate compliance.

And looking  ahead, companies should also consider long-term strategies for intrinsic, sustainable program compliance.

Here's how to prepare:

1. Identify customers and validate identifications. Now: Know your customer and vendor base. This process may involve the vetting and/or a re-vetting of new and existing customers/vendors to ensure data integrity and consistency for regulatory reporting.

Long-term: Develop, implement, and validate a systematic process for data collection. In the event of a potential third party risk, have an established path for escalation and decisioning within your organization.

2. Identify beneficial owners and verify identification. Now: Authenticate and validate your business relationships to ensure you can meet the regulatory expectation of identifying all individuals who maintain a 25% or greater equity interest or possess the ability to control any business entity you partner with. In cases where third party-provided information may be incomplete or insufficient, independently re-vet your partners and identify intermediary and ultimate ownership information, as well as any state ownership and/or political exposure.

Partner with a vendor who can help scale your research efforts using a variety of tools, including desktop research tools as well as in-country document retrieval. Once beneficial ownership is established, confirm the individual’s source of wealth to ensure they meet regulatory standards. Have an escalation path for atypical research results. Try to achieve identification beyond the 25% identification suggested by the regulation.

Long-term: Develop and implement a systematic approach to beneficial ownership identification and verification for record-keeping. Consider implementing a process for monitoring changes in beneficial ownership and for the regular refresh of records.

3. Establish a risk profile. Now: Evaluate due diligence and screening results, as well as consider utilizing questionnaires that allow for risk-ranking to enhance your understanding of customer profiles. Run screening and due diligence to establish a baseline score for your third party universe. Through this workflow process you can identify potential risk within your relationships. Create an escalation plan to mitigate the risk associated with your third parties.

Long-term: Utilize technology to help facilitate a risk-based approach and program that includes questionnaires, scoring, vetting, record-keeping, and an escalation process.  

4. Monitor, update, and maintain information. Now: Evaluate technology solutions to facilitate monitoring and record keeping. Aim for implementation well in advance of the Final Rule.

Long-term: Streamline your process with the help of technology to evaluate alerts and red flags that are identified in a timely fashion, consistently refining your process. 

_____

John Arvanitis is an Associate Managing Director of Kroll based in New York City. He joined Kroll after a  27-year career with the U.S. Justice Department, Drug Enforcement Administration. He can be contacted here. Information on Kroll’s screening and due diligence solution can be found here